From 5e5b9f22054ba2e8f9e28ff6373c49e8a84af6e6 Mon Sep 17 00:00:00 2001 From: Otto Winter Date: Wed, 24 Apr 2019 17:08:05 +0200 Subject: [PATCH] Hass.io Ingress (#519) * Hass.io ingress * Update * Remove global vars * Fix * Fixes * Fixes * Upgrade base image to 1.5.1 * Lint --- .gitlab-ci.yml | 4 +- docker/Dockerfile | 5 +- docker/Dockerfile.hassio | 5 +- docker/Dockerfile.test | 2 +- docker/hooks/build | 26 -- docker/hooks/pre_build | 18 -- docker/rootfs/etc/cont-init.d/20-nginx.sh | 30 ++- docker/rootfs/etc/cont-init.d/30-esphome.sh | 2 +- docker/rootfs/etc/nginx/includes/mime.types | 96 +++++++ .../etc/nginx/includes/proxy_params.conf | 16 ++ .../etc/nginx/includes/server_params.conf | 6 + .../rootfs/etc/nginx/includes/ssl_params.conf | 9 + docker/rootfs/etc/nginx/nginx-ssl.conf | 62 ----- docker/rootfs/etc/nginx/nginx.conf | 51 ++-- .../etc/nginx/servers/direct-ssl.disabled | 17 ++ .../rootfs/etc/nginx/servers/direct.disabled | 12 + docker/rootfs/etc/nginx/servers/ingress.conf | 16 ++ docker/rootfs/etc/services.d/nginx/run | 8 +- esphome/components/ledc/ledc_output.h | 4 +- esphome/dashboard/dashboard.py | 243 ++++++++++-------- esphome/dashboard/static/esphome.js | 21 +- esphome/dashboard/templates/index.html | 3 +- esphome/dashboard/templates/login.html | 2 +- setup.py | 3 +- 24 files changed, 373 insertions(+), 288 deletions(-) delete mode 100755 docker/hooks/build delete mode 100755 docker/hooks/pre_build create mode 100644 docker/rootfs/etc/nginx/includes/mime.types create mode 100644 docker/rootfs/etc/nginx/includes/proxy_params.conf create mode 100644 docker/rootfs/etc/nginx/includes/server_params.conf create mode 100644 docker/rootfs/etc/nginx/includes/ssl_params.conf delete mode 100755 docker/rootfs/etc/nginx/nginx-ssl.conf create mode 100644 docker/rootfs/etc/nginx/servers/direct-ssl.disabled create mode 100644 docker/rootfs/etc/nginx/servers/direct.disabled create mode 100644 docker/rootfs/etc/nginx/servers/ingress.conf diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f4e2fa40af..94116bcee1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -41,11 +41,11 @@ stages: - | if [[ "${IS_HASSIO}" == "YES" ]]; then - BUILD_FROM=esphome/esphome-hassio-base-${BUILD_ARCH}:1.4.3 + BUILD_FROM=esphome/esphome-hassio-base-${BUILD_ARCH}:1.5.1 BUILD_TO=esphome/esphome-hassio-${BUILD_ARCH} DOCKERFILE=docker/Dockerfile.hassio else - BUILD_FROM=esphome/esphome-base-${BUILD_ARCH}:1.4.3 + BUILD_FROM=esphome/esphome-base-${BUILD_ARCH}:1.5.1 if [[ "${BUILD_ARCH}" == "amd64" ]]; then BUILD_TO=esphome/esphome else diff --git a/docker/Dockerfile b/docker/Dockerfile index 0416f2496e..f844fa741e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,9 +1,8 @@ -ARG BUILD_FROM=esphome/esphome-base-amd64:1.4.3 +ARG BUILD_FROM=esphome/esphome-base-amd64:1.5.1 FROM ${BUILD_FROM} COPY . . -RUN \ - pip2 install --no-cache-dir --no-binary :all: -e . +RUN pip2 install --no-cache-dir -e . WORKDIR /config ENTRYPOINT ["esphome"] diff --git a/docker/Dockerfile.hassio b/docker/Dockerfile.hassio index eaa7d9d504..4d3d0b88f1 100644 --- a/docker/Dockerfile.hassio +++ b/docker/Dockerfile.hassio @@ -1,4 +1,4 @@ -ARG BUILD_FROM=esphome/esphome-hassio-base-amd64:1.4.3 +ARG BUILD_FROM FROM ${BUILD_FROM} # Copy root filesystem @@ -6,8 +6,7 @@ COPY docker/rootfs/ / COPY setup.py setup.cfg MANIFEST.in /opt/esphome/ COPY esphome /opt/esphome/esphome -RUN \ - pip2 install --no-cache-dir --no-binary :all: -e /opt/esphome +RUN pip2 install --no-cache-dir -e /opt/esphome # Build arguments ARG BUILD_VERSION=dev diff --git a/docker/Dockerfile.test b/docker/Dockerfile.test index 32978c0785..daf1199796 100644 --- a/docker/Dockerfile.test +++ b/docker/Dockerfile.test @@ -7,7 +7,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ python-pil \ git \ && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/*rm -rf /var/lib/apt/lists/* /tmp/* && \ - pip install --no-cache-dir --no-binary :all: platformio && \ + pip install --no-cache-dir platformio && \ platformio settings set enable_telemetry No && \ platformio settings set check_libraries_interval 1000000 && \ platformio settings set check_platformio_interval 1000000 && \ diff --git a/docker/hooks/build b/docker/hooks/build deleted file mode 100755 index 60879aaa88..0000000000 --- a/docker/hooks/build +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash - -# the Docker repository tag being built. -declare CACHE_TAG -echo "CACHE_TAG: ${CACHE_TAG}" -# the name and tag of the Docker repository being built. (This variable is a combination of DOCKER_REPO:CACHE_TAG.) -declare IMAGE_NAME -echo "IMAGE_NAME: ${IMAGE_NAME}" -# the architecture to build -declare BUILD_ARCH -echo "BUILD_ARCH: ${BUILD_ARCH}" -# whether this is a hassio build -declare IS_HASSIO -echo "IS_HASSIO: ${IS_HASSIO}" -echo "PWD: $PWD" - -if [[ ${IS_HASSIO} = "YES" ]]; then - docker build \ - --build-arg "BUILD_FROM=esphome/esphome-hassio-base-${BUILD_ARCH}:1.4.3" \ - --build-arg "BUILD_VERSION=${CACHE_TAG}" \ - -t "${IMAGE_NAME}" -f ../docker/Dockerfile.hassio .. -else - docker build \ - --build-arg "BUILD_FROM=esphome/esphome-base-${BUILD_ARCH}:1.4.3" \ - -t "${IMAGE_NAME}" -f ../docker/Dockerfile .. -fi diff --git a/docker/hooks/pre_build b/docker/hooks/pre_build deleted file mode 100755 index aff12dd3f5..0000000000 --- a/docker/hooks/pre_build +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/env bash - -# the architecture to build -declare BUILD_ARCH - -echo "BUILD_ARCH: ${BUILD_ARCH}" - -if [[ ${BUILD_ARCH} = "amd64" ]]; then - echo "No qemu required..." - exit 0 -fi -if [[ ${BUILD_ARCH} = "i386" ]]; then - echo "No qemu required..." - exit 0 -fi - -echo "Installing qemu..." -docker run --rm --privileged multiarch/qemu-user-static:register --reset diff --git a/docker/rootfs/etc/cont-init.d/20-nginx.sh b/docker/rootfs/etc/cont-init.d/20-nginx.sh index cd9b2c6b80..107a25c47a 100755 --- a/docker/rootfs/etc/cont-init.d/20-nginx.sh +++ b/docker/rootfs/etc/cont-init.d/20-nginx.sh @@ -6,21 +6,29 @@ declare certfile declare keyfile -declare port +declare direct_port +declare ingress_interface +declare ingress_port mkdir -p /var/log/nginx -# Enable SSL -if bashio::config.true 'ssl'; then - rm /etc/nginx/nginx.conf - mv /etc/nginx/nginx-ssl.conf /etc/nginx/nginx.conf +direct_port=$(bashio::addon.port 6052) +if bashio::var.has_value "${direct_port}"; then + if bashio::config.true 'ssl'; then + certfile=$(bashio::config 'certfile') + keyfile=$(bashio::config 'keyfile') - certfile=$(bashio::config 'certfile') - keyfile=$(bashio::config 'keyfile') + mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf + sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf + sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf + else + mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf + fi - sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/nginx.conf - sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/nginx.conf + sed -i "s/%%port%%/${direct_port}/g" /etc/nginx/servers/direct.conf fi -port=$(bashio::config 'port') -sed -i "s/%%port%%/${port}/g" /etc/nginx/nginx.conf +ingress_port=$(bashio::addon.ingress_port) +ingress_interface=$(bashio::addon.ip_address) +sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf +sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf diff --git a/docker/rootfs/etc/cont-init.d/30-esphome.sh b/docker/rootfs/etc/cont-init.d/30-esphome.sh index 26df8081bd..8fc1b472c0 100644 --- a/docker/rootfs/etc/cont-init.d/30-esphome.sh +++ b/docker/rootfs/etc/cont-init.d/30-esphome.sh @@ -10,6 +10,6 @@ if bashio::config.has_value 'esphome_version'; then esphome_version=$(bashio::config 'esphome_version') full_url="https://github.com/esphome/esphome/archive/${esphome_version}.zip" bashio::log.info "Installing esphome version '${esphome_version}' (${full_url})..." - pip2 install --no-cache-dir --no-binary :all: "${full_url}" \ + pip2 install -U --no-cache-dir "${full_url}" \ || bashio::exit.nok "Failed installing esphome pinned version." fi diff --git a/docker/rootfs/etc/nginx/includes/mime.types b/docker/rootfs/etc/nginx/includes/mime.types new file mode 100644 index 0000000000..7c7cdef2d1 --- /dev/null +++ b/docker/rootfs/etc/nginx/includes/mime.types @@ -0,0 +1,96 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/docker/rootfs/etc/nginx/includes/proxy_params.conf b/docker/rootfs/etc/nginx/includes/proxy_params.conf new file mode 100644 index 0000000000..c00b4800e8 --- /dev/null +++ b/docker/rootfs/etc/nginx/includes/proxy_params.conf @@ -0,0 +1,16 @@ +proxy_http_version 1.1; +proxy_ignore_client_abort off; +proxy_read_timeout 86400s; +proxy_redirect off; +proxy_send_timeout 86400s; +proxy_max_temp_file_size 0; + +proxy_set_header Accept-Encoding ""; +proxy_set_header Connection $connection_upgrade; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-NginX-Proxy true; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header Authorization ""; diff --git a/docker/rootfs/etc/nginx/includes/server_params.conf b/docker/rootfs/etc/nginx/includes/server_params.conf new file mode 100644 index 0000000000..479dfa10f6 --- /dev/null +++ b/docker/rootfs/etc/nginx/includes/server_params.conf @@ -0,0 +1,6 @@ +root /dev/null; +server_name $hostname; + +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header X-Robots-Tag none; diff --git a/docker/rootfs/etc/nginx/includes/ssl_params.conf b/docker/rootfs/etc/nginx/includes/ssl_params.conf new file mode 100644 index 0000000000..6f15005998 --- /dev/null +++ b/docker/rootfs/etc/nginx/includes/ssl_params.conf @@ -0,0 +1,9 @@ +ssl_protocols TLSv1.2; +ssl_prefer_server_ciphers on; +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; +ssl_ecdh_curve secp384r1; +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +ssl_stapling on; +ssl_stapling_verify on; diff --git a/docker/rootfs/etc/nginx/nginx-ssl.conf b/docker/rootfs/etc/nginx/nginx-ssl.conf deleted file mode 100755 index cd76036fde..0000000000 --- a/docker/rootfs/etc/nginx/nginx-ssl.conf +++ /dev/null @@ -1,62 +0,0 @@ -worker_processes 1; -pid /var/run/nginx.pid; -error_log stderr; - -events { - worker_connections 1024; -} - -http { - access_log stdout; - include mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - - upstream esphome { - ip_hash; - server unix:/var/run/esphome.sock; - } - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - server { - server_name hassio.local; - listen %%port%% default_server ssl; - root /dev/null; - - ssl_certificate /ssl/%%certfile%%; - ssl_certificate_key /ssl/%%keyfile%%; - ssl_protocols TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; - ssl_ecdh_curve secp384r1; - ssl_session_timeout 10m; - ssl_session_cache shared:SSL:10m; - ssl_session_tickets off; - ssl_stapling on; - ssl_stapling_verify on; - - # Redirect http requests to https on the same port. - # https://rageagainstshell.com/2016/11/redirect-http-to-https-on-the-same-port-in-nginx/ - error_page 497 https://$http_host$request_uri; - - location / { - proxy_redirect off; - proxy_pass http://esphome; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Authorization ""; - - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - } - } -} diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf index 4a0067c12f..8ebf572816 100755 --- a/docker/rootfs/etc/nginx/nginx.conf +++ b/docker/rootfs/etc/nginx/nginx.conf @@ -1,46 +1,33 @@ -worker_processes 1; +daemon off; +user root; pid /var/run/nginx.pid; -error_log stderr; - +worker_processes 1; +# Hass.io addon log +error_log /proc/1/fd/1 error; events { - worker_connections 1024; + worker_connections 1024; } http { - access_log stdout; - include mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; + include /etc/nginx/includes/mime.types; + access_log stdout; + default_type application/octet-stream; + gzip on; + keepalive_timeout 65; + sendfile on; + server_tokens off; - upstream esphome { - ip_hash; - server unix:/var/run/esphome.sock; - } map $http_upgrade $connection_upgrade { default upgrade; '' close; } - server { - server_name hassio.local; - listen %%port%% default_server; - root /dev/null; + # Use Hass.io supervisor as resolver + resolver 172.30.32.2; - location / { - proxy_redirect off; - proxy_pass http://esphome; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Authorization ""; - - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-NginX-Proxy true; - } + upstream esphome { + server unix:/var/run/esphome.sock; } + + include /etc/nginx/servers/*.conf; } diff --git a/docker/rootfs/etc/nginx/servers/direct-ssl.disabled b/docker/rootfs/etc/nginx/servers/direct-ssl.disabled new file mode 100644 index 0000000000..bec9c88051 --- /dev/null +++ b/docker/rootfs/etc/nginx/servers/direct-ssl.disabled @@ -0,0 +1,17 @@ +server { + listen %%port%% default_server ssl http2; + + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + include /etc/nginx/includes/ssl_params.conf; + # Clear Hass.io Ingress header + proxy_set_header X-Hassio-Ingress ""; + + # Redirect http requests to https on the same port. + # https://rageagainstshell.com/2016/11/redirect-http-to-https-on-the-same-port-in-nginx/ + error_page 497 https://$http_host$request_uri; + + location / { + proxy_pass http://esphome; + } +} diff --git a/docker/rootfs/etc/nginx/servers/direct.disabled b/docker/rootfs/etc/nginx/servers/direct.disabled new file mode 100644 index 0000000000..51f57cab88 --- /dev/null +++ b/docker/rootfs/etc/nginx/servers/direct.disabled @@ -0,0 +1,12 @@ +server { + listen %%port%% default_server; + + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + # Clear Hass.io Ingress header + proxy_set_header X-Hassio-Ingress ""; + + location / { + proxy_pass http://esphome; + } +} diff --git a/docker/rootfs/etc/nginx/servers/ingress.conf b/docker/rootfs/etc/nginx/servers/ingress.conf new file mode 100644 index 0000000000..6699ded0cb --- /dev/null +++ b/docker/rootfs/etc/nginx/servers/ingress.conf @@ -0,0 +1,16 @@ +server { + listen %%interface%%:%%port%% default_server; + + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + # Set Hass.io Ingress header + proxy_set_header X-Hassio-Ingress "YES"; + + location / { + # Only allow from Hass.io supervisor + allow 172.30.32.2; + deny all; + + proxy_pass http://esphome; + } +} \ No newline at end of file diff --git a/docker/rootfs/etc/services.d/nginx/run b/docker/rootfs/etc/services.d/nginx/run index adf93bc8dd..8582167b96 100755 --- a/docker/rootfs/etc/services.d/nginx/run +++ b/docker/rootfs/etc/services.d/nginx/run @@ -4,5 +4,11 @@ # Runs the NGINX proxy # ============================================================================== +bashio::log.info "Waiting for dashboard to come up..." + +while [[ ! -S /var/run/esphome.sock ]]; do + sleep 0.5 +done + bashio::log.info "Starting NGINX..." -exec nginx -g "daemon off;" +exec nginx diff --git a/esphome/components/ledc/ledc_output.h b/esphome/components/ledc/ledc_output.h index ce09db130a..d1b9b099ee 100644 --- a/esphome/components/ledc/ledc_output.h +++ b/esphome/components/ledc/ledc_output.h @@ -13,9 +13,7 @@ extern uint8_t next_ledc_channel; class LEDCOutput : public output::FloatOutput, public Component { public: - explicit LEDCOutput(GPIOPin *pin) : pin_(pin) { - this->channel_ = next_ledc_channel++; - } + explicit LEDCOutput(GPIOPin *pin) : pin_(pin) { this->channel_ = next_ledc_channel++; } void set_channel(uint8_t channel) { this->channel_ = channel; } void set_bit_depth(uint8_t bit_depth) { this->bit_depth_ = bit_depth; } diff --git a/esphome/dashboard/dashboard.py b/esphome/dashboard/dashboard.py index 5180b110a3..66ec1e1e54 100644 --- a/esphome/dashboard/dashboard.py +++ b/esphome/dashboard/dashboard.py @@ -3,6 +3,7 @@ from __future__ import print_function import codecs import collections +import functools import hashlib import hmac import json @@ -39,15 +40,73 @@ from typing import Optional # noqa from esphome.zeroconf import DashboardStatus, Zeroconf _LOGGER = logging.getLogger(__name__) -CONFIG_DIR = '' -PASSWORD_DIGEST = '' -COOKIE_SECRET = None -USING_PASSWORD = False -ON_HASSIO = False -USING_HASSIO_AUTH = True -HASSIO_MQTT_CONFIG = None -RELATIVE_URL = os.getenv('ESPHOME_DASHBOARD_RELATIVE_URL', '/') -STATUS_USE_PING = get_bool_env('ESPHOME_DASHBOARD_USE_PING') + + +class DashboardSettings(object): + def __init__(self): + self.config_dir = '' + self.password_digest = '' + self.using_password = False + self.on_hassio = False + self.cookie_secret = None + + def parse_args(self, args): + self.on_hassio = args.hassio + if not self.on_hassio: + self.using_password = bool(args.password) + if self.using_password: + if IS_PY2: + self.password_digest = hmac.new(args.password).digest() + else: + self.password_digest = hmac.new(args.password.encode()).digest() + self.config_dir = args.configuration + + @property + def relative_url(self): + return os.getenv('ESPHOME_DASHBOARD_RELATIVE_URL', '/') + + @property + def status_use_ping(self): + return get_bool_env('ESPHOME_DASHBOARD_USE_PING') + + @property + def using_hassio_auth(self): + if not self.on_hassio: + return False + return not get_bool_env('DISABLE_HA_AUTHENTICATION') + + @property + def using_auth(self): + return self.using_password or self.using_hassio_auth + + def check_password(self, password): + if not self.using_auth: + return True + + if IS_PY2: + password = hmac.new(password).digest() + else: + password = hmac.new(password.encode()).digest() + return