Fix: switch to using AuthenticationMiddleware

with ESPAsyncWebServer 3.3.0, the setAuthentication() became deprecated and a replacement method was provided which acts as a shim and uses the new middleware-based approach to setup authentication. for unknown reasons, the setAuthentication() method was called periodically. the shim implementation each time allocates a new AuthenticationMiddleware and adds it to the chain of middlewares, eventually exhausting the memory. we now use the new middleware-based approach ourselves and only add the respective AuthenticatonMiddleware instance once to the websocket server instance.
helgeerbe · Sep 30, 2024 · 6cdeecb · 6cdeecb
1 parent b206cee
commit 6cdeecb
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 12 deletions.
diff --git a/include/WebApi_ws_console.h b/include/WebApi_ws_console.h
@@ -11,6 +11,7 @@ class WebApiWsConsoleClass {
 
 private:
     AsyncWebSocket _ws;
+    AuthenticationMiddleware _simpleDigestAuth;
 
     Task _wsCleanupTask;
     void wsCleanupTaskCb();

diff --git a/include/WebApi_ws_live.h b/include/WebApi_ws_live.h
@@ -24,6 +24,7 @@ class WebApiWsLiveClass {
     void onWebsocketEvent(AsyncWebSocket* server, AsyncWebSocketClient* client, AwsEventType type, void* arg, uint8_t* data, size_t len);
 
     AsyncWebSocket _ws;
+    AuthenticationMiddleware _simpleDigestAuth;
 
     uint32_t _lastPublishStats[INV_MAX_COUNT] = { 0 };
 

diff --git a/src/WebApi_ws_console.cpp b/src/WebApi_ws_console.cpp
@@ -21,16 +21,15 @@ void WebApiWsConsoleClass::init(AsyncWebServer& server, Scheduler& scheduler)
 
     scheduler.addTask(_wsCleanupTask);
     _wsCleanupTask.enable();
+
+    _simpleDigestAuth.setUsername(AUTH_USERNAME);
+    _simpleDigestAuth.setPassword(Configuration.get().Security.Password);
+    _simpleDigestAuth.setRealm("console websocket");
+    _ws.addMiddleware(&_simpleDigestAuth);
 }
 
 void WebApiWsConsoleClass::wsCleanupTaskCb()
 {
     // see: https://github.com/me-no-dev/ESPAsyncWebServer#limiting-the-number-of-web-socket-clients
     _ws.cleanupClients();
-
-    if (Configuration.get().Security.AllowReadonly) {
-        _ws.setAuthentication("", "");
-    } else {
-        _ws.setAuthentication(AUTH_USERNAME, Configuration.get().Security.Password);
-    }
 }
diff --git a/src/WebApi_ws_live.cpp b/src/WebApi_ws_live.cpp
@@ -36,18 +36,17 @@ void WebApiWsLiveClass::init(AsyncWebServer& server, Scheduler& scheduler)
 
     scheduler.addTask(_sendDataTask);
     _sendDataTask.enable();
+
+    _simpleDigestAuth.setUsername(AUTH_USERNAME);
+    _simpleDigestAuth.setPassword(Configuration.get().Security.Password);
+    _simpleDigestAuth.setRealm("livedata websocket");
+    _ws.addMiddleware(&_simpleDigestAuth);
 }
 
 void WebApiWsLiveClass::wsCleanupTaskCb()
 {
     // see: https://github.com/me-no-dev/ESPAsyncWebServer#limiting-the-number-of-web-socket-clients
     _ws.cleanupClients();
-
-    if (Configuration.get().Security.AllowReadonly) {
-        _ws.setAuthentication("", "");
-    } else {
-        _ws.setAuthentication(AUTH_USERNAME, Configuration.get().Security.Password);
-    }
 }
 
 void WebApiWsLiveClass::sendDataTaskCb()