Use cert bundle.

Add global HTTP mutex to avoid memory peaks.
bullestock · Jun 13, 2024 · 20faf38 · 20faf38
1 parent e8799a2
commit 20faf38
Show file tree

Hide file tree

Showing 12 changed files with 89 additions and 84 deletions.
diff --git a/frontend/esp32/main/CMakeLists.txt b/frontend/esp32/main/CMakeLists.txt
@@ -20,7 +20,6 @@ idf_component_register(SRCS
                        sntp.cpp
                        util.cpp
                        INCLUDE_DIRS "." "../../../include"
-                       EMBED_TXTFILES howsmyssl_com_root_cert.pem
 )
 
 #add_definitions(-DSIMULATE)

diff --git a/frontend/esp32/main/cardcache.cpp b/frontend/esp32/main/cardcache.cpp
@@ -64,10 +64,10 @@ Card_cache::Result Card_cache::has_access(Card_cache::Card_id id)
     esp_http_client_config_t config {
         .host = "panopticon.hal9k.dk",
         .path = "/api/v1/permissions",
-        .cert_pem = howsmyssl_com_root_cert_pem_start,
         .event_handler = http_event_handler,
         .transport_type = HTTP_TRANSPORT_OVER_SSL,
         .user_data = &http_data,
+        .crt_bundle_attach = esp_crt_bundle_attach,
     };
     esp_http_client_handle_t client = esp_http_client_init(&config);
     Http_client_wrapper w(client);
@@ -139,10 +139,10 @@ void Card_cache::thread_body()
         esp_http_client_config_t config {
             .host = "panopticon.hal9k.dk",
             .path = "/api/v2/permissions/",
-            .cert_pem = howsmyssl_com_root_cert_pem_start,
             .event_handler = http_event_handler,
             .transport_type = HTTP_TRANSPORT_OVER_SSL,
             .user_data = &http_data,
+            .crt_bundle_attach = esp_crt_bundle_attach,
         };
         esp_http_client_handle_t client = esp_http_client_init(&config);
         Http_client_wrapper w(client);

diff --git a/frontend/esp32/main/foreninglet.cpp b/frontend/esp32/main/foreninglet.cpp
@@ -60,16 +60,18 @@ void ForeningLet::thread_body()
             continue;
         }
 
+        std::lock_guard<std::mutex> g(http_mutex);
+
         const auto path = format("/api/member/id/%d/?version=1", item.user_id);
         esp_http_client_config_t config {
             .host = "foreninglet.dk",
             .username = forening_let_user.c_str(),
             .password = forening_let_password.c_str(),
             .auth_type = HTTP_AUTH_TYPE_BASIC,
             .path = path.c_str(),
-            .cert_pem = howsmyssl_com_root_cert_pem_start,
             .event_handler = http_event_handler,
             .transport_type = HTTP_TRANSPORT_OVER_SSL,
+            .crt_bundle_attach = esp_crt_bundle_attach,
         };
         esp_http_client_handle_t client = esp_http_client_init(&config);
         Http_client_wrapper w(client);

diff --git a/frontend/esp32/main/gateway.cpp b/frontend/esp32/main/gateway.cpp
@@ -96,12 +96,14 @@ bool Gateway::post_status()
         strcpy(buffer.get(), current_status.c_str());
     }
 
+    std::lock_guard<std::mutex> g(http_mutex);
+
     esp_http_client_config_t config {
         .host = "acsgateway.hal9k.dk",
         .path = "/acsstatus",
-        .cert_pem = howsmyssl_com_root_cert_pem_start,
         .event_handler = http_event_handler,
         .transport_type = HTTP_TRANSPORT_OVER_SSL,
+        .crt_bundle_attach = esp_crt_bundle_attach,
     };
     esp_http_client_handle_t client = esp_http_client_init(&config);
     Http_client_wrapper w(client);
@@ -132,11 +134,12 @@ void Gateway::check_action()
     esp_http_client_config_t config {
         .host = "acsgateway.hal9k.dk",
         .path = "/acsquery",
-        .cert_pem = howsmyssl_com_root_cert_pem_start,
         .event_handler = http_event_handler,
         .transport_type = HTTP_TRANSPORT_OVER_SSL,
-        .user_data = &http_data
+        .user_data = &http_data,
+        .crt_bundle_attach = esp_crt_bundle_attach,
     };
+    std::lock_guard<std::mutex> g(http_mutex);
     esp_http_client_handle_t client = esp_http_client_init(&config);
     if (!client)
     {

diff --git a/frontend/esp32/main/howsmyssl_com_root_cert.pem b/frontend/esp32/main/howsmyssl_com_root_cert.pem
diff --git a/frontend/esp32/main/http.cpp b/frontend/esp32/main/http.cpp
@@ -72,3 +72,5 @@ Http_client_wrapper::~Http_client_wrapper()
     esp_http_client_close(handle);
     esp_http_client_cleanup(handle);
 }
+
+std::mutex http_mutex;
diff --git a/frontend/esp32/main/http.h b/frontend/esp32/main/http.h
@@ -1,5 +1,8 @@
 #pragma once
 
