|
@@ -7,14 +7,14 @@
|
|
|
*/
|
|
|
|
|
|
/* Utilities Functions */
|
|
|
-String GetPara(AsyncWebServerRequest * request, String key) {
|
|
|
+String GetPara(AsyncWebServerRequest *request, String key) {
|
|
|
if (request->hasParam(key)) {
|
|
|
return request->getParam(key)->value();
|
|
|
}
|
|
|
return "";
|
|
|
}
|
|
|
|
|
|
-void SendErrorResp(AsyncWebServerRequest * r, String errorMessage) {
|
|
|
+void SendErrorResp(AsyncWebServerRequest *r, String errorMessage) {
|
|
|
//Parse the error message into json
|
|
|
StaticJsonDocument<200> jsonDocument;
|
|
|
JsonObject root = jsonDocument.to<JsonObject>();
|
|
@@ -26,7 +26,7 @@ void SendErrorResp(AsyncWebServerRequest * r, String errorMessage) {
|
|
|
r->send(200, "application/json", jsonString);
|
|
|
}
|
|
|
|
|
|
-void SendJsonResp(AsyncWebServerRequest * r, String jsonString) {
|
|
|
+void SendJsonResp(AsyncWebServerRequest *r, String jsonString) {
|
|
|
r->send(200, "application/json", jsonString);
|
|
|
}
|
|
|
|
|
@@ -89,7 +89,7 @@ void HandleLogin(AsyncWebServerRequest *r) {
|
|
|
AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
|
|
|
response->addHeader("Server", mdnsName);
|
|
|
response->addHeader("Cache-Control", "no-cache");
|
|
|
- response->addHeader("Set-Cookie", "web-auth=" + cookieId + "; Path=/; Expires=" + expireUTC + "; Max-Age=604800");
|
|
|
+ response->addHeader("Set-Cookie", "web-auth=" + cookieId + "; Path=/; Expires=" + expireUTC + "; Max-Age=604800");
|
|
|
|
|
|
//Save the cookie id
|
|
|
DBWrite("auth", "cookie", cookieId);
|
|
@@ -99,6 +99,29 @@ void HandleLogin(AsyncWebServerRequest *r) {
|
|
|
r->send(response);
|
|
|
|
|
|
Serial.println(username + " logged in");
|
|
|
+ return;
|
|
|
+ } else if (UserCheckAuth(username, password)) {
|
|
|
+ //User Login. Generate a session for this user
|
|
|
+ String cookieId = GeneratedRandomHex();
|
|
|
+ Serial.print("Generating new cookie ID ");
|
|
|
+ Serial.println(cookieId);
|
|
|
+
|
|
|
+ String expireUTC = getUTCTimeString(getTime() + 604800);
|
|
|
+ Serial.print("Generating expire UTC timestamp ");
|
|
|
+ Serial.println(expireUTC);
|
|
|
+
|
|
|
+ AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
|
|
|
+ response->addHeader("Server", mdnsName);
|
|
|
+ response->addHeader("Cache-Control", "no-cache");
|
|
|
+ response->addHeader("Set-Cookie", "web-auth=" + cookieId + "; Path=/; Expires=" + expireUTC + "; Max-Age=604800");
|
|
|
+
|
|
|
+ //Save the cookie id
|
|
|
+ DBWrite("sess", cookieId, username);
|
|
|
+ //Return login succ
|
|
|
+ r->send(response);
|
|
|
+
|
|
|
+ Serial.println(username + " logged in");
|
|
|
+ return;
|
|
|
} else {
|
|
|
SendErrorResp(r, "invalid username or password");
|
|
|
return;
|
|
@@ -114,16 +137,27 @@ void HandleLogout(AsyncWebServerRequest *r) {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
+ //Delete the server side cookie
|
|
|
+ if (IsAdmin(r)) {
|
|
|
+ DBRemove("auth", "cookie");
|
|
|
+ authSession = "";
|
|
|
+ } else {
|
|
|
+ //Get the session from user
|
|
|
+ String authCookie = GetCookieValueByKey(r, "web-auth");
|
|
|
+ if (authCookie == "") {
|
|
|
+ SendErrorResp(r, "unknown error: unable to read cookie from header");
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ //Remove the session map
|
|
|
+ DBRemove("sess", authCookie);
|
|
|
+ }
|
|
|
+
|
|
|
//Remove the cookie on client side
|
|
|
AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
|
|
|
response->addHeader("Server", mdnsName);
|
|
|
response->addHeader("Cache-Control", "no-cache");
|
|
|
- response->addHeader("Set-Cookie", "web-auth=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT");
|
|
|
+ response->addHeader("Set-Cookie", "web-auth=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT");
|
|
|
r->send(response);
|
|
|
-
|
|
|
- //Delete the server side cookie
|
|
|
- DBRemove("auth", "cookie");
|
|
|
- authSession = "";
|
|
|
}
|
|
|
|
|
|
/* File System Functions */
|
|
@@ -154,7 +188,6 @@ void HandleListDir(AsyncWebServerRequest *r) {
|
|
|
} else {
|
|
|
firstObject = false;
|
|
|
}
|
|
|
-
|
|
|
}
|
|
|
|
|
|
String isDirString = "true";
|
|
@@ -304,7 +337,6 @@ void HandleFileDownload(AsyncWebServerRequest *r) {
|
|
|
//Download
|
|
|
r->send(SDFS, "/www" + targetFile, "application/octet-stream", false);
|
|
|
}
|
|
|
-
|
|
|
}
|
|
|
|
|
|
//Get the file / folder properties
|
|
@@ -400,8 +432,10 @@ void HandleLoadPref(AsyncWebServerRequest *r) {
|
|
|
/* Handle System Info */
|
|
|
void HandleLoadSpaceInfo(AsyncWebServerRequest *r) {
|
|
|
String jsonResp = "{\
|
|
|
- \"diskSpace\":" + String(getSDCardTotalSpace()) + ",\
|
|
|
- \"usedSpace\": " + String(getSDCardUsedSpace()) + "\
|
|
|
+ \"diskSpace\":" + String(getSDCardTotalSpace())
|
|
|
+ + ",\
|
|
|
+ \"usedSpace\": " + String(getSDCardUsedSpace())
|
|
|
+ + "\
|
|
|
}";
|
|
|
|
|
|
SendJsonResp(r, jsonResp);
|