Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http basic auth #8

Open
martindb opened this issue Jun 27, 2016 · 6 comments
Open

http basic auth #8

martindb opened this issue Jun 27, 2016 · 6 comments
Assignees

Comments

@martindb
Copy link

Can you add http basic auth to the setup area?

@sticilface
Copy link
Owner

I have been thinking about auth / security for a little bit.

I think that there will be some fairly big changes to the IDE in the not too distant future to allow authentication of binaries and other security.

The thing that has stopped me is how to implement this.

  1. hard coded into sketch
  2. changeable in GUI
  3. where to store them ? hash in the SPIFFS settings file?

Do you have any suggestions?

PS. there have been a load of changes to this. in the gui branch. moved to async web server,etc. which is much better. web sockets. updating via a json file, including binary, with continued progress shown by the web sockets. you can now subscribe to a url, and pull all changed spiffs files, and new binary if different to current running one, with a user defined checking frequency. and a lot of bug fixes that i don't seem to be able to merge into the sync branch..

@martindb
Copy link
Author

I think that a "default" hardcoded password is ok for easy starting.
With GUI you can change this default, and it's a good idea I think to store the hash in the settings file. Another option can be the eeprom, but, at the end, it's in the same flash memory... in the json file is more easy to deal with it.

I was trying your code in the master, and viewing the gui branch. I think you have to switch the master to the async version. Sounds great the "auto update" feature!
I'll try the gui branch version in the next days.

@sticilface
Copy link
Owner

Ok.. so this is on hold for a little bit... there needs to be some work on the back end of authentication in asyncwebserver. ESPmanager uses an index file, 3 js files, 1 css file and a data.esp which is the handler function. These are handled by different handlers.. so managing authentication between them in a seamless way is not possible yet...

it will be. me-no-dev is working on it. so will update then. hope that is ok.

In the mean time. I'm working on a total rewrite which should be a lot better. It is already and has some better features. not pushed any changes yet!

@martindb
Copy link
Author

Sounds great!!! Thank you very much.

@sticilface
Copy link
Owner

this is still in the plan... just waiting for the implementation in asyncwebserver

@sticilface
Copy link
Owner

coming in version 3. may add though

@sticilface sticilface self-assigned this May 1, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants