Add https server to prevent mixed protocol errors

Firmware/main/CMakeLists.txt

@@ -1,2 +1,4 @@
 idf_component_register(SRCS "index_html.c" "plantstore.c" "plantfi.c" "configuration_mode_server.c" "peripherals/sensors.c" "peripherals/adc.c" "main.c"
-                    INCLUDE_DIRS ".")
+                    INCLUDE_DIRS "."
+                    EMBED_TXTFILES "certs/servercert.pem"
+                                   "certs/prvtkey.pem")

Firmware/main/certs/generate-certs.sh

@@ -0,0 +1 @@
+openssl req -newkey rsa:2048 -nodes -keyout prvtkey.pem -x509 -days 3650 -out servercert.pem -subj "/CN=Blumy HTTPS Server"

Firmware/main/certs/prvtkey.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDHsxSujHZ3DT6/
+T6uiGVG7fnYQwK2fzvYaPSdOy7g1iO4GfZbOBfQNTQ71XRqvCCPNBijE7Qwur76p
+YcQpR36ddlQ1rSl8mOwT/klDUNKXqDqHPseJ8F0PYw8Jgbcv5VbIuZTyDmYysDuW
+5Lm6UPWmxZh+DxcORL1YEDs7c0UbUIFpoQoOplGSYSE9MrcOECLXLqVw208WZ4Bm
+2J0xwO9u+gbQ9JPU4Zruja3uyHmpw7GYukf9E0Y7gFs6sBLAINqdBLoIscYb0DpL
+6AnVXVd+SmmN+JrmyEpjYQzSGBhGIhz/vdyMd9zbqBlxVVv7ju9jAUPlDxcsm624
+mceUjUUvAgMBAAECggEAHkbZlGCJwiFZHufv2trhiD6InPVG0vYDBwBi5MXrOaah
+2+G6Svsea3kq6EAY6xTzWe1x90VZ9abB4+wFhx1RUNifX3yk+ms0TmWyat578fAD
+YPzqLiYp8yAZfV9UIZKw9oF4gmh0zdY9T/KBRte+dBinjDkyeCsrf94Eyk3UL5Xf
+opB1J7gC4ZKOWbdsGdn72cp0YeFvLBdb1fa3rLBn7QLrEP3umvn8Avd3vsOQ8zWg
+uL9iCwbmpj2WccHeZRmaYvYsJ49onSmp41+RyFSv4ITf4d4U58HSHRR3soVNf8/c
+7tQDzuH4qGTSnyPooer6Y+g3IGXK9LQnzxTsvYWy7QKBgQDrmMymaw8aONnf2YmL
+ui2bYFQTOgk1djli5BccQtkBb2Jw2znP556lLzTIWlCbmWGW9L3W2pfAoDTCIO27
+3Knrj35rPO1nnBUHsdtgLhgVliQvgiuZXudJjYaKgbTjn+uyZ5hOmD2ibzcXDkLi
+IX8gQrMGXoH5Spglhh8otsPSowKBgQDY/m9FW2CQGyve8MhuN9Imj7RPjYbytk1r
+xUYoMblaaKew3DxT+VanJC5qEVcvGnJPyqSad67HsXAj4oiVngIIPX8d1DLyGyO+
+hxECMyjTRwq9FQwAbDpSylbLQOYWr8DVfY4I0879vkCxJN4NGIvbZtDh6a+2rdnM
+LMZUaae4BQKBgB8Kq/RFaOEAmpxm8juJ1VaCk7FQ1UPJBvijqvPbTvJkdaj/CZf+
+IaYMGT1IwRQvWm9kYdr8REBqG2l0oz48bdsOtg51IaakJxUzdv8uM5gshyoHUa1M
+ltbXIeIAAxB20rxX7/ZzErPjSXPtOhzHYxOiFiqBq0hobrGLAXIA2r5XAoGAY24C
+8pbyYlXw/lD6pnZxlzXV+3XwVhru0uksQpK2ShUWcdYY1qmz6RaNJhEYD/9gTeuf
+DSC2N864gdj1mQk0CS6UpshrJ8ED2fPt+UIT/OvaodWZEECHYRRSPQRZ6h9SjwDf
+KnBTsrWQ0xr/nKSYwUoVgM8hsuVqnUIPBvL65TkCgYB0lALH0hZxos8bPvQvUIzk
++cnXWCIHejWQ3hPtGKOrT2ugyvAKTnvbtreiLDIt67c6SG+8cpZMvOVRxIE2BTLN
+LtjMXByDh6xCEvZszAcj17Txmg9kz+LlgNFPUcfjaeqcclbwdajphetzwqpdDTVP
+ANp5dThZ5BQUJTgf/8qBQg==
+-----END PRIVATE KEY-----

