#include "CrossPointWebServer.h" #include #include #include #include "config.h" // Global instance CrossPointWebServer crossPointWebServer; // Folders/files to hide from the web interface file browser // Note: Items starting with "." are automatically hidden static const char* HIDDEN_ITEMS[] = { "System Volume Information", "XTCache" }; static const size_t HIDDEN_ITEMS_COUNT = sizeof(HIDDEN_ITEMS) / sizeof(HIDDEN_ITEMS[0]); // Helper function to escape HTML special characters to prevent XSS static String escapeHtml(const String& input) { String output; output.reserve(input.length() * 1.1); // Pre-allocate with some extra space for (size_t i = 0; i < input.length(); i++) { char c = input.charAt(i); switch (c) { case '&': output += "&"; break; case '<': output += "<"; break; case '>': output += ">"; break; case '"': output += """; break; case '\'': output += "'"; break; default: output += c; break; } } return output; } // HTML page template static const char* HTML_PAGE = R"rawliteral( CrossPoint Reader

📚 CrossPoint Reader

Home File Manager

Device Status

Version %VERSION%
WiFi Status Connected
IP Address %IP_ADDRESS%
Free Memory %FREE_HEAP% bytes

CrossPoint E-Reader • Open Source

)rawliteral"; // File listing page template static const char* FILES_PAGE_HEADER = R"rawliteral( CrossPoint Reader - Files
Home File Manager
)rawliteral"; static const char* FILES_PAGE_FOOTER = R"rawliteral(

CrossPoint E-Reader • Open Source

)rawliteral"; CrossPointWebServer::CrossPointWebServer() {} CrossPointWebServer::~CrossPointWebServer() { stop(); } void CrossPointWebServer::begin() { if (running) { Serial.printf("[%lu] [WEB] Web server already running\n", millis()); return; } if (WiFi.status() != WL_CONNECTED) { Serial.printf("[%lu] [WEB] Cannot start webserver - WiFi not connected\n", millis()); return; } Serial.printf("[%lu] [WEB] Creating web server on port %d...\n", millis(), port); server = new WebServer(port); if (!server) { Serial.printf("[%lu] [WEB] Failed to create WebServer!\n", millis()); return; } // Setup routes Serial.printf("[%lu] [WEB] Setting up routes...\n", millis()); server->on("/", HTTP_GET, [this]() { handleRoot(); }); server->on("/status", HTTP_GET, [this]() { handleStatus(); }); server->on("/files", HTTP_GET, [this]() { handleFileList(); }); // Upload endpoint with special handling for multipart form data server->on("/upload", HTTP_POST, [this]() { handleUploadPost(); }, [this]() { handleUpload(); }); // Create folder endpoint server->on("/mkdir", HTTP_POST, [this]() { handleCreateFolder(); }); // Delete file/folder endpoint server->on("/delete", HTTP_POST, [this]() { handleDelete(); }); server->onNotFound([this]() { handleNotFound(); }); server->begin(); running = true; Serial.printf("[%lu] [WEB] Web server started on port %d\n", millis(), port); Serial.printf("[%lu] [WEB] Access at http://%s/\n", millis(), WiFi.localIP().toString().c_str()); } void CrossPointWebServer::stop() { if (!running || !server) { return; } server->stop(); delete server; server = nullptr; running = false; Serial.printf("[%lu] [WEB] Web server stopped\n", millis()); } void CrossPointWebServer::handleClient() { static unsigned long lastDebugPrint = 0; if (running && server) { // Print debug every 10 seconds to confirm handleClient is being called if (millis() - lastDebugPrint > 10000) { Serial.printf("[%lu] [WEB] handleClient active, server running on port %d\n", millis(), port); lastDebugPrint = millis(); } server->handleClient(); } } void CrossPointWebServer::handleRoot() { String html = HTML_PAGE; // Replace placeholders with actual values html.replace("%VERSION%", CROSSPOINT_VERSION); html.replace("%IP_ADDRESS%", WiFi.localIP().toString()); html.replace("%FREE_HEAP%", String(ESP.getFreeHeap())); server->send(200, "text/html", html); Serial.printf("[%lu] [WEB] Served root page\n", millis()); } void CrossPointWebServer::handleNotFound() { String message = "404 Not Found\n\n"; message += "URI: " + server->uri() + "\n"; server->send(404, "text/plain", message); } void CrossPointWebServer::handleStatus() { String json = "{"; json += "\"version\":\"" + String(CROSSPOINT_VERSION) + "\","; json += "\"ip\":\"" + WiFi.localIP().toString() + "\","; json += "\"rssi\":" + String(WiFi.RSSI()) + ","; json += "\"freeHeap\":" + String(ESP.getFreeHeap()) + ","; json += "\"uptime\":" + String(millis() / 1000); json += "}"; server->send(200, "application/json", json); } std::vector CrossPointWebServer::scanFiles(const char* path) { std::vector files; File root = SD.open(path); if (!root) { Serial.printf("[%lu] [WEB] Failed to open directory: %s\n", millis(), path); return files; } if (!root.isDirectory()) { Serial.printf("[%lu] [WEB] Not a directory: %s\n", millis(), path); root.close(); return files; } Serial.printf("[%lu] [WEB] Scanning files in: %s\n", millis(), path); File file = root.openNextFile(); while (file) { String fileName = String(file.name()); // Skip hidden items (starting with ".") bool shouldHide = fileName.startsWith("."); // Check against explicitly hidden items list if (!shouldHide) { for (size_t i = 0; i < HIDDEN_ITEMS_COUNT; i++) { if (fileName.equals(HIDDEN_ITEMS[i])) { shouldHide = true; break; } } } if (!shouldHide) { FileInfo info; info.name = fileName; info.isDirectory = file.isDirectory(); if (info.isDirectory) { info.size = 0; info.isEpub = false; } else { info.size = file.size(); info.isEpub = isEpubFile(info.name); } files.push_back(info); } file.close(); file = root.openNextFile(); } root.close(); Serial.printf("[%lu] [WEB] Found %d items (files and folders)\n", millis(), files.size()); return files; } String CrossPointWebServer::formatFileSize(size_t bytes) { if (bytes < 1024) { return String(bytes) + " B"; } else if (bytes < 1024 * 1024) { return String(bytes / 1024.0, 1) + " KB"; } else { return String(bytes / (1024.0 * 1024.0), 1) + " MB"; } } bool CrossPointWebServer::isEpubFile(const String& filename) { String lower = filename; lower.toLowerCase(); return lower.endsWith(".epub"); } void CrossPointWebServer::handleFileList() { String html = FILES_PAGE_HEADER; // Get current path from query string (default to root) String currentPath = "/"; if (server->hasArg("path")) { currentPath = server->arg("path"); // Ensure path starts with / if (!currentPath.startsWith("/")) { currentPath = "/" + currentPath; } // Remove trailing slash unless it's root if (currentPath.length() > 1 && currentPath.endsWith("/")) { currentPath = currentPath.substring(0, currentPath.length() - 1); } } // Get message from query string if present if (server->hasArg("msg")) { String msg = escapeHtml(server->arg("msg")); String msgType = server->hasArg("type") ? escapeHtml(server->arg("type")) : "success"; html += "
" + msg + "
"; } // Hidden input to store current path for JavaScript html += ""; // Scan files in current path first (we need counts for the header) std::vector files = scanFiles(currentPath.c_str()); // Count items int epubCount = 0; int folderCount = 0; size_t totalSize = 0; for (const auto& file : files) { if (file.isDirectory) { folderCount++; } else { if (file.isEpub) epubCount++; totalSize += file.size; } } // Page header with inline breadcrumb and +Add dropdown html += "
"; html += "
"; html += "