+#include <mutex>
+
+#include "esp_crt_bundle.h"
 #include "esp_http_client.h"
 #include "esp_system.h"
 
@@ -17,9 +20,6 @@ struct Http_data
     int output_len = 0;
 };
 
-extern const char howsmyssl_com_root_cert_pem_start[] asm("_binary_howsmyssl_com_root_cert_pem_start");
-extern const char howsmyssl_com_root_cert_pem_end[]   asm("_binary_howsmyssl_com_root_cert_pem_end");
-
 /// RAII class to ensure calling esp_http_client_cleanup() on a handle.
 class Http_client_wrapper
 {
@@ -31,3 +31,5 @@ class Http_client_wrapper
 private:
     esp_http_client_handle_t handle;
 };
+
+extern std::mutex http_mutex;
diff --git a/frontend/esp32/main/logger.cpp b/frontend/esp32/main/logger.cpp
@@ -114,9 +114,9 @@ void Logger::log_sync_start()
     esp_http_client_config_t config {
         .host = "acsgateway.hal9k.dk",
         .path = "/acslog",
-        .cert_pem = howsmyssl_com_root_cert_pem_start,
         .event_handler = http_event_handler,
         .transport_type = HTTP_TRANSPORT_OVER_SSL,
+        .crt_bundle_attach = esp_crt_bundle_attach,
     };
     debug_client = esp_http_client_init(&config);
     esp_http_client_set_method(debug_client, HTTP_METHOD_POST);
@@ -213,9 +213,9 @@ void Logger::thread_body()
                     esp_http_client_config_t config {
                         .host = "panopticon.hal9k.dk",
                         .path = "/api/v1/logs",
-                        .cert_pem = howsmyssl_com_root_cert_pem_start,
                         .event_handler = http_event_handler,
                         .transport_type = HTTP_TRANSPORT_OVER_SSL,
+                        .crt_bundle_attach = esp_crt_bundle_attach,
                     };
                     esp_http_client_handle_t client = esp_http_client_init(&config);
                     Http_client_wrapper w(client);
@@ -265,9 +265,9 @@ void Logger::thread_body()
                     esp_http_client_config_t config {
                         .host = "panopticon.hal9k.dk",
                         .path = "/api/v1/unknown_cards",
-                        .cert_pem = howsmyssl_com_root_cert_pem_start,
                         .event_handler = http_event_handler,
                         .transport_type = HTTP_TRANSPORT_OVER_SSL,
+                        .crt_bundle_attach = esp_crt_bundle_attach,
                     };
                     esp_http_client_handle_t client = esp_http_client_init(&config);
                     Http_client_wrapper w(client);

diff --git a/frontend/esp32/main/otafwu.cpp b/frontend/esp32/main/otafwu.cpp
@@ -91,10 +91,10 @@ bool check_ota_update(class Display& display)
     esp_http_client_config_t config = {
         .host = "acsgateway.hal9k.dk",
         .path = path,
-        .cert_pem = howsmyssl_com_root_cert_pem_start,
         .timeout_ms = 3000,
         .event_handler = http_event_handler,
         .transport_type = HTTP_TRANSPORT_OVER_SSL,
+        .crt_bundle_attach = esp_crt_bundle_attach,
         .keep_alive_enable = true,
     };
 

diff --git a/frontend/esp32/main/slack.cpp b/frontend/esp32/main/slack.cpp
@@ -83,61 +83,83 @@ void Slack_writer::thread_body()
     {
         vTaskDelay(100 / portTICK_PERIOD_MS);
 
-        if (q.empty())
-            continue;
-        item = q.back();
-        q.pop_back();
+        {
+            std::lock_guard<std::mutex> g(mutex);
+            if (q.empty())
+                continue;
+            item = q.back();
+            q.pop_back();
+        }
 
         if (api_token.empty())
         {
             ESP_LOGE(TAG, "Slack: Missing credentials");
             continue;
         }
 