Firmware/main/certs/servercert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgOgAwIBAgIUQ9eSTZ4LT3UdjZwf+8CQahcRgUMwDQYJKoZIhvcNAQEL
+BQAwHTEbMBkGA1UEAwwSQmx1bXkgSFRUUFMgU2VydmVyMB4XDTI0MDkwNTA5MDA1
+MFoXDTM0MDkwMzA5MDA1MFowHTEbMBkGA1UEAwwSQmx1bXkgSFRUUFMgU2VydmVy
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7MUrox2dw0+v0+rohlR
+u352EMCtn872Gj0nTsu4NYjuBn2WzgX0DU0O9V0arwgjzQYoxO0MLq++qWHEKUd+
+nXZUNa0pfJjsE/5JQ1DSl6g6hz7HifBdD2MPCYG3L+VWyLmU8g5mMrA7luS5ulD1
+psWYfg8XDkS9WBA7O3NFG1CBaaEKDqZRkmEhPTK3DhAi1y6lcNtPFmeAZtidMcDv
+bvoG0PST1OGa7o2t7sh5qcOxmLpH/RNGO4BbOrASwCDanQS6CLHGG9A6S+gJ1V1X
+fkppjfia5shKY2EM0hgYRiIc/73cjHfc26gZcVVb+47vYwFD5Q8XLJutuJnHlI1F
+LwIDAQABo1MwUTAdBgNVHQ4EFgQU46/kQsNdMIUViADkWp1Zd0kL0rYwHwYDVR0j
+BBgwFoAU46/kQsNdMIUViADkWp1Zd0kL0rYwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEAhz5OC7yEN5Rel9E7AGf5NHKX19Bxg8sKJwFo93QPTgWy
+tMIPR2O4HeGxaF0wOBH+CAWYF+/3r/OXSVIs7iz42i0lPZQ7ucagv32vQllBtaiZ
+Tlen4dRYRZWIh3guh9UeGHaWjn3x04NgLyPBxoQLH8VO1rGGQbNb1iygzr7uDXEL
+4rnqscXyHThCLLp6InKliRIF6GTwFeU5dt4SiKZj+1BxFsRy9pe4r/MC6q/tHdPz
+ZI/A/vawdEkQ1VL9d0M1/pYYxTlm+3QQWfRdEFddhECycHqSeC8c28RUWeE0OXX0
+RJiWDPo59gbGZwwQPF43N4SrHcv4lzq6gPSEuXtgJw==
+-----END CERTIFICATE-----

Firmware/main/configuration_mode_server.c

@@ -1,7 +1,7 @@
 #include "configuration_mode_server.h"
 
 #include "esp_log.h"
-#include "esp_http_server.h"
+#include "esp_https_server.h"
 #include "cJSON.h"
 
 #include "plantfi.h"
@@ -792,54 +792,96 @@ httpd_uri_t get = {
     .handler = get_handler,
     .user_ctx = NULL};
 