hmac.compare_digest(self.password_digest, password) + + def rel_path(self, *args): + return os.path.join(self.config_dir, *args) + + def list_yaml_files(self): + files = [] + for file in os.listdir(self.config_dir): + if not file.endswith('.yaml'): + continue + if file.startswith('.'): + continue + if file == 'secrets.yaml': + continue + files.append(file) + files.sort() + return files + + +settings = DashboardSettings() if IS_PY2: cookie_authenticated_yes = 'yes' @@ -61,22 +120,29 @@ def template_args(): 'version': version, 'docs_link': 'https://beta.esphome.io/' if 'b' in version else 'https://esphome.io/', 'get_static_file_url': get_static_file_url, - 'relative_url': RELATIVE_URL, + 'relative_url': settings.relative_url, 'streamer_mode': get_bool_env('ESPHOME_STREAMER_MODE'), } def authenticated(func): + @functools.wraps(func) def decorator(self, *args, **kwargs): if not is_authenticated(self): - self.redirect(RELATIVE_URL + 'login') + self.redirect('./login') return None return func(self, *args, **kwargs) return decorator def is_authenticated(request_handler): - if USING_HASSIO_AUTH or USING_PASSWORD: + if settings.on_hassio: + # Handle ingress - disable auth on ingress port + # X-Hassio-Ingress is automatically stripped on the non-ingress server in nginx + header = request_handler.request.headers.get('X-Hassio-Ingress', 'NO') + if str(header) == 'YES': + return True + if settings.using_auth: return request_handler.get_secure_cookie('authenticated') == cookie_authenticated_yes return True @@ -126,10 +192,8 @@ class EsphomeCommandWebSocket(tornado.websocket.WebSocketHandler): self._proc = None self._is_closed = False + @authenticated def on_message(self, message): - if USING_HASSIO_AUTH or USING_PASSWORD: - if self.get_secure_cookie('authenticated') != cookie_authenticated_yes: - return # Messages are always JSON, 500 when not json_message = json.loads(message) type_ = json_message['type'] @@ -188,7 +252,7 @@ class EsphomeCommandWebSocket(tornado.websocket.WebSocketHandler): def _proc_on_exit(self, returncode): if not self._is_closed: # Check if the proc was not forcibly closed - _LOGGER.debug("Process exited with return code %s", returncode) + _LOGGER.info("Process exited with return code %s", returncode) self.write_message({'event': 'exit', 'code': returncode}) def on_close(self): @@ -205,39 +269,39 @@ class EsphomeCommandWebSocket(tornado.websocket.WebSocketHandler): class EsphomeLogsHandler(EsphomeCommandWebSocket): def build_command(self, json_message): - config_file = os.path.join(CONFIG_DIR, json_message['configuration']) + config_file = settings.rel_path(json_message['configuration']) return ["esphome", "--dashboard", config_file, "logs", '--serial-port', json_message["port"]] class EsphomeUploadHandler(EsphomeCommandWebSocket): def build_command(self, json_message): - config_file = os.path.join(CONFIG_DIR, json_message['configuration']) + config_file = settings.rel_path(json_message['configuration']) return ["esphome", "--dashboard", config_file, "run", '--upload-port', json_message["port"]] class EsphomeCompileHandler(EsphomeCommandWebSocket): def build_command(self, json_message): - config_file = os.path.join(CONFIG_DIR, json_message['configuration']) + config_file = settings.rel_path(json_message['configuration']) return ["esphome", "--dashboard", config_file, "compile"] class EsphomeValidateHandler(EsphomeCommandWebSocket): def build_command(self, json_message): - config_file = os.path.join(CONFIG_DIR, json_message['configuration']) + config_file = settings.rel_path(json_message['configuration']) return ["esphome", "--dashboard", config_file, "config"] class EsphomeCleanMqttHandler(EsphomeCommandWebSocket): def build_command(self, json_message): - config_file = os.path.join(CONFIG_DIR, json_message['configuration']) + config_file = settings.rel_path(json_message['configuration']) return ["esphome", "--dashboard", config_file, "clean-mqtt"] class EsphomeCleanHandler(EsphomeCommandWebSocket): def build_command(self, json_message): - config_file = os.path.join(CONFIG_DIR, json_message['configuration']) + config_file = settings.rel_path(json_message['configuration']) return ["esphome", "--dashboard", config_file, "clean"] @@ -270,9 +334,9 @@ class WizardRequestHandler(BaseHandler): from esphome import wizard kwargs = {k: u''.join(decode_text(x) for x in v) for k, v in