Added v3 code

firmware/v2/web-server/api.ino

@@ -0,0 +1,428 @@
+/*
+
+    API.ino
+
+    This script handle API requests
+    functions.
+*/
+
+/* Utilities Functions */
+String GetPara(AsyncWebServerRequest * request, String key) {
+  if (request->hasParam(key)) {
+    return request->getParam(key)->value();
+  }
+  return "";
+}
+
+void SendErrorResp(AsyncWebServerRequest * r, String errorMessage) {
+  //Parse the error message into json
+  StaticJsonDocument<200> jsonDocument;
+  JsonObject root = jsonDocument.to<JsonObject>();
+  root["error"] = errorMessage;
+  String jsonString;
+  serializeJson(root, jsonString);
+
+  //Send it out with request handler
+  r->send(200, "application/json", jsonString);
+}
+
+void SendJsonResp(AsyncWebServerRequest * r, String jsonString) {
+  r->send(200, "application/json", jsonString);
+}
+
+void SendOK(AsyncWebServerRequest *r) {
+  r->send(200, "application/json", "\"ok\"");
+}
+
+//Handle auth check if the request has been authed.
+//Return false if user is not authed
+bool HandleAuth(AsyncWebServerRequest *request) {
+  //Handle for API calls authentication validate
+  if (!IsUserAuthed(request)) {
+    //user not logged in
+    request->send(401, "text/html", "401 - Unauthorized");
+    return false;
+  }
+
+  return true;
+}
+
+/*
+
+    Handler Functions
+
+    These are API endpoints handler
+    which handle special API call
+    for backend operations
+
+*/
+
+/* Authentications */
+//Check if the user has logged in
+void HandleCheckAuth(AsyncWebServerRequest *r) {
+  if (IsUserAuthed(r)) {
+    SendJsonResp(r, "true");
+  } else {
+    SendJsonResp(r, "false");
+  }
+}
+
+//Handle login request
+void HandleLogin(AsyncWebServerRequest *r) {
+  String username = GetPara(r, "username");
+  String password = GetPara(r, "password");
+  if (adminUsername == "") {
+    SendErrorResp(r, "admin account not enabled");
+    return;
+  }
+  if (username.equals(adminUsername) && password.equals(adminPassword)) {
+    //Username and password correct. Set a cookie for this login.
+    //Generate a unique cookie for this login session
+    String cookieId = GeneratedRandomHex();
+    Serial.print("Generating new cookie ID ");
+    Serial.println(cookieId);
+
+    String expireUTC = getUTCTimeString(getTime() + 604800);
+    Serial.print("Generating expire UTC timestamp ");
+    Serial.println(expireUTC);
+
+    AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
+    response->addHeader("Server", mdnsName);
+    response->addHeader("Cache-Control", "no-cache");
+    response->addHeader("Set-Cookie",  "web-auth=" + cookieId + "; Path=/; Expires=" + expireUTC + "; Max-Age=604800");
+
+    //Save the cookie id
+    DBWrite("auth", "cookie", cookieId);
+    authSession = cookieId;
+
+    //Return login succ
+    r->send(response);
+
+    Serial.println(username + " logged in");
+  } else {
+    SendErrorResp(r, "invalid username or password");
+    return;
+  }
+  SendOK(r);
+}
+
+//Handle logout request, or you can logout with
+//just front-end by going to log:out@{ip_addr}/api/auth/logout
+void HandleLogout(AsyncWebServerRequest *r) {
+  if (!IsUserAuthed(r)) {
+    SendErrorResp(r, "not logged in");
+    return;
+  }
+
+  //Remove the cookie on client side
+  AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
+  response->addHeader("Server", mdnsName);
+  response->addHeader("Cache-Control", "no-cache");
+  response->addHeader("Set-Cookie",  "web-auth=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT");
+  r->send(response);
+
+  //Delete the server side cookie
+  DBRemove("auth", "cookie");
+  authSession = "";
+}
+
+/* File System Functions */
+//HandleListDir handle the listing of directory under /www/
+void HandleListDir(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+
+  //Get the folder path to be listed
+  //As ESP8266 dont have enough memory for proper struct to json conv, we are hacking a json string out of a single for-loop
+  String jsonString = "[";
+  String folderPath = GetPara(r, "dir");
+  folderPath = "/www" + folderPath;
+  if (SD.exists(folderPath)) {
+    File root = SD.open(folderPath);
+    bool firstObject = true;
+    if (root) {
+      while (true) {
+        File entry = root.openNextFile();
+        if (!entry) {
+          // No more files
+          break;
+        } else {
+          //There are more lines. Add a , to the end of the previous json object
+          if (!firstObject) {
+            jsonString = jsonString + ",";
+          } else {
+            firstObject = false;
+          }
+
+        }
+
+        String isDirString = "true";
+        if (!entry.isDirectory()) {
+          isDirString = "false";
+        }
+        jsonString = jsonString + "{\"Filename\":\"" + entry.name() + "\",\"Filesize\":" + String(entry.size()) + ",\"IsDir\":" + isDirString + "}";
+        entry.close();
+      }
+      root.close();
+
+      jsonString += "]";
+      SendJsonResp(r, jsonString);
+    } else {
+      SendErrorResp(r, "path read failed");
+    }
+  } else {
+    SendErrorResp(r, "path not found");
+  }
+  Serial.println(folderPath);
+}
+
+//Handle file rename on SD card
+void HandleFileRename(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String srcFile = GetPara(r, "src");
+  String destFile = GetPara(r, "dest");
+  srcFile.trim();
+  destFile.trim();
+  srcFile = "/www" + srcFile;
+  destFile = "/www" + destFile;
+  if (!SD.exists(srcFile)) {
+    SendErrorResp(r, "source file not exists");
+    return;
+  }
+
+  if (SD.exists(destFile)) {
+    SendErrorResp(r, "destination file already exists");
+    return;
+  }
+
+  SD.rename(srcFile, destFile);
+  SendOK(r);
+}
+
+
+//Handle file delete on SD card
+void HandleFileDel(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String targetFile = GetPara(r, "target");
+  targetFile.trim();
+  if (targetFile.equals("/")) {
+    //Do not allow remove the whole root folder
+    SendErrorResp(r, "you cannot remove the root folder");
+    return;
+  }
+  targetFile = "/www" + targetFile;
+  if (!SD.exists(targetFile)) {
+    SendErrorResp(r, "target file not exists");
+    return;
+  }
+
+
+
+  if (!SD.remove(targetFile)) {
+    if (IsDir(targetFile)) {
+      if (!targetFile.endsWith("/")) {
+        //pad the tailing slash
+        targetFile = targetFile + "/";
+      }
+
+      //Try remove dir
+      if (!SD.rmdir(targetFile)) {
+        //The folder might contain stuffs. Do recursive delete
+        Serial.println("rmdir failed. Trying recursive delete");
+        if (recursiveDirRemove(targetFile)) {
+          SendOK(r);
+        } else {
+          SendErrorResp(r, "folder delete failed");
+        }
+
+      } else {
+        SendOK(r);
+      }
+    } else {
+      SendErrorResp(r, "file delete failed");
+    }
+    return;
+  }
+
+  SendOK(r);
+}
+
+//Hanle creating new Folder
+void HandleNewFolder(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+
+  //Get and clean the folder path
+  String folderPath = GetPara(r, "path");
+  folderPath.trim();
+  if (folderPath == "") {
+    SendErrorResp(r, "invalid folder path given");
+    return;
+  }
+
+  folderPath = "/www" + folderPath;
+
+  if (SD.exists(folderPath)) {
+    //Already exists
+    SendErrorResp(r, "folder with given path already exists");
+    return;
+  }
+
+  SD.mkdir(folderPath);
+  SendOK(r);
+}
+
+//Handle download file from any path, including the private store folder
+void HandleFileDownload(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String targetFile = GetPara(r, "file");
+  String preview = GetPara(r, "preview");
+  if (!SD.exists("/www" + targetFile)) {
+    r->send(404, "text/html", "404 - File Not Found");
+    return;
+  }
+
+  //Check if it is dir, ESP8266 have no power of creating zip file
+  if (IsDir("/www" + targetFile)) {
+    r->send(500, "text/html", "500 - Internal Server Error: Target is a folder");
+    return;
+  }
+
+  //Ok. Proceed with file serving
+  if (preview == "true") {
+    //Serve
+    r->send(SDFS, "/www" + targetFile, getMime(targetFile), false);
+  } else {
+    //Download
+    r->send(SDFS, "/www" + targetFile, "application/octet-stream", false);
+  }
+
+}
+
+//Get the file / folder properties
+void HandleFileProp(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String filepath = GetPara(r, "file");
+  filepath.trim();
+  String realFilepath = "/www" + filepath;
+
+  String resp = "";
+  if (IsDir(realFilepath)) {
+    //target is a folder
+    uint32_t totalSize = 0;
+    uint16_t fileCount = 0;
+    uint16_t folderCount = 0;
+    analyzeDirectory(realFilepath, totalSize, fileCount, folderCount);
+    resp = "{\"filename\":\"" + basename(filepath) + "\",\"filepath\":\"" + filepath + "\",\"isDir\":true,\"filesize\":" + String(totalSize) + ",\"fileCounts\":" + String(fileCount) + ",\"folderCounts\":" + String(folderCount) + "}";
+
+  } else {
+    //target is a file
+    File targetFile = SD.open(realFilepath);
+    if (!targetFile) {
+      SendErrorResp(r, "File open failed");
+      return;
+    }
+
+    resp = "{\"filename\":\"" + basename(filepath) + "\",\"filepath\":\"" + filepath + "\",\"isDir\":false,\"filesize\":" + String(targetFile.size()) + "}";
+    targetFile.close();
+  }
+
+  SendJsonResp(r, resp);
+}
+
+//Search with basic keyword match
+void HandleFileSearch(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String keyword = GetPara(r, "keyword");
+  keyword.trim();
+  if (keyword.equals("")) {
+    SendErrorResp(r, "keyword cannot be empty");
+    return;
+  }
+
+  //Prepare for the resp
+  AsyncResponseStream *response = r->beginResponseStream("application/json");
+  response->print("[");
+
+  //Recursive search for the whole /www/ directory (Require tailing slash)
+  int foundCounter = 0;
+  scanSDCardForKeyword("/www/", keyword, &foundCounter, response);
+
+  //Send the resp
+  response->print("]");
+  r->send(response);
+}
+/* Handle Load and Set of Prefernece Value */
+//Set Preference, auth user only
+void HandleSetPref(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String key = GetPara(r, "key");
+  String val = GetPara(r, "value");
+  key.trim();
+  val.trim();
+
+  if (key == "" || val == "") {
+    SendErrorResp(r, "invalid key or value given");
+    return;
+  }
+
+  DBWrite("pref", key, val);
+  SendOK(r);
+}
+
+//Load Prefernece, allow public access
+void HandleLoadPref(AsyncWebServerRequest *r) {
+  String key = GetPara(r, "key");
+  key.trim();
+  if (!DBKeyExists("pref", key)) {
+    SendErrorResp(r, "preference with given key not found");
+    return;
+  }
+
+  String prefValue = DBRead("pref", key);
+  r->send(200, "application/json", "\"" + prefValue + "\"");
+}
+
+/* Handle System Info */
+void HandleLoadSpaceInfo(AsyncWebServerRequest *r) {
+  String jsonResp = "{\
+    \"diskSpace\":" + String(getSDCardTotalSpace()) + ",\
+    \"usedSpace\": " + String(getSDCardUsedSpace()) + "\
+  }";
+
+  SendJsonResp(r, jsonResp);
+}
+
+//Get the current connected WiFi info
+void HandleWiFiInfo(AsyncWebServerRequest *r) {
+  StaticJsonDocument<256> jsonBuffer;
+  jsonBuffer["SSID"] = WiFi.SSID();
+  jsonBuffer["WifiStatus"] = WiFi.status();
+  jsonBuffer["WifiStrength"] = WiFi.RSSI();
+  jsonBuffer["MAC"] = WiFi.macAddress();
+  jsonBuffer["IP"] = WiFi.localIP().toString();
+  jsonBuffer["Subnet"] = WiFi.subnetMask().toString();
+  jsonBuffer["Gateway"] = WiFi.gatewayIP().toString();
+  jsonBuffer["DNS1"] = WiFi.dnsIP(0).toString();
+  jsonBuffer["DNS2"] = WiFi.dnsIP(1).toString();
+  jsonBuffer["DNS3"] = WiFi.dnsIP(2).toString();
+
+  // Serialize the JSON buffer to a string
+  String jsonString;
+  serializeJson(jsonBuffer, jsonString);
+  SendJsonResp(r, jsonString);
+}

