Jump to content

Welcome to Smart Home Forum by FIBARO

Dear Guest,

 

as you can notice parts of Smart Home Forum by FIBARO is not available for you. You have to register in order to view all content and post in our community. Don't worry! Registration is a simple free process that requires minimal information for you to sign up. Become a part of of Smart Home Forum by FIBARO by creating an account.

 

As a member you can:

  •     Start new topics and reply to others
  •     Follow topics and users to get email updates
  •     Get your own profile page and make new friends
  •     Send personal messages
  •     ... and learn a lot about our system!

 

Regards,

Smart Home Forum by FIBARO Team


How can I from a page on a publicserver access a Home Center 3 on a local network


Recommended Posts

I need help or clarification.
My situation is the following.
I have a website on our public server.


When you open it, information must be retrieved from the Home Center 3 on the local network, which must be used on the page.

 

This is of course a problem, as the security of Chrome and other browsers does not allow accessing local resources when called from a web page on a public page.

Is there any way this can be done or do I have to find a completely different solution

 

 

This is html-page on the server

 

<!doctype html>
<html lang="en">
<head>
  <style> </style>
  <script src="https://code.jquery.com/jquery-3.6.3.js"></script>
  <script src="https://code.jquery.com/ui/1.13.2/jquery-ui.js"></script>
  <script>
    let params = (new URL(document.location)).searchParams;
    var HC3ip = params.get('ip');
    var HC3data = params.get('data');
    var HC3sn = "HC3-00000000";
    var user = "[email protected]";
    var code = "password";

    console.log("Params ip:" + HC3ip + ", data:" + HC3data + ", sn:" + HC3sn);
    
    function HC3_get(_url, success )  {
      console.log("HC3_get: url:" + _url);
      fetch(_url, {
         method: 'GET',
        headers: {
            'Content-Type': 'application/json',
              'accept': 'application/json',
            'Access-Control-Allow-Origin': '*',
            'Access-Control-Allow-Methods': "GET, OPTIONS, POST, PUT,PATCH,OPTIONS",
            'Access-Control-Allow-Credentials':'true',
            'Access-Control-Allow-Headers':'Authorization,Content-Type,accept, *',
            'Access-Control-Allow-Private-Network':'true',
            'authorization': 'Basic ' + HC3data
          }
      })
           .then(response => response.json())
           .then( json => success(json))
           .catch( err => console.log(err));
    }
    
    function makeInfo()  {
          $("#address").html(graphic_Info.address + ", " + graphic_Info.sn);
    }
    
    
    HC3_get( "https://" + HC3ip + "/api/globalVariables/graphic_Info", 
            function(json) 
            {
                console.log("HC3_get(Info): " + JSON.stringify(json));
                graphic_Info = json;
                makeInfo(); 
            })
  </script>
  
  
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>Logic Group/title>
</head>
 
<body>
  <h2 id="address"></h2>
</body>
</html>

 

The response is

 

Params ip:192.168.10.153, data:xxxxxxFhcmRzdmVqM0Bnxxxxxx5jb206SmFjb2IyMDAxIQ==, sn:HC3-00000000
Floorplan2.htm?ip=192.168.10.153&data=xxxxxxFhcmRzdmVqM0Bnxxxxxx5jb206SmFjb2IyMDAxIQ==:19   HC3_get: url:https://192.168.10.153/api/globalVariables/graphic_Info
Floorplan2.htm?ip=192.168.10.153&data=xxxxxxFhcmRzdmVqM0Bnxxxxxx5jb206SmFjb2IyMDAxIQ==:20          GET https://192.168.10.153/api/globalVariables/graphic_Info net::ERR_CERT_AUTHORITY_INVALID
HC3_get @ Floorplan2.htm?ip=192.168.10.153&data=xxxxxxFhcmRzdmVqM0Bnxxxxxx5jb206SmFjb2IyMDAxIQ==:20
(anonymous) @ Floorplan2.htm?ip=192.168.10.153&data=xxxxxxFhcmRzdmVqM0Bnxxxxxx5jb206SmFjb2IyMDAxIQ==:44
Floorplan2.htm?ip=192.168.10.153&data=xxxxxxFhcmRzdmVqM0Bnxxxxxx5jb206SmFjb2IyMDAxIQ==:35 TypeError: Failed to fetch
    at HC3_get (Floorplan2.htm?ip=192.168.10.153&data=xxxxxxFhcmRzdmVqM0Bnxxxxxx5jb206SmFjb2IyMDAxIQ==:20:7)
    at Floorplan2.htm?ip=192.168.10.153&data=xxxxxxFhcmRzdmVqM0Bnxxxxxx5jb206SmFjb2IyMDAxIQ==:44:5

 

 

 

Link to comment
Share on other sites

@[email protected]

And how are you really asking HC3 from a public server?
I assume that you have a server with one interface to the net and the other to the internal network for communication with HC3.
It would also like to separate part of the html query - transfer it to PHP like any other interpreter, translate the queried values from HC3 into other variables, so that nothing from the prime communication between HC3 and the server can reach the end user.

 

 

Link to comment
Share on other sites

  • 1 month later...

If I understand you correctly the short answer is you need to use server side scripting, not client side scripting. I would also ask, why not use the Fibaro Public endpoint for your private HC3 directly? 

Please login or register to see this link.