self.request.arguments.items()} - destination = os.path.join(CONFIG_DIR, kwargs['name'] + u'.yaml') + destination = settings.rel_path(kwargs['name'] + u'.yaml') wizard.wizard_write(path=destination, **kwargs) - self.redirect('/?begin=True') + self.redirect('./?begin=True') class DownloadBinaryRequestHandler(BaseHandler): @@ -280,7 +344,7 @@ class DownloadBinaryRequestHandler(BaseHandler): @bind_config def get(self, configuration=None): # pylint: disable=no-value-for-parameter - storage_path = ext_storage_path(CONFIG_DIR, configuration) + storage_path = ext_storage_path(settings.config_dir, configuration) storage_json = StorageJSON.load(storage_path) if storage_json is None: self.send_error() @@ -299,22 +363,8 @@ class DownloadBinaryRequestHandler(BaseHandler): self.finish() -def _list_yaml_files(): - files = [] - for file in os.listdir(CONFIG_DIR): - if not file.endswith('.yaml'): - continue - if file.startswith('.'): - continue - if file == 'secrets.yaml': - continue - files.append(file) - files.sort() - return files - - def _list_dashboard_entries(): - files = _list_yaml_files() + files = settings.list_yaml_files() return [DashboardEntry(file) for file in files] @@ -326,12 +376,12 @@ class DashboardEntry(object): @property def full_path(self): # type: () -> str - return os.path.join(CONFIG_DIR, self.filename) + return os.path.join(settings.config_dir, self.filename) @property def storage(self): # type: () -> Optional[StorageJSON] if not self._loaded_storage: - self._storage = StorageJSON.load(ext_storage_path(CONFIG_DIR, self.filename)) + self._storage = StorageJSON.load(ext_storage_path(settings.config_dir, self.filename)) self._loaded_storage = True return self._storage @@ -474,7 +524,7 @@ class EditRequestHandler(BaseHandler): @bind_config def get(self, configuration=None): # pylint: disable=no-value-for-parameter - with open(os.path.join(CONFIG_DIR, configuration), 'r') as f: + with open(settings.rel_path(configuration), 'r') as f: content = f.read() self.write(content) @@ -482,7 +532,7 @@ class EditRequestHandler(BaseHandler): @bind_config def post(self, configuration=None): # pylint: disable=no-value-for-parameter - with open(os.path.join(CONFIG_DIR, configuration), 'wb') as f: + with open(settings.rel_path(configuration), 'wb') as f: f.write(self.request.body) self.set_status(200) @@ -491,20 +541,20 @@ class DeleteRequestHandler(BaseHandler): @authenticated @bind_config def post(self, configuration=None): - config_file = os.path.join(CONFIG_DIR, configuration) - storage_path = ext_storage_path(CONFIG_DIR, configuration) + config_file = settings.rel_path(configuration) + storage_path = ext_storage_path(settings.config_dir, configuration) storage_json = StorageJSON.load(storage_path) if storage_json is None: self.set_status(500) return name = storage_json.name - trash_path = trash_storage_path(CONFIG_DIR) + trash_path = trash_storage_path(settings.config_dir) mkdir_p(trash_path) shutil.move(config_file, os.path.join(trash_path, configuration)) # Delete build folder (if exists) - build_folder = os.path.join(CONFIG_DIR, name) + build_folder = os.path.join(settings.config_dir, name) if build_folder is not None: shutil.rmtree(build_folder, os.path.join(trash_path, name)) @@ -513,8 +563,8 @@ class UndoDeleteRequestHandler(BaseHandler): @authenticated @bind_config def post(self, configuration=None): - config_file = os.path.join(CONFIG_DIR, configuration) - trash_path = trash_storage_path(CONFIG_DIR) + config_file = settings.rel_path(configuration) + trash_path = trash_storage_path(settings.config_dir) shutil.move(os.path.join(trash_path, configuration), config_file) @@ -525,10 +575,10 @@ PING_REQUEST = threading.Event() class LoginHandler(BaseHandler): def get(self): - if USING_HASSIO_AUTH: + if settings.using_hassio_auth: self.render_hassio_login() return - self.write('
' + self.write('' 'Password: ' '' '
