Feature secure broker

data/config/mosquitto/mosquitto.acl

@@ -0,0 +1,11 @@
+# openwb-version:1
+# allow publishing set topics
+topic write openWB/set/#
+# allow clearing system messages
+topic write openWB/system/messages/#
+# allow clearing client messages
+pattern write openWB/command/%c/messages/#
+# allow global read access
+topic read openWB/#
+# allow read access for remote support topics
+topic read openWB-remote/#

data/config/mosquitto.conf → data/config/mosquitto/mosquitto.conf

@@ -1,11 +1,11 @@
-# openwb-version:1
+# openwb-version:2
 persistence true
 persistence_location /var/lib/mosquitto/
 log_type error
 log_type warning
 log_dest file /var/log/mosquitto/mosquitto.log
 # timestamp format currently not supported in stretch or buster with mosquitto 1.5
 # only enable on bullseye and newer
-# log_timestamp_format %Y-%m-%dT%H:%M:%S
+log_timestamp_format %Y-%m-%dT%H:%M:%S
 
 include_dir /etc/mosquitto/conf.d

data/config/mosquitto_local.conf → data/config/mosquitto/mosquitto_local.conf

@@ -1,4 +1,4 @@
-# openwb-version:1
+# openwb-version:2
 persistence true
 persistence_location /var/lib/mosquitto_local/
 
@@ -7,6 +7,6 @@ log_type warning
 log_dest file /var/log/mosquitto/mosquitto_local.log
 # timestamp format currently not supported in stretch or buster with mosquitto 1.5
 # only enable on bullseye and newer
-# log_timestamp_format %Y-%m-%dT%H:%M:%S
+log_timestamp_format %Y-%m-%dT%H:%M:%S
 
 include_dir /etc/mosquitto/conf_local.d

data/config/openwb.conf → data/config/mosquitto/openwb.conf

@@ -1,28 +1,44 @@
-# openwb-version:2
-listener 9001
+# openwb-version:3
+
+# required to restrict access per listener
+per_listener_settings true
+
+# prevent too many inactive connections from buggy clients
+# closes inactive connections after 4 hours
+persistent_client_expiration 4h
+
+# this websocket is used by local apache
 # todo: restrict access:
 # listener 9001 localhost
+listener 9001
 protocol websockets
 allow_anonymous true
+acl_file /etc/mosquitto/mosquitto.acl
 
+# public secure websocket listener
 listener 9002
 protocol websockets
 allow_anonymous true
 certfile /etc/mosquitto/certs/openwb.pem
 keyfile /etc/mosquitto/certs/openwb.key
+acl_file /etc/mosquitto/mosquitto.acl
 
+# local bridge listener
+listener 1884 localhost
+protocol mqtt
+allow_anonymous true
+
+# public unsecure mqtt listener
+# todo: remove unsecure listeners
 listener 1883
-# todo: restrict access:
-# listener 1883 localhost
 protocol mqtt
 allow_anonymous true
+acl_file /etc/mosquitto/mosquitto.acl
 
+# public secure mqtt listener
 listener 8883
 protocol mqtt
 allow_anonymous true
 certfile /etc/mosquitto/certs/openwb.pem
 keyfile /etc/mosquitto/certs/openwb.key
-
-# prevent too many inactive connections from buggy clients
-# closes inactive connections after 4 hours
-persistent_client_expiration 4h
+acl_file /etc/mosquitto/mosquitto.acl

data/config/openwb_local.conf → data/config/mosquitto/openwb_local.conf

@@ -1,9 +1,9 @@
-# openwb-version:12
+# openwb-version:13
 listener 1886 localhost
 allow_anonymous true
 
 connection bridge-01
-address localhost:1883
+address localhost:1884
 topic openWB/set/# both 2
 
