feat: enable writting secrets to the sd card using node-red and mqtt …

…protocol

.github/workflows/ci.yaml

@@ -40,14 +40,12 @@ jobs:
           python -m pip install --upgrade pip
           pip install platformio
 
-      - name: Copy custom board files
-        run: |
-          mkdir -p ~/.platformio/platforms/ststm32/boards/
-          cp -R ./boards/* ~/.platformio/platforms/ststm32/boards/
-
       # TODO: run linter?
 
       - name: Build
+        env:
+          WIFI_SSID: "CHOCOLATE"
+          WIFI_PASSWORD: "CHOCOLATE"
         run: pio run
 
       # TODO: run tests

.gitignore

@@ -4,5 +4,6 @@
 .vscode/launch.json
 .vscode/ipch
 src/configuration.h
-secrets.txt
+secrets.*.txt
+keys.*.txt
 node_modules

.vscode/settings.json

@@ -27,6 +27,43 @@
 		"ui_helpers.h": "c",
 		"cstddef": "c",
 		"new": "cpp",
-		"thread": "cpp"
+		"thread": "cpp",
+		"cmath": "cpp",
+		"complex": "cpp",
+		"atomic": "cpp",
+		"bitset": "cpp",
+		"cctype": "cpp",
+		"chrono": "cpp",
+		"clocale": "cpp",
+		"cstdarg": "cpp",
+		"cstdint": "cpp",
+		"cstdio": "cpp",
+		"cstdlib": "cpp",
+		"cstring": "cpp",
+		"ctime": "cpp",
+		"cwchar": "cpp",
+		"cwctype": "cpp",
+		"exception": "cpp",
+		"iterator": "cpp",
+		"map": "cpp",
+		"memory_resource": "cpp",
+		"numeric": "cpp",
+		"optional": "cpp",
+		"random": "cpp",
+		"ratio": "cpp",
+		"set": "cpp",
+		"system_error": "cpp",
+		"type_traits": "cpp",
+		"fstream": "cpp",
+		"iomanip": "cpp",
+		"iosfwd": "cpp",
+		"iostream": "cpp",
+		"limits": "cpp",
+		"ostream": "cpp",
+		"sstream": "cpp",
+		"stdexcept": "cpp",
+		"streambuf": "cpp",
+		"cinttypes": "cpp",
+		"typeinfo": "cpp"
 	}
 }

README.md

@@ -72,6 +72,7 @@ https://github.com/AllanOricil/esp32-mfa-totp-generator/assets/55927613/6e240518
 - pnpm >= v8.15
 - vscode >= v1.87
 - platform.io ide vscode extension >= v3.3
+- docker >= v25.0
 - [driver to allow your OS to recognize esp32](https://www.silabs.com/developers/usb-to-uart-bridge-vcp-drivers)
 
 
@@ -88,14 +89,18 @@ https://github.com/AllanOricil/esp32-mfa-totp-generator/assets/55927613/6e240518
 
 ## Pre-build Steps
 
-Before building the code, change `WIFI_SSID` and `WIFI_PASSWORD` values in `./src/constants.h` to grant the board access to a network that has access to the internet. This is required because the NTP server is used to set the time in the board.
+Before building the code, set the following env variables:
 
-````c
-#define WIFI_SSID "WIFI_SSID"
-#define WIFI_PASSWORD "WIFI_PASSWORD"
+````bash
+export WIFI_SSID=CHOCOLATE
+export WIFI_PASSWORD=CHOCOLATE
 ````
+
+This step is required because the board uses the NTP server to set its time.
+
 > **WARNING**: remember to use a network which has access to the internet, and is isolated from your main network.
 
+> **WARNING**: platform.io vscode extension tasks (build, upload, monitor...) are not using env variables. Therefore, you must open platformio.ini and set `-D WIFI_SSID` and `-D WIFI_PASSWORD` with your values.
 
 ## Project Setup
 
@@ -108,7 +113,7 @@ Before building the code, change `WIFI_SSID` and `WIFI_PASSWORD` values in `./sr
 
 ## Secrets
 
-Secrets are stored in a file called `secrets.txt`, located in the root of an SD card. It must follow the format shown below:
+Secrets are stored in a file called `keys.txt`, located in the root of an SD card. It must follow the format shown below:
 