') @@ -561,16 +611,12 @@ class LoginHandler(BaseHandler): self.render_hassio_login(error="Invalid username or password") def post(self): - if USING_HASSIO_AUTH: + if settings.using_hassio_auth: self.post_hassio_login() return password = str(self.get_argument("password", '')) - if IS_PY2: - password = hmac.new(password).digest() - else: - password = hmac.new(password.encode()).digest() - if hmac.compare_digest(PASSWORD_DIGEST, password): + if settings.check_password(password): self.set_secure_cookie("authenticated", cookie_authenticated_yes) self.redirect("/") @@ -587,7 +633,7 @@ def get_static_file_url(name): with open(path, 'rb') as f_handle: hash_ = hashlib.md5(f_handle.read()).hexdigest()[:8] _STATIC_FILE_HASHES[name] = hash_ - return RELATIVE_URL + u'static/{}?hash={}'.format(name, hash_) + return u'./static/{}?hash={}'.format(name, hash_) def make_app(debug=False): @@ -615,31 +661,32 @@ def make_app(debug=False): self.set_header('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0') static_path = os.path.join(os.path.dirname(__file__), 'static') - settings = { + app_settings = { 'debug': debug, - 'cookie_secret': COOKIE_SECRET, + 'cookie_secret': settings.cookie_secret, 'log_function': log_function, 'websocket_ping_interval': 30.0, } + rel = settings.relative_url app = tornado.web.Application([ - (RELATIVE_URL + "", MainRequestHandler), - (RELATIVE_URL + "login", LoginHandler), - (RELATIVE_URL + "logs", EsphomeLogsHandler), - (RELATIVE_URL + "upload", EsphomeUploadHandler), - (RELATIVE_URL + "compile", EsphomeCompileHandler), - (RELATIVE_URL + "validate", EsphomeValidateHandler), - (RELATIVE_URL + "clean-mqtt", EsphomeCleanMqttHandler), - (RELATIVE_URL + "clean", EsphomeCleanHandler), - (RELATIVE_URL + "vscode", EsphomeVscodeHandler), - (RELATIVE_URL + "edit", EditRequestHandler), - (RELATIVE_URL + "download.bin", DownloadBinaryRequestHandler), - (RELATIVE_URL + "serial-ports", SerialPortRequestHandler), - (RELATIVE_URL + "ping", PingRequestHandler), - (RELATIVE_URL + "delete", DeleteRequestHandler), - (RELATIVE_URL + "undo-delete", UndoDeleteRequestHandler), - (RELATIVE_URL + "wizard.html", WizardRequestHandler), - (RELATIVE_URL + r"static/(.*)", StaticFileHandler, {'path': static_path}), - ], **settings) + (rel + "", MainRequestHandler), + (rel + "login", LoginHandler), + (rel + "logs", EsphomeLogsHandler), + (rel + "upload", EsphomeUploadHandler), + (rel + "compile", EsphomeCompileHandler), + (rel + "validate", EsphomeValidateHandler), + (rel + "clean-mqtt", EsphomeCleanMqttHandler), + (rel + "clean", EsphomeCleanHandler), + (rel + "vscode", EsphomeVscodeHandler), + (rel + "edit", EditRequestHandler), + (rel + "download.bin", DownloadBinaryRequestHandler), + (rel + "serial-ports", SerialPortRequestHandler), + (rel + "ping", PingRequestHandler), + (rel + "delete", DeleteRequestHandler), + (rel + "undo-delete", UndoDeleteRequestHandler), + (rel + "wizard.html", WizardRequestHandler), + (rel + r"static/(.*)", StaticFileHandler, {'path': static_path}), + ], **app_settings) if debug: _STATIC_FILE_HASHES.clear() @@ -648,49 +695,27 @@ def make_app(debug=False): def start_web_server(args): - global CONFIG_DIR - global PASSWORD_DIGEST - global USING_PASSWORD - global ON_HASSIO - global USING_HASSIO_AUTH - global COOKIE_SECRET + settings.parse_args(args) + mkdir_p(settings.rel_path(".esphome")) - CONFIG_DIR = args.configuration - mkdir_p(CONFIG_DIR) - mkdir_p(os.path.join(CONFIG_DIR, ".esphome")) - - ON_HASSIO = args.hassio - if ON_HASSIO: - USING_HASSIO_AUTH = not get_bool_env('DISABLE_HA_AUTHENTICATION') - USING_PASSWORD = False - else: - USING_HASSIO_AUTH = False - USING_PASSWORD = args.password - - if USING_PASSWORD: - if IS_PY2: - PASSWORD_DIGEST = hmac.new(args.password).digest() - else: - PASSWORD_DIGEST = hmac.new(args.password.encode()).digest() - - if USING_HASSIO_AUTH or USING_PASSWORD: - path = esphome_storage_path(CONFIG_DIR) + if settings.using_auth: + path = esphome_storage_path(settings.config_dir) storage = EsphomeStorageJSON.load(path) if storage is None: storage = EsphomeStorageJSON.get_default() storage.save(path) - COOKIE_SECRET = storage.cookie_secret + settings.cookie_secret = storage.cookie_secret app = make_app(args.verbose) if args.socket is not None: _LOGGER.info("Starting dashboard web server on unix socket %s and configuration dir %s...", - args.socket, CONFIG_DIR) + args.socket, settings.config_dir) server = tornado.httpserver.HTTPServer(app) socket = tornado.netutil.bind_unix_socket(args.socket, mode=0o666) server.add_socket(socket) else: _LOGGER.info("Starting dashboard web server on port %s and configuration dir %s...", - args.port, CONFIG_DIR) + args.port, settings.config_dir) app.listen(args.port) if args.open_ui: @@ -698,7 +723,7 @@ def start_web_server(args): webbrowser.open('localhost:{}'.format(args.port)) - if