Comments (18)
Yes, good idea, this should be added in the next release.
from configmanager.
I just had a thought that might make the POST issue unnecessary. CM provides a function setAPICallback
that lets you register your own API endpoints on the web server. My thought is that you can handle the POST yourself, and as you know your types, you wont run into the same issues that CM is. Do you find this acceptable as a solution? Perhaps I need to write more docs to this end.
from configmanager.
Hi,
Thanks for getting in touch. I will answer as best I can :)
I didnt know about streamFile
. I will gladly take a pull request that makes the library more efficient.
So the clear text design was not made with passwords in mind. My thoughts were that the endpoints would be on a controlled network (like your home network) and mainly to hold settings used configure devices, more then usernames and passwords. I would have kept passwords in the compiled code, as they don't really change the same way settings do. I don't think there is a simple way around this problem, but would be interested to hear your thoughts.
JSON is an API standard. When making frontend software I almost always end up moving JSON around. That isnt to say that you are wrong. Standard form encoding is indeed cheaper and quicker. As a middle ground perhaps form encoded could be supported on the POST and JSON on the PUT. What are your thoughts on this?
Thanks for your thoughts,
Nick
from configmanager.
@nrwiersma Thanks Nick, I've made the amendment to stream direct from file, and created the pull request. Sorry it took a while for me to get around to it. :)
I think the dual approach for POST/PUT might be best - then we get the best of all worlds and avoid all the shenanigans one has to go through to generate JSON from a web form. My C++ is pitiful or I'd probably implement this myself.
As for the clear-text password issue, one could implement a flag on custom field indicating that some sort of internal two-way hash should be used to store the field contents, so at least clear text passwords can't just be obtained by issuing a GET query. Then internally the unhashed clear text password becomes available for use in MQTT connects etc.
What do you think?
Kind regards,
Jon
from configmanager.
Hi,
Thanks for the pull request. It is greatly appreciated. It will be released in the next version.
As soon as I get some time, I will write the POST code, just a little swamped at the moment.
With regards to encrypting passwords, this is a little more tricky. My init assumption was that this is in an environment of trust, which is obviously not always the case. The issue is that the GET works on the config struct, so if you can see the clear text password, so can the GET. Perhaps the trick is to be able to set fields with PUT/POST but not GET them. Might this work? I am also concerned about the power and RAM needed for encryption (it is meant to be expensive). Would you like to start a new issue for this topic, and we can discuss this there?
Thanks,
Nick
from configmanager.
Sure... see you there!
Jon
from configmanager.
Hi,
Was looking into the POST request, and I remember why I chose JSON. The server args always returns a string, so typing is an issue. Will need to look into converting types.
from configmanager.
Yes, types are always a pain when passing data around.
On the memory issue, I've seen a lot of people having memory issues when repeatedly serving web pages from an ESP8266, and more than one has reported that including a "Connection: close" header with each page served fixes this by requesting that the client closes the connection after the data is received. What do you think, @nrwiersma? Is it worth including anyway?
from configmanager.
Also related to memory usage, could we move as many program string literals as possible into flash memory using PROGMEM? I've tried this locally and it works well to reduce overall RAM usage.
https://gist.github.com/sticilface/e54016485fcccd10950e93ddcd4461a3
Thanks,
Jon
from configmanager.
Sounds good. You want to add this as a pull request?
from configmanager.
Once I've fully tested it all I shall put in a PR 🙂
from configmanager.
PR submitted. All running very nicely.
from configmanager.
Pull request merged, thanks for that.
Have run into a snag with the POST endpoint. The string stream I was planning to use is too big. Need to come up with another plan here. Will move onto the other issues so long.
from configmanager.
Ok if you want to discuss it and kick some ideas around, let me know.
from configmanager.
Thanks, appreciate it. My plan is to look to ArduinoJson for ideas on how to solve it. If you have some ideas, will gladly chat about them.
from configmanager.
Sweet, that being the case, I will close this issue.
BTW. I checked the connection close issue, and this is sent by the library, see here,
So there is no need for me to handle this.
from configmanager.
Hi Nick, sorry I'm neck-deep in one of our own projects but shall try everything as soon as I can.
In the meantime, yes more documentation and/or example code would probably be helpful for most potential users of ConfigManager.
from configmanager.
Hi,
Thanks for the feedback. Any particular areas you think the docs need improvement, other then a better API callback docs/example?
from configmanager.
Related Issues (20)
- Unable to save WiFi settings to EEPROM [esp32] HOT 3
- Saving char arrays in EEPROM HOT 2
- Delay restarting device to allow web server response
- ConfigManager::begin() changes value of int in struct HOT 22
- Metadata adding config values HOT 2
- reading and writing from struct config data HOT 2
- Compiler warning HOT 1
- CORS errors HOT 6
- How can I make it to auto reconnect? HOT 4
- not possible to save the value 0 via settings.html
- Issue using LittleFS HOT 1
- Compiling / version issue with ArduinoJson HOT 3
- settings endpoint will only return last saved value HOT 5
- image file (.jpg/.png) cannot be used in index.html HOT 3
- v3 tracking issue HOT 11
- Saving config with wrong type wipes EEPROM memory HOT 3
- ESP32 Wifi Sucks .. connects every two tries .. Workaround thoughts HOT 4
- Problems with with variables in the sketch HOT 9
- One little problem with one parameter HOT 5
- Is it possible to send a Webpage from ESP32 ? HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from configmanager.