Enabling api token on backlight, fix serverurl/api loading

- implement api for laptop to device comms
- fix issue with serverurl and serverapitoken not loading
- rename apitoken to be serverapitoken
- create httpapitoken for laptop-to-device api calls

Author: smford

configuration_functions.ino

@@ -87,10 +87,10 @@ void loadConfiguration(const char *filename, Config &config) {
     config.httppassword = default_httppassword;
   }
 
-  config.apitoken = doc["apitoken"].as<String>();
-  if (config.apitoken == "null") {
+  config.httpapitoken = doc["httpapitoken"].as<String>();
+  if (config.httpapitoken == "null") {
     initiatesave = true;
-    config.apitoken = default_apitoken;
+    config.httpapitoken = default_httpapitoken;
   }
 
   config.syslogserver = doc["syslogserver"].as<String>();
@@ -191,6 +191,12 @@ void loadConfiguration(const char *filename, Config &config) {
     config.serverurl = default_serverurl;
   }
 
+  config.serverapitoken = doc["serverapitoken"].as<String>();
+  if (config.serverapitoken == "null") {
+    initiatesave = true;
+    config.serverapitoken = default_serverapitoken;
+  }
+
   config.checkuserpage = doc["checkuserpage"].as<String>();
   if (config.checkuserpage == "null") {
     initiatesave = true;
@@ -266,7 +272,7 @@ void saveConfiguration(const char *filename, const Config &config) {
   doc["ledpin"] = config.ledpin;
   doc["httpuser"] = config.httpuser;
   doc["httppassword"] = config.httppassword;
-  doc["apitoken"] = config.apitoken;
+  doc["httpapitoken"] = config.httpapitoken;
   doc["syslogserver"] = config.syslogserver;
   doc["syslogport"] = config.syslogport;
   doc["inmaintenance"] = config.inmaintenance;
@@ -284,6 +290,7 @@ void saveConfiguration(const char *filename, const Config &config) {
   doc["webserverporthttps"] = config.webserverporthttps;
   doc["webapiwaittime"] = config.webapiwaittime;
   doc["serverurl"] = config.serverurl;
+  doc["serverapitoken"] = config.serverapitoken;
   doc["checkuserpage"] = config.checkuserpage;
   doc["getuserpage"] = config.getuserpage;
   doc["moduserpage"] = config.moduserpage;
@@ -328,14 +335,11 @@ void printConfig() {
   Serial.print("           appname: "); Serial.println(config.appname);
   Serial.print("              ssid: "); Serial.println(config.ssid);
   Serial.print("      wifipassword: "); Serial.println("**********");
-  //Serial.print("      wifipassword: "); Serial.println(config.wifipassword);
   Serial.print("          relaypin: "); Serial.println(config.relaypin);
   Serial.print("            ledpin: "); Serial.println(config.ledpin);
   Serial.print("          httpuser: "); Serial.println(config.httpuser);
   Serial.print("      httppassword: "); Serial.println("**********");
-  //Serial.print("      httppassword: "); Serial.println(config.httppassword);
-  Serial.print("          apitoken: "); Serial.println("**********");
-  //Serial.print("          apitoken: "); Serial.println(config.apitoken);
+  Serial.print("      httpapitoken: "); Serial.println("**********");
   Serial.print("      syslogserver: "); Serial.println(config.syslogserver);
   Serial.print("        syslogport: "); Serial.println(config.syslogport);
   Serial.print("     inmaintenance: "); Serial.println(config.inmaintenance);
@@ -353,6 +357,7 @@ void printConfig() {
   Serial.print("webserverporthttps: "); Serial.println(config.webserverporthttps);
   Serial.print("    webapiwaittime: "); Serial.println(config.webapiwaittime);
   Serial.print("         serverurl: "); Serial.println(config.serverurl);
+  Serial.print("    serverapitoken: "); Serial.println("**********");
   Serial.print("     checkuserpage: "); Serial.println(config.checkuserpage);
   Serial.print("       getuserpage: "); Serial.println(config.getuserpage);
   Serial.print("       moduserpage: "); Serial.println(config.moduserpage);

defaults.h

@@ -7,7 +7,7 @@ const int default_relaypin = 26;
 const int default_ledpin = 2;
 const String default_httpuser = "admin";
 const String default_httppassword = "admin";
-const String default_apitoken = "abcde";
+const String default_httpapitoken = "xyz";
 const String default_syslogserver = "192.168.10.21";
 const int default_syslogport = 514;
 const int default_inmaintenance = 0;
@@ -25,6 +25,7 @@ const int default_webserverporthttp = 80;
 const int default_webserverporthttps = 443;
 const int default_webapiwaittime = 2;
 const String default_serverurl = "http://192.168.10.21:8180";
+const String default_serverapitoken = "abcde";
 const String default_checkuserpage = "/check.php";
 const String default_getuserpage = "/getuser.php";
 const String default_moduserpage = "/moduser.php";

eeh-esp32-rfid.ino

@@ -24,7 +24,7 @@
 // asyncelegantota library https://github.com/ayushsharma82/AsyncElegantOTA
 // file upload progress based upon https://codepen.io/PerfectIsShit/pen/zogMXP
 
-#define FIRMWARE_VERSION "v1.5.9a-ota"
+#define FIRMWARE_VERSION "v1.6-ota"
 
 // configuration structure
 struct Config {
@@ -37,7 +37,7 @@ struct Config {
   int ledpin;              // led pin number
   String httpuser;         // username to access web admin
   String httppassword;     // password to access web admin
-  String apitoken;         // api token used to authenticate against the user management system
+  String httpapitoken;     // api token used to authenticate against the device
   String syslogserver;     // hostname or ip of the syslog server
   int syslogport;          // sylog port number
   bool inmaintenance;      // records whether the device is in maintenance mode between reboots
@@ -55,6 +55,7 @@ struct Config {
   int webserverporthttps;  // https port number for the web admin
   int webapiwaittime;      // forced delay in seconds between web api calls
   String serverurl;        // url of authentication server, e.g. "http://something.com/" or "https://192.168.20.60"
+  String serverapitoken;   // api token used to authenticate against the user management system
   String checkuserpage;    // check user webpage hosted on authentication server, e.g. "checkuser.php"
   String getuserpage;      // get user webpage hosted on authentication server, e.g. "getuser.php"
   String moduserpage;      // mod user webpage hosted on authentication server, e.g. "moduser.php"
@@ -211,6 +212,10 @@ void setup() {
   Serial.print("        NTP Server: "); Serial.println(config.ntpserver);
   Serial.print("     NTP Time Sync: "); Serial.println(config.ntpsynctime);
   Serial.print("     NTP Time Zone: "); Serial.println(config.ntptimezone);
+  Serial.print("        Server URL: "); Serial.println(config.serverurl);
+  Serial.print("   Check User Page: "); Serial.println(config.checkuserpage);
+  Serial.print("     Get User Page: "); Serial.println(config.getuserpage);
+  Serial.print("     Mod User Page: "); Serial.println(config.moduserpage);
   if (config.influxdbenable) {
     Serial.println("  InfluxDB Enabled: true");
     Serial.print("   InfluxDB Server: "); Serial.println(config.influxdbserver);
@@ -310,7 +315,7 @@ void dowebcall(const char *foundrfid) {
   if (WiFi.status() == WL_CONNECTED) {
     StaticJsonDocument<300> doc;
 
-    String tempstring = config.serverurl + config.checkuserpage + "?device=" + config.device + "&rfid=" + String(currentRFIDcard) + "&api=" + config.apitoken;
+    String tempstring = config.serverurl + config.checkuserpage + "?device=" + config.device + "&rfid=" + String(currentRFIDcard) + "&api=" + config.serverapitoken;
     char checkURL[tempstring.length() + 1];
     tempstring.toCharArray(checkURL, tempstring.length() + 1);
 

webpages.h

@@ -30,6 +30,8 @@ const char index_html[] PROGMEM = R"rawliteral(
   <button onclick="displayConfig()">Display Running Config</button>
   <button onclick="showUploadButton()">Upload File - Simple</button>
   <button onclick="showUploadButtonFancy()">Upload File - Fancy</button>
+  <button onclick="changeBacklightButton('on')">LCD Backlight On</button>
+  <button onclick="changeBacklightButton('off')">LCD Backlight Off</button>
   <button onclick="listFilesButton()">List Files</button>
   <button onclick="refreshNTP()">Refresh NTP</button>
   <button onclick="logoutCurrentUserButton()">Logout Current User</button>
@@ -118,6 +120,15 @@ function revokeAccessButton() {
     document.getElementById("userdetails").innerHTML = xhr.responseText;
   },5000);
 }
+function changeBacklightButton(state) {
+  document.getElementById("statusdetails").innerHTML = "Turning LCD Backlight " . state;
+  var xhr = new XMLHttpRequest();
+  xhr.open("GET", "/backlight" + state, true);
+  xhr.send();
+  setTimeout(function(){
+    document.getElementById("statusdetails").innerHTML = "LCD Backlight " + state;
+  },2000);
+}
 function rebootButton() {
   document.getElementById("statusdetails").innerHTML = "Invoking Reboot ...";
   var xhr = new XMLHttpRequest();

