ESPHome 2026.3.0-dev
Loading...
Searching...
No Matches
ota_http_request.cpp
Go to the documentation of this file.
1#include "ota_http_request.h"
2
3#include <cctype>
4
5#include "esphome/core/application.h"
6#include "esphome/core/defines.h"
7#include "esphome/core/log.h"
8
9#include "esphome/components/md5/md5.h"
10#include "esphome/components/watchdog/watchdog.h"
11#include "esphome/components/ota/ota_backend.h"
12#include "esphome/components/ota/ota_backend_esp8266.h"
13#include "esphome/components/ota/ota_backend_arduino_rp2040.h"
14#include "esphome/components/ota/ota_backend_esp_idf.h"
15
16namespace esphome {
17namespace http_request {
18
19static const char *const TAG = "http_request.ota";
20
21void OtaHttpRequestComponent::dump_config() { ESP_LOGCONFIG(TAG, "Over-The-Air updates via HTTP request"); };
22
23void OtaHttpRequestComponent::set_md5_url(const std::string &url) {
24 if (!this->validate_url_(url)) {
25 this->md5_url_.clear(); // URL was not valid; prevent flashing until it is
26 return;
27 }
28 this->md5_url_ = url;
29 this->md5_expected_.clear(); // to be retrieved later
30}
31
32void OtaHttpRequestComponent::set_url(const std::string &url) {
33 if (!this->validate_url_(url)) {
34 this->url_.clear(); // URL was not valid; prevent flashing until it is
35 return;
36 }
37 this->url_ = url;
38}
39
40void OtaHttpRequestComponent::flash() {
41 if (this->url_.empty()) {
42 ESP_LOGE(TAG, "URL not set; cannot start update");
43 return;
44 }
45
46 ESP_LOGI(TAG, "Starting update");
47#ifdef USE_OTA_STATE_LISTENER
48 this->notify_state_(ota::OTA_STARTED, 0.0f, 0);
49#endif
50
51 auto ota_status = this->do_ota_();
52
53 switch (ota_status) {
54 case ota::OTA_RESPONSE_OK:
55#ifdef USE_OTA_STATE_LISTENER
56 this->notify_state_(ota::OTA_COMPLETED, 100.0f, ota_status);
57#endif
58 delay(10);
59 App.safe_reboot();
60 break;
61
62 default:
63#ifdef USE_OTA_STATE_LISTENER
64 this->notify_state_(ota::OTA_ERROR, 0.0f, ota_status);
65#endif
66 this->md5_computed_.clear(); // will be reset at next attempt
67 this->md5_expected_.clear(); // will be reset at next attempt
68 break;
69 }
70}
71
72void OtaHttpRequestComponent::cleanup_(std::unique_ptr<ota::OTABackend> backend,
73 const std::shared_ptr<HttpContainer> &container) {
74 if (this->update_started_) {
75 ESP_LOGV(TAG, "Aborting OTA backend");
76 backend->abort();
77 }
78 ESP_LOGV(TAG, "Aborting HTTP connection");
79 container->end();
80};
81
82uint8_t OtaHttpRequestComponent::do_ota_() {
83 uint8_t buf[OtaHttpRequestComponent::HTTP_RECV_BUFFER + 1];
84 uint32_t last_progress = 0;
85 uint32_t update_start_time = millis();
86 md5::MD5Digest md5_receive;
87 char md5_receive_str[33];
88
89 if (this->md5_expected_.empty() && !this->http_get_md5_()) {
90 return OTA_MD5_INVALID;
91 }
92
93 ESP_LOGD(TAG, "MD5 expected: %s", this->md5_expected_.c_str());
94
95 auto url_with_auth = this->get_url_with_auth_(this->url_);
96 if (url_with_auth.empty()) {
97 return OTA_BAD_URL;
98 }
99 ESP_LOGVV(TAG, "url_with_auth: %s", url_with_auth.c_str());
100 ESP_LOGI(TAG, "Connecting to: %s", this->url_.c_str());
101
102 auto container = this->parent_->get(url_with_auth);
103
104 if (container == nullptr || container->status_code != HTTP_STATUS_OK) {
105 return OTA_CONNECTION_ERROR;
106 }
107
108 // we will compute MD5 on the fly for verification -- Arduino OTA seems to ignore it
109 md5_receive.init();
110 ESP_LOGV(TAG, "MD5Digest initialized, OTA backend begin");
111 auto backend = ota::make_ota_backend();
112 auto error_code = backend->begin(container->content_length);
113 if (error_code != ota::OTA_RESPONSE_OK) {
114 ESP_LOGW(TAG, "backend->begin error: %d", error_code);
115 this->cleanup_(std::move(backend), container);
116 return error_code;
117 }
118
119 // NOTE: HttpContainer::read() has non-BSD socket semantics - see http_request.h
120 // Use http_read_loop_result() helper instead of checking return values directly
121 uint32_t last_data_time = millis();
122 const uint32_t read_timeout = this->parent_->get_timeout();
123
124 while (container->get_bytes_read() < container->content_length) {
125 // read a maximum of chunk_size bytes into buf. (real read size returned, or negative error code)
126 int bufsize_or_error = container->read(buf, OtaHttpRequestComponent::HTTP_RECV_BUFFER);
127 ESP_LOGVV(TAG, "bytes_read_ = %u, body_length_ = %u, bufsize_or_error = %i", container->get_bytes_read(),
128 container->content_length, bufsize_or_error);
129
130 // feed watchdog and give other tasks a chance to run
131 App.feed_wdt();
132 yield();
133
134 auto result = http_read_loop_result(bufsize_or_error, last_data_time, read_timeout, container->is_read_complete());
135 if (result == HttpReadLoopResult::RETRY)
136 continue;
137 // For non-chunked responses, COMPLETE is unreachable (loop condition checks bytes_read < content_length).
138 // For chunked responses, the decoder sets content_length = bytes_read when the final chunk arrives,
139 // which causes the loop condition to terminate. But COMPLETE can still be returned if the decoder
140 // finishes mid-read, so this is needed for correctness.
141 if (result == HttpReadLoopResult::COMPLETE)
142 break;
143 if (result != HttpReadLoopResult::DATA) {
144 if (result == HttpReadLoopResult::TIMEOUT) {
145 ESP_LOGE(TAG, "Timeout reading data");
146 } else {
147 ESP_LOGE(TAG, "Error reading data: %d", bufsize_or_error);
148 }
149 this->cleanup_(std::move(backend), container);
150 return OTA_CONNECTION_ERROR;
151 }
152
153 // At this point bufsize_or_error > 0, so it's a valid size
154 if (bufsize_or_error <= OtaHttpRequestComponent::HTTP_RECV_BUFFER) {
155 // add read bytes to MD5
156 md5_receive.add(buf, bufsize_or_error);
157
158 // write bytes to OTA backend
159 this->update_started_ = true;
160 error_code = backend->write(buf, bufsize_or_error);
161 if (error_code != ota::OTA_RESPONSE_OK) {
162 // error code explanation available at
163 // https://github.com/esphome/esphome/blob/dev/esphome/components/ota/ota_backend.h
164 ESP_LOGE(TAG, "Error code (%02X) writing binary data to flash at offset %d and size %d", error_code,
165 container->get_bytes_read() - bufsize_or_error, container->content_length);
166 this->cleanup_(std::move(backend), container);
167 return error_code;
168 }
169 }
170
171 uint32_t now = millis();
172 if ((now - last_progress > 1000) or (container->get_bytes_read() == container->content_length)) {
173 last_progress = now;
174 float percentage = container->get_bytes_read() * 100.0f / container->content_length;
175 ESP_LOGD(TAG, "Progress: %0.1f%%", percentage);
176#ifdef USE_OTA_STATE_LISTENER
177 this->notify_state_(ota::OTA_IN_PROGRESS, percentage, 0);
178#endif
179 }
180 } // while
181
182 ESP_LOGI(TAG, "Done in %.0f seconds", float(millis() - update_start_time) / 1000);
183
184 // verify MD5 is as expected and act accordingly
185 md5_receive.calculate();
186 md5_receive.get_hex(md5_receive_str);
187 this->md5_computed_ = md5_receive_str;
188 if (strncmp(this->md5_computed_.c_str(), this->md5_expected_.c_str(), MD5_SIZE) != 0) {
189 ESP_LOGE(TAG, "MD5 computed: %s - Aborting due to MD5 mismatch", this->md5_computed_.c_str());
190 this->cleanup_(std::move(backend), container);
191 return ota::OTA_RESPONSE_ERROR_MD5_MISMATCH;
192 } else {
193 backend->set_update_md5(md5_receive_str);
194 }
195
196 container->end();
197
198 // feed watchdog and give other tasks a chance to run
199 App.feed_wdt();
200 yield();
201 delay(100); // NOLINT
202
203 error_code = backend->end();
204 if (error_code != ota::OTA_RESPONSE_OK) {
205 ESP_LOGW(TAG, "Error ending update! error_code: %d", error_code);
206 this->cleanup_(std::move(backend), container);
207 return error_code;
208 }
209
210 ESP_LOGI(TAG, "Update complete");
211 return ota::OTA_RESPONSE_OK;
212}
213
214// URL-encode characters that are not unreserved per RFC 3986 section 2.3.
215// This is needed for embedding userinfo (username/password) in URLs safely.
216static std::string url_encode(const std::string &str) {
217 std::string result;
218 result.reserve(str.size());
219 for (char c : str) {
220 if (std::isalnum(static_cast<unsigned char>(c)) || c == '-' || c == '_' || c == '.' || c == '~') {
221 result += c;
222 } else {
223 result += '%';
224 result += format_hex_pretty_char((static_cast<uint8_t>(c) >> 4) & 0x0F);
225 result += format_hex_pretty_char(static_cast<uint8_t>(c) & 0x0F);
226 }
227 }
228 return result;
229}
230
231void OtaHttpRequestComponent::set_password(const std::string &password) { this->password_ = url_encode(password); }
232void OtaHttpRequestComponent::set_username(const std::string &username) { this->username_ = url_encode(username); }
233
234std::string OtaHttpRequestComponent::get_url_with_auth_(const std::string &url) {
235 if (this->username_.empty() || this->password_.empty()) {
236 return url;
237 }
238
239 auto start_char = url.find("://");
240 if ((start_char == std::string::npos) || (start_char < 4)) {
241 ESP_LOGE(TAG, "Incorrect URL prefix");
242 return {};
243 }
244
245 ESP_LOGD(TAG, "Using basic HTTP authentication");
246
247 start_char += 3; // skip '://' characters
248 auto url_with_auth =
249 url.substr(0, start_char) + this->username_ + ":" + this->password_ + "@" + url.substr(start_char);
250 return url_with_auth;
251}
252
253bool OtaHttpRequestComponent::http_get_md5_() {
254 if (this->md5_url_.empty()) {
255 return false;
256 }
257
258 auto url_with_auth = this->get_url_with_auth_(this->md5_url_);
259 if (url_with_auth.empty()) {
260 return false;
261 }
262
263 ESP_LOGVV(TAG, "url_with_auth: %s", url_with_auth.c_str());
264 ESP_LOGI(TAG, "Connecting to: %s", this->md5_url_.c_str());
265 auto container = this->parent_->get(url_with_auth);
266 if (container == nullptr) {
267 ESP_LOGE(TAG, "Failed to connect to MD5 URL");
268 return false;
269 }
270 size_t length = container->content_length;
271 if (length == 0) {
272 container->end();
273 return false;
274 }
275 if (length < MD5_SIZE) {
276 ESP_LOGE(TAG, "MD5 file must be %u bytes; %u bytes reported by HTTP server. Aborting", MD5_SIZE, length);
277 container->end();
278 return false;
279 }
280
281 this->md5_expected_.resize(MD5_SIZE);
282 auto result = http_read_fully(container.get(), (uint8_t *) this->md5_expected_.data(), MD5_SIZE, MD5_SIZE,
283 this->parent_->get_timeout());
284 container->end();
285
286 if (result.status != HttpReadStatus::OK) {
287 if (result.status == HttpReadStatus::TIMEOUT) {
288 ESP_LOGE(TAG, "Timeout reading MD5");
289 } else {
290 ESP_LOGE(TAG, "Error reading MD5: %d", result.error_code);
291 }
292 return false;
293 }
294 return true;
295}
296
297bool OtaHttpRequestComponent::validate_url_(const std::string &url) {
298 if ((url.length() < 8) || !url.starts_with("http") || (url.find("://") == std::string::npos)) {
299 ESP_LOGE(TAG, "URL is invalid and/or must be prefixed with 'http://' or 'https://'");
300 return false;
301 }
302 return true;
303}
304
305} // namespace http_request
306} // namespace esphome
esphome::Application::feed_wdt
void feed_wdt(uint32_t time=0)
Definition application.cpp:251
esphome::HashBase::get_hex
void get_hex(char *output)
Retrieve the hash as hex characters. Output buffer must hold get_size() * 2 + 1 bytes.
Definition hash_base.h:29
esphome::http_request::OtaHttpRequestComponent::set_url
void set_url(const std::string &url)
Definition ota_http_request.cpp:32
esphome::http_request::OtaHttpRequestComponent::dump_config
void dump_config() override
Definition ota_http_request.cpp:21
esphome::http_request::OtaHttpRequestComponent::md5_url_
std::string md5_url_
Definition ota_http_request.h:50
esphome::http_request::OtaHttpRequestComponent::flash
void flash()
Definition ota_http_request.cpp:40
esphome::http_request::OtaHttpRequestComponent::do_ota_
uint8_t do_ota_()
Definition ota_http_request.cpp:82
esphome::http_request::OtaHttpRequestComponent::md5_computed_
std::string md5_computed_
Definition ota_http_request.h:48
esphome::http_request::OtaHttpRequestComponent::cleanup_
void cleanup_(std::unique_ptr< ota::OTABackend > backend, const std::shared_ptr< HttpContainer > &container)
Definition ota_http_request.cpp:72
esphome::http_request::OtaHttpRequestComponent::update_started_
bool update_started_
Definition ota_http_request.h:55
esphome::http_request::OtaHttpRequestComponent::password_
std::string password_
Definition ota_http_request.h:51
esphome::http_request::OtaHttpRequestComponent::http_get_md5_
bool http_get_md5_()
Definition ota_http_request.cpp:253
esphome::http_request::OtaHttpRequestComponent::HTTP_RECV_BUFFER
static const uint16_t HTTP_RECV_BUFFER
Definition ota_http_request.h:56
esphome::http_request::OtaHttpRequestComponent::username_
std::string username_
Definition ota_http_request.h:52
esphome::http_request::OtaHttpRequestComponent::set_password
void set_password(const std::string &password)
Definition ota_http_request.cpp:231
esphome::http_request::OtaHttpRequestComponent::validate_url_
bool validate_url_(const std::string &url)
Definition ota_http_request.cpp:297
esphome::http_request::OtaHttpRequestComponent::set_username
void set_username(const std::string &username)
Definition ota_http_request.cpp:232
esphome::http_request::OtaHttpRequestComponent::get_url_with_auth_
std::string get_url_with_auth_(const std::string &url)
Definition ota_http_request.cpp:234
esphome::http_request::OtaHttpRequestComponent::md5_expected_
std::string md5_expected_
Definition ota_http_request.h:49
esphome::http_request::OtaHttpRequestComponent::url_
std::string url_
Definition ota_http_request.h:53
esphome::http_request::OtaHttpRequestComponent::set_md5_url
void set_md5_url(const std::string &md5_url)
Definition ota_http_request.cpp:23
esphome::md5::MD5Digest::calculate
void calculate() override
Compute the digest, based on the provided data.
Definition md5.cpp:17
esphome::md5::MD5Digest::add
void add(const uint8_t *data, size_t len) override
Add bytes of data for the digest.
Definition md5.cpp:15
esphome::md5::MD5Digest::init
void init() override
Initialize a new MD5 digest computation.
Definition md5.cpp:10
esphome::ota::OTAComponent::notify_state_
void notify_state_(OTAState state, float progress, uint8_t error)
Definition ota_backend.cpp:16
esphome::http_request::HTTP_STATUS_OK
@ HTTP_STATUS_OK
Definition http_request.h:26
esphome::http_request::HttpReadLoopResult::TIMEOUT
@ TIMEOUT
Timeout waiting for data, caller should exit loop.
esphome::http_request::HttpReadLoopResult::COMPLETE
@ COMPLETE
All content has been read, caller should exit loop.
esphome::http_request::HttpReadLoopResult::RETRY
@ RETRY
No data yet, already delayed, caller should continue loop.
esphome::http_request::HttpReadLoopResult::DATA
@ DATA
Data was read, process it.
esphome::http_request::http_read_loop_result
HttpReadLoopResult http_read_loop_result(int bytes_read_or_error, uint32_t &last_data_time, uint32_t timeout_ms, bool is_read_complete)
Process a read result with timeout tracking and delay handling.
Definition http_request.h:188
esphome::http_request::OTA_BAD_URL
@ OTA_BAD_URL
Definition ota_http_request.h:21
esphome::http_request::OTA_MD5_INVALID
@ OTA_MD5_INVALID
Definition ota_http_request.h:20
esphome::http_request::OTA_CONNECTION_ERROR
@ OTA_CONNECTION_ERROR
Definition ota_http_request.h:22
esphome::http_request::http_read_fully
HttpReadResult http_read_fully(HttpContainer *container, uint8_t *buffer, size_t total_size, size_t chunk_size, uint32_t timeout_ms)
Read data from HTTP container into buffer with timeout handling Handles feed_wdt, yield,...
Definition http_request.h:287
esphome::http_request::HttpReadStatus::TIMEOUT
@ TIMEOUT
Timeout waiting for data.
esphome::http_request::HttpReadStatus::OK
@ OK
Read completed successfully.
esphome::ota::make_ota_backend
std::unique_ptr< ota::OTABackend > make_ota_backend()
Definition ota_backend_arduino_libretiny.cpp:15
esphome::ota::OTA_RESPONSE_ERROR_MD5_MISMATCH
@ OTA_RESPONSE_ERROR_MD5_MISMATCH
Definition ota_backend.h:39
esphome
Providing packet encoding functions for exchanging data with a remote host.
Definition a01nyub.cpp:7
esphome::format_hex_pretty_char
char format_hex_pretty_char(uint8_t v)
Convert a nibble (0-15) to uppercase hex char (used for pretty printing)
Definition helpers.h:1022
esphome::yield
void HOT yield()
Definition core.cpp:24
esphome::delay
void HOT delay(uint32_t ms)
Definition core.cpp:27
esphome::millis
uint32_t IRAM_ATTR HOT millis()
Definition core.cpp:25
esphome::App
Application App
Global storage of Application pointer - only one Application can exist.
ota_backend.h
ota_backend_arduino_rp2040.h
ota_backend_esp8266.h
ota_backend_esp_idf.h
ota_http_request.h
length
uint16_t length
Definition tt21100.cpp:0
Generated by doxygen 1.12.0