Add WebUI authentication

2024-11-19 00:21:06 +01:00 · 2024-09-03 01:36:44 +02:00 · 2024-09-03 01:36:44 +02:00 · a4ff5a2f75
commit a4ff5a2f75
parent 00ac808731
3 changed files with 47 additions and 9 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 2c7f7f667ccb10271db072a4b4e6bf8fd4912f2b
+Subproject commit 34b09a2d1134d48d7733a3d11a9e6f3f15d080a9
--- a/src/lib/defaults.hpp
+++ b/src/lib/defaults.hpp
@ -54,4 +54,8 @@
 #define DEFAULT_BITAXE_HOSTNAME "bitaxe1"

 #define DEFAULT_ZAP_NOTIFY_ENABLED false
-#define DEFAULT_ZAP_NOTIFY_PUBKEY "b5127a08cf33616274800a4387881a9f98e04b9c37116e92de5250498635c422"
+#define DEFAULT_ZAP_NOTIFY_PUBKEY "b5127a08cf33616274800a4387881a9f98e04b9c37116e92de5250498635c422"
+
+#define DEFAULT_HTTP_AUTH_ENABLED false
+#define DEFAULT_HTTP_AUTH_USERNAME "btclock"
+#define DEFAULT_HTTP_AUTH_PASSWORD "satoshi"
--- a/src/lib/webserver.cpp
+++ b/src/lib/webserver.cpp
@ -10,14 +10,23 @@ void setupWebserver()
                   { client->send("welcome", NULL, millis(), 1000); });
  server.addHandler(&events);

+  //  server.ad.
  // server.serveStatic("/css", LittleFS, "/css/");
-  server.serveStatic("/fonts", LittleFS, "/fonts/");
-  server.serveStatic("/build", LittleFS, "/build");
-  server.serveStatic("/swagger.json", LittleFS, "/swagger.json");
-  server.serveStatic("/api.html", LittleFS, "/api.html");
-  server.serveStatic("/fs_hash.txt", LittleFS, "/fs_hash.txt");
+  // server.serveStatic("/fonts", LittleFS, "/fonts/");
+  // server.serveStatic("/build", LittleFS, "/build");
+  // server.serveStatic("/swagger.json", LittleFS, "/swagger.json");
+  // server.serveStatic("/api.html", LittleFS, "/api.html");
+  // server.serveStatic("/fs_hash.txt", LittleFS, "/fs_hash.txt");

-  server.on("/", HTTP_GET, onIndex);
+  AsyncStaticWebHandler &staticHandler = server.serveStatic("/", LittleFS, "/").setDefaultFile("index.html");
+
+  if (preferences.getBool("httpAuthEnabled", DEFAULT_HTTP_AUTH_ENABLED))
+  {
+    staticHandler.setAuthentication(
+        preferences.getString("httpAuthUser", DEFAULT_HTTP_AUTH_USERNAME),
+        preferences.getString("httpAuthPass", DEFAULT_HTTP_AUTH_PASSWORD));
+  }
+  //  server.on("/", HTTP_GET, onIndex);

  server.on("/api/status", HTTP_GET, onApiStatus);
  server.on("/api/system_status", HTTP_GET, onApiSystemStatus);
@ -437,6 +446,15 @@ void onApiShowTextAdvanced(AsyncWebServerRequest *request, JsonVariant &json)

 void onApiSettingsPatch(AsyncWebServerRequest *request, JsonVariant &json)
 {
+  if (
+      preferences.getBool("httpAuthEnabled", DEFAULT_HTTP_AUTH_ENABLED) &&
+      !request->authenticate(
+          preferences.getString("httpAuthUser", DEFAULT_HTTP_AUTH_USERNAME).c_str(),
+          preferences.getString("httpAuthPass", DEFAULT_HTTP_AUTH_PASSWORD).c_str()))
+  {
+    return request->requestAuthentication();
+  }
+
  JsonObject settings = json.as<JsonObject>();

  bool settingsChanged = true;
@ -502,7 +520,10 @@ void onApiSettingsPatch(AsyncWebServerRequest *request, JsonVariant &json)
  String boolSettings[] = {"fetchEurPrice", "ledTestOnPower", "ledFlashOnUpd",
                           "mdnsEnabled", "otaEnabled", "stealFocus",
                           "mcapBigChar", "useSatsSymbol", "useBlkCountdown",
-                           "suffixPrice", "disableLeds", "ownDataSource", "flAlwaysOn", "flDisable", "flFlashOnUpd", "mempoolSecure", "useNostr", "bitaxeEnabled", "nostrZapNotify", "stagingSource"};
+                           "suffixPrice", "disableLeds", "ownDataSource",
+                           "flAlwaysOn", "flDisable", "flFlashOnUpd",
+                           "mempoolSecure", "useNostr", "bitaxeEnabled",
+                           "nostrZapNotify", "stagingSource", "httpAuthEnabled"};

  for (String setting : boolSettings)
  {
@ -587,6 +608,15 @@ void onApiIdentify(AsyncWebServerRequest *request)
 */
 void onApiSettingsGet(AsyncWebServerRequest *request)
 {
+  if (
+      preferences.getBool("httpAuthEnabled", DEFAULT_HTTP_AUTH_ENABLED) &&
+      !request->authenticate(
+          preferences.getString("httpAuthUser", DEFAULT_HTTP_AUTH_USERNAME).c_str(),
+          preferences.getString("httpAuthPass", DEFAULT_HTTP_AUTH_PASSWORD).c_str()))
+  {
+    return request->requestAuthentication();
+  }
+
  JsonDocument root;
  root["numScreens"] = NUM_SCREENS;
  root["fgColor"] = getFgColor();
@ -633,6 +663,10 @@ void onApiSettingsGet(AsyncWebServerRequest *request)
  root["bitaxeEnabled"] = preferences.getBool("bitaxeEnabled", DEFAULT_BITAXE_ENABLED);
  root["bitaxeHostname"] = preferences.getString("bitaxeHostname", DEFAULT_BITAXE_HOSTNAME);

+  root["httpAuthEnabled"] = preferences.getBool("httpAuthEnabled", DEFAULT_HTTP_AUTH_ENABLED);
+  root["httpAuthUser"] = preferences.getString("httpAuthUser", DEFAULT_HTTP_AUTH_USERNAME);
+  root["httpAuthPass"] = preferences.getString("httpAuthPass", DEFAULT_HTTP_AUTH_PASSWORD);
+
 #ifdef HAS_FRONTLIGHT
  root["hasFrontlight"] = true;
  root["flDisable"] = preferences.getBool("flDisable", DEFAULT_DISABLE_FL);