+void register_uri_handlers(httpd_handle_t server)
+{
+    httpd_register_uri_handler(server, &post_api_connect);
+    httpd_register_uri_handler(server, &post_api_reset);
+    httpd_register_uri_handler(server, &get_api_networks);
+    httpd_register_uri_handler(server, &get_api_isConnected);
+    httpd_register_uri_handler(server, &post_api_cloudSetup_mqtt);
+    httpd_register_uri_handler(server, &post_api_cloudSetup_http);
+    httpd_register_uri_handler(server, &post_api_cloudSetup_blumy);
+    httpd_register_uri_handler(server, &get_api_cloudSetup_mqtt);
+    httpd_register_uri_handler(server, &get_api_cloudSetup_http);
+    httpd_register_uri_handler(server, &get_api_cloudSetup_blumy);
+    httpd_register_uri_handler(server, &post_api_cloudTest_mqtt);
+    httpd_register_uri_handler(server, &post_api_cloudTest_http);
+    httpd_register_uri_handler(server, &post_api_cloudTest_blumy);
+    httpd_register_uri_handler(server, &post_api_timeouts_sleep);
+    httpd_register_uri_handler(server, &get_api_timeouts_sleep);
+    httpd_register_uri_handler(server, &get_api_timeouts_configurationMode);
+    httpd_register_uri_handler(server, &post_api_timeouts_configurationMode);
+    httpd_register_uri_handler(server, &get_api_timeouts_wdt);
+    httpd_register_uri_handler(server, &post_api_timeouts_wdt);
+    httpd_register_uri_handler(server, &get_api_update_percentage);
+    httpd_register_uri_handler(server, &get_api_connectedNetwork);
+    httpd_register_uri_handler(server, &get_api_sensorData);
+    httpd_register_uri_handler(server, &post_api_factoryReset);
+    httpd_register_uri_handler(server, &post_api_update_firmware);
+    httpd_register_uri_handler(server, &get_api_update_firmware);
+    httpd_register_uri_handler(server, &post_api_update_check);
+
+    // Every other get request returns index.html
+    httpd_register_uri_handler(server, &get);
+}
+
 /* Function for starting the webserver */
+httpd_handle_t start_https_webserver(void)
+{
+    ESP_LOGI("HTTP", "Starting HTTPS server");
+    /* Empty handle to esp_http_server */
+    httpd_handle_t server = NULL;
+
+    /* Generate default configuration */
+    httpd_ssl_config_t config = HTTPD_SSL_CONFIG_DEFAULT();
+    config.httpd.uri_match_fn = httpd_uri_match_wildcard;
+    config.httpd.max_uri_handlers = 50;
+
+    extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start");
+    extern const unsigned char servercert_end[] asm("_binary_servercert_pem_end");
+    config.servercert = servercert_start;
+    config.servercert_len = servercert_end - servercert_start;
+
+    extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
+    extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end");
+    config.prvtkey_pem = prvtkey_pem_start;
+    config.prvtkey_len = prvtkey_pem_end - prvtkey_pem_start;
+
+    /* Start the httpd server */
+    ESP_ERROR_CHECK(httpd_ssl_start(&server, &config));
+    register_uri_handlers(server);
+    /* If server failed to start, handle will be NULL */
+    return server;
+}
+
 httpd_handle_t start_webserver(void)
 {
+    ESP_LOGI("HTTP", "Starting HTTP server");
+    /* Empty handle to esp_http_server */
+    httpd_handle_t server = NULL;
+
     /* Generate default configuration */
     httpd_config_t config = HTTPD_DEFAULT_CONFIG();
     config.uri_match_fn = httpd_uri_match_wildcard;
     config.max_uri_handlers = 50;
 
-    /* Empty handle to esp_http_server */
-    httpd_handle_t server = NULL;
-
     /* Start the httpd server */
-    if (httpd_start(&server, &config) == ESP_OK)
-    {
-        httpd_register_uri_handler(server, &post_api_connect);
-        httpd_register_uri_handler(server, &post_api_reset);
-        httpd_register_uri_handler(server, &get_api_networks);
-        httpd_register_uri_handler(server, &get_api_isConnected);
-        httpd_register_uri_handler(server, &post_api_cloudSetup_mqtt);
-        httpd_register_uri_handler(server, &post_api_cloudSetup_http);
-        httpd_register_uri_handler(server, &post_api_cloudSetup_blumy);
-        httpd_register_uri_handler(server, &get_api_cloudSetup_mqtt);
-        httpd_register_uri_handler(server, &get_api_cloudSetup_http);
-        httpd_register_uri_handler(server, &get_api_cloudSetup_blumy);
-        httpd_register_uri_handler(server, &post_api_cloudTest_mqtt);
-        httpd_register_uri_handler(server, &post_api_cloudTest_http);
-        httpd_register_uri_handler(server, &post_api_cloudTest_blumy);
-        httpd_register_uri_handler(server, &post_api_timeouts_sleep);
-        httpd_register_uri_handler(server, &get_api_timeouts_sleep);
-        httpd_register_uri_handler(server, &get_api_timeouts_configurationMode);
-        httpd_register_uri_handler(server, &post_api_timeouts_configurationMode);
-        httpd_register_uri_handler(server, &get_api_timeouts_wdt);
-        httpd_register_uri_handler(server, &post_api_timeouts_wdt);
-        httpd_register_uri_handler(server, &get_api_update_percentage);
-        httpd_register_uri_handler(server, &get_api_connectedNetwork);
-        httpd_register_uri_handler(server, &get_api_sensorData);
-        httpd_register_uri_handler(server, &post_api_factoryReset);
-        httpd_register_uri_handler(server, &post_api_update_firmware);
-        httpd_register_uri_handler(server, &get_api_update_firmware);
-        httpd_register_uri_handler(server, &post_api_update_check);
-
-        // Every other get request returns index.html
-        httpd_register_uri_handler(server, &get);
-    }
+    ESP_ERROR_CHECK(httpd_start(&server, &config));
+    register_uri_handlers(server);
     /* If server failed to start, handle will be NULL */
     return server;
 }
 
