feat(firmware): M2 WiFi + on-device REST API
Some checks failed
ci / server (pull_request) Failing after 27s
ci / firmware (pull_request) Failing after 36s

Adds the WiFi-to-app sync path and the on-device open REST API implementing the
device paths of api/openapi.yaml, plus persistent config in NVS.

What changed:
- firmware/src/config.{h,cpp}: NVS (Preferences) store - stable device id from MAC,
  WiFi SSID/PSK, API bearer token, upload settings. Secrets stay off the SD card.
- firmware/src/net_wifi.{h,cpp}: station join with stored creds; SoftAP provisioning
  fallback when no creds / join fails; mDNS openscribe.local; reconnect in loop().
- firmware/src/api_http.{h,cpp}: synchronous WebServer on :80. Routes: GET /device,
  GET/PUT /device/config, GET /recordings, GET /recordings/{id}, GET
  /recordings/{id}/audio (HTTP Range -> 206 + Content-Range), DELETE /recordings/{id},
  POST /record/start|stop. Bearer-token auth on mutating calls (open when no token).
- firmware/src/storage.{h,cpp}: list/read/delete/count helpers + path builders.
- firmware/src/main.cpp: wire config + WiFi + API into setup/loop; bump fw to 0.2.0.
- firmware/platformio.ini: add bblanchon/ArduinoJson@^7 (only new dep).
- state/: ARCHITECTURE, NOTES, TODO updated; security + NTP follow-ups recorded.

Why:
- This is the WiFi transfer channel and the device half of the "completely open API":
  clients can list, download (resumable), delete and control without any cloud.

Notes:
- Not compiled locally (no PlatformIO on the dev host) or hardware-verified; CI builds
  both board profiles. Security follow-ups logged: API is open when no token is set,
  and the SoftAP uses a fixed default passphrase (make user-set at M4/BLE).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Laurence 2026-07-03 12:09:41 +01:00
parent 16e3460642
commit 87a00265a3
13 changed files with 510 additions and 20 deletions