 ````bash
 service_id,encoded_base_32_secret
@@ -120,18 +125,50 @@ Each service must be added on a new line. For example:
 aws-1,DSAJDHHAHASAUDOASNOTREALOADAKLDASAJFPOAIDONTEVENTRYOASFAIPO
 aws-2,DSAJDHHAHASAUDOASNOTREALOADAKLDASAJFPOAIDONTEVENTRYOASFAIPO
 aws-3,DSAJDHHAHASAUDOASNOTREALOADAKLDASAJFPOAIDONTEVENTRYOASFAIPO
+
 ````
 
-> **WARNING**: for now, secrets must be unencrypted and based 32 encoded. In the future, Users will have the option to encrypt their secrets, and ask for fingerpint/pin/password before retrieving the current TOTP. The plan is to make this feature configurable per service. 
+> **WARNING**: for now, secrets must be unencrypted and based 32 encoded. In the future, Users will have the option to encrypt their secrets, and ask for fingerpint/pin/password before retrieving the current TOTP. The plan is to make this feature configurable per service.
 
-> **INFO**: It works with unencrypted data because I'm still researching the best and cheapest way to safely store secrets on this board. If you have a design, open a PR.
+> **WARNING**: file must end with a new line.
 
 ## How to verify if it is working
 
 1. Go to https://totp.danhersam.com/
 2. Paste/type your encoded base 32 secret in the secret field, and then compare the TOTP code shown with the one you are seeing on the ESP32's screen.
 
 
+## Registering Secrets via local network with MQTT
+
+To enable saving secrets to ESP32 via a local network, this project uses [MQTT](https://mqtt.org/) as the messaging protocol, [Node-red](https://nodered.org/) as the postman (per say) and [Eclipse Mosquito](https://mosquitto.org/) as the MQTT broker. Both services are started using a docker compose, in order to ease the setup. So, before continuing, install Docker on your computer following the guide found [here](https://www.docker.com/get-started/).
+
+After that, run the following script to start both node-red and the mqtt broker:
+
+````bash
+./scripts/start-node-red.sh
+````
+
+> **WARNING** Make sure to have the following ports free before running `./scripts/start-node-red.sh`: 1880 (node-red), 1883 (eclipse/mosquitto), 9001 (eclipse/mosquito).
+
+You should see the following containers in the docker app.
+
+<img src="./images/docker-compose-totp-service-running.png" width="800">
+
+and both container must not contain any error messages.
+
+
+<img src="./images/docker-node-red-start.png" width="800">
+
+<img src="./images/docker-mosquitto-start.png" width="800">
+
+
+> **WARNING** remember to assign static ips to the host running the MQTT service, as weel as for the esp32, in your router. This is required to avoid having to update the `MQTT_SERVER` constant with a new ip every time your router decides to change the ip of your host.
+
+> **WARNING** if your host can't receive messages from other devices on the same network, it could be a firewall problem. Configure the firewall in the host to enable it to receive requests from other devices on your local network.
+
+After services have initialized, open node-red at `localhost:1880`, and import `./node-red/insert-secret.json` flow.
+
+
 ## Roadmap
 
 -  enable the UI to display multiple TOTP codes at once. ✅
@@ -146,7 +183,7 @@ aws-3,DSAJDHHAHASAUDOASNOTREALOADAKLDASAJFPOAIDONTEVENTRYOASFAIPO
 
 	**R:** it is not secure to have unencrypted secrets stored without protection
 
-- enable ESP32 to receive secrets via a local network, or a secure channel.
+- enable ESP32 to receive secrets via a local network, using a secure channel.
 
 	**why?** 
 

docker-compose.totp.yml

@@ -0,0 +1,30 @@
+version: '3'
+services:
+  nodered:
+    container_name: node-red
+    image: nodered/node-red:latest
+    restart: always
+    ports:
+      - 1880:1880
+    volumes:
+      - ~/.node-red:/data
+    networks: 
+      - totp
+
+  mosquitto:
+    container_name: mosquitto
+    image: eclipse-mosquitto:latest
+    restart: always
+    ports:
+      - 1883:1883
+      - 9001:9001
+    volumes: 
+      - ~/.mosquitto/config:/mosquitto/config
+      - ~/.mosquitto/config/conf.d:/mosquitto/config/conf.d
+      - ~/.mosquitto/data:/mosquitto/data
+      - ~/.mosquitto/log:/mosquitto/log
+    networks:
+      - totp
+
+networks:
+  totp:

lv_conf.h

@@ -1,6 +1,6 @@
 /**
  * @file lv_conf.h
- * Configuration file for v8.3.9
+ * Configuration file for v8.3.11
  */
 
 /*
@@ -12,7 +12,7 @@
  */
 
 /* clang-format off */
-/*Set it to "1" to enable content*/
+#if 1 /*Set it to "1" to enable content*/
 
 #ifndef LV_CONF_H
 #define LV_CONF_H
@@ -27,7 +27,7 @@
 #define LV_COLOR_DEPTH 16
 
 /*Swap the 2 bytes of RGB565 color. Useful if the display has an 8-bit interface (e.g. SPI)*/
-#define LV_COLOR_16_SWAP 1
+#define LV_COLOR_16_SWAP 0
 
 /*Enable features to draw on transparent background.
  *It's required if opa, and transform_* style properties are used.
@@ -230,7 +230,7 @@
  *-----------*/
 
 /*Enable the log module*/
-#define LV_USE_LOG 1
+#define LV_USE_LOG 0
 #if LV_USE_LOG
 
     /*How important log should be added:
@@ -639,6 +639,13 @@
     #define LV_FS_FATFS_CACHE_SIZE 0    /*>0 to cache this number of bytes in lv_fs_read()*/
 #endif
 
+/*API for LittleFS (library needs to be added separately). Uses lfs_file_open, lfs_file_read, etc*/
+#define LV_USE_FS_LITTLEFS 0
+#if LV_USE_FS_LITTLEFS
+    #define LV_FS_LITTLEFS_LETTER '\0'     /*Set an upper cased letter on which the drive will accessible (e.g. 'A')*/
+    #define LV_FS_LITTLEFS_CACHE_SIZE 0    /*>0 to cache this number of bytes in lv_fs_read()*/
+#endif
+
 /*PNG decoder library*/
 #define LV_USE_PNG 0
 
@@ -672,6 +679,13 @@
     #endif
 #endif
 
+/*Tiny TTF library*/
+#define LV_USE_TINY_TTF 0
+#if LV_USE_TINY_TTF
+    /*Load TTF data from files*/
+    #define LV_TINY_TTF_FILE_SUPPORT 0
+#endif
+
 /*Rlottie library*/
 #define LV_USE_RLOTTIE 0
 
@@ -765,5 +779,6 @@
 
 /*--END OF LV_CONF_H--*/
 
+#endif /*LV_CONF_H*/
 
-#endif /*LV_CONF_H*/
+#endif /*End of "Content enable"*/