add basic auth for WebUI

platformio.ini

@@ -12,7 +12,7 @@
 platform = espressif8266
 framework = arduino
 monitor_speed = 115200
-custom_prog_version = 2.9.1
+custom_prog_version = 2.10.0
 
 build_flags = 
 			-DVERSION=${this.custom_prog_version}

src/Settings.h

@@ -11,7 +11,7 @@ DALY2MQTT Project
 class Settings
 {
   // change eeprom config version ONLY when new parameter is added and need reset the parameter
-  unsigned int configVersion = 10;
+  unsigned int configVersion = 11;
 
 public:
   struct Data
@@ -35,6 +35,8 @@ class Settings
     float relaisHysteresis;   // value to compare to
     char mqttTriggerPath[80]; // MQTT Data Trigger Path
     bool webUIdarkmode;       // Flag for color mode in webUI
+    char httpUser[40];        // http basic auth username
+    char httpPass[40];        // http basic auth password
   } data;
 
   void load()
@@ -139,6 +141,14 @@ class Settings
     {
       data.webUIdarkmode = false;
     }
+    if (strlen(data.httpUser) == 0 || strlen(data.httpUser) >= 40)
+    {
+      strcpy(data.httpUser, "");
+    }
+    if (strlen(data.httpPass) == 0 || strlen(data.httpPass) >= 40)
+    {
+      strcpy(data.httpPass, "");
+    }
   }
   void coVersCheck()
   {
@@ -163,6 +173,8 @@ class Settings
       data.relaisSetValue = 0.0;
       data.relaisHysteresis = 0.0;
       data.webUIdarkmode = false;
+      strcpy(data.httpUser, "");
+      strcpy(data.httpPass, "");
       save();
       load();
     }

src/htmlProzessor.h

@@ -61,5 +61,9 @@ String htmlProcessor(const String &var)
         return (_settings.data.webUIdarkmode ? "dark" : "light");
     if (var == F("pre_webuidarkmode"))
         return (_settings.data.webUIdarkmode ? "checked" : "");
+    if (var == F("pre_http_user"))
+        return (_settings.data.httpUser);
+    if (var == F("pre_http_pass"))
+        return (_settings.data.httpPass);
     return String();
 }

src/main.cpp

@@ -413,29 +413,34 @@ void setup()
     // https://stackoverflow.com/questions/66717045/espasyncwebserver-chunked-response-inside-processor-function-esp32-esp8266
     server.on("/", HTTP_GET, [](AsyncWebServerRequest *request)
               {
+      if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication();
       AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", HTML_MAIN, htmlProcessor);
       request->send(response); });
 
     server.on("/livejson", HTTP_GET, [](AsyncWebServerRequest *request)
               {
+                if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication();
       AsyncResponseStream *response = request->beginResponseStream("application/json");
       serializeJson(bmsJson, *response);
       request->send(response); });
 
     server.on("/reboot", HTTP_GET, [](AsyncWebServerRequest *request)
               {
+                if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication();
                 AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", HTML_REBOOT, htmlProcessor);
                 request->send(response);
                 restartNow = true;
                 RestartTimer = millis(); });
 
     server.on("/confirmreset", HTTP_GET, [](AsyncWebServerRequest *request)
               {
+                if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication();
       AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", HTML_CONFIRM_RESET, htmlProcessor);
       request->send(response); });
 
     server.on("/reset", HTTP_GET, [](AsyncWebServerRequest *request)
               {
+                if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication();
       AsyncWebServerResponse *response = request->beginResponse(200, "text/plain", "Device is Erasing...");
       response->addHeader("Refresh", "15; url=/");
       response->addHeader("Connection", "close");
@@ -447,16 +452,19 @@ void setup()
 
     server.on("/settings", HTTP_GET, [](AsyncWebServerRequest *request)
               {
+                if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication();
       AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", HTML_SETTINGS, htmlProcessor);
       request->send(response); });
 
     server.on("/settingsedit", HTTP_GET, [](AsyncWebServerRequest *request)
               {
+                if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication();
       AsyncWebServerResponse *response = request->beginResponse_P(200, "text/html", HTML_SETTINGS_EDIT, htmlProcessor);
       request->send(response); });
 
     server.on("/settingssave", HTTP_POST, [](AsyncWebServerRequest *request)
               {
+                if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication();
       strncpy(_settings.data.mqttServer, request->arg("post_mqttServer").c_str(), 40);
       _settings.data.mqttPort = request->arg("post_mqttPort").toInt();
       strncpy(_settings.data.mqttUser, request->arg("post_mqttUser").c_str(), 40);
@@ -475,11 +483,16 @@ void setup()
       _settings.data.relaisSetValue = request->arg("post_relaissetvalue").toFloat();
       _settings.data.relaisHysteresis = strtof(request->arg("post_relaishysteresis").c_str(), NULL);
       _settings.data.webUIdarkmode = (request->arg("post_webuicolormode") == "true") ? true : false;
+
+                strncpy(_settings.data.httpUser, request->arg("post_httpUser").c_str(), 40);
+                strncpy(_settings.data.httpPass, request->arg("post_httpPass").c_str(), 40);
+
       _settings.save();
       request->redirect("/reboot"); });
 
     server.on("/set", HTTP_GET, [](AsyncWebServerRequest *request)
               {
+                if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication();
       AsyncWebParameter *p = request->getParam(0);
       if (p->name() == "chargefet")
       {
@@ -551,6 +564,7 @@ void setup()
     server.on(
         "/update", HTTP_POST, [](AsyncWebServerRequest *request)
         {
+          if(strlen(_settings.data.httpUser) > 0 && !request->authenticate(_settings.data.httpUser, _settings.data.httpPass)) return request->requestAuthentication();
     //https://gist.github.com/JMishou/60cb762047b735685e8a09cd2eb42a60
     AsyncWebServerResponse *response = request->beginResponse(200, "text/plain", (Update.hasError())?"FAIL":"OK");
     response->addHeader("Connection", "close");

src/webpages/HTML_SETTINGS_EDIT.html

@@ -58,6 +58,18 @@ <h1>Edit Configuration</h1>
                 id="mqttjson" name="post_webuicolormode" value="true" %pre_webuidarkmode%>
         </div>
     </div>
+
+    <div class="input-group mb-2">
+        <span class="input-group-text w-50" id="httpUserdesc">HTTP Username</span>
+        <input type="text" class="form-control" aria-describedby="httpUserdesc" id="httpUser" name="post_httpUser" maxlength="40"
+            maxlength="35" value="%pre_http_user%">
+    </div>
+    <div class="input-group mb-2">
+        <span class="input-group-text w-50" id="httpPassdesc">HTTP Password</span>
+        <input type="password" class="form-control" aria-describedby="httpPassdesc" id="httpPass" name="post_httpPass" maxlength="40"
+            maxlength="35" value="%pre_http_pass%">
+    </div>
+
     <div class="row gx-0 mb-2" id="esp01_settings" style="%pre_esp01%">
     <div class="input-group mb-2">
         <span class="input-group-text w-100"><b>BMS-Wakeup Settings</b></span>