mirror of
https://github.com/Doodle3D/doodle3d-firmware.git
synced 2024-12-31 23:13:48 +01:00
Deny API access to operations that can/will interrupt printing (updating, reconfiguring network, change settings).
This commit is contained in:
parent
9e0eab1f8d
commit
628f05b682
@ -4,11 +4,37 @@ local settings = require('util.settings')
|
|||||||
local printer = require('util.printer')
|
local printer = require('util.printer')
|
||||||
local signin = require('network.signin')
|
local signin = require('network.signin')
|
||||||
local wifi = require('network.wlanconfig')
|
local wifi = require('network.wlanconfig')
|
||||||
|
local accessManager = require('util.access')
|
||||||
|
local printerAPI = require('rest.api.api_printer')
|
||||||
|
|
||||||
|
|
||||||
local M = {
|
local M = {
|
||||||
isApi = true
|
isApi = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
-- TODO: this function is also defined in 2 other places, combine them (and avoid require loops)
|
||||||
|
local function operationsAccessOrFail(request, response)
|
||||||
|
if not accessManager.hasControl(request.remoteAddress) then
|
||||||
|
response:setFail("No control access")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
local rv, printerState = printerAPI.state(request, response, true)
|
||||||
|
if(rv == false) then
|
||||||
|
response:setError("Could not get printer state")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
if printerState == 'buffering' or printerState == 'printing' or printerState == 'stopping' then
|
||||||
|
response:setFail("Printer is busy, please wait")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
function M._global_GET(request, response)
|
function M._global_GET(request, response)
|
||||||
response:setSuccess()
|
response:setSuccess()
|
||||||
for k,v in pairs(request:getAll()) do
|
for k,v in pairs(request:getAll()) do
|
||||||
@ -22,6 +48,9 @@ end
|
|||||||
|
|
||||||
function M._global_POST(request, response)
|
function M._global_POST(request, response)
|
||||||
--log:info("API:config:set")
|
--log:info("API:config:set")
|
||||||
|
|
||||||
|
if not operationsAccessOrFail(request, response) then return end
|
||||||
|
|
||||||
response:setSuccess()
|
response:setSuccess()
|
||||||
|
|
||||||
local validation = {}
|
local validation = {}
|
||||||
|
@ -5,12 +5,36 @@ local netconf = require('network.netconfig')
|
|||||||
local wifi = require('network.wlanconfig')
|
local wifi = require('network.wlanconfig')
|
||||||
local ResponseClass = require('rest.response')
|
local ResponseClass = require('rest.response')
|
||||||
local signin = require('network.signin')
|
local signin = require('network.signin')
|
||||||
|
local accessManager = require('util.access')
|
||||||
|
local printerAPI = require('rest.api.api_printer')
|
||||||
|
|
||||||
local M = {
|
local M = {
|
||||||
isApi = true
|
isApi = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
-- TODO: this function is also defined in 2 other places, combine them (and avoid require loops)
|
||||||
|
local function operationsAccessOrFail(request, response)
|
||||||
|
if not accessManager.hasControl(request.remoteAddress) then
|
||||||
|
response:setFail("No control access")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
local rv, printerState = printerAPI.state(request, response, true)
|
||||||
|
if(rv == false) then
|
||||||
|
response:setError("Could not get printer state")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
if printerState == 'buffering' or printerState == 'printing' or printerState == 'stopping' then
|
||||||
|
response:setFail("Printer is busy, please wait")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
function M._global(request, response)
|
function M._global(request, response)
|
||||||
response:setError("not implemented")
|
response:setError("not implemented")
|
||||||
end
|
end
|
||||||
@ -113,6 +137,8 @@ function M.associate_POST(request, response)
|
|||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if not operationsAccessOrFail(request, response) then return end
|
||||||
|
|
||||||
response:setSuccess("wlan is trying to associate")
|
response:setSuccess("wlan is trying to associate")
|
||||||
|
|
||||||
local rv,msg = netconf.associateSsid(argSsid, argPhrase, argRecreate)
|
local rv,msg = netconf.associateSsid(argSsid, argPhrase, argRecreate)
|
||||||
@ -125,6 +151,7 @@ function M.associate_POST(request, response)
|
|||||||
end
|
end
|
||||||
|
|
||||||
function M.disassociate_POST(request, response)
|
function M.disassociate_POST(request, response)
|
||||||
|
if not operationsAccessOrFail(request, response) then return end
|
||||||
|
|
||||||
local rv = netconf.disassociate()
|
local rv = netconf.disassociate()
|
||||||
|
|
||||||
@ -133,6 +160,8 @@ function M.disassociate_POST(request, response)
|
|||||||
end
|
end
|
||||||
|
|
||||||
function M.openap_POST(request, response)
|
function M.openap_POST(request, response)
|
||||||
|
if not operationsAccessOrFail(request, response) then return end
|
||||||
|
|
||||||
local ssid = wifi.getSubstitutedSsid(settings.get('network.ap.ssid'))
|
local ssid = wifi.getSubstitutedSsid(settings.get('network.ap.ssid'))
|
||||||
local rv,msg = netconf.setupAccessPoint(ssid)
|
local rv,msg = netconf.setupAccessPoint(ssid)
|
||||||
|
|
||||||
@ -154,6 +183,8 @@ function M.remove_POST(request, response)
|
|||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if not operationsAccessOrFail(request, response) then return end
|
||||||
|
|
