admin/rtu_v5
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3b1ece0eaeba7e461cfefc7353cde929f61959db
rtu_v5/EXAMPLE_CODE.md
tck 58bf8763ed Added a few MDs, update README
2026-03-19 09:26:48 +08:00

77 lines
2.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Example Code/Flow/Design
## 🔒 Securing the communication
### 1. Restrict to localhost for kiosk
* The kiosk UI (`:8080`) should only talk to the backend via `ws://127.0.0.1:12345` (or `wss://` if you enable TLS).
* This ensures the touchscreen browser cannot be hijacked remotely.
### 2. TLS for remote UI
* For the remote UI (`:9090`), expose a WebSocket server with TLS (`wss://Pi_IP:12346`).
* Generate a selfsigned certificate or use Lets Encrypt if the Pi is reachable externally.
* Qt supports `QWebSocketServer::SecureMode` with SSL certificates.
```cpp
server = new QWebSocketServer("SecureServer",
QWebSocketServer::SecureMode, this);
QSslConfiguration sslConfig;
sslConfig.setLocalCertificate(QSslCertificate::fromPath("server.crt"));
sslConfig.setPrivateKey(QSslKey(QFile("server.key"), QSsl::Rsa));
server->setSslConfiguration(sslConfig);
server->listen(QHostAddress::Any, 12346);
```
### 3. Authentication
* Require a token or password for remote clients.
* On connection, the client must send `{ "auth":"secret123" }` before other commands.
* Backend rejects unauthenticated clients.
***
## 🖥️ Serving two UIs
### Option A: Two web servers
* Run a lightweight HTTP server (e.g. `QtHttpServer` or `nginx`) on the Pi.
* Serve `dashboard_kiosk.html` at port 8080.
* Serve `dashboard_full.html` at port 9090.
* Both connect to the same backend WebSocket, but kiosk uses localhost only.
### Option B: One server, two routes
* Serve both UIs from one server, but separate routes:
* `http://Pi_IP:8080/kiosk`
* `http://Pi_IP:8080/full`
* Use Chromium kiosk mode on the Pi to open `/kiosk`.
***
## 🔄 Communication flow
* **Kiosk UI (touchscreen)**
 → Connects to `ws://127.0.0.1:12345` (no TLS, local only).
 → Sends commands like `toggleSiren`.
 → Receives sensor updates every few seconds.
* **Remote UI (PC browser)**
 → Connects to `wss://Pi_IP:12346` (TLS).
 → Authenticates with token.
 → Can send commands and receive updates, but with richer navigation.
***
## 🚀 Next Steps
1. Generate TLS certs (`openssl req -new -x509 -days 365 -keyout server.key -out server.crt`).
2. Configure Qt WebSocket server with `SecureMode` for remote clients.
3. Serve two HTML versions (kiosk vs full) via nginx or QtHttpServer.
4. Add authentication handshake for remote connections.
***
Reference in New Issue View Git Blame Copy Permalink