+        std::lock_guard<std::mutex> g(http_mutex);
+
         esp_http_client_config_t config {
             .host = "slack.com",
             .path = "/api/chat.postMessage",
-            .cert_pem = howsmyssl_com_root_cert_pem_start,
             .event_handler = http_event_handler,
             .transport_type = HTTP_TRANSPORT_OVER_SSL,
+            .crt_bundle_attach = esp_crt_bundle_attach,
         };
         esp_http_client_handle_t client = esp_http_client_init(&config);
         Http_client_wrapper w(client);
-
         esp_http_client_set_method(client, HTTP_METHOD_POST);
-        auto payload = cJSON_CreateObject();
-        cJSON_wrapper jw(payload);
-        auto jchannel = cJSON_CreateString(item.channel.c_str());
-        cJSON_AddItemToObject(payload, "channel", jchannel);
-        auto emoji = cJSON_CreateString(":panopticon:");
-        cJSON_AddItemToObject(payload, "icon_emoji", emoji);
-        auto full = cJSON_CreateString("full");
-        cJSON_AddItemToObject(payload, "parse", full);
-        auto text = cJSON_CreateString(item.message.c_str());
-        cJSON_AddItemToObject(payload, "text", text);
-
-        char* data = cJSON_Print(payload);
-        if (!data)
+
+        while (1)
         {
-            ESP_LOGE(TAG, "Slack: cJSON_Print() returned nullptr");
-            return;
+            do_post(client, item);
+
+            {
+                std::lock_guard<std::mutex> g(mutex);
+                if (q.empty())
+                    break;
+                item = q.back();
+                q.pop_back();
+            }
         }
-        cJSON_Print_wrapper pw(data);
-        esp_http_client_set_post_field(client, data, strlen(data));
-
-        const char* content_type = "application/json";
-        esp_http_client_set_header(client, "Content-Type", content_type);
-        const auto auth = std::string("Bearer ") + api_token;
-        esp_http_client_set_header(client, "Authorization", auth.c_str());
-        const esp_err_t err = esp_http_client_perform(client);
-
-        if (err == ESP_OK)
-            ESP_LOGI(TAG, "Slack: HTTP %d", esp_http_client_get_status_code(client));
-        else
-            ESP_LOGE(TAG, "Slack: error %s", esp_err_to_name(err));
     }
 }
 
+void Slack_writer::do_post(esp_http_client_handle_t client, const Item& item)
+{
+    ESP_LOGI(TAG, "Slack: do_post(%s)", item.message.c_str());
+
+    auto payload = cJSON_CreateObject();
+    cJSON_wrapper jw(payload);
+    auto jchannel = cJSON_CreateString(item.channel.c_str());
+    cJSON_AddItemToObject(payload, "channel", jchannel);
+    auto emoji = cJSON_CreateString(":panopticon:");
+    cJSON_AddItemToObject(payload, "icon_emoji", emoji);
+    auto full = cJSON_CreateString("full");
+    cJSON_AddItemToObject(payload, "parse", full);
+    auto text = cJSON_CreateString(item.message.c_str());
+    cJSON_AddItemToObject(payload, "text", text);
+
+    char* data = cJSON_Print(payload);
+    if (!data)
+    {
+        ESP_LOGE(TAG, "Slack: cJSON_Print() returned nullptr");
+        return;
+    }
+    cJSON_Print_wrapper pw(data);
+    esp_http_client_set_post_field(client, data, strlen(data));
+
+    esp_http_client_set_header(client, "Content-Type", "application/json");
+    const auto auth = std::string("Bearer ") + api_token;
+    esp_http_client_set_header(client, "Authorization", auth.c_str());
+    const esp_err_t err = esp_http_client_perform(client);
+
+    if (err == ESP_OK)
+        ESP_LOGI(TAG, "Slack: HTTP %d", esp_http_client_get_status_code(client));
+    else
+        ESP_LOGE(TAG, "Slack: error %s", esp_err_to_name(err));
+}
+
 void slack_task(void*)
 {
     Slack_writer::instance().thread_body();

diff --git a/frontend/esp32/main/slack.h b/frontend/esp32/main/slack.h
@@ -6,6 +6,8 @@
 
 #include "util.h"
 
+#include "esp_http_client.h"
+
 extern "C" void slack_task(void*);
 
 /// Slack_writer singleton
@@ -42,6 +44,11 @@ class Slack_writer
                       Channels channels = Channels::defaults());
 
 private:
+    struct Item {
+        std::string channel;
+        std::string message;
+    };
+
     Slack_writer() = default;
 
     ~Slack_writer() = default;
@@ -51,10 +58,9 @@ class Slack_writer
 
     void thread_body();
 
-    struct Item {
-        std::string channel;
-        std::string message;
-    };
+    void do_post(esp_http_client_handle_t client,
+                 const Item& item);
+
     std::deque<Item> q;
     std::mutex mutex;
     bool is_test_mode = false;

diff --git a/frontend/esp32/version.txt b/frontend/esp32/version.txt
@@ -1 +1 @@
-1.3.19
+1.3.20