adafruit-mirror/arduino-esp32
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
arduino-esp32/libraries/WebServer/examples/HttpBasicAuthSHA1/HttpBasicAuthSHA1.ino
Dirk-Willem van Gulik e581717bf3
Web server simplifications and handers (#7429) 
* First stab ad simplyfing webserver auth and adding a handler.

* Tweaks after testing against docs and latest Library tree

* Add documentatin for callback handler

* Bodge to allow things to compile without the dependencies

* Remove dependency on sodium to make it compile with 4.4

* Fix hex conversion

* Move some common HEX functions into a static HEX class, remove those from MD5 and add some examples. This allows for the cleanup of various to/from HEX routines elsewhere.

* Remove some duplicated code

* Add simplfiied HEXBuilder under MD5Bulder to CMakefile.

* Update for 3.0.0 and QoL improvements

* Remove examples that depend on external libraries

* Skip H2 testing

* Formatting improvements

* Move builders examples to Utilities folder

* Fix indentation

* Add HashBuilder abstract class

* Add SHA1Builder

* Fix comment

* Fix whitespace

* Fix crashes and improve log messages

* Fix indentation for webserver

---------

Co-authored-by: Rodrigo Garcia <rodrigo.garcia@espressif.com>
Co-authored-by: Lucas Saavedra Vaz <32426024+lucasssvaz@users.noreply.github.com>
2024-01-16 15:49:46 +02:00

72 lines
2.3 KiB
C++
Raw Permalink Blame History

#include <WiFi.h>
#include <ESPmDNS.h>
#include <ArduinoOTA.h>
#include <WebServer.h>
// Rather than specify the password as plaintext; we
// provide it as an (unsalted!) SHA1 hash. This is not
// much more secure (SHA1 is past its retirement age,
// and long obsolte/insecure) - but it helps a little.
const char* ssid = "........";
const char* password = "........";
WebServer server(80);
// Passwords as plaintext - human readable and easily visible in
// the sourcecode and in the firmware/binary.
const char* www_username = "admin";
const char* www_password = "esp32";
// The sha1 of 'esp32' (without the trailing \0) expressed as 20
// bytes of hex. Created by for example 'echo -n esp32 | openssl sha1'
// or http://www.sha1-online.com.
const char* www_username_hex = "hexadmin";
const char* www_password_hex = "8cb124f8c277c16ec0b2ee00569fd151a08e342b";
// The same; but now expressed as a base64 string (e.g. as commonly used
// by webservers). Created by ` echo -n esp32 | openssl sha1 -binary | openssl base64`
const char* www_username_base64 = "base64admin";
const char* www_password_base64 = "jLEk+MJ3wW7Asu4AVp/RUaCONCs=";
void setup() {
Serial.begin(115200);
while (!Serial) { delay(10); }
WiFi.mode(WIFI_STA);
WiFi.begin(ssid, password);
if (WiFi.waitForConnectResult() != WL_CONNECTED) {
Serial.println("WiFi Connect Failed! Rebooting...");
delay(1000);
ESP.restart();
}
ArduinoOTA.begin();
server.on("/", []() {
if (server.authenticate(www_username, www_password)) {
server.send(200, "text/plain", "Login against cleartext password OK");
return;
}
if (server.authenticateBasicSHA1(www_username_hex, www_password_hex)) {
server.send(200, "text/plain", "Login against HEX of the SHA1 of the password OK");
return;
}
if (server.authenticateBasicSHA1(www_username_base64, www_password_base64)) {
server.send(200, "text/plain", "Login against Base64 of the SHA1 of the password OK");
return;
}
Serial.println("No/failed authentication");
return server.requestAuthentication();
});
server.begin();
Serial.print("Open http://");
Serial.print(WiFi.localIP());
Serial.println("/ in your browser to see it working");
}
void loop() {
ArduinoOTA.handle();
server.handleClient();
delay(2);//allow the cpu to switch to other tasks
}
Reference in a new issue View git blame Copy permalink