diff --git a/config_comred.cmake b/config_comred.cmake index b88e761..a875cf1 100644 --- a/config_comred.cmake +++ b/config_comred.cmake @@ -121,6 +121,7 @@ set(BOBBYCAR_BUILDFLAGS -DSWITCH_BLINK # -DFEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT -DFEATURE_ESPNOW + -DFEATURE_SSL ) if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/ignore/lockscreen_plugin.cmake") diff --git a/config_feedc0de.cmake b/config_feedc0de.cmake index 8315f78..7e87c74 100644 --- a/config_feedc0de.cmake +++ b/config_feedc0de.cmake @@ -102,4 +102,5 @@ set(BOBBYCAR_BUILDFLAGS # -DSWITCH_BLINK -DFEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT # -DFEATURE_ESPNOW +# -DFEATURE_SSL ) diff --git a/config_greyhash.cmake b/config_greyhash.cmake index 854abbf..8340cac 100644 --- a/config_greyhash.cmake +++ b/config_greyhash.cmake @@ -94,4 +94,5 @@ set(BOBBYCAR_BUILDFLAGS # -DLEDSTRIP_ANIMATION_DEFAULT=0 -DOLD_NVS # -DFEATURE_DNS_NS +# -DFEATURE_SSL ) diff --git a/config_mick.cmake b/config_mick.cmake index b537942..ad47a5a 100644 --- a/config_mick.cmake +++ b/config_mick.cmake @@ -93,6 +93,7 @@ set(BOBBYCAR_BUILDFLAGS -DLEDSTRIP_ANIMATION_DEFAULT=0 -DOLD_NVS -DFEATURE_DNS_NS +# -DFEATURE_SSL ) if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/ignore/lockscreen_plugin.cmake") diff --git a/config_peter.cmake b/config_peter.cmake index 3257285..537d806 100644 --- a/config_peter.cmake +++ b/config_peter.cmake @@ -98,6 +98,7 @@ set(BOBBYCAR_BUILDFLAGS -DLEDS_PER_METER=144 -DOLD_NVS -DFEATURE_DNS_NS + -DFEATURE_SSL ) if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/ignore/lockscreen_plugin.cmake") diff --git a/main/CMakeLists.txt b/main/CMakeLists.txt index a4890cd..508a360 100644 --- a/main/CMakeLists.txt +++ b/main/CMakeLists.txt @@ -193,6 +193,7 @@ set(headers settings.h settingspersister.h settingsutils.h + sslcert.h statistics.h statustexthelper.h stringsettings.h @@ -412,6 +413,7 @@ set(sources settings.cpp settingspersister.cpp settingsutils.cpp + sslcert.cpp statistics.cpp statustexthelper.cpp stringsettings.cpp @@ -436,7 +438,7 @@ set(sources ) set(dependencies - freertos nvs_flash esp_http_server esp_https_ota mdns app_update esp_system esp_websocket_client driver + freertos nvs_flash esp_http_server esp_https_server esp_https_ota mdns app_update esp_system esp_websocket_client driver arduino-esp32 ArduinoJson esp-nimble-cpp FastLED-idf TFT_eSPI QRCode-esp32 bobbycar-protocol cpputils cxx-ring-buffer date espasynchttpreq espasyncota espchrono espcpputils espconfiglib esp-gui-lib esphttpdutils espwifistack expected fmt @@ -450,6 +452,9 @@ idf_component_register( . REQUIRES ${dependencies} + EMBED_TXTFILES + certs/cert.pem + certs/key.pem ) target_compile_options(${COMPONENT_TARGET} diff --git a/main/sslcert.cpp b/main/sslcert.cpp new file mode 100644 index 0000000..306972e --- /dev/null +++ b/main/sslcert.cpp @@ -0,0 +1,5 @@ +#include "sslcert.h" + +namespace ssl_cert { + +} diff --git a/main/sslcert.h b/main/sslcert.h new file mode 100644 index 0000000..fd92367 --- /dev/null +++ b/main/sslcert.h @@ -0,0 +1,7 @@ +#include + +namespace ssl_cert { + void init(); + std::string get_cert(); + bool check_cert(); +} diff --git a/main/webserver.cpp b/main/webserver.cpp index e9fe6e2..0e576de 100644 --- a/main/webserver.cpp +++ b/main/webserver.cpp @@ -25,6 +25,23 @@ void initWebserver() #endif { +#ifdef FEATURE_SSL + httpd_ssl_config_t