0
0
mirror of https://github.com/Doodle3D/doodle3d-firmware.git synced 2024-12-22 19:13:49 +01:00

Deny API access to operations that can/will interrupt printing (updating, reconfiguring network, change settings).

This commit is contained in:
Wouter R 2013-10-23 16:12:19 +02:00
parent 9e0eab1f8d
commit 628f05b682
5 changed files with 147 additions and 50 deletions

View File

@ -4,11 +4,37 @@ local settings = require('util.settings')
local printer = require('util.printer') local printer = require('util.printer')
local signin = require('network.signin') local signin = require('network.signin')
local wifi = require('network.wlanconfig') local wifi = require('network.wlanconfig')
local accessManager = require('util.access')
local printerAPI = require('rest.api.api_printer')
local M = { local M = {
isApi = true isApi = true
} }
-- TODO: this function is also defined in 2 other places, combine them (and avoid require loops)
local function operationsAccessOrFail(request, response)
if not accessManager.hasControl(request.remoteAddress) then
response:setFail("No control access")
return false
end
local rv, printerState = printerAPI.state(request, response, true)
if(rv == false) then
response:setError("Could not get printer state")
return false
end
if printerState == 'buffering' or printerState == 'printing' or printerState == 'stopping' then
response:setFail("Printer is busy, please wait")
return false
end
return true
end
function M._global_GET(request, response) function M._global_GET(request, response)
response:setSuccess() response:setSuccess()
for k,v in pairs(request:getAll()) do for k,v in pairs(request:getAll()) do
@ -22,6 +48,9 @@ end
function M._global_POST(request, response) function M._global_POST(request, response)
--log:info("API:config:set") --log:info("API:config:set")
if not operationsAccessOrFail(request, response) then return end
response:setSuccess() response:setSuccess()
local validation = {} local validation = {}

View File

@ -5,12 +5,36 @@ local netconf = require('network.netconfig')
local wifi = require('network.wlanconfig') local wifi = require('network.wlanconfig')
local ResponseClass = require('rest.response') local ResponseClass = require('rest.response')
local signin = require('network.signin') local signin = require('network.signin')
local accessManager = require('util.access')
local printerAPI = require('rest.api.api_printer')
local M = { local M = {
isApi = true isApi = true
} }
-- TODO: this function is also defined in 2 other places, combine them (and avoid require loops)
local function operationsAccessOrFail(request, response)
if not accessManager.hasControl(request.remoteAddress) then
response:setFail("No control access")
return false
end
local rv, printerState = printerAPI.state(request, response, true)
if(rv == false) then
response:setError("Could not get printer state")
return false
end
if printerState == 'buffering' or printerState == 'printing' or printerState == 'stopping' then
response:setFail("Printer is busy, please wait")
return false
end
return true
end
function M._global(request, response) function M._global(request, response)
response:setError("not implemented") response:setError("not implemented")
end end
@ -113,6 +137,8 @@ function M.associate_POST(request, response)
return return
end end
if not operationsAccessOrFail(request, response) then return end
response:setSuccess("wlan is trying to associate") response:setSuccess("wlan is trying to associate")
local rv,msg = netconf.associateSsid(argSsid, argPhrase, argRecreate) local rv,msg = netconf.associateSsid(argSsid, argPhrase, argRecreate)
@ -125,6 +151,7 @@ function M.associate_POST(request, response)
end end
function M.disassociate_POST(request, response) function M.disassociate_POST(request, response)
if not operationsAccessOrFail(request, response) then return end
local rv = netconf.disassociate() local rv = netconf.disassociate()
@ -133,6 +160,8 @@ function M.disassociate_POST(request, response)
end end
function M.openap_POST(request, response) function M.openap_POST(request, response)
if not operationsAccessOrFail(request, response) then return end
local ssid = wifi.getSubstitutedSsid(settings.get('network.ap.ssid')) local ssid = wifi.getSubstitutedSsid(settings.get('network.ap.ssid'))
local rv,msg = netconf.setupAccessPoint(ssid) local rv,msg = netconf.setupAccessPoint(ssid)
@ -154,6 +183,8 @@ function M.remove_POST(request, response)
return return
end end
if not operationsAccessOrFail(request, response) then return end
if wifi.removeConfig(argSsid) then if wifi.removeConfig(argSsid) then
response:setSuccess("removed wireless network with requested SSID") response:setSuccess("removed wireless network with requested SSID")
response:addData("ssid", argSsid) response:addData("ssid", argSsid)