firmware/v2/web-server/internal.ino

@@ -0,0 +1,274 @@
+/*
+
+    WiFi Setup Functions
+
+    To setup WiFi on your Web-stick
+    put a file in your SD card with filename /cfg/wifi.txt
+    In the text file, write two lines which containing the
+    WiFi ssid and password, seperated by a linux new linx \n
+    as follows:
+
+    [WIFI SSID]
+    [WiFi Password]
+*/
+String loadWiFiInfoFromSD() {
+  if (SD.exists("/cfg/wifi.txt")) {
+    String fileContent = "";
+    File configFile = SD.open("/cfg/wifi.txt", FILE_READ);
+
+    if (configFile) {
+      while (configFile.available()) {
+        fileContent += char(configFile.read());
+      }
+      configFile.close();
+    }
+
+    return fileContent;
+  }
+
+  return "";
+}
+
+void splitWiFiFileContent(const String& fileContent, String& ssid, String& password) {
+  int newlineIndex = fileContent.indexOf('\n');
+  if (newlineIndex != -1) {
+    ssid = fileContent.substring(0, newlineIndex);
+    password = fileContent.substring(newlineIndex + 1);
+  }
+}
+
+void initWiFiConn() {
+  String wifiFileContent = loadWiFiInfoFromSD();
+  if (wifiFileContent.equals("")) {
+    while (1) {
+      Serial.println("WiFi info is not set. Please create a file in the SD card named /cfg/wifi.txt with first line as WiFi SSID and 2nd line as Password");
+      delay(3000);
+    }
+  }
+
+  // Split the contents into SSID and password
+  String ssid, password;
+  splitWiFiFileContent(wifiFileContent, ssid, password);
+  ssid.trim();
+  password.trim();
+  WiFi.begin(ssid, password);
+  Serial.print("Connecting to WiFi...");
+  while (WiFi.status() != WL_CONNECTED) {
+    Serial.print(".");
+    delay(1000);
+  }
+  Serial.println(".");
+  Serial.println("WiFi Connected: ");
+  Serial.println("\n\nNetwork Configuration:");
+  Serial.println("----------------------");
+  Serial.print("         SSID: "); Serial.println(WiFi.SSID());
+  Serial.print("  Wifi Status: "); Serial.println(WiFi.status());
+  Serial.print("Wifi Strength: "); Serial.print(WiFi.RSSI()); Serial.println(" dBm");
+  Serial.print("          MAC: "); Serial.println(WiFi.macAddress());
+  Serial.print("           IP: "); Serial.println(WiFi.localIP());
+  Serial.print("       Subnet: "); Serial.println(WiFi.subnetMask());
+  Serial.print("      Gateway: "); Serial.println(WiFi.gatewayIP());
+  Serial.print("        DNS 1: "); Serial.println(WiFi.dnsIP(0));
+  Serial.print("        DNS 2: "); Serial.println(WiFi.dnsIP(1));
+  Serial.print("        DNS 3: "); Serial.println(WiFi.dnsIP(2));
+  Serial.println("----------------------");
+  Serial.println();
+}
+
+/*
+
+    Admin Credential Setup
+
+    For management portal functions, you will
+    need to setup the admin account in order to
+    use it. Place a text file at cfg/admin.txt
+    with the following information
+
+    [admin_username]
+    [admin_password]
+
+    Currently only 1 admin user is supported
+
+*/
+
+String loadAdminCredFromSD() {
+  if (SD.exists("/cfg/admin.txt")) {
+    String fileContent = "";
+    File configFile = SD.open("/cfg/admin.txt", FILE_READ);
+
+    if (configFile) {
+      while (configFile.available()) {
+        fileContent += char(configFile.read());
+      }
+      configFile.close();
+    }
+
+    return fileContent;
+  }
+
+  return "";
+}
+
+void splitAdminCreds(const String& fileContent, String& username, String& password) {
+  int newlineIndex = fileContent.indexOf('\n');
+  if (newlineIndex != -1) {
+    username = fileContent.substring(0, newlineIndex);
+    password = fileContent.substring(newlineIndex + 1);
+  }
+}
+
+void initAdminCredentials() {
+  String adminCredentials = loadAdminCredFromSD();
+  if (adminCredentials.equals("")) {
+    //Disable authentications on API calls
+    return;
+  }
+
+  // Split the contents into username and password
+  splitWiFiFileContent(adminCredentials, adminUsername, adminPassword);
+  adminUsername.trim();
+  adminPassword.trim();
+  Serial.println("Admin user loaded: " + adminUsername);
+}
+
+void initmDNSName() {
+  if (SD.exists("/cfg/mdns.txt")) {
+    String fileContent = "";
+    File configFile = SD.open("/cfg/mdns.txt", FILE_READ);
+
+    if (configFile) {
+      while (configFile.available()) {
+        fileContent += char(configFile.read());
+      }
+      configFile.close();
+    }
+
+    fileContent.trim();
+    mdnsName = fileContent;
+  }
+}
+
+//Load the previous login session key from database
+//for resuming login session after poweroff
+void initLoginSessionKey() {
+  String serverCookie = DBRead("auth", "cookie");
+  if (serverCookie != "") {
+    authSession = serverCookie;
+  }
+}
+
+/*
+
+    MIME Utils
+
+*/
+
+String getMime(const String& path) {
+  String _contentType = "text/plain";
+  if (path.endsWith(".html")) _contentType = "text/html";
+  else if (path.endsWith(".htm")) _contentType = "text/html";
+  else if (path.endsWith(".css")) _contentType = "text/css";
+  else if (path.endsWith(".json")) _contentType = "text/json";
+  else if (path.endsWith(".js")) _contentType = "application/javascript";
+  else if (path.endsWith(".png")) _contentType = "image/png";
+  else if (path.endsWith(".gif")) _contentType = "image/gif";
+  else if (path.endsWith(".jpg")) _contentType = "image/jpeg";
+  else if (path.endsWith(".ico")) _contentType = "image/x-icon";
+  else if (path.endsWith(".svg")) _contentType = "image/svg+xml";
+  else if (path.endsWith(".eot")) _contentType = "font/eot";
+  else if (path.endsWith(".woff")) _contentType = "font/woff";
+  else if (path.endsWith(".woff2")) _contentType = "font/woff2";
+  else if (path.endsWith(".ttf")) _contentType = "font/ttf";
+  else if (path.endsWith(".xml")) _contentType = "text/xml";
+  else if (path.endsWith(".pdf")) _contentType = "application/pdf";
+  else if (path.endsWith(".zip")) _contentType = "application/zip";
+  else if (path.endsWith(".gz")) _contentType = "application/x-gzip";
+  else if (path.endsWith(".mp3")) _contentType = "audio/mpeg";
+  else if (path.endsWith(".mp4")) _contentType = "video/mp4";
+  else if (path.endsWith(".aac")) _contentType = "audio/aac";
+  else if (path.endsWith(".ogg")) _contentType = "audio/ogg";
+  else if (path.endsWith(".wav")) _contentType = "audio/wav";
+  else if (path.endsWith(".m4v")) _contentType = "video/x-m4v";
+  else if (path.endsWith(".webm")) _contentType = "video/webm";
+  else _contentType = "text/plain";
+  return _contentType;
+}
+
+/*
+
+    Get ESP Info
+*/
+
+void printESPInfo() {
+  Serial.println(ESP.getBootMode());
+  Serial.print("ESP.getSdkVersion(); ");
+  Serial.println(ESP.getSdkVersion());
+  Serial.print("ESP.getBootVersion(); ");
+  Serial.println(ESP.getBootVersion());
+  Serial.print("ESP.getChipId(); ");
+  Serial.println(ESP.getChipId());
+  Serial.print("ESP.getFlashChipSize(); ");
+  Serial.println(ESP.getFlashChipSize());
+  Serial.print("ESP.getFlashChipRealSize(); ");
+  Serial.println(ESP.getFlashChipRealSize());
+  Serial.print("ESP.getFlashChipSizeByChipId(); ");
+  Serial.println(ESP.getFlashChipSizeByChipId());
+  Serial.print("ESP.getFlashChipId(); ");
+  Serial.println(ESP.getFlashChipId());
+}
+
+/*
+
+    Get SD card info
+
+*/
+
+uint32_t getTotalUsedSpace(const String& directory) {
+  uint32_t totalUsedSpace = 0;
+
+  File root = SD.open(directory);
+  if (root) {
+    while (true) {
+      File entry = root.openNextFile();
+      if (!entry) {
+        // No more files
+        break;
+      }
+
+      if (entry.isDirectory()) {
+        // Recursive call for subdirectory
+        totalUsedSpace += getTotalUsedSpace(directory + "/" + entry.name());
+      } else {
+        //Serial.print(entry.name());
+        //Serial.print(" | Size: ");
+        //Serial.println(humanReadableSize(entry.size()));
+        totalUsedSpace += entry.size();
+      }
+
+      entry.close();
+    }
+    root.close();
+  }
+
+  return totalUsedSpace;
+}
+
+//Return the total used space on SD card
+long getSDCardUsedSpace() {
+  uint32_t totalUsedSpace = getTotalUsedSpace("/");
+  Serial.println("Total used space: " + humanReadableSize(totalUsedSpace));
+  return totalUsedSpace;
+}
+
+//Get the total SD card size
+long getSDCardTotalSpace() {
+  Serial.println("SD card size: " + humanReadableSize(SD.size64()));
+  return SD.size64();
+}
+
+String humanReadableSize(const int bytes) {
+  if (bytes < 1024) return String(bytes) + " B";
+  else if (bytes < (1024 * 1024)) return String(bytes / 1024.0) + " KB";
+  else if (bytes < (1024 * 1024 * 1024)) return String(bytes / 1024.0 / 1024.0) + " MB";
+  else return String(bytes / 1024.0 / 1024.0 / 1024.0) + " GB";
+}

firmware/v2/web-server/kvdb.ino

@@ -0,0 +1,111 @@
+/*
+
+   Key Value database
+
+   This is a file system based database
+   that uses foldername as table name,
+   filename as key and content as value
+
+   Folder name and filename are limited to
+   5 characters as SDFS requirements.
+*/
+
+//Root of the db on SD card, **must have tailing slash**
+const String DB_root = "/db/";
+
+//Clean the input for any input string
+String DBCleanInput(const String& inputString) {
+  String trimmedString = inputString;
+  //Replae all the slash that might breaks the file system
+  trimmedString.replace("/", "");
+  //Trim off the space before and after the string
+  trimmedString.trim();
+  return trimmedString;
+}
+
+//Database init create all the required table for basic system operations
+void DBInit() {
+  DBNewTable("auth");
+  DBNewTable("pref");
+}
+
+//Create a new Database table
+void DBNewTable(String tableName) {
+  tableName = DBCleanInput(tableName);
+  if (!SD.exists(DB_root + tableName)) {
+    SD.mkdir(DB_root + tableName);
+  }
+}
+
+
+//Check if a database table exists
+bool DBTableExists(String tableName) {
+  tableName = DBCleanInput(tableName);
+  return SD.exists(DB_root + tableName);
+}
+
+//Write a key to a table, return true if succ
+bool DBWrite(String tableName, String key, String value) {
+  if (!DBTableExists(tableName)) {
+    return false;
+  }
+  tableName = DBCleanInput(tableName);
+  key = DBCleanInput(key);
+  String fsDataPath = DB_root + tableName + "/" + key;
+  if (SD.exists(fsDataPath)) {
+    //Entry already exists. Delete it
+    SD.remove(fsDataPath);
+  }
+
+  //Write new data to it
+  File targetEntry = SD.open(fsDataPath, FILE_WRITE);
+  targetEntry.print(value);
+  targetEntry.close();
+  return true;
+}
+
+//Read from database, require table name and key
+String DBRead(String tableName, String key) {
+  if (!DBTableExists(tableName)) {
+    return "";
+  }
+  tableName = DBCleanInput(tableName);
+  key = DBCleanInput(key);
+  String fsDataPath = DB_root + tableName + "/" + key;
+  if (!SD.exists(fsDataPath)) {
+    //Target not exists. Return empty string
+    return "";
+  }
+
+  String value = "";
+  File targetEntry = SD.open(fsDataPath, FILE_READ);
+  while (targetEntry.available()) {
+    value = value + targetEntry.readString();
+  }
+
+  targetEntry.close();
+  return value;
+}
+
+//Check if a given key exists in the database
+bool DBKeyExists(String tableName, String key) {
+  if (!DBTableExists(tableName)) {
+    return false;
+  }
+  tableName = DBCleanInput(tableName);
+  key = DBCleanInput(key);
+  String fsDataPath = DB_root + tableName + "/" + key;
+  return SD.exists(fsDataPath);
+}
+
+//Remove the key-value item from db, return true if succ
+bool DBRemove(String tableName, String key) {
+  if (!DBKeyExists(tableName, key)){
+    return false;
+  }
+  tableName = DBCleanInput(tableName);
+  key = DBCleanInput(key);
+  String fsDataPath = DB_root + tableName + "/" + key;
+  SD.remove(fsDataPath);
+  return true;
+}

