Revert disable OTA logic & optional Arduino OTA

[blazoncek]

• new compile flag WLED_ENABLE_AOTA
• modify WLED_CONNECTED macro
• bugfix in Network isConnected() when static IP is set

With #4700 WLED_DISABLE_OTA did not entirely disable OTA, just Arduino OTA. This PR reverses that and introduces new compile flag WLED_ENABLE_AOTA (undefined by default) which (if set) enables Arduino OTA. Otherwise only HTTP OTA is available.

WLED_CONNECTED macro is modified to call Network.isConnected() instead of duplicating its code.

Network.isConnected() is updated to account if static IP is set for wired connection.

Summary by CodeRabbit

• New Features
  • Added the ability to enable or disable OTA (Over-The-Air) updates at compile time, affecting both UI elements and server endpoints.
• Bug Fixes
  • Improved network connectivity checks to more accurately reflect WiFi and Ethernet status.
  • Prevented potential errors in UI toggling by adding safety checks for element existence.
• Style
  • Unified the use of feature flags and connectivity checks for OTA updates across the app.
  • Encapsulated the Software Update section in the settings UI for better structure and conditional visibility.
• UI Improvements
  • Updated the update button visibility in the info modal based on device capabilities.
  • Refined OTA-related UI elements to show or hide depending on OTA enablement status.

[coderabbitai]

Walkthrough

The changes standardize and invert the logic for enabling Over-The-Air (OTA) updates by introducing the WLED_ENABLE_AOTA macro, replacing the previous WLED_DISABLE_OTA mechanism. Network connectivity checks are unified through a new Network.isConnected() method, replacing platform-specific macros. OTA-related code, UI elements, and HTTP endpoints are now conditionally compiled or displayed based on the new macro.

Changes

Files/Paths	Change Summary
wled00/src/dependencies/network/Network.cpp	Simplified isConnected() to check unified network status; tightened isEthernet() to require both IP and physical link up.
wled00/wled.cpp	Replaced all OTA and network connection checks to use WLED_ENABLE_AOTA and Network.isConnected(); removed use of WLED_DISABLE_OTA and WLED_CONNECTED.
wled00/wled.h	Introduced WLED_ENABLE_AOTA macro, removed WLED_DISABLE_OTA logic, unified OTA enablement and connection checks; redefined WLED_CONNECTED to use Network.isConnected().
wled00/wled_server.cpp	Made OTA HTTP handlers, UI, and headers conditional on WLED_DISABLE_OTA; returns 501 for OTA endpoints if OTA is disabled; OTA settings page hidden when OTA is disabled.
wled00/xml.cpp	Changed OTA UI element visibility logic: OTA update section hidden if WLED_DISABLE_OTA defined; ArduinoOTA checkbox shown only if WLED_ENABLE_AOTA defined.
wled00/data/common.js	Added null check before toggling "hide" class in toggle function to prevent errors if target element does not exist.
wled00/data/settings_sec.htm	Wrapped "Software Update" section and related warning text inside a new <span> with ID "OTA" for UI grouping.
wled00/data/index.htm	Added id="updBt" attribute to the "Update WLED" button in the info modal.
wled00/data/index.js	Added logic to show/hide the update button (updBt) based on device option flags in parseInfo() function.

Possibly related PRs

• Only disable Arduino OTA when using -D WLED_DISABLE_OTA #4652: Refactors OTA enablement macros and connection checks, conditionally disables Arduino OTA when WLED_DISABLE_OTA is defined; related in OTA conditional compilation and runtime flags but does not overlap directly with this PR's changes.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 796494e and 6a5dcb3.

📒 Files selected for processing (3)

• wled00/data/index.htm (1 hunks)
• wled00/data/index.js (1 hunks)
• wled00/wled.h (3 hunks)

✅ Files skipped from review due to trivial changes (2)

• wled00/data/index.htm
• wled00/data/index.js

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: blazoncek
PR: wled/WLED#4700
File: wled00/wled_server.cpp:409-414
Timestamp: 2025-05-26T16:09:34.325Z
Learning: In wled00/wled_server.cpp, the OTA update access control logic intentionally allows OTA updates from different subnets when otaSameSubnet is true AND a PIN is set. This was a conscious design decision by blazoncek to provide flexibility for remote OTA updates with PIN protection, though they acknowledged it may not be the optimal security model.

Learnt from: blazoncek
PR: wled/WLED#4482
File: wled00/udp.cpp:147-149
Timestamp: 2025-02-19T12:43:34.199Z
Learning: ESP8266 and ESP32 platforms have different maximum segment name lengths in WLED, which can cause truncation when syncing segment names between devices. This platform difference affects the user experience when using the segment name sync feature.