httpsConfig HTTPD_SSL_CONFIG_DEFAULT(); + httpsConfig.httpd.core_id = 1; + httpsConfig.httpd.max_uri_handlers = 14; + httpsConfig.httpd.stack_size = 8192; + httpsConfig.transport_mode = HTTPD_SSL_TRANSPORT_SECURE; + + httpsConfig.cacert_pem = (const uint8_t*)bobbywebserver::cert_pem.data(); + httpsConfig.cacert_len = bobbywebserver::cert_pem.size(); + httpsConfig.prvtkey_pem = (const uint8_t*)bobbywebserver::key_pem.data(); + httpsConfig.prvtkey_len = bobbywebserver::key_pem.size(); + + const auto result = httpd_ssl_start(&httpdHandle, &httpsConfig); + ESP_LOG_LEVEL_LOCAL((result == ESP_OK ? ESP_LOG_INFO : ESP_LOG_ERROR), TAG, "httpd_ssl_start(): %s", esp_err_to_name(result)); + if (result != ESP_OK) + return; +#else httpd_config_t httpConfig HTTPD_DEFAULT_CONFIG(); httpConfig.core_id = 1; httpConfig.max_uri_handlers = 14; @@ -34,6 +51,7 @@ void initWebserver() ESP_LOG_LEVEL_LOCAL((result == ESP_OK ? ESP_LOG_INFO : ESP_LOG_ERROR), TAG, "httpd_start(): %s", esp_err_to_name(result)); if (result != ESP_OK) return; +#endif } for (const httpd_uri_t &uri : { @@ -145,7 +163,7 @@ esp_err_t webserver_status_handler(httpd_req_t *req) else { ESP_LOGE(TAG, "%.*s", result.error().size(), result.error().data()); - + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); CALL_AND_EXIT(esphttpdutils::webserver_resp_send, req, esphttpdutils::ResponseStatus::BadRequest, "text/plain", result.error()); } @@ -155,7 +173,7 @@ esp_err_t webserver_status_handler(httpd_req_t *req) { if (!menuDisplayChanged()) { - + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); CALL_AND_EXIT(esphttpdutils::webserver_resp_send, req, esphttpdutils::ResponseStatus::Ok, "text/plain", "Ok."); } else @@ -165,7 +183,7 @@ esp_err_t webserver_status_handler(httpd_req_t *req) } else { - + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); CALL_AND_EXIT(esphttpdutils::webserver_resp_send, req, esphttpdutils::ResponseStatus::Unauthorized, "text/plain", ""); } } diff --git a/main/webserver.h b/main/webserver.h index f6770b5..dae79d8 100644 --- a/main/webserver.h +++ b/main/webserver.h @@ -3,11 +3,17 @@ // system includes #include #include +#include +#include // esp-idf includes #ifdef FEATURE_WEBSERVER +#ifdef FEATURE_SSL +#include +#else #include #endif +#endif #include // 3rdparty lib includes @@ -35,10 +41,20 @@ bool MenuDisplayChanged(); esp_err_t webserver_reboot_handler(httpd_req_t *req); esp_err_t webserver_status_handler(httpd_req_t *req); +extern const char cert_pem_start[] asm("_binary_cert_pem_start"); +extern const char cert_pem_end[] asm("_binary_cert_pem_end"); +extern const char key_pem_start[] asm("_binary_key_pem_start"); +extern const char key_pem_end[] asm("_binary_key_pem_end"); + namespace bobbywebserver { extern bool forceRefresh; extern bool lastScreenWasMenu; extern int8_t lastSelectIndex; extern std::vector> menuBuf; + +// Certs +const std::string_view cert_pem{cert_pem_start, size_t(std::distance(cert_pem_start, cert_pem_end))}; +const std::string_view key_pem{key_pem_start, size_t(std::distance(key_pem_start, key_pem_end))}; + } #endif diff --git a/main/webserver_displaycontrol.cpp b/main/webserver_displaycontrol.cpp index 78f96f8..b413c8a 100644 --- a/main/webserver_displaycontrol.cpp +++ b/main/webserver_displaycontrol.cpp @@ -10,6 +10,7 @@ constexpr const char * const TAG = "BOBBYWEB"; esp_err_t webserver_root_handler(httpd_req_t *req) { + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) @@ -220,7 +221,7 @@ esp_err_t webserver_root_handler(httpd_req_t *req) esp_err_t webserver_triggerButton_handler(httpd_req_t *req) { - +httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) @@ -339,7 +340,7 @@ esp_err_t webserver_triggerButton_handler(httpd_req_t *req) esp_err_t webserver_triggerItem_handler(httpd_req_t *req) { - +httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) @@ -428,7 +429,7 @@ esp_err_t webserver_triggerItem_handler(httpd_req_t *req) esp_err_t webserver_setValue_handler(httpd_req_t *req) { - +httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) diff --git a/main/webserver_dumpnvs.cpp b/main/webserver_dumpnvs.cpp index 8750640..5270e8c 100644 --- a/main/webserver_dumpnvs.cpp +++ b/main/webserver_dumpnvs.cpp @@ -114,7 +114,7 @@ showInputForSetting(std::string_view key, T value, JsonObject &body) esp_err_t webserver_dump_nvs_handler(httpd_req_t *req) { - +httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) diff --git a/main/webserver_ota.cpp b/main/webserver_ota.cpp index 93b72b3..8b71dc2 100644 --- a/main/webserver_ota.cpp +++ b/main/webserver_ota.cpp @@ -13,6 +13,7 @@ constexpr const char * const TAG = "BOBBYWEB"; esp_err_t webserver_ota_percentage_handler(httpd_req_t *req) { + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) @@ -72,6 +73,7 @@ esp_err_t webserver_ota_percentage_handler(httpd_req_t *req) esp_err_t webserver_ota_handler(httpd_req_t *req) { + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); #ifdef FEATURE_IS_MIR_EGAL_OB_DER_WEBSERVER_FUNKTIONIERT espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) @@ -340,6 +342,7 @@ esp_err_t webserver_ota_handler(httpd_req_t *req) esp_err_t webserver_trigger_ota_handler(httpd_req_t *req) { + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) { diff --git a/main/webserver_settings.cpp b/main/webserver_settings.cpp index 0868bae..8682fe9 100644 --- a/main/webserver_settings.cpp +++ b/main/webserver_settings.cpp @@ -67,6 +67,7 @@ showInputForSetting(std::string_view key, T value, std::string &body) esp_err_t webserver_settings_handler(httpd_req_t *req) { + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) { @@ -231,6 +232,7 @@ saveSetting(T &value, std::string_view newValue, std::string &body) esp_err_t webserver_saveSettings_handler(httpd_req_t *req) { + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) { diff --git a/main/webserver_stringsettings.cpp b/main/webserver_stringsettings.cpp index 716a1a0..a94f1b8 100644 --- a/main/webserver_stringsettings.cpp +++ b/main/webserver_stringsettings.cpp @@ -10,6 +10,7 @@ constexpr const char * const TAG = "BOBBYWEB"; esp_err_t webserver_stringSettings_handler(httpd_req_t *req) { + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) { @@ -100,6 +101,7 @@ esp_err_t webserver_stringSettings_handler(httpd_req_t *req) esp_err_t webserver_saveStringSettings_handler(httpd_req_t *req) { + httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*"); espcpputils::LockHelper helper{webserver_lock->handle, std::chrono::ceil(5s).count()}; if (!helper.locked()) { diff --git a/sdkconfig_comred b/sdkconfig_comred index e2f9409..b36f247 100644 --- a/sdkconfig_comred +++ b/sdkconfig_comred @@ -594,8 +594,9 @@ CONFIG_EFUSE_MAX_BLK_LEN=192 # CONFIG_ESP_TLS_USING_MBEDTLS=y # CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set -# CONFIG_ESP_TLS_SERVER is not set +CONFIG_ESP_TLS_SERVER=y # CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set +# CONFIG_ESP_TLS_SERVER_SESSION_TICKETS is not set # CONFIG_ESP_TLS_PSK_VERIFICATION is not set # CONFIG_ESP_TLS_INSECURE is not set # end of ESP-TLS @@ -713,7 +714,7 @@ CONFIG_OTA_ALLOW_HTTP=y # # ESP HTTPS server # -# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set +CONFIG_ESP_HTTPS_SERVER_ENABLE=y # end of ESP HTTPS server # diff --git a/sdkconfig_feedc0de b/sdkconfig_feedc0de index cb375f4..7f1663e 100644 --- a/sdkconfig_feedc0de +++ b/sdkconfig_feedc0de @@ -594,8 +594,9 @@ CONFIG_EFUSE_MAX_BLK_LEN=192 # CONFIG_ESP_TLS_USING_MBEDTLS=y # CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set -# CONFIG_ESP_TLS_SERVER is not set +CONFIG_ESP_TLS_SERVER=y # CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set +# CONFIG_ESP_TLS_SERVER_SESSION_TICKETS is not set # CONFIG_ESP_TLS_PSK_VERIFICATION is not set # CONFIG_ESP_TLS_INSECURE is not set # end of ESP-TLS @@ -713,7 +714,7 @@ CONFIG_OTA_ALLOW_HTTP=y # # ESP HTTPS server # -# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set +CONFIG_ESP_HTTPS_SERVER_ENABLE=y # end of ESP HTTPS server # diff --git a/sdkconfig_greyhash b/sdkconfig_greyhash index a8752dc..02ffdfe 100644 --- a/sdkconfig_greyhash +++ b/sdkconfig_greyhash @@ -594,8 +594,9 @@ CONFIG_EFUSE_MAX_BLK_LEN=192 # CONFIG_ESP_TLS_USING_MBEDTLS=y # CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set -# CONFIG_ESP_TLS_SERVER is not set +CONFIG_ESP_TLS_SERVER=y # CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set +# CONFIG_ESP_TLS_SERVER_SESSION_TICKETS is not set # CONFIG_ESP_TLS_PSK_VERIFICATION is not set # CONFIG_ESP_TLS_INSECURE is not set # end of ESP-TLS @@ -713,7 +714,7 @@ CONFIG_OTA_ALLOW_HTTP=y # # ESP HTTPS server # -# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set +CONFIG_ESP_HTTPS_SERVER_ENABLE=y # end of ESP HTTPS server # diff --git a/sdkconfig_mick b/sdkconfig_mick index a8752dc..02ffdfe 100644 --- a/sdkconfig_mick +++ b/sdkconfig_mick @@ -594,8 +594,9 @@ CONFIG_EFUSE_MAX_BLK_LEN=192 # CONFIG_ESP_TLS_USING_MBEDTLS=y # CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set -# CONFIG_ESP_TLS_SERVER is not set +CONFIG_ESP_TLS_SERVER=y # CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set +# CONFIG_ESP_TLS_SERVER_SESSION_TICKETS is not set # CONFIG_ESP_TLS_PSK_VERIFICATION is not set # CONFIG_ESP_TLS_INSECURE is not set # end of ESP-TLS @@ -713,7 +714,7 @@ CONFIG_OTA_ALLOW_HTTP=y # # ESP HTTPS server # -# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set +CONFIG_ESP_HTTPS_SERVER_ENABLE=y # end of ESP HTTPS server # diff --git a/sdkconfig_peter b/sdkconfig_peter index d5596a4..636d40f 100644 --- a/sdkconfig_peter +++ b/sdkconfig_peter @@ -594,8 +594,9 @@ CONFIG_EFUSE_MAX_BLK_LEN=192 # CONFIG_ESP_TLS_USING_MBEDTLS=y # CONFIG_ESP_TLS_USE_SECURE_ELEMENT is not set -# CONFIG_ESP_TLS_SERVER is not set +CONFIG_ESP_TLS_SERVER=y # CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS is not set +# CONFIG_ESP_TLS_SERVER_SESSION_TICKETS is not set # CONFIG_ESP_TLS_PSK_VERIFICATION is not set # CONFIG_ESP_TLS_INSECURE is not set # end of ESP-TLS @@ -713,7 +714,7 @@ CONFIG_OTA_ALLOW_HTTP=y # # ESP HTTPS server # -# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set +CONFIG_ESP_HTTPS_SERVER_ENABLE=y # end of ESP HTTPS server #