firmware/v2/web-server/router.ino

@@ -0,0 +1,92 @@
+/*
+
+    Router.ino
+
+    This is the main router of the whole web server.
+    It is like the apache.conf where you handle routing
+    to different services.
+
+    By default, all route will go to the SD card /www/ folder
+*/
+class MainRouter : public AsyncWebHandler {
+  public:
+    MainRouter() {}
+    virtual ~MainRouter() {}
+
+    bool canHandle(AsyncWebServerRequest *request) {
+      String requestURI = request->url().c_str();
+      if (requestURI.equals("/upload")) {
+        //File Upload Endpoint
+        return false;
+      } else if (requestURI.startsWith("/api/")) {
+        //API paths
+        return false;
+      }
+      return true;
+    }
+
+    //Main Routing Logic Here
+    void handleRequest(AsyncWebServerRequest *request) {
+      String requestURI = request->url().c_str();
+
+      /* Rewrite the request path if URI contains ./ */
+      if (requestURI.indexOf("./") > 0) {
+        requestURI.replace("./", "");
+        AsyncWebServerResponse *response = request->beginResponse(307);
+        response->addHeader("Cache-Control", "no-cache");
+        response->addHeader("Location", requestURI);
+        request->send(response);
+        return;
+      }
+      
+      /* Special Routing Rules */
+      //Redirect / back to index.html
+      if (requestURI == "/") {
+        request->redirect("/index.html");
+        return;
+      }
+
+      //Special interfaces that require access controls
+      if (requestURI.startsWith("/store/")) {
+        //Private file storage. Not allow access
+        AsyncWebServerResponse *response = request->beginResponse(401, "text/html", "403 - Forbidden");
+        request->send(response);
+        return;
+      }
+
+      /* Default Routing Rules */
+
+      Serial.println("URI: " + requestURI + " | MIME: " + getMime(requestURI));
+      //Check if the file exists on the SD card
+      if (SD.exists("/www" + requestURI)) {
+        // File exists on SD card web root
+        if (IsDir("/www" + requestURI)) {
+          //Requesting a directory
+          if (!requestURI.endsWith("/")) {
+            //Missing tailing slash
+            request->redirect(requestURI + "/");
+            return;
+          }
+
+          if (SD.exists("/www" + requestURI + "index.html")) {
+            request->send(SDFS, "/www" + requestURI + "/index.html", "text/html", false);
+          } else {
+            HandleDirRender(request, requestURI , "/www" + requestURI);
+          }
+
+        } else {
+          request->send(SDFS, "/www" + requestURI, getMime(requestURI), false);
+        }
+      } else {
+        // File does not exist in web root
+        AsyncResponseStream *response = request->beginResponseStream("text/html");
+        Serial.println("NOT FOUND: " + requestURI);
+        prettyPrintRequest(request);
+        response->print("<!DOCTYPE html><html><head><title>Not Found</title></head><body>");
+        response->print("<p>404 - Not Found</p>");
+        response->printf("<p>Requesting http://%s with URI: %s</p>", request->host().c_str(), request->url().c_str());
+        response->print("</body></html>");
+        request->send(response);
+      }
+    }
+};

firmware/v2/web-server/server.ino

@@ -0,0 +1,128 @@
+/*
+
+    Web Server
+
+    This is the main entry point of the WebStick bare metal
+    web server. If you have exception rules that shall not
+    be handled by the main router, you can do them here.
+
+*/
+
+//Check if a user is authenticated / logged in
+bool IsUserAuthed(AsyncWebServerRequest *request) {
+  if (request->hasHeader("Cookie")) {
+    //User cookie from browser
+    String authCookie = GetCookieValueByKey(request, "web-auth");
+    if (authCookie == "") {
+      return false;
+    }
+
+    //Match it to the server side value in kvdb
+    //Serial.println(authCookie); //user cookie
+    //Serial.println(authSession); //server session
+    if (authSession == "") {
+      //Server side has no resumable login session
+      return false;
+    }
+    if (authCookie.equals(authSession)) {
+      return true;
+    }
+    return false;
+  } else {
+    Serial.println("Cookie Missing");
+    return false;
+  }
+}
+
+//Reply the request by a directory list
+void HandleDirRender(AsyncWebServerRequest *r, String dirName, String dirToList) {
+  AsyncResponseStream *response = r->beginResponseStream("text/html");
+  //Serve directory entries
+  File directory = SD.open(dirToList);
+
+  // Check if the directory is open
+  if (!directory) {
+    SendErrorResp(r, "unable to open directory");
+    return;
+  }
+
+  response->print("<!DOCTYPE html><html><head><meta charset=\"utf-8\"><title>Content of " + dirName + "</title></head><body style=\"margin: 3em;font-family: Arial;\">");
+  response->print("<h3>Content of " + dirName + "</h3><div style=\"width: 100%;border-bottom: 1px solid #d9d9d9;\"></div><ul>");
+  // List the contents of the directory
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    // Print the file name
+    response->print("<li><a href=\"./" + String(entry.name()) + "\">");
+    response->print(entry.name());
+    response->print(" (" + humanReadableSize(entry.size()) + ")</a></li>");
+    Serial.println(entry.name());
+    
+    entry.close();
+  }
+
+  // Close the directory
+  directory.close();
+  
+  response->print("</ul><div style=\"width: 100%;border-bottom: 1px solid #d9d9d9;\"></div><br><a href=\"../\">Back</a>");
+  response->print("<br><br><body></html>");
+  r->send(response);
+}
+
+void initWebServer() {
+  /*
+     Other handles here, like this
+    server.on("/logout", HTTP_GET, [](AsyncWebServerRequest *request){
+    request->send(401);
+    });
+  */
+
+  /*
+  server.on("/test", HTTP_GET, [](AsyncWebServerRequest * request) {
+    getSDCardUsedSpace();
+    request->send(200);
+  });
+  */
+
+  /* Authentication Functions */
+  server.on("/api/auth/chk", HTTP_GET, HandleCheckAuth);
+  server.on("/api/auth/login", HTTP_POST, HandleLogin);
+  server.on("/api/auth/logout", HTTP_GET, HandleLogout);
+
+  /* File System Functions */
+  server.on("/api/fs/list", HTTP_GET, HandleListDir);
+  server.on("/api/fs/del", HTTP_POST, HandleFileDel);
+  server.on("/api/fs/move", HTTP_POST, HandleFileRename);
+  server.on("/api/fs/download", HTTP_GET, HandleFileDownload);
+  server.on("/api/fs/newFolder", HTTP_POST, HandleNewFolder);
+  server.on("/api/fs/disk", HTTP_GET, HandleLoadSpaceInfo);
+  server.on("/api/fs/properties", HTTP_GET, HandleFileProp);
+  server.on("/api/fs/search", HTTP_GET, HandleFileSearch);
+  
+  /* Preference */
+  server.on("/api/pref/set", HTTP_GET, HandleSetPref);
+  server.on("/api/pref/get", HTTP_GET, HandleLoadPref);
+
+  /* Others */
+  server.on("/api/info/wifi", HTTP_GET, HandleWiFiInfo);
+
+  //File upload handler. see upload.ino
+  server.onFileUpload(handleFileUpload);
+
+  //Not found handler
+  server.onNotFound([](AsyncWebServerRequest * request) {
+    //Generally it will not arrive here as NOT FOUND is also handled in the main router.
+    //See router.ino for implementation details.
+    prettyPrintRequest(request);
+    request->send(404, "text/plain", "Not Found");
+  });
+
+  //Main Router, see router.ino
+  server.addHandler(new MainRouter());
+
+  server.begin();
+}

firmware/v2/web-server/upload.ino

@@ -0,0 +1,156 @@
+/*
+
+    Upload.ino
+
+    This script handles file upload to the web-stick
+    by default this function require authentication.
+    Hence, admin.txt must be set before use
+
+*/
+
+void handleFileUpload(AsyncWebServerRequest *request, String filename, size_t index, uint8_t *data, size_t len, bool final) {
+  // make sure authenticated before allowing upload
+  if (IsUserAuthed(request)) {
+    String logmessage = "";
+    //String logmessage = "Client:" + request->client()->remoteIP().toString() + " " + request->url();
+    //Serial.println(logmessage);
+
+    //Rewrite the filename if it is too long
+    filename = trimFilename(filename);
+
+    //Get the dir to store the file
+    String dirToStore = GetPara(request, "dir");
+    if (!dirToStore.startsWith("/")) {
+      dirToStore = "/" + dirToStore;
+    }
+
+    if (!dirToStore.endsWith("/")) {
+      dirToStore = dirToStore + "/";
+    }
+    dirToStore = "/www" + dirToStore;
+
+    if (!index) {
+      Serial.println("Selected Upload Dir: " + dirToStore);
+      logmessage = "Upload Start: " + String(filename) + " by " + request->client()->remoteIP().toString();
+      // open the file on first call and store the file handle in the request object
+      if (!SD.exists(dirToStore)) {
+        SD.mkdir(dirToStore);
+      }
+
+      //Already exists. Overwrite
+      if (SD.exists(dirToStore + filename)) {
+        SD.remove(dirToStore + filename);
+      }
+      request->_tempFile = SD.open(dirToStore + filename, FILE_WRITE);
+      Serial.println(logmessage);
+    }
+
+    if (len) {
+      // stream the incoming chunk to the opened file
+      request->_tempFile.write(data, len);
+      //logmessage = "Writing file: " + String(filename) + " index=" + String(index) + " len=" + String(len);
+      //Serial.println(logmessage);
+    }
+
+    if (final) {
+      logmessage = "Upload Complete: " + String(filename) + ",size: " + String(index + len);
+      // close the file handle as the upload is now done
+      request->_tempFile.close();
+      Serial.println(logmessage);
+
+      //Check if the file actually exists on SD card
+      if (!SD.exists(String(dirToStore + filename))) {
+        //Not found!
+        SendErrorResp(request, "Write failed for " + String(filename) + ". Try a shorter name!");
+        return;
+      }
+      request->send(200, "application/json", "ok");
+    }
+  } else {
+    Serial.println("Auth: Failed");
+    SendErrorResp(request, "unauthorized");
+  }
+}
+
+/*
+    Upload File Trimming
+
+    This trim the given uploading filename to less than 32 chars
+    if the filename is too long to fit on the SD card.
+
+    The code handle UTF-8 trimming at the bytes level.
+*/
+
+//UTF-8 is varaible in length, this get how many bytes in the coming sequences
+//are part of this UTF-8 word
+uint8_t getUtf8CharLength(const uint8_t firstByte) {
+  if ((firstByte & 0x80) == 0) {
+    // Single-byte character
+    return 1;
+  } else if ((firstByte & 0xE0) == 0xC0) {
+    // Two-byte character
+    return 2;
+  } else if ((firstByte & 0xF0) == 0xE0) {
+    // Three-byte character
+    return 3;
+  } else if ((firstByte & 0xF8) == 0xF0) {
+    // Four-byte character
+    return 4;
+  } else {
+    // Invalid UTF-8 character
+    return 0;
+  }
+}
+
+String filterBrokenUtf8(const String& input) {
+  String result;
+  size_t inputLength = input.length();
+  size_t i = 0;
+  while (i < inputLength) {
+    uint8_t firstByte = input[i];
+    uint8_t charLength = getUtf8CharLength(firstByte);
+
+    if (charLength == 0){
+       //End of filter
+       break;
+    }
+    
+    // Check if the character is complete (non-broken UTF-8)
+    if (i + charLength <= inputLength) {
+      // Check for invalid UTF-8 continuation bytes in the character
+      for (size_t j = 0; j < charLength; j++) {
+        result += input[i];
+        i++;
+      }
+    }else{
+      //End of valid UTF-8 segment
+      break;
+    }
+  }
+  return result;
+}
+
+String trimFilename(String& filename) {
+  //Replace all things that is not suppose to be in the filename
+  filename.replace("#","");
+  filename.replace("?","");
+  filename.replace("&","");
+  
+  // Find the position of the last dot (file extension)
+  int dotIndex = filename.lastIndexOf('.');
+
+  // Check if the filename contains a dot and the extension is not at the beginning or end
+  if (dotIndex > 0 && dotIndex < filename.length() - 1) {
+    // Calculate the maximum length for the filename (excluding extension)
+    int maxLength = 32 - (filename.length() - dotIndex - 1);
+
+    // Truncate the filename if it's longer than the maximum length
+    if (filename.length() > maxLength) {
+      String trimmedFilename = filterBrokenUtf8(filename.substring(0, maxLength)) + filename.substring(dotIndex);
+      return trimmedFilename;
+    }
+  }
+
+  // If no truncation is needed, return the original filename
+  return filename;
+}