STATUS_USE_PING: + if settings.status_use_ping: status_thread = PingStatusThread() else: status_thread = MDNSStatusThread() diff --git a/esphome/dashboard/static/esphome.js b/esphome/dashboard/static/esphome.js index abcfc90045..9f7a23fdb8 100644 --- a/esphome/dashboard/static/esphome.js +++ b/esphome/dashboard/static/esphome.js @@ -9,7 +9,7 @@ let wsProtocol = "ws:"; if (window.location.protocol === "https:") { wsProtocol = 'wss:'; } -const wsUrl = `${wsProtocol}//${window.location.hostname}:${window.location.port}${relative_url}`; +const wsUrl = `${wsProtocol}//${window.location.host}${window.location.pathname}`; // ============================= Color Log Parsing ============================= @@ -192,7 +192,7 @@ const fetchPing = () => { return; isFetchingPing = true; - fetch(`${relative_url}ping`, {credentials: "same-origin"}).then(res => res.json()) + fetch(`./ping`, {credentials: "same-origin"}).then(res => res.json()) .then(response => { for (let filename in response) { let node = document.querySelector(`.status-indicator[data-node="${filename}"]`); @@ -235,7 +235,7 @@ const portSelect = document.querySelector('.nav-wrapper select'); let ports = []; const fetchSerialPorts = (begin=false) => { - fetch(`${relative_url}serial-ports`, {credentials: "same-origin"}).then(res => res.json()) + fetch(`./serial-ports`, {credentials: "same-origin"}).then(res => res.json()) .then(response => { if (ports.length === response.length) { let allEqual = true; @@ -333,7 +333,6 @@ class LogModalElem { } _onPress(event) { - console.log("_onPress"); this.activeConfig = event.target.getAttribute('data-node'); this._setupModalInstance(); // clear log @@ -435,12 +434,12 @@ const validateModal = new LogModalElem({ onProcessExit: (modalElem, code) => { if (code === 0) { M.toast({ - html: `${configuration} is valid 👍`, + html: `${validateModal.activeConfig} is valid 👍`, displayLength: 5000, }); } else { M.toast({ - html: `${configuration} is invalid 😕`, + html: `${validateModal.activeConfig} is invalid 😕`, displayLength: 5000, }); } @@ -477,7 +476,7 @@ compileModal.setup(); downloadButton.addEventListener('click', () => { const link = document.createElement("a"); link.download = name; - link.href = `${relative_url}download.bin?configuration=${encodeURIComponent(compileModal.activeConfig)}`; + link.href = `./download.bin?configuration=${encodeURIComponent(compileModal.activeConfig)}`; document.body.appendChild(link); link.click(); link.remove(); @@ -520,7 +519,7 @@ document.querySelectorAll(".action-delete").forEach((btn) => { btn.addEventListener('click', (e) => { let configuration = e.target.getAttribute('data-node'); - fetch(`${relative_url}delete?configuration=${configuration}`, { + fetch(`./delete?configuration=${configuration}`, { credentials: "same-origin", method: "POST", }).then(res => res.text()).then(() => { @@ -532,7 +531,7 @@ document.querySelectorAll(".action-delete").forEach((btn) => { document.querySelector(`.entry-row[data-node="${configuration}"]`).remove(); undoButton.addEventListener('click', () => { - fetch(`${relative_url}undo-delete?configuration=${configuration}`, { + fetch(`./undo-delete?configuration=${configuration}`, { credentials: "same-origin", method: "POST", }).then(res => res.text()).then(() => { @@ -554,7 +553,7 @@ editor.session.setOption('tabSize', 2); const saveButton = editModalElem.querySelector(".save-button"); const saveEditor = () => { - fetch(`${relative_url}edit?configuration=${activeEditorConfig}`, { + fetch(`./edit?configuration=${activeEditorConfig}`, { credentials: "same-origin", method: "POST", body: editor.getValue() @@ -581,7 +580,7 @@ document.querySelectorAll(".action-edit").forEach((btn) => { const filenameField = editModalElem.querySelector('.filename'); filenameField.innerHTML = activeEditorConfig; - fetch(`${relative_url}edit?configuration=${activeEditorConfig}`, {credentials: "same-origin"}) + fetch(`./edit?configuration=${activeEditorConfig}`, {credentials: "same-origin"}) .then(res => res.text()).then(response => { editor.setValue(response, -1); }); diff --git a/esphome/dashboard/templates/index.html b/esphome/dashboard/templates/index.html index 74a8d6f72e..82afee979d 100644 --- a/esphome/dashboard/templates/index.html +++ b/esphome/dashboard/templates/index.html @@ -16,7 +16,6 @@ - {% if streamer_mode %}