Learnt from: blazoncek
PR: wled/WLED#4658
File: wled00/const.h:140-141
Timestamp: 2025-04-26T19:19:07.600Z
Learning: In WLED, the WLED_MAX_PANELS macro is intentionally defined as a fixed constant value (18) with no redefinition mechanism, making it "unoverridable" - there's no need for a static assertion to check its maximum value.

wled00/wled.h (9)

Learnt from: blazoncek
PR: wled/WLED#4700
File: wled00/wled_server.cpp:409-414
Timestamp: 2025-05-26T16:09:34.325Z
Learning: In wled00/wled_server.cpp, the OTA update access control logic intentionally allows OTA updates from different subnets when otaSameSubnet is true AND a PIN is set. This was a conscious design decision by blazoncek to provide flexibility for remote OTA updates with PIN protection, though they acknowledged it may not be the optimal security model.

Learnt from: blazoncek
PR: wled/WLED#4658
File: wled00/const.h:140-141
Timestamp: 2025-04-26T19:19:07.600Z
Learning: In WLED, the WLED_MAX_PANELS macro is intentionally defined as a fixed constant value (18) with no redefinition mechanism, making it "unoverridable" - there's no need for a static assertion to check its maximum value.

Learnt from: blazoncek
PR: wled/WLED#4482
File: wled00/udp.cpp:147-149
Timestamp: 2025-02-19T12:43:34.199Z
Learning: ESP8266 and ESP32 platforms have different maximum segment name lengths in WLED, which can cause truncation when syncing segment names between devices. This platform difference affects the user experience when using the segment name sync feature.

Learnt from: blazoncek
PR: wled/WLED#4482
File: wled00/udp.cpp:147-149
Timestamp: 2025-02-19T12:43:34.200Z
Learning: In WLED, maximum segment name length varies by platform:
- ESP8266: 32 characters (WLED_MAX_SEGNAME_LEN = 32)
- ESP32: 64 characters (WLED_MAX_SEGNAME_LEN = 64)
This platform difference can cause truncation when syncing longer names from ESP32 to ESP8266. Additionally, the WLED UI has limitations regarding modified maximum segment name lengths.

Learnt from: blazoncek
PR: wled/WLED#4667
File: usermods/user_fx/user_fx.cpp:27-30
Timestamp: 2025-04-30T05:41:03.633Z
Learning: In WLED, the Segment::allocateData() method already includes optimization to check if data is allocated and sufficiently sized, handling buffer reuse to reduce memory fragmentation. Adding an external check like `if (SEGENV.data == nullptr && !SEGENV.allocateData(dataSize))` is unnecessary and could be problematic, as it bypasses proper size verification.

Learnt from: KrX3D
PR: wled/WLED#4664
File: wled00/syslog.cpp:50-51
Timestamp: 2025-04-26T12:51:04.993Z
Learning: In the WLED codebase, syslog configuration variables (syslogHost, syslogPort, syslogProtocol, syslogFacility, syslogSeverity) are defined as global variables in wled.h and are accessed directly in the SyslogPrinter implementation, rather than being class members.

Learnt from: KrX3D
PR: wled/WLED#4585
File: usermods/seven_segment_display_reloaded_v2/seven_segment_display_reloaded_v2.cpp:430-435
Timestamp: 2025-04-28T20:51:29.773Z
Learning: In WLED, `bri` is a global variable used for brightness control.

Learnt from: netmindz
PR: wled/WLED#4728
File: wled00/FX.h:378-378
Timestamp: 2025-06-15T09:59:52.720Z
Learning: In WLED's FX.h, MODE_COUNT represents the highest FX_MODE_ ID + 1, not the total count of FX_MODE_ definitions. This is because some effects may have been removed but their IDs are not reused, creating gaps in the numbering sequence. MODE_COUNT is used for array bounds and range checking.

Learnt from: netmindz
PR: wled/WLED#4728
File: wled00/FX.h:378-378
Timestamp: 2025-06-15T09:59:52.720Z
Learning: In WLED's FX.h, MODE_COUNT represents the highest FX_MODE_ ID + 1, not the total count of FX_MODE_ definitions. This is because some effects may have been removed but their IDs are not reused, creating gaps in the numbering sequence. MODE_COUNT is used for array bounds and range checking.