||||||
if wifi.removeConfig(argSsid) then
|
if wifi.removeConfig(argSsid) then
|
||||||
response:setSuccess("removed wireless network with requested SSID")
|
response:setSuccess("removed wireless network with requested SSID")
|
||||||
response:addData("ssid", argSsid)
|
response:addData("ssid", argSsid)
|
||||||
|
@ -60,28 +60,33 @@ function M.progress(request, response)
|
|||||||
return true;
|
return true;
|
||||||
end
|
end
|
||||||
|
|
||||||
function M.state(request, response)
|
-- NOTE: onlyReturnState is optional and prevents response from being modified
|
||||||
|
function M.state(request, response, onlyReturnState)
|
||||||
local argId = request:get("id")
|
local argId = request:get("id")
|
||||||
response:addData('id', argId)
|
if not onlyReturnState then response:addData('id', argId) end
|
||||||
|
|
||||||
local printer,msg = printerUtils.createPrinterOrFail(argId, response)
|
local printer,msg = printerUtils.createPrinterOrFail(argId, response)
|
||||||
if not printer then
|
if not printer then
|
||||||
response:setSuccess()
|
|
||||||
local printerState = "disconnected"
|
local printerState = "disconnected"
|
||||||
|
if not onlyReturnState then
|
||||||
|
response:setSuccess()
|
||||||
response:addData('state', printerState)
|
response:addData('state', printerState)
|
||||||
|
end
|
||||||
return true, printerState
|
return true, printerState
|
||||||
else
|
else
|
||||||
local rv,msg = printer:getState()
|
local rv,msg = printer:getState()
|
||||||
if rv then
|
if rv then
|
||||||
|
if not onlyReturnState then
|
||||||
response:setSuccess()
|
response:setSuccess()
|
||||||
response:addData('state', rv)
|
response:addData('state', rv)
|
||||||
|
end
|
||||||
return true, rv
|
return true, rv
|
||||||
else
|
else
|
||||||
response:setError(msg)
|
if not onlyReturnState then response:setError(msg) end
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
return true;
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
function M.heatup_POST(request, response)
|
function M.heatup_POST(request, response)
|
||||||
|
@ -6,11 +6,36 @@ arg = argStash
|
|||||||
|
|
||||||
local log = require('util.logger')
|
local log = require('util.logger')
|
||||||
local utils = require('util.utils')
|
local utils = require('util.utils')
|
||||||
|
local accessManager = require('util.access')
|
||||||
|
local printerAPI = require('rest.api.api_printer')
|
||||||
|
|
||||||
local M = {
|
local M = {
|
||||||
isApi = true
|
isApi = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
-- TODO: this function is also defined in 2 other places, combine them (and avoid require loops)
|
||||||
|
local function operationsAccessOrFail(request, response)
|
||||||
|
if not accessManager.hasControl(request.remoteAddress) then
|
||||||
|
response:setFail("No control access")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
local rv, printerState = printerAPI.state(request, response, true)
|
||||||
|
if(rv == false) then
|
||||||
|
response:setError("Could not get printer state")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
if printerState == 'buffering' or printerState == 'printing' or printerState == 'stopping' then
|
||||||
|
response:setFail("Printer is busy, please wait")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
function M.status(request, response)
|
function M.status(request, response)
|
||||||
updater.setLogger(log)
|
updater.setLogger(log)
|
||||||
updater.setUseCache(false)
|
updater.setUseCache(false)
|
||||||
@ -49,6 +74,9 @@ function M.download_POST(request, response)
|
|||||||
if argClearGcode == nil then argClearGcode = true end
|
if argClearGcode == nil then argClearGcode = true end
|
||||||
if argClearImages == nil then argClearImages = true end
|
if argClearImages == nil then argClearImages = true end
|
||||||
|
|
||||||
|
-- block access to prevent potential issues with printing (e.g. out of memory)
|
||||||
|
if not operationsAccessOrFail(request, response) then return end
|
||||||
|
|
||||||
updater.setLogger(log)
|
updater.setLogger(log)
|
||||||
|
|
||||||
updater.setState(updater.STATE.DOWNLOADING,"")
|
updater.setState(updater.STATE.DOWNLOADING,"")
|
||||||
@ -110,9 +138,11 @@ end
|
|||||||
-- if successful, this call won't return since the device will flash its memory and reboot
|
-- if successful, this call won't return since the device will flash its memory and reboot
|
||||||
function M.install_POST(request, response)
|
function M.install_POST(request, response)
|
||||||
local argVersion = request:get("version")
|
local argVersion = request:get("version")
|
||||||
updater.setLogger(log)
|
|
||||||
|
|
||||||
log:info("API:update/install")
|
log:info("API:update/install")
|
||||||
|
|
||||||
|
if not operationsAccessOrFail(request, response) then return end
|
||||||
|
|
||||||
|
updater.setLogger(log)
|
||||||
updater.setState(updater.STATE.INSTALLING,"")
|
updater.setState(updater.STATE.INSTALLING,"")
|
||||||
|
|
||||||
if not argVersion then
|
if not argVersion then
|
||||||
|
@ -16,6 +16,8 @@ function M.getController()
|
|||||||
else
|
else
|
||||||
controllerIP = file:read('*a')
|
controllerIP = file:read('*a')
|
||||||
file:close()
|
file:close()
|
||||||
|
--strip trailing newline (useful when manually editing controller.txt)
|
||||||
|
if controllerIP:find('\n') == controllerIP:len() then controllerIP = controllerIP:sub(0, -2) end
|
||||||
return controllerIP
|
return controllerIP
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user