211
firmware/src/api_http.cpp Normal file
View file

@ -0,0 +1,211 @@
// SPDX-License-Identifier: GPL-3.0-only
#include "api_http.h"
#include <ArduinoJson.h>
#include <SD.h>
#include <WebServer.h>
#include "config.h"
#include "net_wifi.h"
#include "recorder.h"
#include "storage.h"
namespace {
WebServer server(80);
const char *FW_VERSION = "0.2.0";
// Format a uint64 (SD sizes exceed 32 bits) into a decimal String.
String u64(uint64_t v) {
char b[21];
snprintf(b, sizeof(b), "%llu", (unsigned long long)v);
return String(b);
}
void sendJson(int code, const String &body) {
server.sendHeader("Access-Control-Allow-Origin", "*");
server.send(code, "application/json", body);
}
void sendError(int code, const String &msg) {
sendJson(code, String("{\"error\":\"") + msg + "\"}");
}
// Bearer-token check for mutating endpoints. Empty stored token = auth disabled (open on a
// trusted LAN); tightening this to require a token is a security follow-up (see TODO).
bool authed() {
String tok = config::apiToken();
if (tok.isEmpty()) return true;
return server.header("Authorization") == (String("Bearer ") + tok);
}
const char *recStateStr() {
return recorder::state() == recorder::State::Recording ? "recording" : "idle";
}
// GET /api/v1/device
void handleDevice() {
JsonDocument doc;
doc["device_id"] = config::deviceId();
doc["firmware_version"] = FW_VERSION;
doc["state"] = recStateStr();
doc["power"] = "unknown"; // battery/charge detection lands in M3
doc["battery_pct"] = nullptr;
doc["storage_free_bytes"] = storage::freeBytes();
doc["storage_total_bytes"] = storage::totalBytes();
doc["recordings_count"] = storage::countRecordings();
doc["wifi_connected"] = net_wifi::connected();
doc["ip"] = net_wifi::ip();
String out;
serializeJson(doc, out);
sendJson(200, out);
}
// GET /api/v1/recordings
void handleList() { sendJson(200, storage::listRecordingsJson()); }
// GET /api/v1/recordings/{id}
void handleGetMeta() {
const String id = server.pathArg(0);
const String meta = storage::readFile(storage::recMetaPath(id));
if (meta.isEmpty()) return sendError(404, "No such recording");
sendJson(200, meta);
}
// DELETE /api/v1/recordings/{id}
void handleDelete() {
if (!authed()) return sendError(401, "Unauthorized");
const String id = server.pathArg(0);
if (!storage::removeRecording(id)) return sendError(404, "No such recording");
server.send(204, "application/json", "");
}
// GET /api/v1/recordings/{id}/audio (supports HTTP Range)
void handleAudio() {
const String id = server.pathArg(0);
File f = SD.open(storage::recWavPath(id), FILE_READ);
if (!f) return sendError(404, "No such recording");
const size_t total = f.size();
server.sendHeader("Accept-Ranges", "bytes");
size_t start = 0, end = (total ? total - 1 : 0);
bool partial = false;
String range = server.header("Range");
if (range.startsWith("bytes=")) {
partial = true;
range = range.substring(6);
int dash = range.indexOf('-');
start = range.substring(0, dash).toInt();
String es = range.substring(dash + 1);
if (es.length()) end = es.toInt();
}
if (start >= total) {
f.close();
return sendError(416, "Range not satisfiable");
}
if (end >= total) end = total - 1;
const size_t len = end - start + 1;
f.seek(start);
if (partial) {
server.sendHeader("Content-Range",
"bytes " + String(start) + "-" + String(end) + "/" + String(total));
server.setContentLength(len);
server.send(206, "audio/wav", "");
} else {
server.setContentLength(total);
server.send(200, "audio/wav", "");
}
uint8_t buf[1024];
size_t remaining = len;
while (remaining > 0) {
size_t want = remaining < sizeof(buf) ? remaining : sizeof(buf);
size_t n = f.read(buf, want);
if (n == 0) break;
server.sendContent(reinterpret_cast<char *>(buf), n);
remaining -= n;
}
f.close();
}
// POST /api/v1/record/start
void handleRecordStart() {
if (!authed()) return sendError(401, "Unauthorized");
if (!recorder::startRecording()) return sendError(409, "Already recording");
sendJson(200, String("{\"id\":\"") + recorder::currentId() +
"\",\"state\":\"recording\"}");
}
// POST /api/v1/record/stop
void handleRecordStop() {
if (!authed()) return sendError(401, "Unauthorized");
const String id = recorder::currentId();
if (!recorder::stopRecording()) return sendError(409, "Not recording");
const String meta = storage::readFile(storage::recMetaPath(id));
sendJson(200, meta.isEmpty() ? String("{\"id\":\"") + id + "\"}" : meta);
}
// GET /api/v1/device/config (secrets never returned)
void handleGetConfig() {
JsonDocument doc;
doc["device_id"] = config::deviceId();
doc["wifi_ssid"] = config::wifiSsid();
doc["upload_target"] = config::uploadTarget();
doc["codec"] = "wav_pcm_s16le";
doc["sample_rate"] = 16000;
String out;
serializeJson(doc, out);
sendJson(200, out);
}
// PUT /api/v1/device/config
void handlePutConfig() {
if (!authed()) return sendError(401, "Unauthorized");
JsonDocument doc;
if (deserializeJson(doc, server.arg("plain"))) {
return sendError(400, "Invalid JSON");
}
if (doc["wifi_ssid"].is<const char *>()) {
config::setWifi(doc["wifi_ssid"].as<String>(),
doc["wifi_psk"] | config::wifiPsk());
}
if (doc["api_token"].is<const char *>()) {
config::setApiToken(doc["api_token"].as<String>());
}
if (doc["upload_target"].is<const char *>()) {
config::setUploadTarget(doc["upload_target"].as<String>());
}
// WiFi changes take effect on next reboot/reconnect.
sendJson(200, "{\"status\":\"ok\",\"note\":\"reboot to apply WiFi changes\"}");
}
} // namespace
namespace api_http {
void begin() {
// WebServer only retains headers we ask for.
const char *headers[] = {"Authorization", "Range"};
server.collectHeaders(headers, 2);
server.on("/api/v1/device", HTTP_GET, handleDevice);
server.on("/api/v1/device/config", HTTP_GET, handleGetConfig);
server.on("/api/v1/device/config", HTTP_PUT, handlePutConfig);
server.on("/api/v1/recordings", HTTP_GET, handleList);
// Register the more specific /audio route before the generic {id} route.
server.on("/api/v1/recordings/{}/audio", HTTP_GET, handleAudio);
server.on("/api/v1/recordings/{}", HTTP_GET, handleGetMeta);
server.on("/api/v1/recordings/{}", HTTP_DELETE, handleDelete);
server.on("/api/v1/record/start", HTTP_POST, handleRecordStart);
server.on("/api/v1/record/stop", HTTP_POST, handleRecordStop);
server.onNotFound([]() { sendError(404, "Not found"); });
server.begin();
}
void loop() { server.handleClient(); }
} // namespace api_http