If I had a public facing website (of my personal preference) it would be on a Windows server with Microsoft IIS web service running .aspx pages on my site. I would use c# code to run server side scripting on the aspx page before rendering the content returned to the client. The server side scripting is of course invisible to the client. The server side code would make a call to the Fibaro public facing endpoint and use credentials that I privately stored and encrypted on the server. Once the public client requests the public web page, my c# code would negotiate a login to the Fibaro endpoint and I would have access to all the HC3 pages in the server side code. I could then manipulate the HC3 data however I needed and output my final pages to the public website client as rendered pages containing HTML and JavaScript. I could output partial HC3 pages, combine pages or just output full pages just as they are retrieved from Fibaro. Of course any urls coming from the Fibaro endpoint would have to be handled by the public website server side side code as well. Perhaps a single page to capture all requests for other pages, button images, etc.. that would simply get the HC3 content and return it to the client. Its a bit of a project though.

The public Fibaro endpoint kind of fulfills my personal needs for remote access to the HC3 "as is" so I have not done this. I would consider the effort of making a custom public website if perhaps I wanted to expose the HC3 to a bunch of other people but integrate my existing website permission structure rather than the one existing in Fibaro. Also if I wanted to combine and expose a redacted portion of the private HC3 site. There are also 3rd party control panel apps out there and they may also fulfill that type of need though. I am not sure if any exist to get through the login and do this remotely.

 

If I wanted to add custom functionality such as adding new GUI fields and making them part of objects which could be consumed by LUA code. For instance I could add a drop down field called SceneType to Sections, Rooms and Devices. I could also add a new pseudo HC3 page that allows me to add a new SceneType to be stored in a HC3 global variable. I could then program scenes to take conditional actions based on a device, room or section SceneType. This would eliminate a lot of hard coded programming in favor of end user GUI manipulation. This is the most compelling reason to me to look at this approach. I am not sure if the custom features would be doable on a public site but may be limited to work on a private custom site on the local network. I think about doing that from time to time in order to add functionality. The best solution for this type of thing is to remote into the HC3 locally and modify server side content and scripting directly but I believe the HC3 is locked in that regard. It would be nice if I could opt to "break the seal" and "void the warranty" so to speak and thereby gain access to modify the system a bit more.
 

Edited by RedRocketFire
typo
Link to comment
Share on other sites

7 hours ago, RedRocketFire said:

I would also ask, why not use the Fibaro Public endpoint for your private HC3 directly? 

Please login or register to see this link.

One answer. Security. You open your controller that controls your home to the Internet. That is like leaving the front door open.

What you can do is use a reverse proxy (like nginx) that exposes the API calls you need to your website. That is also less secure, but better than opening the HC3 to the Internet. The best is (as you descibe) yourself to write a web app with front- and back-end, reverse proxy and public/private key negotiation to the data in the web app.

 

In this world, exposing your home controller to the Internet is getting hacked in a blink of an eye.

Link to comment
Share on other sites

11 hours ago, Joep said:

One answer. Security. You open your controller that controls your home to the Internet. That is like leaving the front door open.

What you can do is use a reverse proxy (like nginx) that exposes the API calls you need to your website. That is also less secure, but better than opening the HC3 to the Internet. The best is (as you descibe) yourself to write a web app with front- and back-end, reverse proxy and public/private key negotiation to the data in the web app.

 

In this world, exposing your home controller to the Internet is getting hacked in a blink of an eye.

This is not the same gateway, what you use with your Yubii app on your phone?

If I’m right this gateway is already open. You do not open another gate to the HC, so this is not increasing the security risk.

 

Am I right?

Link to comment
Share on other sites

1 hour ago, Milan Takacs said:

This is not the same gateway, what you use with your Yubii app on your phone?

No, the Yubii app connects to FIBARO servers that connect to you HC3 with a reversed tunnel. Therefore you don't have to open ports on your router. I think it's reversed ssh proxy they use, but that is not confirmed. It's a known (safe) method, because your HC3 is not exposed on the Internet and the FIBARO servers are only accessible with your FIBARO id. It's the same principle, as I described in my previous post, but you can't connect to their servers with your own script.

Link to comment
Share on other sites

9 hours ago, Joep said:

No, the Yubii app connects to FIBARO servers that connect to you HC3 with a reversed tunnel. Therefore you don't have to open ports on your router. I think it's reversed ssh proxy they use, but that is not confirmed. It's a known (safe) method, because your HC3 is not exposed on the Internet and the FIBARO servers are only accessible with your FIBARO id. It's the same principle, as I described in my previous post, but you can't connect to their servers with your own script.

Yes, that’s right.

But the suggestion was the same by RedRocketFire. Use the official Fibaro remote connection on 

Please login or register to see this link.

This is the same connection method. There is no open or forwarded port.

Link to comment
Share on other sites

  • 8 months later...

If you have control over the server where the Home Center 3 is hosted, you can configure it to include the appropriate CORS headers in its responses. This will allow browsers to make cross-origin requests to the Home Center 3 server. Keep in mind that this is a security feature, and enabling CORS should be done carefully to avoid potential security risks. Also check that you decided to buy proxies after this audit and not before. You can set up a server-side proxy that runs on your public server. The public server can communicate with the Home Center 3 server on the local network and then serve the data to the public website. This way, the browser is making requests to the same domain as the public website, avoiding cross-origin issues.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...