firmware/v2/web-server/utils.ino

@@ -0,0 +1,260 @@
+/*
+
+    Utilities
+
+*/
+
+//Pretty print for easy debug
+void prettyPrintRequest(AsyncWebServerRequest * request) {
+  if (request->method() == HTTP_GET)
+    Serial.printf("GET");
+  else if (request->method() == HTTP_POST)
+    Serial.printf("POST");
+  else if (request->method() == HTTP_DELETE)
+    Serial.printf("DELETE");
+  else if (request->method() == HTTP_PUT)
+    Serial.printf("PUT");
+  else if (request->method() == HTTP_PATCH)
+    Serial.printf("PATCH");
+  else if (request->method() == HTTP_HEAD)
+    Serial.printf("HEAD");
+  else if (request->method() == HTTP_OPTIONS)
+    Serial.printf("OPTIONS");
+  else
+    Serial.printf("UNKNOWN");
+  Serial.printf(" http://%s%s\n", request->host().c_str(), request->url().c_str());
+
+  if (request->contentLength()) {
+    Serial.printf("_CONTENT_TYPE: %s\n", request->contentType().c_str());
+    Serial.printf("_CONTENT_LENGTH: %u\n", request->contentLength());
+  }
+
+  int headers = request->headers();
+  int i;
+  for (i = 0; i < headers; i++) {
+    AsyncWebHeader* h = request->getHeader(i);
+    Serial.printf("_HEADER[%s]: %s\n", h->name().c_str(), h->value().c_str());
+  }
+
+  int params = request->params();
+  for (i = 0; i < params; i++) {
+    AsyncWebParameter* p = request->getParam(i);
+    if (p->isFile()) {
+      Serial.printf("_FILE[%s]: %s, size: %u\n", p->name().c_str(), p->value().c_str(), p->size());
+    } else if (p->isPost()) {
+      Serial.printf("_POST[%s]: %s\n", p->name().c_str(), p->value().c_str());
+    } else {
+      Serial.printf("_GET[%s]: %s\n", p->name().c_str(), p->value().c_str());
+    }
+  }
+}
+
+//Check if a path is dir
+bool IsDir(const String& path) {
+  File file = SD.open(path);
+  if (file && !file.isDirectory()) {
+    file.close();
+    return false;
+  }
+  file.close();
+  return true;
+}
+
+//Generate a random 32 bit hex
+String GeneratedRandomHex() {
+  String hexString = "";
+
+  for (int i = 0; i < 8; i++) {
+    byte randomValue = random(256);  // Generate a random byte (0 to 255)
+    hexString += String(randomValue, HEX);  // Convert the random byte to its hexadecimal representation
+  }
+
+  return hexString;
+}
+
+//Get the current unix timestamp
+unsigned long getTime() {
+  unsigned long now = timeClient.getEpochTime();
+  return now;
+}
+
+//Convert Unix timestamp to UTC string
+String getUTCTimeString(time_t unixTimestamp) {
+  char utcString[30];
+  const char* weekdayNames[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
+  const char* monthNames[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
+
+  tm* timeInfo = gmtime(&unixTimestamp);
+  sprintf(utcString, "%s, %02d %s %04d %02d:%02d:%02d GMT",
+          weekdayNames[timeInfo->tm_wday], timeInfo->tm_mday, monthNames[timeInfo->tm_mon],
+          timeInfo->tm_year + 1900, timeInfo->tm_hour, timeInfo->tm_min, timeInfo->tm_sec);
+
+  return String(utcString);
+}
+
+//Get a certain cookie value by its key
+String GetCookieValueByKey(AsyncWebServerRequest *request, const String& key) {
+  //Check if the Cookie header exists
+  if (!request->hasHeader("Cookie")) {
+    return "";
+  }
+
+  //Load the cookie value as string from header
+  String targetValue = "";
+  AsyncWebHeader* h = request->getHeader("Cookie");
+  String cookieHeader = String(h->value().c_str());
+
+  // Find the start and end positions of target cookie key
+  int startIndex = cookieHeader.indexOf(key + "=");
+  if (startIndex != -1) {
+    startIndex += 9;  // Length of "web-auth="
+
+    int endIndex = cookieHeader.indexOf(';', startIndex);
+    if (endIndex == -1) {
+      endIndex = cookieHeader.length();
+    }
+
+    // Extract the value of the "web-auth" cookie
+    targetValue = cookieHeader.substring(startIndex, endIndex);
+  }
+
+  return targetValue;
+}
+
+//Get the filename from filepath
+String basename(const String& filePath) {
+  int lastSlashIndex = filePath.lastIndexOf('/');
+
+  // If no slash is found, return the original path
+  if (lastSlashIndex == -1) {
+    return filePath;
+  }
+
+  // Return the substring after the last slash
+  return filePath.substring(lastSlashIndex + 1);
+}
+
+
+bool recursiveDirRemove(const String& path) {
+  Serial.println(path);
+  File directory = SD.open(path);
+  if (!directory) {
+    Serial.println("Error opening directory!");
+    return false;
+  }
+
+  // Delete all the files in the directory
+  directory.rewindDirectory();
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    String filename = String(entry.name());
+    if (entry.isDirectory()) {
+      // Recursively delete the subdirectory
+      recursiveDirRemove(path + filename);
+    } else {
+      // Delete the file
+      entry.close();
+      Serial.println("Removing " + path + filename);
+      SD.remove(path + filename);
+    }
+  }
+
+  // Close the directory
+  directory.close();
+
+  // Delete the directory itself
+  if (!SD.rmdir(path)) {
+    Serial.println("Error deleting directory!");
+    return false;
+  }
+
+  return true;
+}
+
+/*
+
+   uint32_t totalSize = 0;
+   uint16_t fileCount = 0;
+   uint16_t folderCount = 0;
+
+   // Call the recursive function to analyze the directory and its contents
+   analyzeDirectory(directoryPath, totalSize, fileCount, folderCount);
+*/
+void analyzeDirectory(const String& path, uint32_t& totalSize, uint16_t& fileCount, uint16_t& folderCount) {
+  File directory = SD.open(path);
+  if (!directory) {
+    Serial.println("Error opening directory!");
+    return;
+  }
+
+  // Analyze all files and subdirectories in the directory
+  directory.rewindDirectory();
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    if (entry.isDirectory()) {
+      // Recursively analyze the subdirectory
+      folderCount++;
+      analyzeDirectory(entry.name(), totalSize, fileCount, folderCount);
+    } else {
+      // Update the counters and add file size to total size
+      fileCount++;
+      totalSize += entry.size();
+    }
+
+    entry.close();
+  }
+
+  // Close the directory
+  directory.close();
+}
+
+void scanSDCardForKeyword(const String& directoryPath, const String& keyword, int *matchCounter, AsyncResponseStream *response) {
+  File directory = SD.open(directoryPath);
+  if (!directory) {
+    Serial.println("Error opening directory " + directoryPath);
+    return;
+  }
+
+  // Scan all files and subdirectories in the directory
+  directory.rewindDirectory();
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    if (entry.isDirectory()) {
+      // Recursively scan the subdirectory
+      scanSDCardForKeyword((directoryPath + entry.name() + "/"), keyword, matchCounter, response);
+    } else {
+      // Check if the filename contains the keyword
+      String filename = basename(entry.name());
+      if (filename.indexOf(keyword) != -1) {
+        if ((*matchCounter) > 0){
+          //Append a comma before appending next matching file
+          response->print(",");
+        }
+        
+        //When writing response, trim off the /www root folder name from directoryPath
+        response->print("\"" + directoryPath.substring(4) + entry.name() + "\"");
+        (*matchCounter)++;
+      }
+    }
+
+    entry.close();
+  }
+
+  // Close the directory
+  directory.close();
+}

firmware/v2/web-server/web-server.ino

@@ -0,0 +1,110 @@
+/*
+ * 
+ *  Web Server Stick
+ *  Author: Toby Chui
+ *  
+ *  This firmware load and serve web content
+ *  from microSD card. 
+ *  
+ *  The following firmware config are recommended
+ *  Board: Wemos D1 Mini
+ *  CPU clockspeed: 160Mhz
+ *  IwIP Varient: v2 Higher Bandwidth
+ *  
+ *  Require external library: 
+ *  - ESPAsyncTCP (https://github.com/me-no-dev/ESPAsyncTCP)
+ *  - ESPAsyncWebServer (https://github.com/me-no-dev/ESPAsyncWebServer)
+ *  - ArduinoJson (https://github.com/bblanchon/ArduinoJson)
+ */
+
+//WiFi library
+#include <ESP8266WiFi.h>
+
+//SD cards library
+#include <SPI.h>
+#include <SD.h>
+#include <FS.h>
+
+//Web server library
+#include <ESPAsyncTCP.h>
+#include <ESPAsyncWebServer.h>
+#include <ArduinoJson.h>
+
+//Discovery related library
+#include <ESP8266mDNS.h>
+#include <NTPClient.h>
+#include <WiFiUdp.h>
+
+/* Hardware Configurations */
+#define CS_PIN D0
+
+/* Software Global Variables */
+AsyncWebServer server(80);
+String adminUsername = "";
+String adminPassword = "";
+String mdnsName = "webstick";
+String authSession = "";
+
+/* Time Keeping */
+WiFiUDP ntpUDP;
+NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+/* Debug variables */
+
+/* Function definations */
+String loadWiFiInfoFromSD();
+
+
+void setup() {
+  // Setup Debug Serial Port
+  Serial.begin(9600);
+  
+  //Try Initialize SD card (blocking)
+  while (!SD.begin(CS_PIN, 32000000)){
+    Serial.println("SD card initialization failed. Retrying in 3 seconds...");
+    delay(3000);
+  }
+  Serial.println("SD card initialized");
+  Serial.println("\n\nStorage Info:");
+  Serial.println("----------------------");
+  getSDCardTotalSpace();
+  getSDCardUsedSpace();
+  Serial.println("----------------------");
+  Serial.println();
+
+  //Connect to wifi based on settings (cfg/wifi.txt)
+  initWiFiConn();
+
+  //Load admin credentials from SD card (cfg/admin.txt)
+  initAdminCredentials();
+  
+  //Start mDNS service
+  initmDNSName();
+  if (!MDNS.begin(mdnsName)){
+      Serial.println("mDNS Error. Skipping.");
+  }else{
+      Serial.println("mDNS started. Connect to your webstick using http://" + mdnsName + ".local");
+      MDNS.addService("http", "tcp", 80);
+  }
+
+  //Start NTP time client
+  timeClient.begin();
+  Serial.print("Requesting time from NTP (unix timestamp): ");
+  timeClient.update();
+  Serial.println(getTime());
+
+  //Initialize database
+  DBInit();
+
+  //Resume login session if any
+  initLoginSessionKey();
+  
+  // Start listening to HTTP Requests
+  initWebServer();
+}
+  
+
+void loop(){
+  MDNS.update();
+  timeClient.update();
+}

