Skip to content

feat(sensor): grant read-only telemetry via allow_read_only / guest password #2823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
drewmccal wants to merge 1 commit into
base: main
Choose a base branch
from
+24 −12
Open

feat(sensor): grant read-only telemetry via allow_read_only / guest password #2823

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 24 additions & 12 deletions examples/simple_sensor/SensorMesh.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -328,19 +328,29 @@ int SensorMesh::getAGCResetInterval() const {
}

uint8_t SensorMesh::handleLoginReq(const mesh::Identity& sender, const uint8_t* secret, uint32_t sender_timestamp, const uint8_t* data, bool is_flood) {
ClientInfo* client;
ClientInfo* client = NULL;
if (data[0] == 0) { // blank password, just check if sender is in ACL
client = acl.getClient(sender.pub_key, PUB_KEY_SIZE);
if (client == NULL) {
#if MESH_DEBUG
MESH_DEBUG_PRINTLN("Login, sender not in ACL");
#endif
return 0;
}
} else {
if (strcmp((char *) data, _prefs.password) != 0) { // check for valid admin password
#if MESH_DEBUG
if (client == NULL) MESH_DEBUG_PRINTLN("Login, sender not in ACL");
#endif
}
if (client == NULL) {
// Determine the role this login grants. Admin needs the admin
// password; a matching guest password (if set) or the open
// allow_read_only switch grants READ_ONLY, which is enough to read
// telemetry (current + min/avg/max history). Mirrors the login
// cascade used by the repeater and room-server examples.
uint8_t perms;
if (strcmp((char *) data, _prefs.password) == 0) { // valid admin password
perms = PERM_ACL_ADMIN;
} else if (_prefs.guest_password[0] != 0 && strcmp((char *) data, _prefs.guest_password) == 0) {
perms = PERM_ACL_READ_ONLY; // matched the configured guest password
} else if (_prefs.allow_read_only) {
perms = PERM_ACL_READ_ONLY; // open read-only telemetry for everyone
} else {
#if MESH_DEBUG
MESH_DEBUG_PRINTLN("Invalid password: %s", &data[4]);
MESH_DEBUG_PRINTLN("Invalid password");
#endif
return 0;
}
Expand All @@ -354,10 +364,12 @@ uint8_t SensorMesh::handleLoginReq(const mesh::Identity& sender, const uint8_t*
MESH_DEBUG_PRINTLN("Login success!");
client->last_timestamp = sender_timestamp;
client->last_activity = getRTCClock()->getCurrentTime();
client->permissions |= PERM_ACL_ADMIN;
client->permissions = (client->permissions & ~PERM_ACL_ROLE_MASK) | perms;
memcpy(client->shared_secret, secret, PUB_KEY_SIZE);

dirty_contacts_expiry = futureMillis(LAZY_CONTACTS_WRITE_DELAY);
if (perms != PERM_ACL_READ_ONLY) { // avoid an FS write per transient read-only viewer
dirty_contacts_expiry = futureMillis(LAZY_CONTACTS_WRITE_DELAY);
}
}

if (is_flood) {
Expand Down