admin/sp80
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b6ea6a88fd04cd9d2e5540f978af8cfdbab8aebf
sp80/EXAMPLE_CODE.md
tck 58bf8763ed Added a few MDs, update README
2026-03-19 09:26:48 +08:00

2.4 KiB
Raw Blame History

Example Code/Flow/Design

🔒 Securing the communication

1. Restrict to localhost for kiosk

  • The kiosk UI (:8080) should only talk to the backend via ws://127.0.0.1:12345 (or wss:// if you enable TLS).
  • This ensures the touchscreen browser cannot be hijacked remotely.

2. TLS for remote UI

  • For the remote UI (:9090), expose a WebSocket server with TLS (wss://Pi_IP:12346).
  • Generate a selfsigned certificate or use Lets Encrypt if the Pi is reachable externally.
  • Qt supports QWebSocketServer::SecureMode with SSL certificates.
server = new QWebSocketServer("SecureServer",
                              QWebSocketServer::SecureMode, this);
QSslConfiguration sslConfig;
sslConfig.setLocalCertificate(QSslCertificate::fromPath("server.crt"));
sslConfig.setPrivateKey(QSslKey(QFile("server.key"), QSsl::Rsa));
server->setSslConfiguration(sslConfig);
server->listen(QHostAddress::Any, 12346);

3. Authentication

  • Require a token or password for remote clients.
  • On connection, the client must send { "auth":"secret123" } before other commands.
  • Backend rejects unauthenticated clients.

🖥️ Serving two UIs

Option A: Two web servers

  • Run a lightweight HTTP server (e.g. QtHttpServer or nginx) on the Pi.
  • Serve dashboard_kiosk.html at port 8080.
  • Serve dashboard_full.html at port 9090.
  • Both connect to the same backend WebSocket, but kiosk uses localhost only.

Option B: One server, two routes

  • Serve both UIs from one server, but separate routes:
    • http://Pi_IP:8080/kiosk
    • http://Pi_IP:8080/full
  • Use Chromium kiosk mode on the Pi to open /kiosk.

🔄 Communication flow

  • Kiosk UI (touchscreen) → Connects to ws://127.0.0.1:12345 (no TLS, local only). → Sends commands like toggleSiren. → Receives sensor updates every few seconds.
  • Remote UI (PC browser) → Connects to wss://Pi_IP:12346 (TLS). → Authenticates with token. → Can send commands and receive updates, but with richer navigation.

🚀 Next Steps

  1. Generate TLS certs (openssl req -new -x509 -days 365 -keyout server.key -out server.crt).
  2. Configure Qt WebSocket server with SecureMode for remote clients.
  3. Serve two HTML versions (kiosk vs full) via nginx or QtHttpServer.
  4. Add authentication handshake for remote connections.
Reference in New Issue View Git Blame Copy Permalink