firmware/v3/web-server/api.ino

@@ -0,0 +1,453 @@
+/*
+
+    API.ino
+
+    This script handle API requests
+    functions.
+*/
+
+/* Utilities Functions */
+String GetPara(AsyncWebServerRequest * request, String key) {
+  if (request->hasParam(key)) {
+    return request->getParam(key)->value();
+  }
+  return "";
+}
+
+void SendErrorResp(AsyncWebServerRequest * r, String errorMessage) {
+  //Parse the error message into json
+  StaticJsonDocument<200> jsonDocument;
+  JsonObject root = jsonDocument.to<JsonObject>();
+  root["error"] = errorMessage;
+  String jsonString;
+  serializeJson(root, jsonString);
+
+  //Send it out with request handler
+  r->send(200, "application/json", jsonString);
+}
+
+void SendJsonResp(AsyncWebServerRequest * r, String jsonString) {
+  r->send(200, "application/json", jsonString);
+}
+
+void SendOK(AsyncWebServerRequest *r) {
+  r->send(200, "application/json", "\"ok\"");
+}
+
+//Handle auth check if the request has been authed.
+//Return false if user is not authed
+bool HandleAuth(AsyncWebServerRequest *request) {
+  //Handle for API calls authentication validate
+  if (!IsUserAuthed(request)) {
+    //user not logged in
+    request->send(401, "text/html", "401 - Unauthorized");
+    return false;
+  }
+
+  return true;
+}
+
+/*
+
+    Handler Functions
+
+    These are API endpoints handler
+    which handle special API call
+    for backend operations
+
+*/
+
+/* Authentications */
+//Check if the user has logged in
+void HandleCheckAuth(AsyncWebServerRequest *r) {
+  if (IsUserAuthed(r)) {
+    SendJsonResp(r, "true");
+  } else {
+    SendJsonResp(r, "false");
+  }
+}
+
+//Handle login request
+void HandleLogin(AsyncWebServerRequest *r) {
+  String username = GetPara(r, "username");
+  String password = GetPara(r, "password");
+  if (adminUsername == "") {
+    SendErrorResp(r, "admin account not enabled");
+    return;
+  }
+  if (username.equals(adminUsername) && password.equals(adminPassword)) {
+    //Username and password correct. Set a cookie for this login.
+    //Generate a unique cookie for this login session
+    String cookieId = GeneratedRandomHex();
+    Serial.print("Generating new cookie ID ");
+    Serial.println(cookieId);
+
+    String expireUTC = getUTCTimeString(getTime() + 604800);
+    Serial.print("Generating expire UTC timestamp ");
+    Serial.println(expireUTC);
+
+    AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
+    response->addHeader("Server", mdnsName);
+    response->addHeader("Cache-Control", "no-cache");
+    response->addHeader("Set-Cookie",  "web-auth=" + cookieId + "; Path=/; Expires=" + expireUTC + "; Max-Age=604800");
+
+    //Save the cookie id
+    DBWrite("auth", "cookie", cookieId);
+    authSession = cookieId;
+
+    //Return login succ
+    r->send(response);
+
+    Serial.println(username + " logged in");
+  } else {
+    SendErrorResp(r, "invalid username or password");
+    return;
+  }
+  SendOK(r);
+}
+
+//Handle logout request, or you can logout with
+//just front-end by going to log:out@{ip_addr}/api/auth/logout
+void HandleLogout(AsyncWebServerRequest *r) {
+  if (!IsUserAuthed(r)) {
+    SendErrorResp(r, "not logged in");
+    return;
+  }
+
+  //Remove the cookie on client side
+  AsyncWebServerResponse *response = r->beginResponse(200, "application/json", "\"ok\"");
+  response->addHeader("Server", mdnsName);
+  response->addHeader("Cache-Control", "no-cache");
+  response->addHeader("Set-Cookie",  "web-auth=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT");
+  r->send(response);
+
+  //Delete the server side cookie
+  DBRemove("auth", "cookie");
+  authSession = "";
+}
+
+/* File System Functions */
+//HandleListDir handle the listing of directory under /www/
+void HandleListDir(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+
+  //Get the folder path to be listed
+  //As ESP8266 dont have enough memory for proper struct to json conv, we are hacking a json string out of a single for-loop
+  String jsonString = "[";
+  String folderPath = GetPara(r, "dir");
+  folderPath = "/www" + folderPath;
+  if (SD.exists(folderPath)) {
+    File root = SD.open(folderPath);
+    bool firstObject = true;
+    if (root) {
+      while (true) {
+        File entry = root.openNextFile();
+        if (!entry) {
+          // No more files
+          break;
+        } else {
+          //There are more lines. Add a , to the end of the previous json object
+          if (!firstObject) {
+            jsonString = jsonString + ",";
+          } else {
+            firstObject = false;
+          }
+
+        }
+
+        String isDirString = "true";
+        if (!entry.isDirectory()) {
+          isDirString = "false";
+        }
+        jsonString = jsonString + "{\"Filename\":\"" + entry.name() + "\",\"Filesize\":" + String(entry.size()) + ",\"IsDir\":" + isDirString + "}";
+        entry.close();
+      }
+      root.close();
+
+      jsonString += "]";
+      SendJsonResp(r, jsonString);
+    } else {
+      SendErrorResp(r, "path read failed");
+    }
+  } else {
+    SendErrorResp(r, "path not found");
+  }
+  Serial.println(folderPath);
+}
+
+//Handle file rename on SD card
+void HandleFileRename(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String srcFile = GetPara(r, "src");
+  String destFile = GetPara(r, "dest");
+  srcFile.trim();
+  destFile.trim();
+  srcFile = "/www" + srcFile;
+  destFile = "/www" + destFile;
+  if (!SD.exists(srcFile)) {
+    SendErrorResp(r, "source file not exists");
+    return;
+  }
+
+  if (SD.exists(destFile)) {
+    SendErrorResp(r, "destination file already exists");
+    return;
+  }
+
+  SD.rename(srcFile, destFile);
+  SendOK(r);
+}
+
+
+//Handle file delete on SD card
+void HandleFileDel(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String targetFile = GetPara(r, "target");
+  targetFile.trim();
+  if (targetFile.equals("/")) {
+    //Do not allow remove the whole root folder
+    SendErrorResp(r, "you cannot remove the root folder");
+    return;
+  }
+  targetFile = "/www" + targetFile;
+  if (!SD.exists(targetFile)) {
+    SendErrorResp(r, "target file not exists");
+    return;
+  }
+
+
+
+  if (!SD.remove(targetFile)) {
+    if (IsDir(targetFile)) {
+      if (!targetFile.endsWith("/")) {
+        //pad the tailing slash
+        targetFile = targetFile + "/";
+      }
+
+      //Try remove dir
+      if (!SD.rmdir(targetFile)) {
+        //The folder might contain stuffs. Do recursive delete
+        Serial.println("rmdir failed. Trying recursive delete");
+        if (recursiveDirRemove(targetFile)) {
+          SendOK(r);
+        } else {
+          SendErrorResp(r, "folder delete failed");
+        }
+
+      } else {
+        SendOK(r);
+      }
+    } else {
+      SendErrorResp(r, "file delete failed");
+    }
+    return;
+  }
+
+  SendOK(r);
+}
+
+//Hanle creating new Folder
+void HandleNewFolder(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+
+  //Get and clean the folder path
+  String folderPath = GetPara(r, "path");
+  folderPath.trim();
+  if (folderPath == "") {
+    SendErrorResp(r, "invalid folder path given");
+    return;
+  }
+
+  folderPath = "/www" + folderPath;
+
+  if (SD.exists(folderPath)) {
+    //Already exists
+    SendErrorResp(r, "folder with given path already exists");
+    return;
+  }
+
+  SD.mkdir(folderPath);
+  SendOK(r);
+}
+
+//Handle download file from any path, including the private store folder
+void HandleFileDownload(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String targetFile = GetPara(r, "file");
+  String preview = GetPara(r, "preview");
+  if (!SD.exists("/www" + targetFile)) {
+    r->send(404, "text/html", "404 - File Not Found");
+    return;
+  }
+
+  //Check if it is dir, ESP8266 have no power of creating zip file
+  if (IsDir("/www" + targetFile)) {
+    r->send(500, "text/html", "500 - Internal Server Error: Target is a folder");
+    return;
+  }
+
+  //Ok. Proceed with file serving
+  if (preview == "true") {
+    //Serve
+    r->send(SDFS, "/www" + targetFile, getMime(targetFile), false);
+  } else {
+    //Download
+    r->send(SDFS, "/www" + targetFile, "application/octet-stream", false);
+  }
+
+}
+
+//Get the file / folder properties
+void HandleFileProp(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String filepath = GetPara(r, "file");
+  filepath.trim();
+  String realFilepath = "/www" + filepath;
+
+  String resp = "";
+  if (IsDir(realFilepath)) {
+    //target is a folder
+    uint32_t totalSize = 0;
+    uint16_t fileCount = 0;
+    uint16_t folderCount = 0;
+    analyzeDirectory(realFilepath, totalSize, fileCount, folderCount);
+    resp = "{\"filename\":\"" + basename(filepath) + "\",\"filepath\":\"" + filepath + "\",\"isDir\":true,\"filesize\":" + String(totalSize) + ",\"fileCounts\":" + String(fileCount) + ",\"folderCounts\":" + String(folderCount) + "}";
+
+  } else {
+    //target is a file
+    File targetFile = SD.open(realFilepath);
+    if (!targetFile) {
+      SendErrorResp(r, "File open failed");
+      return;
+    }
+
+    resp = "{\"filename\":\"" + basename(filepath) + "\",\"filepath\":\"" + filepath + "\",\"isDir\":false,\"filesize\":" + String(targetFile.size()) + "}";
+    targetFile.close();
+  }
+
+  SendJsonResp(r, resp);
+}
+
+//Search with basic keyword match
+void HandleFileSearch(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String keyword = GetPara(r, "keyword");
+  keyword.trim();
+  if (keyword.equals("")) {
+    SendErrorResp(r, "keyword cannot be empty");
+    return;
+  }
+
+  //Prepare for the resp
+  AsyncResponseStream *response = r->beginResponseStream("application/json");
+  response->print("[");
+
+  //Recursive search for the whole /www/ directory (Require tailing slash)
+  int foundCounter = 0;
+  scanSDCardForKeyword("/www/", keyword, &foundCounter, response);
+
+  //Send the resp
+  response->print("]");
+  r->send(response);
+}
+/* Handle Load and Set of Prefernece Value */
+//Set Preference, auth user only
+void HandleSetPref(AsyncWebServerRequest *r) {
+  if (!HandleAuth(r)) {
+    return;
+  }
+  String key = GetPara(r, "key");
+  String val = GetPara(r, "value");
+  key.trim();
+  val.trim();
+
+  if (key == "" || val == "") {
+    SendErrorResp(r, "invalid key or value given");
+    return;
+  }
+
+  DBWrite("pref", key, val);
+  SendOK(r);
+}
+
+//Load Prefernece, allow public access
+void HandleLoadPref(AsyncWebServerRequest *r) {
+  String key = GetPara(r, "key");
+  key.trim();
+  if (!DBKeyExists("pref", key)) {
+    SendErrorResp(r, "preference with given key not found");
+    return;
+  }
+
+  String prefValue = DBRead("pref", key);
+  r->send(200, "application/json", "\"" + prefValue + "\"");
+}
+
+/* Handle System Info */
+void HandleLoadSpaceInfo(AsyncWebServerRequest *r) {
+  String jsonResp = "{\
+    \"diskSpace\":" + String(getSDCardTotalSpace()) + ",\
+    \"usedSpace\": " + String(getSDCardUsedSpace()) + "\
+  }";
+
+  SendJsonResp(r, jsonResp);
+}
+
+/* Handle Wake On Lan Request */
+void HandleWakeOnLan(AsyncWebServerRequest *r) {
+  if (!IsUserAuthed(r)) {
+    SendErrorResp(r, "not logged in");
+    return;
+  }
+
+  if (r->hasArg("mac")) {
+    String macAddress = r->arg("mac");
+    Serial.print("Sending WoL packet to: ");
+    Serial.println(macAddress);
+
+    //Send MAC address to both port 9 and 7
+    WOL.sendMagicPacket(macAddress);
+    WOL.sendMagicPacket(macAddress, 7);
+
+    r->send(200, "text/plain", "Received MAC Address: " + macAddress);
+    return;
+  } else {
+    r->send(400, "text/plain", "Missing 'mac' parameter");
+    return;
+  }
+}
+
+
+//Get the current connected WiFi info
+void HandleWiFiInfo(AsyncWebServerRequest *r) {
+  StaticJsonDocument<256> jsonBuffer;
+  jsonBuffer["SSID"] = WiFi.SSID();
+  jsonBuffer["WifiStatus"] = WiFi.status();
+  jsonBuffer["WifiStrength"] = WiFi.RSSI();
+  jsonBuffer["MAC"] = WiFi.macAddress();
+  jsonBuffer["IP"] = WiFi.localIP().toString();
+  jsonBuffer["Subnet"] = WiFi.subnetMask().toString();
+  jsonBuffer["Gateway"] = WiFi.gatewayIP().toString();
+  jsonBuffer["DNS1"] = WiFi.dnsIP(0).toString();
+  jsonBuffer["DNS2"] = WiFi.dnsIP(1).toString();
+  jsonBuffer["DNS3"] = WiFi.dnsIP(2).toString();
+
+  // Serialize the JSON buffer to a string
+  String jsonString;
+  serializeJson(jsonBuffer, jsonString);
+  SendJsonResp(r, jsonString);
+}

