From 37de3a095d4608f720a9d4a00593151813bef0c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Hru=C5=A1ka?= <ondra@ondrovo.com>
Date: Fri, 22 Sep 2017 00:48:57 +0200
Subject: [PATCH] configurable pw lock (not yet tested and not connected to
 front-end)

---
 user/routes.c | 81 +++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 59 insertions(+), 22 deletions(-)

diff --git a/user/routes.c b/user/routes.c
index 7711b0e..45e961c 100644
--- a/user/routes.c
+++ b/user/routes.c
@@ -12,12 +12,66 @@
 #include "cgi_network.h"
 #include "cgi_term_cfg.h"
 #include "cgi_persist.h"
+#include "syscfg.h"
 
-#define WIFI_PROTECT 0
-#define WIFI_AUTH_NAME "wifi"
-#define WIFI_AUTH_PASS "nicitel"
+/**
+ * Password for WiFi config
+ */
+static int ICACHE_FLASH_ATTR wifiPassFn(HttpdConnData *connData, int no, char *user, int userLen, char *pass, int passLen)
+{
+	if (no == 0) {
+		os_strcpy(user, "admin");
+		os_strcpy(pass, sysconf->access_pw);
+		return 1;
+	}
+	return 0;
+}
 
-static int wifiPassFn(HttpdConnData *connData, int no, char *user, int userLen, char *pass, int passLen);
+httpd_cgi_state ICACHE_FLASH_ATTR cgiOptionalPwLock(HttpdConnData *connData)
+{
+	bool protect = false;
+
+	switch (sysconf->pwlock) {
+		case PWLOCK_ALL:
+			protect = true;
+			break;
+
+		case PWLOCK_SETTINGS_NOTERM:
+			protect = strstarts(connData->url, "/cfg") && !strstarts(connData->url, "/cfg/term");
+			break;
+
+		case PWLOCK_SETTINGS_ALL:
+			protect = strstarts(connData->url, "/cfg");
+			break;
+
+		case PWLOCK_MENUS:
+			protect = strstarts(connData->url, "/cfg") || strstarts(connData->url, "/about") || strstarts(connData->url, "/help");
+			break;
+
+		default:
+		case PWLOCK_NONE:
+			break;
+	}
+
+	// pages outside the normal scope
+
+	if (sysconf->pwlock > PWLOCK_NONE) {
+		if (strstarts(connData->url, "/system/reset")) protect = true;
+	}
+
+	if (sysconf->pwlock > PWLOCK_SETTINGS_NOTERM) {
+		if (strstarts(connData->url, "/system/cls")) protect = true;
+	}
+
+	if (sysconf->access_pw[0] == 0) protect = false;
+
+	if (protect) {
+		connData->cgiArg = wifiPassFn;
+		return authBasic(connData);
+	} else {
+		return HTTPD_CGI_NOTFOUND;
+	}
+}
 
 /**
  * Application routes
@@ -25,6 +79,7 @@ static int wifiPassFn(HttpdConnData *connData, int no, char *user, int userLen,
 const HttpdBuiltInUrl routes[] ESP_CONST_DATA = {
 	// redirect func for the captive portal
 	ROUTE_CGI_ARG("*", cgiRedirectApClientToHostname, "esp-terminal.ap"),
+	ROUTE_CGI("*", cgiOptionalPwLock),
 
 	// --- Web pages ---
 	ROUTE_TPL_FILE("/", tplScreen, "/term.tpl"),
@@ -39,10 +94,6 @@ const HttpdBuiltInUrl routes[] ESP_CONST_DATA = {
 	ROUTE_CGI("/system/ping/?", cgiPing),
 	ROUTE_CGI("/system/cls/?", cgiResetScreen),
 
-	// --- WiFi config --- (TODO make this conditional and configurable)
-#if WIFI_PROTECT
-	ROUTE_AUTH("/wifi*", wifiPassFn),
-#endif
 	ROUTE_REDIRECT("/cfg/?", "/cfg/wifi"),
 
 	ROUTE_TPL_FILE("/cfg/wifi/?", tplWlan, "/cfg_wifi.tpl"),
@@ -67,17 +118,3 @@ const HttpdBuiltInUrl routes[] ESP_CONST_DATA = {
 	ROUTE_END(),
 };
 
-// --- Wifi password protection ---
-
-/**
- * Password for WiFi config
- */
-static int ICACHE_FLASH_ATTR wifiPassFn(HttpdConnData *connData, int no, char *user, int userLen, char *pass, int passLen)
-{
-	if (no == 0) {
-		os_strcpy(user, WIFI_AUTH_NAME);
-		os_strcpy(pass, WIFI_AUTH_PASS);
-		return 1;
-	}
-	return 0;
-}