esp-signed-updater-mqtt/arduino-download.php
2020-05-06 23:37:52 +02:00

66 lines
2.1 KiB
PHP

<?php
/* ----------------------------------------------------------------------------
* "THE TSCHUNK LICENSE" (Revision 42):
* <christian@staudte.it> wrote this file. As long as you retain this notice
* you can do whatever you want with this stuff. If we meet some day, and you
* think this stuff is worth it, you can buy me a Tschunk in return.
* ---------------------------------------------------------------------------*/
header('Content-type: text/plain; charset=utf8', true);
function check_header($k, $v = false) {
if (!isset($_SERVER[$k]))
return false;
if ($v && $_SERVER[$k] !== $v)
return false;
return true;
}
# validate the headers
if (!check_header('HTTP_USER_AGENT', 'ESP8266-http-Update') ||
!check_header('HTTP_X_ESP8266_STA_MAC') ||
!check_header('HTTP_X_ESP8266_AP_MAC') ||
!check_header('HTTP_X_ESP8266_FREE_SPACE') ||
!check_header('HTTP_X_ESP8266_SKETCH_SIZE') ||
!check_header('HTTP_X_ESP8266_SKETCH_MD5') ||
!check_header('HTTP_X_ESP8266_CHIP_SIZE') ||
!check_header('HTTP_X_ESP8266_SDK_VERSION')
) {
header($_SERVER["SERVER_PROTOCOL"].' 403 Forbidden', true, 403);
exit();
}
# sanitize inputs
$room = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['room']);
$device = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['device']);
$version = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_ESP8266_VERSION']);
$filenames = glob("./arduino-images/$room/$device/*.bin");
$path = false;
if (is_array($filenames)) {
$num = count($filenames);
if ($num >= 1) {
$newest = $filenames[$num - 1];
if (preg_match('/\/(\d+).bin$/', $newest, $matches)) {
$server_version = $matches[1];
if ((int) $server_version > (int) $version) {
$path = $newest;
}
}
}
}
if ($path) {
header($_SERVER["SERVER_PROTOCOL"].' 200 OK', true, 200);
header('Content-Type: application/octet-stream', true);
header('Content-Disposition: attachment; filename='.basename($path));
header('Content-Length: '.filesize($path), true);
header('x-MD5: '.md5_file($path), true);
readfile($path);
} else {
header($_SERVER["SERVER_PROTOCOL"].' 304 Not Modified', true, 304);
}
?>