Merge branch 'x-requested-with'

irkit · Jul 27, 2015 · 85190b1 · 85190b1
2 parents 6f3ff9e + 8ad24aa
commit 85190b1
Show file tree

Hide file tree

Showing 16 changed files with 247 additions and 30 deletions.
diff --git a/firmware/bench.pl b/firmware/bench.pl
@@ -18,6 +18,9 @@
 my $agent = Furl->new(
     agent   => 'Bench/1.0',
     timeout => 20,
+    headers => [
+        'X-Requested-With' => 'Furl',
+    ],
 );
 
 my $get_message = sub {

diff --git a/firmware/src/IRKit/GSwifi.cpp b/firmware/src/IRKit/GSwifi.cpp
@@ -390,6 +390,7 @@ void GSwifi::parseByte(uint8_t dat) {
                     request_state                   = GSREQUESTSTATE_HEAD2;
                     continuous_newlines_            = 0;
                     content_lengths_[ current_cid ] = 0;
+                    has_requested_with_             = false;
                     ring_clear(_buf_cmd);
                 }
                 break;
@@ -545,6 +546,7 @@ int8_t GSwifi::parseHead2(uint8_t dat, int8_t cid) {
         // 1st ends just after headers, and 2nd contains only response body
         // "Content-Length: "    .length = 16
         // "Content-Length: 9999".length = 20
+        // "X-Requested-With: "  .length = 18
         char content_length_chars[21];
         memset( content_length_chars, 0, 21 );
 
@@ -554,6 +556,10 @@ int8_t GSwifi::parseHead2(uint8_t dat, int8_t cid) {
             content_length_chars[20] = 0;
             content_lengths_[ cid ] = atoi(&content_length_chars[16]);
         }
+        if ((copied >= 18) &&
+            (strncmp(content_length_chars, "X-Requested-With: ", 18) == 0)) {
+            has_requested_with_ = true;
+        }
         ring_clear(_buf_cmd);
     }
     if (continuous_newlines_ == 2) {
@@ -614,6 +620,10 @@ void GSwifi::setRequestHandler (GSRequestHandler handler) {
     request_handler_ = handler;
 }
 
+bool GSwifi::validRequest () {
+    return has_requested_with_;
+}
+
 // request against us
 int8_t GSwifi::dispatchRequestHandler (int8_t cid, int8_t routeid, GSREQUESTSTATE state) {
     return request_handler_(cid, routeid, state);
@@ -1093,9 +1103,12 @@ int8_t GSwifi::startLimitedAP () {
     command(PB("AT+NSET=192.168.1.1,255.255.255.0,192.168.1.1",1), GSCOMMANDMODE_NORMAL);
 
     // password area overwritten in factory
-    cmd = PB("AT+WPAPSK=IRKitXXXX,XXXXXXXXXX",1);
+    // AT+WPAPSK=IRKitXXXX,XXXXXXXXXX
+    cmd = PB("AT+WPAPSK=",1);
     strcpy( cmd+10, hostname() );
     cmd[19] = ',';
+    strcpy( cmd+20, password() );
+    cmd[30] = 0;
     command(cmd, GSCOMMANDMODE_NORMAL, GS_TIMEOUT_LONG);
 
     // WPA2
@@ -1339,6 +1352,13 @@ char* GSwifi::hostname() {
     return ret;
 }
 
+char* GSwifi::password() {
+    // reuse index: 0 area
+    // this should be safe if we immediately call `strcpy( target, password() )`
+    char *ret = PB("XXXX,XXXXXXXXXX", 0);
+    return ret + 5; // we detect ^ this pattern in password replacer
+}
+
 void GSwifi::bufferClear() {
     ring_clear(_buf_cmd);
 }

diff --git a/firmware/src/IRKit/GSwifi.h b/firmware/src/IRKit/GSwifi.h
@@ -157,6 +157,7 @@ class GSwifi {
     void clearRoutes ();
     int8_t registerRoute (GSMETHOD method, const char *path);
     void setRequestHandler (GSRequestHandler handler);
+    bool validRequest ();
     int8_t writeHead (int8_t cid, uint16_t status_code);
     void write (const char *data);
     void write (const char data);
@@ -176,6 +177,7 @@ class GSwifi {
     int8_t close(int8_t cid);
 
     char *hostname();
+    char *password();
 