🧬 Code Graph Analysis (1)

wled00/wled.h (1)

usermods/wizlights/wizlights.cpp (1)

• WLED_CONNECTED (83-103)

⏰ Context from checks skipped due to timeout of 90000ms (20)

• GitHub Check: wled_build / Build Environments (nodemcuv2_compat)
• GitHub Check: wled_build / Build Environments (esp32_wrover)
• GitHub Check: wled_build / Build Environments (esp32dev_V4)
• GitHub Check: wled_build / Build Environments (usermods)
• GitHub Check: wled_build / Build Environments (esp32c3dev)
• GitHub Check: wled_build / Build Environments (esp32s3_4M_qspi)
• GitHub Check: wled_build / Build Environments (esp32s3dev_16MB_opi)
• GitHub Check: wled_build / Build Environments (esp32s3dev_8MB_opi)
• GitHub Check: wled_build / Build Environments (esp32_eth)
• GitHub Check: wled_build / Build Environments (esp32dev)
• GitHub Check: wled_build / Build Environments (esp01_1m_full_compat)
• GitHub Check: wled_build / Build Environments (lolin_s2_mini)
• GitHub Check: wled_build / Build Environments (nodemcuv2_compat)
• GitHub Check: wled_build / Build Environments (esp8266_2m_compat)
• GitHub Check: wled_build / Build Environments (esp8266_2m)
• GitHub Check: wled_build / Build Environments (nodemcuv2_160)
• GitHub Check: wled_build / Build Environments (esp01_1m_full_160)
• GitHub Check: wled_build / Build Environments (esp01_1m_full)
• GitHub Check: wled_build / Build Environments (esp8266_2m_160)
• GitHub Check: wled_build / Build Environments (nodemcuv2)

🔇 Additional comments (3)

wled00/wled.h (3)

24-29: LGTM: Clean handling of conflicting OTA flags.

The logic correctly prioritizes WLED_ENABLE_AOTA over WLED_DISABLE_OTA with appropriate developer warning. This prevents configuration conflicts and aligns with the PR's goal of standardizing OTA control.

---

593-597: LGTM: Arduino OTA now properly controlled by compile flag.

The conditional initialization correctly enables Arduino OTA only when WLED_ENABLE_AOTA is defined, implementing the new opt-in behavior described in the PR objectives.

---

1029-1029: Verify Network.isConnected() implementation matches previous behavior.

The macro now uses Network.isConnected() instead of platform-specific WiFi/Ethernet status checks. This unification is good, but ensure the new method properly handles all connectivity scenarios that the previous platform-specific checks covered.

#!/bin/bash
# Verify Network.isConnected() implementation covers all connectivity scenarios
echo "Checking Network.isConnected() implementation..."

# Find the Network.isConnected() method implementation
ast-grep --pattern $'bool isConnected() {
  $$$
}'

echo -e "\nChecking for WiFi.status() usage patterns in the codebase..."
rg -A 3 "WiFi\.status\(\)" --type cpp

echo -e "\nChecking for ETH.linkUp() usage patterns..."
rg -A 3 "ETH\.linkUp\(\)" --type cpp

This change impacts usermods like the wizlights usermod shown in the relevant code snippets. Ensure the new implementation provides equivalent connectivity detection across all supported platforms.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[blazoncek]

@KrX3D can you verify/check this PR?

[KrX3D]

i tested it with both

#define WLED_ENABLE_AOTA
#define WLED_DISABLE_OTA

in all combinations and it always worked, it compiled and could be uplaoded via usb

---

but it took me some time to figure out that i need to uncheck "Only allow update from same network/WiFi"

and only looking atthe log i could find out that i need to uncheck it:

Jun 26 00:34:46 EleksTube WLED: Loop delayed more than 4ms.
Jun 26 00:34:46 EleksTube WLED: Attempted OTA update from different/non-local subnet!
Jun 26 00:34:46 EleksTube WLED: Attempted OTA update from different/non-local subnet!
Jun 26 00:34:46 EleksTube WLED: Attempted OTA update from different/non-local subnet!
Jun 26 00:34:46 EleksTube WLED: Attempted OTA update from different/non-local subnet!
Jun 26 00:34:46 EleksTube WLED: Attempted OTA update from different/non-local subnet!

since i could select the BIn file and hit update, and for 2 devices (both an s2 mini) i got 2 results.