webserver_functions.ino

@@ -9,6 +9,23 @@ String outputState(int PINCHECK) {
   return "";
 }
 
+// used by server.on functions to discern whether a user has the correct httpapitoken OR is authenticated by username and password
+bool checkUserWebAuth(AsyncWebServerRequest * request) {
+  bool isAuthenticated = false;
+
+  if (request->hasParam("api") && (strcmp(request->getParam("api")->value().c_str(), config.httpapitoken.c_str()) == 0)) {
+    Serial.println("has api and token matches");
+    isAuthenticated = true;
+  }
+
+  if (request->authenticate(config.httpuser.c_str(), config.httppassword.c_str())) {
+    Serial.println("is authenticated via username and password");
+    isAuthenticated = true;
+  }
+  return isAuthenticated;
+}
+
+
 // handles uploads to the filserver
 void handleUpload(AsyncWebServerRequest *request, String filename, size_t index, uint8_t *data, size_t len, bool final) {
   // make sure authenticated before allowing upload
@@ -277,19 +294,32 @@ void configureWebServer() {
   });
 
   server->on("/backlighton", HTTP_GET, [](AsyncWebServerRequest * request) {
-    if (!request->authenticate(config.httpuser.c_str(), config.httppassword.c_str())) {
+    String logmessage = "Client:" + request->client()->remoteIP().toString() + " " + request->url();
+    Serial.println(logmessage);
+    syslog.log(logmessage);
+
+    if (checkUserWebAuth(request)) {
+      Serial.println("LCD Backlight On");
+      lcd->backlight();
+      request->send(200, "text/html", "LCD Backlight On");
+    } else {
       return request->requestAuthentication();
     }
-    lcd->backlight();
-    request->send(200, "text/html", "backlight on");
   });
 
+
   server->on("/backlightoff", HTTP_GET, [](AsyncWebServerRequest * request) {
-    if (!request->authenticate(config.httpuser.c_str(), config.httppassword.c_str())) {
+    String logmessage = "Client:" + request->client()->remoteIP().toString() + " " + request->url();
+    Serial.println(logmessage);
+    syslog.log(logmessage);
+
+    if (checkUserWebAuth(request)) {
+      Serial.println("LCD Backlight Off");
+      lcd->noBacklight();
+      request->send(200, "text/html", "LCD Backlight Off");
+    } else {
       return request->requestAuthentication();
     }
-    lcd->noBacklight();
-    request->send(200, "text/html", "backlight off");
   });
 
   server->on("/logged-out", HTTP_GET, [](AsyncWebServerRequest * request) {
@@ -317,7 +347,7 @@ void configureWebServer() {
     String logmessage = "Client:" + request->client()->remoteIP().toString() + " RFID:" + String(currentRFIDcard) + " " + request->url();
     Serial.println(logmessage);
     syslog.log(logmessage);
-    String tempstring = config.serverurl + config.getuserpage + "?device=" + config.device + "&rfid=" + String(currentRFIDcard) + "&api=" + config.apitoken;
+    String tempstring = config.serverurl + config.getuserpage + "?device=" + config.device + "&rfid=" + String(currentRFIDcard) + "&api=" + config.serverapitoken;
     char getUserURL[tempstring.length() + 1];
     tempstring.toCharArray(getUserURL, tempstring.length() + 1);
     Serial.print("GetUserURL: "); Serial.println(getUserURL);
@@ -337,11 +367,11 @@ void configureWebServer() {
     Serial.print("GrantURL: "); Serial.println(grantURL);
     if (strcmp(access, "grant") == 0) {
       // granting access
-      grantURL = config.serverurl + config.moduserpage + "?device=" + config.device + "&modrfid=" + String(currentRFIDcard) + "&api=" + config.apitoken + "&access=true";
+      grantURL = config.serverurl + config.moduserpage + "?device=" + config.device + "&modrfid=" + String(currentRFIDcard) + "&api=" + config.serverapitoken + "&access=true";
       logmessage = "Web Admin: Granting access for " + String(currentRFIDcard);
     } else {
       // default fall back to revoking access
-      grantURL = config.serverurl + config.moduserpage + "?device=" + config.device + "&modrfid=" + String(currentRFIDcard) + "&api=" + config.apitoken + "&access=false";
+      grantURL = config.serverurl + config.moduserpage + "?device=" + config.device + "&modrfid=" + String(currentRFIDcard) + "&api=" + config.serverapitoken + "&access=false";
       logmessage = "Web Admin: Revoking access for " + String(currentRFIDcard);
     }
     Serial.println(logmessage);