     // on timer ISR
     void onTimer();
@@ -203,6 +205,7 @@ class GSwifi {
     GSMODE             gs_mode_;
     GSCOMMANDMODE      gs_commandmode_;
     uint8_t            continuous_newlines_; // this should be per cid to handle multiple concurrent connections
+    bool               has_requested_with_; // request has X-Requested-With header
     char               ipaddr_[16]; // xxx.xxx.xxx.xxx
     char               mac_[18];    // 00:1d:c9:01:99:99
 #ifdef FACTORY_CHECKER

diff --git a/firmware/src/IRKit/IRKitHTTPHandler.cpp b/firmware/src/IRKit/IRKitHTTPHandler.cpp
@@ -45,6 +45,7 @@ static uint32_t newest_message_id = 0; // on memory only should be fine
 static int8_t post_keys_cid;
 static int8_t polling_cid = CID_UNDEFINED; // GET /m continues forever
 static bool is_posting_message = false;
+static bool has_valid_pass = false;
 
 #define POST_DOOR_BODY_LENGTH 61
 #define POST_KEYS_BODY_LENGTH 42
@@ -53,9 +54,10 @@ static void on_json_start() {
     HTTPLOG_PRINTLN("j<");
 
     IR_state( IR_WRITING );
+    has_valid_pass = false;
 }
 
-static void on_json_data( uint8_t key, uint32_t value ) {
+static void on_json_data( uint8_t key, uint32_t value, char *pass ) {
     if ( IrCtrl.state != IR_WRITING ) {
         return;
     }
@@ -70,6 +72,10 @@ static void on_json_data( uint8_t key, uint32_t value ) {
     case IrJsonParserDataKeyData:
         IR_put( value );
         break;
+    case IrJsonParserDataKeyPass:
+        if (strncmp(pass, gs.password(), 10) == 0) {
+            has_valid_pass = true;
+        }
     default:
         break;
     }
@@ -364,6 +370,17 @@ static int8_t on_post_wifi_request(uint8_t cid, GSwifi::GSREQUESTSTATE state) {
 }
 
 static int8_t on_request(int8_t cid, int8_t routeid, GSwifi::GSREQUESTSTATE state) {
+    if ( (state == GSwifi::GSREQUESTSTATE_RECEIVED) &&
+         (! gs.validRequest()) &&
+         (! has_valid_pass) ) {
+        HTTPLOG_PRINTLN("!E32");
+        gs.writeHead(cid, 400);
+        gs.writeEnd();
+        ring_put( &commands, COMMAND_CLOSE );
+        ring_put( &commands, cid );
+        return -1;
+    }
+
     switch (routeid) {
     case 0: // POST /messages
         return on_post_messages_request(cid, state);
@@ -411,7 +428,7 @@ int8_t irkit_httpclient_post_messages_() {
     if (cid == polling_cid) {
         // we're polling on this cid, and our response handler is registered with this cid.
         // we already overwritten the response handler, so restart everything.
-        HTTPLOG_PRINTLN("!E30");
+        // HTTPLOG_PRINTLN("!E30");
         wifi_hardware_reset();
         return -1;
     }

diff --git a/firmware/src/IRKit/IRKitJSONParser.c b/firmware/src/IRKit/IRKitJSONParser.c
@@ -14,8 +14,6 @@
  You should have received a copy of the GNU General Public License
  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-#include "Arduino.h"
-#include "pins.h"
 #include "IRKitJSONParser.h"
 
 void irkit_json_parse (char letter,
@@ -27,27 +25,32 @@ void irkit_json_parse (char letter,
     static uint8_t  data_exists;
     static uint8_t  first_letter_of_key;
     static uint8_t  is_key;
+    static char     pass[10];
+    static uint8_t  pass_index;
+    static uint8_t  before_colon;
 