firmware/v3/web-server/internal.ino

@@ -0,0 +1,274 @@
+/*
+
+    WiFi Setup Functions
+
+    To setup WiFi on your Web-stick
+    put a file in your SD card with filename /cfg/wifi.txt
+    In the text file, write two lines which containing the
+    WiFi ssid and password, seperated by a linux new linx \n
+    as follows:
+
+    [WIFI SSID]
+    [WiFi Password]
+*/
+String loadWiFiInfoFromSD() {
+  if (SD.exists("/cfg/wifi.txt")) {
+    String fileContent = "";
+    File configFile = SD.open("/cfg/wifi.txt", FILE_READ);
+
+    if (configFile) {
+      while (configFile.available()) {
+        fileContent += char(configFile.read());
+      }
+      configFile.close();
+    }
+
+    return fileContent;
+  }
+
+  return "";
+}
+
+void splitWiFiFileContent(const String& fileContent, String& ssid, String& password) {
+  int newlineIndex = fileContent.indexOf('\n');
+  if (newlineIndex != -1) {
+    ssid = fileContent.substring(0, newlineIndex);
+    password = fileContent.substring(newlineIndex + 1);
+  }
+}
+
+void initWiFiConn() {
+  String wifiFileContent = loadWiFiInfoFromSD();
+  if (wifiFileContent.equals("")) {
+    while (1) {
+      Serial.println("WiFi info is not set. Please create a file in the SD card named /cfg/wifi.txt with first line as WiFi SSID and 2nd line as Password");
+      delay(3000);
+    }
+  }
+
+  // Split the contents into SSID and password
+  String ssid, password;
+  splitWiFiFileContent(wifiFileContent, ssid, password);
+  ssid.trim();
+  password.trim();
+  WiFi.begin(ssid, password);
+  Serial.print("Connecting to WiFi...");
+  while (WiFi.status() != WL_CONNECTED) {
+    Serial.print(".");
+    delay(1000);
+  }
+  Serial.println(".");
+  Serial.println("WiFi Connected: ");
+  Serial.println("\n\nNetwork Configuration:");
+  Serial.println("----------------------");
+  Serial.print("         SSID: "); Serial.println(WiFi.SSID());
+  Serial.print("  Wifi Status: "); Serial.println(WiFi.status());
+  Serial.print("Wifi Strength: "); Serial.print(WiFi.RSSI()); Serial.println(" dBm");
+  Serial.print("          MAC: "); Serial.println(WiFi.macAddress());
+  Serial.print("           IP: "); Serial.println(WiFi.localIP());
+  Serial.print("       Subnet: "); Serial.println(WiFi.subnetMask());
+  Serial.print("      Gateway: "); Serial.println(WiFi.gatewayIP());
+  Serial.print("        DNS 1: "); Serial.println(WiFi.dnsIP(0));
+  Serial.print("        DNS 2: "); Serial.println(WiFi.dnsIP(1));
+  Serial.print("        DNS 3: "); Serial.println(WiFi.dnsIP(2));
+  Serial.println("----------------------");
+  Serial.println();
+}
+
+/*
+
+    Admin Credential Setup
+
+    For management portal functions, you will
+    need to setup the admin account in order to
+    use it. Place a text file at cfg/admin.txt
+    with the following information
+
+    [admin_username]
+    [admin_password]
+
+    Currently only 1 admin user is supported
+
+*/
+
+String loadAdminCredFromSD() {
+  if (SD.exists("/cfg/admin.txt")) {
+    String fileContent = "";
+    File configFile = SD.open("/cfg/admin.txt", FILE_READ);
+
+    if (configFile) {
+      while (configFile.available()) {
+        fileContent += char(configFile.read());
+      }
+      configFile.close();
+    }
+
+    return fileContent;
+  }
+
+  return "";
+}
+
+void splitAdminCreds(const String& fileContent, String& username, String& password) {
+  int newlineIndex = fileContent.indexOf('\n');
+  if (newlineIndex != -1) {
+    username = fileContent.substring(0, newlineIndex);
+    password = fileContent.substring(newlineIndex + 1);
+  }
+}
+
+void initAdminCredentials() {
+  String adminCredentials = loadAdminCredFromSD();
+  if (adminCredentials.equals("")) {
+    //Disable authentications on API calls
+    return;
+  }
+
+  // Split the contents into username and password
+  splitWiFiFileContent(adminCredentials, adminUsername, adminPassword);
+  adminUsername.trim();
+  adminPassword.trim();
+  Serial.println("Admin user loaded: " + adminUsername);
+}
+
+void initmDNSName() {
+  if (SD.exists("/cfg/mdns.txt")) {
+    String fileContent = "";
+    File configFile = SD.open("/cfg/mdns.txt", FILE_READ);
+
+    if (configFile) {
+      while (configFile.available()) {
+        fileContent += char(configFile.read());
+      }
+      configFile.close();
+    }
+
+    fileContent.trim();
+    mdnsName = fileContent;
+  }
+}
+
+//Load the previous login session key from database
+//for resuming login session after poweroff
+void initLoginSessionKey() {
+  String serverCookie = DBRead("auth", "cookie");
+  if (serverCookie != "") {
+    authSession = serverCookie;
+  }
+}
+
+/*
+
+    MIME Utils
+
+*/
+
+String getMime(const String& path) {
+  String _contentType = "text/plain";
+  if (path.endsWith(".html")) _contentType = "text/html";
+  else if (path.endsWith(".htm")) _contentType = "text/html";
+  else if (path.endsWith(".css")) _contentType = "text/css";
+  else if (path.endsWith(".json")) _contentType = "text/json";
+  else if (path.endsWith(".js")) _contentType = "application/javascript";
+  else if (path.endsWith(".png")) _contentType = "image/png";
+  else if (path.endsWith(".gif")) _contentType = "image/gif";
+  else if (path.endsWith(".jpg")) _contentType = "image/jpeg";
+  else if (path.endsWith(".ico")) _contentType = "image/x-icon";
+  else if (path.endsWith(".svg")) _contentType = "image/svg+xml";
+  else if (path.endsWith(".eot")) _contentType = "font/eot";
+  else if (path.endsWith(".woff")) _contentType = "font/woff";
+  else if (path.endsWith(".woff2")) _contentType = "font/woff2";
+  else if (path.endsWith(".ttf")) _contentType = "font/ttf";
+  else if (path.endsWith(".xml")) _contentType = "text/xml";
+  else if (path.endsWith(".pdf")) _contentType = "application/pdf";
+  else if (path.endsWith(".zip")) _contentType = "application/zip";
+  else if (path.endsWith(".gz")) _contentType = "application/x-gzip";
+  else if (path.endsWith(".mp3")) _contentType = "audio/mpeg";
+  else if (path.endsWith(".mp4")) _contentType = "video/mp4";
+  else if (path.endsWith(".aac")) _contentType = "audio/aac";
+  else if (path.endsWith(".ogg")) _contentType = "audio/ogg";
+  else if (path.endsWith(".wav")) _contentType = "audio/wav";
+  else if (path.endsWith(".m4v")) _contentType = "video/x-m4v";
+  else if (path.endsWith(".webm")) _contentType = "video/webm";
+  else _contentType = "text/plain";
+  return _contentType;
+}
+
+/*
+
+    Get ESP Info
+*/
+
+void printESPInfo() {
+  Serial.println(ESP.getBootMode());
+  Serial.print("ESP.getSdkVersion(); ");
+  Serial.println(ESP.getSdkVersion());
+  Serial.print("ESP.getBootVersion(); ");
+  Serial.println(ESP.getBootVersion());
+  Serial.print("ESP.getChipId(); ");
+  Serial.println(ESP.getChipId());
+  Serial.print("ESP.getFlashChipSize(); ");
+  Serial.println(ESP.getFlashChipSize());
+  Serial.print("ESP.getFlashChipRealSize(); ");
+  Serial.println(ESP.getFlashChipRealSize());
+  Serial.print("ESP.getFlashChipSizeByChipId(); ");
+  Serial.println(ESP.getFlashChipSizeByChipId());
+  Serial.print("ESP.getFlashChipId(); ");
+  Serial.println(ESP.getFlashChipId());
+}
+
+/*
+
+    Get SD card info
+
+*/
+
+uint32_t getTotalUsedSpace(const String& directory) {
+  uint32_t totalUsedSpace = 0;
+
+  File root = SD.open(directory);
+  if (root) {
+    while (true) {
+      File entry = root.openNextFile();
+      if (!entry) {
+        // No more files
+        break;
+      }
+
+      if (entry.isDirectory()) {
+        // Recursive call for subdirectory
+        totalUsedSpace += getTotalUsedSpace(directory + "/" + entry.name());
+      } else {
+        //Serial.print(entry.name());
+        //Serial.print(" | Size: ");
+        //Serial.println(humanReadableSize(entry.size()));
+        totalUsedSpace += entry.size();
+      }
+
+      entry.close();
+    }
+    root.close();
+  }
+
+  return totalUsedSpace;
+}
+
+//Return the total used space on SD card
+long getSDCardUsedSpace() {
+  uint32_t totalUsedSpace = getTotalUsedSpace("/");
+  Serial.println("Total used space: " + humanReadableSize(totalUsedSpace));
+  return totalUsedSpace;
+}
+
+//Get the total SD card size
+long getSDCardTotalSpace() {
+  Serial.println("SD card size: " + humanReadableSize(SD.size64()));
+  return SD.size64();
+}
+
+String humanReadableSize(const int bytes) {
+  if (bytes < 1024) return String(bytes) + " B";
+  else if (bytes < (1024 * 1024)) return String(bytes / 1024.0) + " KB";
+  else if (bytes < (1024 * 1024 * 1024)) return String(bytes / 1024.0 / 1024.0) + " MB";
+  else return String(bytes / 1024.0 / 1024.0 / 1024.0) + " GB";
+}

firmware/v3/web-server/kvdb.ino

@@ -0,0 +1,112 @@
+/*
+
+   Key Value database
+
+   This is a file system based database
+   that uses foldername as table name,
+   filename as key and content as value
+
+   Folder name and filename are limited to
+   5 characters as SDFS requirements.
+*/
+
+//Root of the db on SD card, **must have tailing slash**
+const String DB_root = "/db/";
+
+//Clean the input for any input string
+String DBCleanInput(const String& inputString) {
+  String trimmedString = inputString;
+  //Replae all the slash that might breaks the file system
+  trimmedString.replace("/", "");
+  //Trim off the space before and after the string
+  trimmedString.trim();
+  return trimmedString;
+}
+
+//Database init create all the required table for basic system operations
+void DBInit() {
+  DBNewTable("auth");
+  DBNewTable("pref");
+  DBNewTable("user");
+}
+
+//Create a new Database table
+void DBNewTable(String tableName) {
+  tableName = DBCleanInput(tableName);
+  if (!SD.exists(DB_root + tableName)) {
+    SD.mkdir(DB_root + tableName);
+  }
+}
+
+
+//Check if a database table exists
+bool DBTableExists(String tableName) {
+  tableName = DBCleanInput(tableName);
+  return SD.exists(DB_root + tableName);
+}
+
+//Write a key to a table, return true if succ
+bool DBWrite(String tableName, String key, String value) {
+  if (!DBTableExists(tableName)) {
+    return false;
+  }
+  tableName = DBCleanInput(tableName);
+  key = DBCleanInput(key);
+  String fsDataPath = DB_root + tableName + "/" + key;
+  if (SD.exists(fsDataPath)) {
+    //Entry already exists. Delete it
+    SD.remove(fsDataPath);
+  }
+
+  //Write new data to it
+  File targetEntry = SD.open(fsDataPath, FILE_WRITE);
+  targetEntry.print(value);
+  targetEntry.close();
+  return true;
+}
+
+//Read from database, require table name and key
+String DBRead(String tableName, String key) {
+  if (!DBTableExists(tableName)) {
+    return "";
+  }
+  tableName = DBCleanInput(tableName);
+  key = DBCleanInput(key);
+  String fsDataPath = DB_root + tableName + "/" + key;
+  if (!SD.exists(fsDataPath)) {
+    //Target not exists. Return empty string
+    return "";
+  }
+
+  String value = "";
+  File targetEntry = SD.open(fsDataPath, FILE_READ);
+  while (targetEntry.available()) {
+    value = value + targetEntry.readString();
+  }
+
+  targetEntry.close();
+  return value;
+}
+
+//Check if a given key exists in the database
+bool DBKeyExists(String tableName, String key) {
+  if (!DBTableExists(tableName)) {
+    return false;
+  }
+  tableName = DBCleanInput(tableName);
+  key = DBCleanInput(key);
+  String fsDataPath = DB_root + tableName + "/" + key;
+  return SD.exists(fsDataPath);
+}
+
+//Remove the key-value item from db, return true if succ
+bool DBRemove(String tableName, String key) {
+  if (!DBKeyExists(tableName, key)){
+    return false;
+  }
+  tableName = DBCleanInput(tableName);
+  key = DBCleanInput(key);
+  String fsDataPath = DB_root + tableName + "/" + key;
+  SD.remove(fsDataPath);
+  return true;
+}