 topic openWB/LegacySmartHome/# out 2

openwb-install.sh

@@ -61,8 +61,9 @@ fi
 echo "updating mosquitto config file"
 systemctl stop mosquitto
 sleep 2
-cp -a "${OPENWBBASEDIR}/data/config/mosquitto.conf" /etc/mosquitto/mosquitto.conf
-cp "${OPENWBBASEDIR}/data/config/openwb.conf" /etc/mosquitto/conf.d/openwb.conf
+cp -a "${OPENWBBASEDIR}/data/config/mosquitto/mosquitto.conf" /etc/mosquitto/mosquitto.conf
+cp "${OPENWBBASEDIR}/data/config/mosquitto/openwb.conf" /etc/mosquitto/conf.d/openwb.conf
+cp "${OPENWBBASEDIR}/data/config/mosquitto/mosquitto.acl" /etc/mosquitto/mosquitto.acl
 sudo cp /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/mosquitto/certs/openwb.pem
 sudo cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/mosquitto/certs/openwb.key
 sudo chgrp mosquitto /etc/mosquitto/certs/openwb.key
@@ -73,7 +74,7 @@ if [ ! -f /etc/init.d/mosquitto_local ]; then
 	echo "setting up mosquitto local instance"
 	install -d -m 0755 -o root -g root /etc/mosquitto/conf_local.d/
 	install -d -m 0755 -o mosquitto -g root /var/lib/mosquitto_local
-	cp "${OPENWBBASEDIR}/data/config/mosquitto_local_init" /etc/init.d/mosquitto_local
+	cp "${OPENWBBASEDIR}/data/config/mosquitto/mosquitto_local_init" /etc/init.d/mosquitto_local
 	chown root:root /etc/init.d/mosquitto_local
 	chmod 755 /etc/init.d/mosquitto_local
 	systemctl daemon-reload
@@ -82,13 +83,14 @@ else
 	systemctl stop mosquitto_local
 	sleep 2
 fi
-cp -a "${OPENWBBASEDIR}/data/config/mosquitto_local.conf" /etc/mosquitto/mosquitto_local.conf
-cp -a "${OPENWBBASEDIR}/data/config/openwb_local.conf" /etc/mosquitto/conf_local.d/
+cp -a "${OPENWBBASEDIR}/data/config/mosquitto/mosquitto_local.conf" /etc/mosquitto/mosquitto_local.conf
+cp -a "${OPENWBBASEDIR}/data/config/mosquitto/openwb_local.conf" /etc/mosquitto/conf_local.d/
 systemctl start mosquitto_local
 echo "mosquitto done"
 
 # apache
 echo -n "replacing apache default page..."
+cp "${OPENWBBASEDIR}/data/config/apache/000-default.conf" "/etc/apache2/sites-available/"
 cp "${OPENWBBASEDIR}/index.html" /var/www/html/index.html
 echo "done"
 echo -n "fix upload limit..."
@@ -105,7 +107,7 @@ echo -n "enabling apache ssl module..."
 a2enmod ssl
 a2enmod proxy_wstunnel
 sudo a2dissite default-ssl
-sudo cp "${OPENWBBASEDIR}/data/config/apache-openwb-ssl.conf" /etc/apache2/sites-available/ 
+sudo cp "${OPENWBBASEDIR}/data/config/apache/apache-openwb-ssl.conf" /etc/apache2/sites-available/ 
 sudo a2ensite apache-openwb-ssl
 echo "done"
 echo -n "restarting apache..."

packages/modules/web_themes/standard_legacy/web/index.html

@@ -725,7 +725,8 @@ <h3>Einstellungen für "PV"</h3>
 														class="charge-point-pv-charge-min-soc form-control-range rangeInput"
 														id="minSocPvCpT"
 														data-topic="openWB/set/vehicle/template/charge_template/<ct>/chargemode/pv_charging/min_soc"
-														min="0" max="95" step="5">
+														min="0" max="19" step="1"
+														data-list='[[0,"Aus"],5,10,15,20,25,30,35,40,45,50,55,60,65,70,75,80,85,90,95]'>
 												</div>
 												<label for="minSocPvCpT"
 													class="col-2 col-form-label valueLabel text-right"
@@ -744,7 +745,7 @@ <h3>Einstellungen für "PV"</h3>
 														class="charge-point-pv-charge-min-soc-current form-control-range rangeInput"
 														id="minSocCurrentPvCpT"
 														data-topic="openWB/set/vehicle/template/charge_template/<ct>/chargemode/pv_charging/min_soc_current"
-														min="6" max="16" step="1">
+														min="6" max="32" step="1">
 												</div>
 												<label for="minSocCurrentPvCpT"
 													class="col-2 col-form-label valueLabel text-right"
@@ -1169,13 +1170,13 @@ <h4 class="modal-title">
 				// some helper functions
 				'helperFunctions.js?ver=20240314',
 				// functions for processing messages
-				'processAllMqttMsg.js?ver=20240314',
+				'processAllMqttMsg.js?ver=20240425',
 				// respective Chart.js definition live
-				'livechart.js?ver=20240308',
+				'livechart.js?ver=20240425',
 				// respective Chart.js definition price based charging
 				'electricityPriceChart.js?ver=20240108',
 				// functions performing mqtt and start mqtt-service
-				'setupMqttServices.js?ver=20240308',
+				'setupMqttServices.js?ver=20240425',
 			];
 			scriptsToLoad.forEach(function (src) {
 				var script = document.createElement('script');