View File

@ -60,28 +60,33 @@ function M.progress(request, response)
return true; return true;
end end
function M.state(request, response) -- NOTE: onlyReturnState is optional and prevents response from being modified
function M.state(request, response, onlyReturnState)
local argId = request:get("id") local argId = request:get("id")
response:addData('id', argId) if not onlyReturnState then response:addData('id', argId) end
local printer,msg = printerUtils.createPrinterOrFail(argId, response) local printer,msg = printerUtils.createPrinterOrFail(argId, response)
if not printer then if not printer then
response:setSuccess()
local printerState = "disconnected" local printerState = "disconnected"
response:addData('state', printerState) if not onlyReturnState then
response:setSuccess()
response:addData('state', printerState)
end
return true, printerState return true, printerState
else else
local rv,msg = printer:getState() local rv,msg = printer:getState()
if rv then if rv then
response:setSuccess() if not onlyReturnState then
response:addData('state', rv) response:setSuccess()
response:addData('state', rv)
end
return true, rv return true, rv
else else
response:setError(msg) if not onlyReturnState then response:setError(msg) end
return false return false
end end
end end
return true; return true
end end
function M.heatup_POST(request, response) function M.heatup_POST(request, response)

View File

@ -6,11 +6,36 @@ arg = argStash
local log = require('util.logger') local log = require('util.logger')
local utils = require('util.utils') local utils = require('util.utils')
local accessManager = require('util.access')
local printerAPI = require('rest.api.api_printer')
local M = { local M = {
isApi = true isApi = true
} }
-- TODO: this function is also defined in 2 other places, combine them (and avoid require loops)
local function operationsAccessOrFail(request, response)
if not accessManager.hasControl(request.remoteAddress) then
response:setFail("No control access")
return false
end
local rv, printerState = printerAPI.state(request, response, true)
if(rv == false) then
response:setError("Could not get printer state")
return false
end
if printerState == 'buffering' or printerState == 'printing' or printerState == 'stopping' then
response:setFail("Printer is busy, please wait")
return false
end
return true
end
function M.status(request, response) function M.status(request, response)
updater.setLogger(log) updater.setLogger(log)
updater.setUseCache(false) updater.setUseCache(false)
@ -49,6 +74,9 @@ function M.download_POST(request, response)
if argClearGcode == nil then argClearGcode = true end if argClearGcode == nil then argClearGcode = true end
if argClearImages == nil then argClearImages = true end if argClearImages == nil then argClearImages = true end
-- block access to prevent potential issues with printing (e.g. out of memory)
if not operationsAccessOrFail(request, response) then return end
updater.setLogger(log) updater.setLogger(log)
updater.setState(updater.STATE.DOWNLOADING,"") updater.setState(updater.STATE.DOWNLOADING,"")
@ -110,9 +138,11 @@ end
-- if successful, this call won't return since the device will flash its memory and reboot -- if successful, this call won't return since the device will flash its memory and reboot
function M.install_POST(request, response) function M.install_POST(request, response)
local argVersion = request:get("version") local argVersion = request:get("version")
updater.setLogger(log)
log:info("API:update/install") log:info("API:update/install")
if not operationsAccessOrFail(request, response) then return end
updater.setLogger(log)
updater.setState(updater.STATE.INSTALLING,"") updater.setState(updater.STATE.INSTALLING,"")
if not argVersion then if not argVersion then

View File

@ -16,6 +16,8 @@ function M.getController()
else else
controllerIP = file:read('*a') controllerIP = file:read('*a')
file:close() file:close()
--strip trailing newline (useful when manually editing controller.txt)
if controllerIP:find('\n') == controllerIP:len() then controllerIP = controllerIP:sub(0, -2) end
return controllerIP return controllerIP
end end
end end