1. it shows updating and after like 15 sec i get:
   

and need to manually reset the device. i dont know if it really was flashed

2. on the other device i got imidately after hitting the update button a "Access denied" when the page reloads

for both it is not clear that the checkbox creates the problem.

for 2. i think it is

static const char s_accessdenied[] PROGMEM = "Access Denied";
in the wled_server.cpp? it would be nice if the message is extened to "normal" users would know why this happened. maybe to the same text which is in the log?

for 1. not sure why it behaves differently, both are an s2 mini and are flashed with exactly the same bin file and are located in the same VLAN

[blazoncek]

Thank you @KrX3D
Unfortuantely, due to security concerns, it is no longer possible to update WLED from a different subnet (VLAN) by default. Hence the checkmark in the settings page. This was introduced in #4700 and it will be mentioned in release notes once 0.16 hits the streets.

Since I am unable to perform any testing ATM due to not having access to an ESP device I have to rely on willing users to do the testing.

This PR only introduces ability to completely disable OTA updates (Access denied) or additionally enable Arduino OTA (Arduino protocol UDP 3232 IIRC).
Arduino OTA was always included in anything 0.15 or below if OTA was allowed.

Arduino OTA requires about 10k of flash and is seldom used (mostly with developers) while HTTP OTA requires 4k (14k if both are included).

Your issues might be related to browser cache.

[KrX3D]

i tested those new changes and they seems also ok.

a couple more things.

if i have checked Only allow update from same network/WiFi: and try tro flash it from a different vlan it takes like i said around 10-15 sec. during that time i get around 700 lines of:

Jun 26 18:55:54 EleksTube WLED: Attempted OTA update from different/non-local subnet!
Jun 26 18:55:54 EleksTube WLED: Attempted OTA update from different/non-local subnet!
Jun 26 18:55:54 EleksTube WLED: Attempted OTA update from different/non-local subnet!

and than the esp just hangs up and i get the page shown on the picture in my last post.

---

and i found out why i get on those 2 devices different results.

the one where i get the picture in my last post i connected via IP 192.168.XXX.XXX and HTTP which also give the 700 lines
and the other where i get "Access Denied" i connect via HTTPS and my reverse proxy like elekstube.lan

and by getting the access denied the log only gets 3 lines and not 700, and the esp also doesnt hang up

Jun 26 19:01:56 EleksTube WLED: Loop delayed more than 4ms.
Jun 26 19:01:58 EleksTube WLED: Attempted OTA update from different/non-local subnet!
Jun 26 19:01:58 EleksTube WLED: Attempted OTA update from different/non-local subnet!
Jun 26 19:01:58 EleksTube WLED: Attempted OTA update from different/non-local subnet!
Jun 26 19:01:58 EleksTube WLED: Loop delayed more than 4ms.
Jun 26 19:02:00 EleksTube WLED: Local time: 19:02

so its not an:

Your issues might be related to browser cache.

and also it would be good to have on both ways the Access denied message

Thank you @KrX3D Unfortuantely, due to security concerns, it is no longer possible to update WLED from a different subnet (VLAN) by default. Hence the checkmark in the settings page. This was introduced in #4700 and it will be mentioned in release notes once 0.16 hits the streets.

its ok that the checkbox hindes to upload from another vlan, what i wanted to suggest was that the "Access denied" which just looks like this:

should also mention WHY it is denied, and so it would be good to have that same message as in the log like:

Access denied
Attempted OTA update from different/non-local subnet!

so that also new users would understand why it doesnt work

[blazoncek]

The primary goal of this PR (and original #4700) is related to preventing OTA from untrusted sources. This PR removes Arduino OTA from standard builds, freeing up couple of kB or flash and RAM. It also fixes a few underlying bugs. It does not change original behaviour of #4700 which is at the source for comments from @KrX3D .

So IMO notifying user about inability to update OTA from another VLAN is of secondary importance (and can be described in KB if necessary).

Are there any other objections to this PR or should it be merged to wrap what was started in #4700?

[DedeHai]

no objections from me

[netmindz]

Given we have moved from Arduino to PlatformIO, we should be removing Arduino OTA entirely. We say the only way to build is to use platformio so, no point maintaining an update method used by Arduino

[blazoncek]

With this PR enabling Arduino OTA (protocol) is optional and not enabled by default.
I sill use it on my development builds to enable me OTA update from within PlatformIO environment (actually espota.py uses this protocol).

[netmindz]

I thought the esp OTA was different to the Arduino OTA, if was wrong about that, then yes we keep support

Can you give an example of your platformio config where you have this working?

[blazoncek]

UI OTA works using HTTP while ArduinoOTA has its own protocol (and port in use).

You can update via wget with first method while using espota.py tool for second.
I will provide an example when I'm back at my computer.

EDIT: Here you go:

upload_protocol = espota
;upload_port="192.168.xx.xx"
;or
upload_port="wled-test8266.local"