firmware/v3/web-server/router.ino

@@ -0,0 +1,92 @@
+/*
+
+    Router.ino
+
+    This is the main router of the whole web server.
+    It is like the apache.conf where you handle routing
+    to different services.
+
+    By default, all route will go to the SD card /www/ folder
+*/
+class MainRouter : public AsyncWebHandler {
+  public:
+    MainRouter() {}
+    virtual ~MainRouter() {}
+
+    bool canHandle(AsyncWebServerRequest *request) {
+      String requestURI = request->url().c_str();
+      if (requestURI.equals("/upload")) {
+        //File Upload Endpoint
+        return false;
+      } else if (requestURI.startsWith("/api/")) {
+        //API paths
+        return false;
+      }
+      return true;
+    }
+
+    //Main Routing Logic Here
+    void handleRequest(AsyncWebServerRequest *request) {
+      String requestURI = request->url().c_str();
+
+      /* Rewrite the request path if URI contains ./ */
+      if (requestURI.indexOf("./") > 0) {
+        requestURI.replace("./", "");
+        AsyncWebServerResponse *response = request->beginResponse(307);
+        response->addHeader("Cache-Control", "no-cache");
+        response->addHeader("Location", requestURI);
+        request->send(response);
+        return;
+      }
+      
+      /* Special Routing Rules */
+      //Redirect / back to index.html
+      if (requestURI == "/") {
+        request->redirect("/index.html");
+        return;
+      }
+
+      //Special interfaces that require access controls
+      if (requestURI.startsWith("/store/")) {
+        //Private file storage. Not allow access
+        AsyncWebServerResponse *response = request->beginResponse(401, "text/html", "403 - Forbidden");
+        request->send(response);
+        return;
+      }
+
+      /* Default Routing Rules */
+
+      Serial.println("URI: " + requestURI + " | MIME: " + getMime(requestURI));
+      //Check if the file exists on the SD card
+      if (SD.exists("/www" + requestURI)) {
+        // File exists on SD card web root
+        if (IsDir("/www" + requestURI)) {
+          //Requesting a directory
+          if (!requestURI.endsWith("/")) {
+            //Missing tailing slash
+            request->redirect(requestURI + "/");
+            return;
+          }
+
+          if (SD.exists("/www" + requestURI + "index.html")) {
+            request->send(SDFS, "/www" + requestURI + "/index.html", "text/html", false);
+          } else {
+            HandleDirRender(request, requestURI , "/www" + requestURI);
+          }
+
+        } else {
+          request->send(SDFS, "/www" + requestURI, getMime(requestURI), false);
+        }
+      } else {
+        // File does not exist in web root
+        AsyncResponseStream *response = request->beginResponseStream("text/html");
+        Serial.println("NOT FOUND: " + requestURI);
+        prettyPrintRequest(request);
+        response->print("<!DOCTYPE html><html><head><title>Not Found</title></head><body>");
+        response->print("<p>404 - Not Found</p>");
+        response->printf("<p>Requesting http://%s with URI: %s</p>", request->host().c_str(), request->url().c_str());
+        response->print("</body></html>");
+        request->send(response);
+      }
+    }
+};

firmware/v3/web-server/server.ino

@@ -0,0 +1,154 @@
+/*
+
+    Web Server
+
+    This is the main entry point of the WebStick bare metal
+    web server. If you have exception rules that shall not
+    be handled by the main router, you can do them here.
+
+*/
+
+//Check if a user is authenticated / logged in
+bool IsUserAuthed(AsyncWebServerRequest *request) {
+  if (request->hasHeader("Cookie")) {
+    //User cookie from browser
+    String authCookie = GetCookieValueByKey(request, "web-auth");
+    if (authCookie == "") {
+      return false;
+    }
+
+    //Match it to the server side value in kvdb
+    //Serial.println(authCookie); //user cookie
+    //Serial.println(authSession); //server session
+    if (authSession == "") {
+      //Server side has no resumable login session
+      return false;
+    }
+    if (authCookie.equals(authSession)) {
+      return true;
+    }
+    return false;
+  } else {
+    Serial.println("Cookie Missing");
+    return false;
+  }
+}
+
+//Check if a user is authenticated and is Admin
+bool IsAdmin(AsyncWebServerRequest *request) {
+  if (request->hasHeader("Cookie")) {
+    //User cookie from browser
+    String authCookie = GetCookieValueByKey(request, "web-auth");
+    if (authCookie == "") {
+      return false;
+    }
+
+    //Match it to the server side value in kvdb
+    if (authSession == "") {
+      //Server side has no resumable login session
+      return false;
+    }
+    if (authCookie.equals(authSession)) {
+      return true;
+    }
+    return false;
+  } else {
+    return false;
+  }
+}
+
+
+//Reply the request by a directory list
+void HandleDirRender(AsyncWebServerRequest *r, String dirName, String dirToList) {
+  AsyncResponseStream *response = r->beginResponseStream("text/html");
+  //Serve directory entries
+  File directory = SD.open(dirToList);
+
+  // Check if the directory is open
+  if (!directory) {
+    SendErrorResp(r, "unable to open directory");
+    return;
+  }
+
+  response->print("<!DOCTYPE html><html><head><meta charset=\"utf-8\"><title>Content of " + dirName + "</title></head><body style=\"margin: 3em;font-family: Arial;\">");
+  response->print("<h3>Content of " + dirName + "</h3><div style=\"width: 100%;border-bottom: 1px solid #d9d9d9;\"></div><ul>");
+  // List the contents of the directory
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    // Print the file name
+    response->print("<li><a href=\"./" + String(entry.name()) + "\">");
+    response->print(entry.name());
+    response->print(" (" + humanReadableSize(entry.size()) + ")</a></li>");
+    Serial.println(entry.name());
+
+    entry.close();
+  }
+
+  // Close the directory
+  directory.close();
+
+  response->print("</ul><div style=\"width: 100%;border-bottom: 1px solid #d9d9d9;\"></div><br><a href=\"../\">Back</a>");
+  response->print("<br><br><body></html>");
+  r->send(response);
+}
+
+
+void initWebServer() {
+  /*
+     Other handles here, like this
+    server.on("/logout", HTTP_GET, [](AsyncWebServerRequest *request){
+    request->send(401);
+    });
+  */
+
+  /*
+  server.on("/test", HTTP_GET, [](AsyncWebServerRequest * request) {
+    getSDCardUsedSpace();
+    request->send(200);
+  });
+  */
+
+  /* Authentication Functions */
+  server.on("/api/auth/chk", HTTP_GET, HandleCheckAuth);
+  server.on("/api/auth/login", HTTP_POST, HandleLogin);
+  server.on("/api/auth/logout", HTTP_GET, HandleLogout);
+
+  /* File System Functions */
+  server.on("/api/fs/list", HTTP_GET, HandleListDir);
+  server.on("/api/fs/del", HTTP_POST, HandleFileDel);
+  server.on("/api/fs/move", HTTP_POST, HandleFileRename);
+  server.on("/api/fs/download", HTTP_GET, HandleFileDownload);
+  server.on("/api/fs/newFolder", HTTP_POST, HandleNewFolder);
+  server.on("/api/fs/disk", HTTP_GET, HandleLoadSpaceInfo);
+  server.on("/api/fs/properties", HTTP_GET, HandleFileProp);
+  server.on("/api/fs/search", HTTP_GET, HandleFileSearch);
+
+  /* Preference */
+  server.on("/api/pref/set", HTTP_GET, HandleSetPref);
+  server.on("/api/pref/get", HTTP_GET, HandleLoadPref);
+
+  /* Others */
+  server.on("/api/info/wifi", HTTP_GET, HandleWiFiInfo); //Show WiFi Information
+  server.on("/api/wol", HTTP_GET, HandleWakeOnLan); //Handle WoL request
+
+  //File upload handler. see upload.ino
+  server.onFileUpload(handleFileUpload);
+
+  //Not found handler
+  server.onNotFound([](AsyncWebServerRequest *request) {
+    //Generally it will not arrive here as NOT FOUND is also handled in the main router.
+    //See router.ino for implementation details.
+    prettyPrintRequest(request);
+    request->send(404, "text/plain", "Not Found");
+  });
+
+  //Main Router, see router.ino
+  server.addHandler(new MainRouter());
+
+  server.begin();
+}

firmware/v3/web-server/upload.ino

@@ -0,0 +1,156 @@
+/*
+
+    Upload.ino
+
+    This script handles file upload to the web-stick
+    by default this function require authentication.
+    Hence, admin.txt must be set before use
+
+*/
+
+void handleFileUpload(AsyncWebServerRequest *request, String filename, size_t index, uint8_t *data, size_t len, bool final) {
+  // make sure authenticated before allowing upload
+  if (IsUserAuthed(request)) {
+    String logmessage = "";
+    //String logmessage = "Client:" + request->client()->remoteIP().toString() + " " + request->url();
+    //Serial.println(logmessage);
+
+    //Rewrite the filename if it is too long
+    filename = trimFilename(filename);
+
+    //Get the dir to store the file
+    String dirToStore = GetPara(request, "dir");
+    if (!dirToStore.startsWith("/")) {
+      dirToStore = "/" + dirToStore;
+    }
+
+    if (!dirToStore.endsWith("/")) {
+      dirToStore = dirToStore + "/";
+    }
+    dirToStore = "/www" + dirToStore;
+
+    if (!index) {
+      Serial.println("Selected Upload Dir: " + dirToStore);
+      logmessage = "Upload Start: " + String(filename) + " by " + request->client()->remoteIP().toString();
+      // open the file on first call and store the file handle in the request object
+      if (!SD.exists(dirToStore)) {
+        SD.mkdir(dirToStore);
+      }
+
+      //Already exists. Overwrite
+      if (SD.exists(dirToStore + filename)) {
+        SD.remove(dirToStore + filename);
+      }
+      request->_tempFile = SD.open(dirToStore + filename, FILE_WRITE);
+      Serial.println(logmessage);
+    }
+
+    if (len) {
+      // stream the incoming chunk to the opened file
+      request->_tempFile.write(data, len);
+      //logmessage = "Writing file: " + String(filename) + " index=" + String(index) + " len=" + String(len);
+      //Serial.println(logmessage);
+    }
+
+    if (final) {
+      logmessage = "Upload Complete: " + String(filename) + ",size: " + String(index + len);
+      // close the file handle as the upload is now done
+      request->_tempFile.close();
+      Serial.println(logmessage);
+
+      //Check if the file actually exists on SD card
+      if (!SD.exists(String(dirToStore + filename))) {
+        //Not found!
+        SendErrorResp(request, "Write failed for " + String(filename) + ". Try a shorter name!");
+        return;
+      }
+      request->send(200, "application/json", "ok");
+    }
+  } else {
+    Serial.println("Auth: Failed");
+    SendErrorResp(request, "unauthorized");
+  }
+}
+
+/*
+    Upload File Trimming
+
+    This trim the given uploading filename to less than 32 chars
+    if the filename is too long to fit on the SD card.
+
+    The code handle UTF-8 trimming at the bytes level.
+*/
+
+//UTF-8 is varaible in length, this get how many bytes in the coming sequences
+//are part of this UTF-8 word
+uint8_t getUtf8CharLength(const uint8_t firstByte) {
+  if ((firstByte & 0x80) == 0) {
+    // Single-byte character
+    return 1;
+  } else if ((firstByte & 0xE0) == 0xC0) {
+    // Two-byte character
+    return 2;
+  } else if ((firstByte & 0xF0) == 0xE0) {
+    // Three-byte character
+    return 3;
+  } else if ((firstByte & 0xF8) == 0xF0) {
+    // Four-byte character
+    return 4;
+  } else {
+    // Invalid UTF-8 character
+    return 0;
+  }
+}
+
+String filterBrokenUtf8(const String& input) {
+  String result;
+  size_t inputLength = input.length();
+  size_t i = 0;
+  while (i < inputLength) {
+    uint8_t firstByte = input[i];
+    uint8_t charLength = getUtf8CharLength(firstByte);
+
+    if (charLength == 0){
+       //End of filter
+       break;
+    }
+    
+    // Check if the character is complete (non-broken UTF-8)
+    if (i + charLength <= inputLength) {
+      // Check for invalid UTF-8 continuation bytes in the character
+      for (size_t j = 0; j < charLength; j++) {
+        result += input[i];
+        i++;
+      }
+    }else{
+      //End of valid UTF-8 segment
+      break;
+    }
+  }
+  return result;
+}
+
+String trimFilename(String& filename) {
+  //Replace all things that is not suppose to be in the filename
+  filename.replace("#","");
+  filename.replace("?","");
+  filename.replace("&","");
+  
+  // Find the position of the last dot (file extension)
+  int dotIndex = filename.lastIndexOf('.');
+
+  // Check if the filename contains a dot and the extension is not at the beginning or end
+  if (dotIndex > 0 && dotIndex < filename.length() - 1) {
+    // Calculate the maximum length for the filename (excluding extension)
+    int maxLength = 32 - (filename.length() - dotIndex - 1);
+
+    // Truncate the filename if it's longer than the maximum length
+    if (filename.length() > maxLength) {
+      String trimmedFilename = filterBrokenUtf8(filename.substring(0, maxLength)) + filename.substring(dotIndex);
+      return trimmedFilename;
+    }
+  }
+
+  // If no truncation is needed, return the original filename
+  return filename;
+}