-    // special case only json parser
+    // special case only json parser (don't try to reuse this)
     // non-nested Object with following possible keys
     // (check only the first 2 letters to identify key)
     // - ID
     // - FOrmat
     // - FReq
     // - DAta
+    // - Pass
     switch (letter) {
     case '{':
         is_key = 0;
+        before_colon = 1;
         on_start();
         break;
     case '}':
         if (data_exists) {
-            on_data(current_token, data);
+            on_data(current_token, data, pass);
         }
         on_end();
         break;
     case '"':
-        if ( ! is_key ) {
+        if ( (! is_key) && before_colon ) {
             // detected JSON Object's key
             is_key              = 1;
             first_letter_of_key = 0;
@@ -60,6 +63,8 @@ void irkit_json_parse (char letter,
     case ':':
         data          = 0;
         data_exists   = 0;
+        pass_index    = 0;
+        before_colon  = 0;
         break;
     case '0':
     case '1':
@@ -71,6 +76,7 @@ void irkit_json_parse (char letter,
     case '7':
     case '8':
     case '9':
+    case 'X':
         if ( (current_token == IrJsonParserDataKeyId)   ||
              (current_token == IrJsonParserDataKeyFreq) ||
              (current_token == IrJsonParserDataKeyData) ) {
@@ -80,14 +86,23 @@ void irkit_json_parse (char letter,
             data        += (letter - '0');
             data_exists  = 1;
         }
+        else if (current_token == IrJsonParserDataKeyPass) {
+            if (pass_index > 9) {
+                return;
+            }
+            pass[ pass_index ] = letter;
+            pass_index ++;
+            data_exists = 1;
+        }
         break;
     case ',':
     case ']':
         if (data_exists) {
-            on_data(current_token, data);
+            on_data(current_token, data, pass);
             data        = 0;
             data_exists = 0;
         }
+        before_colon = 1;
         break;
     default:
         break;
@@ -103,6 +118,7 @@ void irkit_json_parse (char letter,
             // - format
             // - freq
             // - data
+            // - pass
             if (first_letter_of_key == 'i' && letter == 'd') {
                 current_token = IrJsonParserDataKeyId;
             }
@@ -115,6 +131,9 @@ void irkit_json_parse (char letter,
             else if (first_letter_of_key == 'd' && letter == 'a') {
                 current_token = IrJsonParserDataKeyData;
             }
+            else if (first_letter_of_key == 'p' && letter == 'a') {
+                current_token = IrJsonParserDataKeyPass;
+            }
         }
     }
 }
diff --git a/firmware/src/IRKit/IRKitJSONParser.h b/firmware/src/IRKit/IRKitJSONParser.h
@@ -23,10 +23,11 @@
 #define IrJsonParserDataKeyFormat  0x02
 #define IrJsonParserDataKeyFreq    0x03
 #define IrJsonParserDataKeyData    0x04
+#define IrJsonParserDataKeyPass    0x05
 #define IrJsonParserDataKeyUnknown 0xFF
 
 typedef void (*JSONParserStartEnd)();
-typedef void (*JSONParserData)(uint8_t key, uint32_t value);
+typedef void (*JSONParserData)(uint8_t key, uint32_t value, char *pass);
 
 #ifdef __cplusplus
 extern "C" {

diff --git a/firmware/src/IRKit/IrCtrl.cpp b/firmware/src/IRKit/IrCtrl.cpp
@@ -329,7 +329,7 @@ ISR_COMPARE()
 void IR_xmit ()
 {
     if (IrCtrl.len == 0) {
-        IRLOG_PRINTLN("!E26");
+        // IRLOG_PRINTLN("!E26");
         IR_state( IR_IDLE );
         return;
     }

diff --git a/firmware/src/IRKit/log.h b/firmware/src/IRKit/log.h
@@ -19,11 +19,11 @@
 
 #include "Arduino.h"
 
-#define MAINLOG
-#define GSLOG
-#define HTTPLOG
-#define IRLOG
-#define KEYLOG
+// #define MAINLOG
+// #define GSLOG
+// #define HTTPLOG
+// #define IRLOG
+// #define KEYLOG
 
 #ifdef MAINLOG
 # define MAINLOG_PRINTLN(a)    Serial.println(a)

diff --git a/firmware/t/json/IRKitJSONParser.c b/firmware/t/json/IRKitJSONParser.c
@@ -0,0 +1 @@
+../../src/IRKit/IRKitJSONParser.c
diff --git a/firmware/t/json/IRKitJSONParser.h b/firmware/t/json/IRKitJSONParser.h
@@ -0,0 +1 @@
+../../src/IRKit/IRKitJSONParser.h
diff --git a/firmware/t/json/IrJsonParser.c b/firmware/t/json/IrJsonParser.c
diff --git a/firmware/t/json/IrJsonParser.h b/firmware/t/json/IrJsonParser.h
diff --git a/firmware/t/json/Makefile b/firmware/t/json/Makefile
@@ -1,4 +1,3 @@
-
 test:
-	gcc -Wall -g -o ./test.out IrJsonParser.c test.c
-	./test.out
+	gcc -Wall -g -o ./test.out IRKitJSONParser.c test.c
+	./test.out && echo "Success" || echo "Failed"
diff --git a/firmware/t/json/pins.h b/firmware/t/json/pins.h
@@ -0,0 +1 @@
+../../src/IRKit/pins.h