+/* Function for stopping the webserver */
+void stop_https_webserver(httpd_handle_t server)
+{
+    if (server)
+    {
+        /* Stop the httpd server */
+        httpd_ssl_stop(server);
+    }
+}
+
 /* Function for stopping the webserver */
 void stop_webserver(httpd_handle_t server)
 {

Firmware/main/configuration_mode_server.h

@@ -4,5 +4,7 @@
 
 /* Function for starting the webserver */
 httpd_handle_t start_webserver(void);
+httpd_handle_t start_https_webserver(void);
 /* Function for stopping the webserver */
-void stop_webserver(httpd_handle_t server);
+void stop_webserver(httpd_handle_t server);
+void stop_https_webserver(httpd_handle_t server);

Firmware/main/main.c

@@ -39,7 +39,8 @@ void configuration_mode(bool isConfigured)
     plantfi_configureAp("Blumy", "", 4, &userConnectedToAp);
 
     ESP_LOGI("MODE", "Starting webserver");
-    httpd_handle_t webserver = webserver = start_webserver();
+    httpd_handle_t webserver = start_webserver();
+    httpd_handle_t https_webserver = start_https_webserver();
     plantfi_configureStaFromPlantstore();
 
     bool wasBootButtonPressed = false;
@@ -63,6 +64,7 @@ void configuration_mode(bool isConfigured)
         vTaskDelay(10 / portTICK_PERIOD_MS); // Reset watchdog
     }
     stop_webserver(webserver);
+    stop_https_webserver(https_webserver);
     sensors_detach_boot_button_interrupt();
     sensors_playShutdownSound();
     start_deep_sleep();

Firmware/sdkconfig

@@ -849,7 +849,7 @@ CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=y
 #
 # HTTP Server
 #
-CONFIG_HTTPD_MAX_REQ_HDR_LEN=512
+CONFIG_HTTPD_MAX_REQ_HDR_LEN=1024
 CONFIG_HTTPD_MAX_URI_LEN=512
 CONFIG_HTTPD_ERR_RESP_NO_DELAY=y
 CONFIG_HTTPD_PURGE_BUF_LEN=32
@@ -868,7 +868,7 @@ CONFIG_ESP_HTTPS_OTA_ALLOW_HTTP=y
 #
 # ESP HTTPS server
 #
-# CONFIG_ESP_HTTPS_SERVER_ENABLE is not set
+CONFIG_ESP_HTTPS_SERVER_ENABLE=y
 # end of ESP HTTPS server
 
 #

Server/src/routes/selector/+page.svelte

@@ -6,7 +6,7 @@
 
 	async function sensorClick(sensor: SensorDTO) {
 		// TODO extract this constant value to an environment variable
-		await fetch('http://192.168.4.1/api/cloudSetup/blumy', {
+		await fetch('https://192.168.4.1/api/cloudSetup/blumy', {
 			method: 'POST',
 			body: `token=${sensor.writeToken}\nurl=${window.location.origin}/api/v2/data\n`
 		});