firmware/v3/web-server/users.ino

@@ -0,0 +1,71 @@
+/*
+  User.ino
+
+  This is a new module handling user systems on ESP8266
+
+*/
+
+//Create new user, creator must be admin
+void HandleNewUser(AsyncWebServerRequest *r) {
+  if (!IsAdmin(r)) {
+    SendErrorResp(r, "this function require admin permission");
+    return;
+  }
+  String username = GetPara(r, "username");
+  String password = GetPara(r, "password");
+  username.trim();
+  password.trim();
+
+  //Check if the inputs are valid
+  if (username == "" || password == "") {
+    SendErrorResp(r, "username or password is an empty string");
+    return;
+  } else if (password.length() < 8) {
+    SendErrorResp(r, "password must contain at least 8 characters");
+    return;
+  }
+
+  //Check if the user already exists
+  if (DBKeyExists("user", username)) {
+    SendErrorResp(r, "user with name: " + username + " already exists");
+    return;
+  }
+
+  //OK create the user
+  bool succ = DBWrite("user", username, sha1(password));
+  if (!succ) {
+    SendErrorResp(r, "write new user to database failed");
+    return;
+  }
+  r->send(200, "application/json", "\"OK\"");
+}
+
+//Remove the given username from the system
+void HandleRemoveUser(AsyncWebServerRequest *r) {
+  if (!IsAdmin(r)) {
+    SendErrorResp(r, "this function require admin permission");
+    return;
+  }
+
+  String username = GetPara(r, "username");
+  username.trim();
+
+  //Check if the user exists
+  if (!DBKeyExists("user", username)) {
+    SendErrorResp(r, "user with name: " + username + " not exists");
+    return;
+  }
+
+  //Okey, remove the user
+  bool succ = DBRemove("user", username);
+  if (!succ) {
+    SendErrorResp(r, "remove user from system failed");
+    return;
+  }
+  r->send(200, "application/json", "\"OK\"");
+}
+
+//Admin or the user themselve change password for the account
+void HandleUserChangePassword(AsyncWebServerRequest *r) {
+  
+}

firmware/v3/web-server/utils.ino

@@ -0,0 +1,260 @@
+/*
+
+    Utilities
+
+*/
+
+//Pretty print for easy debug
+void prettyPrintRequest(AsyncWebServerRequest * request) {
+  if (request->method() == HTTP_GET)
+    Serial.printf("GET");
+  else if (request->method() == HTTP_POST)
+    Serial.printf("POST");
+  else if (request->method() == HTTP_DELETE)
+    Serial.printf("DELETE");
+  else if (request->method() == HTTP_PUT)
+    Serial.printf("PUT");
+  else if (request->method() == HTTP_PATCH)
+    Serial.printf("PATCH");
+  else if (request->method() == HTTP_HEAD)
+    Serial.printf("HEAD");
+  else if (request->method() == HTTP_OPTIONS)
+    Serial.printf("OPTIONS");
+  else
+    Serial.printf("UNKNOWN");
+  Serial.printf(" http://%s%s\n", request->host().c_str(), request->url().c_str());
+
+  if (request->contentLength()) {
+    Serial.printf("_CONTENT_TYPE: %s\n", request->contentType().c_str());
+    Serial.printf("_CONTENT_LENGTH: %u\n", request->contentLength());
+  }
+
+  int headers = request->headers();
+  int i;
+  for (i = 0; i < headers; i++) {
+    AsyncWebHeader* h = request->getHeader(i);
+    Serial.printf("_HEADER[%s]: %s\n", h->name().c_str(), h->value().c_str());
+  }
+
+  int params = request->params();
+  for (i = 0; i < params; i++) {
+    AsyncWebParameter* p = request->getParam(i);
+    if (p->isFile()) {
+      Serial.printf("_FILE[%s]: %s, size: %u\n", p->name().c_str(), p->value().c_str(), p->size());
+    } else if (p->isPost()) {
+      Serial.printf("_POST[%s]: %s\n", p->name().c_str(), p->value().c_str());
+    } else {
+      Serial.printf("_GET[%s]: %s\n", p->name().c_str(), p->value().c_str());
+    }
+  }
+}
+
+//Check if a path is dir
+bool IsDir(const String& path) {
+  File file = SD.open(path);
+  if (file && !file.isDirectory()) {
+    file.close();
+    return false;
+  }
+  file.close();
+  return true;
+}
+
+//Generate a random 32 bit hex
+String GeneratedRandomHex() {
+  String hexString = "";
+
+  for (int i = 0; i < 8; i++) {
+    byte randomValue = random(256);  // Generate a random byte (0 to 255)
+    hexString += String(randomValue, HEX);  // Convert the random byte to its hexadecimal representation
+  }
+
+  return hexString;
+}
+
+//Get the current unix timestamp
+unsigned long getTime() {
+  unsigned long now = timeClient.getEpochTime();
+  return now;
+}
+
+//Convert Unix timestamp to UTC string
+String getUTCTimeString(time_t unixTimestamp) {
+  char utcString[30];
+  const char* weekdayNames[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
+  const char* monthNames[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
+
+  tm* timeInfo = gmtime(&unixTimestamp);
+  sprintf(utcString, "%s, %02d %s %04d %02d:%02d:%02d GMT",
+          weekdayNames[timeInfo->tm_wday], timeInfo->tm_mday, monthNames[timeInfo->tm_mon],
+          timeInfo->tm_year + 1900, timeInfo->tm_hour, timeInfo->tm_min, timeInfo->tm_sec);
+
+  return String(utcString);
+}
+
+//Get a certain cookie value by its key
+String GetCookieValueByKey(AsyncWebServerRequest *request, const String& key) {
+  //Check if the Cookie header exists
+  if (!request->hasHeader("Cookie")) {
+    return "";
+  }
+
+  //Load the cookie value as string from header
+  String targetValue = "";
+  AsyncWebHeader* h = request->getHeader("Cookie");
+  String cookieHeader = String(h->value().c_str());
+
+  // Find the start and end positions of target cookie key
+  int startIndex = cookieHeader.indexOf(key + "=");
+  if (startIndex != -1) {
+    startIndex += 9;  // Length of "web-auth="
+
+    int endIndex = cookieHeader.indexOf(';', startIndex);
+    if (endIndex == -1) {
+      endIndex = cookieHeader.length();
+    }
+
+    // Extract the value of the "web-auth" cookie
+    targetValue = cookieHeader.substring(startIndex, endIndex);
+  }
+
+  return targetValue;
+}
+
+//Get the filename from filepath
+String basename(const String& filePath) {
+  int lastSlashIndex = filePath.lastIndexOf('/');
+
+  // If no slash is found, return the original path
+  if (lastSlashIndex == -1) {
+    return filePath;
+  }
+
+  // Return the substring after the last slash
+  return filePath.substring(lastSlashIndex + 1);
+}
+
+
+bool recursiveDirRemove(const String& path) {
+  Serial.println(path);
+  File directory = SD.open(path);
+  if (!directory) {
+    Serial.println("Error opening directory!");
+    return false;
+  }
+
+  // Delete all the files in the directory
+  directory.rewindDirectory();
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    String filename = String(entry.name());
+    if (entry.isDirectory()) {
+      // Recursively delete the subdirectory
+      recursiveDirRemove(path + filename);
+    } else {
+      // Delete the file
+      entry.close();
+      Serial.println("Removing " + path + filename);
+      SD.remove(path + filename);
+    }
+  }
+
+  // Close the directory
+  directory.close();
+
+  // Delete the directory itself
+  if (!SD.rmdir(path)) {
+    Serial.println("Error deleting directory!");
+    return false;
+  }
+
+  return true;
+}
+
+/*
+
+   uint32_t totalSize = 0;
+   uint16_t fileCount = 0;
+   uint16_t folderCount = 0;
+
+   // Call the recursive function to analyze the directory and its contents
+   analyzeDirectory(directoryPath, totalSize, fileCount, folderCount);
+*/
+void analyzeDirectory(const String& path, uint32_t& totalSize, uint16_t& fileCount, uint16_t& folderCount) {
+  File directory = SD.open(path);
+  if (!directory) {
+    Serial.println("Error opening directory!");
+    return;
+  }
+
+  // Analyze all files and subdirectories in the directory
+  directory.rewindDirectory();
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    if (entry.isDirectory()) {
+      // Recursively analyze the subdirectory
+      folderCount++;
+      analyzeDirectory(entry.name(), totalSize, fileCount, folderCount);
+    } else {
+      // Update the counters and add file size to total size
+      fileCount++;
+      totalSize += entry.size();
+    }
+
+    entry.close();
+  }
+
+  // Close the directory
+  directory.close();
+}
+
+void scanSDCardForKeyword(const String& directoryPath, const String& keyword, int *matchCounter, AsyncResponseStream *response) {
+  File directory = SD.open(directoryPath);
+  if (!directory) {
+    Serial.println("Error opening directory " + directoryPath);
+    return;
+  }
+
+  // Scan all files and subdirectories in the directory
+  directory.rewindDirectory();
+  while (true) {
+    File entry = directory.openNextFile();
+    if (!entry) {
+      // No more files
+      break;
+    }
+
+    if (entry.isDirectory()) {
+      // Recursively scan the subdirectory
+      scanSDCardForKeyword((directoryPath + entry.name() + "/"), keyword, matchCounter, response);
+    } else {
+      // Check if the filename contains the keyword
+      String filename = basename(entry.name());
+      if (filename.indexOf(keyword) != -1) {
+        if ((*matchCounter) > 0){
+          //Append a comma before appending next matching file
+          response->print(",");
+        }
+        
+        //When writing response, trim off the /www root folder name from directoryPath
+        response->print("\"" + directoryPath.substring(4) + entry.name() + "\"");
+        (*matchCounter)++;
+      }
+    }
+
+    entry.close();
+  }
+
+  // Close the directory
+  directory.close();
+}

firmware/v3/web-server/web-server.ino

@@ -0,0 +1,120 @@
+/*
+ * 
+ *  Web Server Stick v3
+ *  Author: Toby Chui
+ *  
+ *  This firmware load and serve web content
+ *  from microSD card. 
+ *  
+ *  The following firmware config are recommended
+ *  Board: Wemos D1 Mini
+ *  CPU clockspeed: 160Mhz
+ *  IwIP Varient: v2 Higher Bandwidth
+ *  
+ *  Require external library: 
+ *  - ESPAsyncTCP (https://github.com/me-no-dev/ESPAsyncTCP)
+ *  - ESPAsyncWebServer (https://github.com/me-no-dev/ESPAsyncWebServer)
+ *  - ArduinoJson (https://github.com/bblanchon/ArduinoJson)
+ *  - Wake On LAN (see lib folder and include it as library)
+ */
+
+//WiFi library
+#include <ESP8266WiFi.h>
+
+//SD cards library
+#include <SPI.h>
+#include <SD.h>
+#include <FS.h>
+
+//Web server library
+#include <ESPAsyncTCP.h>
+#include <ESPAsyncWebServer.h>
+#include <ArduinoJson.h>
+
+//Discovery related library
+#include <ESP8266mDNS.h>
+#include <NTPClient.h>
+#include <WiFiUdp.h>
+#include <WakeOnLan.h>
+
+/* Hardware Configurations */
+#define CS_PIN D0
+
+/* Software Global Variables */
+AsyncWebServer server(80);
+String adminUsername = "";
+String adminPassword = "";
+String mdnsName = "webstick";
+String authSession = ""; //Session key for admin
+String userSessions = ""; //Session keys for users
+
+/* Time Keeping */
+WiFiUDP ntpUDP;
+NTPClient timeClient(ntpUDP, "pool.ntp.org");
+
+/* Wake On Lan */
+WakeOnLan WOL(ntpUDP);
+
+/* Debug variables */
+
+/* Function definations */
+String loadWiFiInfoFromSD();
+
+
+void setup() {
+  // Setup Debug Serial Port
+  Serial.begin(9600);
+  
+  //Try Initialize SD card (blocking)
+  while (!SD.begin(CS_PIN, 32000000)){
+    Serial.println("SD card initialization failed. Retrying in 3 seconds...");
+    delay(3000);
+  }
+  Serial.println("SD card initialized");
+  Serial.println("\n\nStorage Info:");
+  Serial.println("----------------------");
+  getSDCardTotalSpace();
+  getSDCardUsedSpace();
+  Serial.println("----------------------");
+  Serial.println();
+
+  //Connect to wifi based on settings (cfg/wifi.txt)
+  initWiFiConn();
+
+  //Load admin credentials from SD card (cfg/admin.txt)
+  initAdminCredentials();
+  
+  //Start mDNS service
+  initmDNSName();
+  if (!MDNS.begin(mdnsName)){
+      Serial.println("mDNS Error. Skipping.");
+  }else{
+      Serial.println("mDNS started. Connect to your webstick using http://" + mdnsName + ".local");
+      MDNS.addService("http", "tcp", 80);
+  }
+
+  //Start NTP time client
+  timeClient.begin();
+  Serial.print("Requesting time from NTP (unix timestamp): ");
+  timeClient.update();
+  Serial.println(getTime());
+
+  //Wake on Lan Settings
+  WOL.setRepeat(3, 100);
+  WOL.calculateBroadcastAddress(WiFi.localIP(), WiFi.subnetMask());
+
+  //Initialize database
+  DBInit();
+
+  //Resume login session if any
+  initLoginSessionKey();
+  
+  // Start listening to HTTP Requests
+  initWebServer();
+}
+  
+
+void loop(){
+  MDNS.update();
+  timeClient.update();
+}