📁 File Manager

"; // Inline breadcrumb html += "
"; html += "/"; if (currentPath == "/") { html += "🏠"; } else { html += "🏠"; String pathParts = currentPath.substring(1); // Remove leading / String buildPath = ""; int start = 0; int end = pathParts.indexOf('/'); while (start < (int)pathParts.length()) { String part; if (end == -1) { part = pathParts.substring(start); buildPath += "/" + part; html += "/" + escapeHtml(part) + ""; break; } else { part = pathParts.substring(start, end); buildPath += "/" + part; html += "/" + escapeHtml(part) + ""; start = end + 1; end = pathParts.indexOf('/', start); } } } html += "
"; html += "
"; // +Add dropdown button html += "
"; html += ""; html += "
"; html += ""; html += "
"; html += ""; html += "
"; html += "
"; html += "
"; // end page-header // Contents card with inline summary html += "
"; // Contents header with inline stats html += "
"; html += "

Contents

"; html += ""; html += String(folderCount) + " folder" + (folderCount != 1 ? "s" : "") + ", "; html += String(files.size() - folderCount) + " file" + ((files.size() - folderCount) != 1 ? "s" : "") + ", "; html += formatFileSize(totalSize); html += ""; html += "
"; if (files.empty()) { html += "
This folder is empty
"; } else { html += ""; html += ""; // Sort files: folders first, then epub files, then other files, alphabetically within each group std::sort(files.begin(), files.end(), [](const FileInfo& a, const FileInfo& b) { // Folders come first if (a.isDirectory != b.isDirectory) return a.isDirectory > b.isDirectory; // Then sort by epub status (epubs first among files) if (!a.isDirectory && !b.isDirectory) { if (a.isEpub != b.isEpub) return a.isEpub > b.isEpub; } // Then alphabetically return a.name < b.name; }); for (const auto& file : files) { String rowClass; String icon; String badge; String typeStr; String sizeStr; if (file.isDirectory) { rowClass = "folder-row"; icon = "📁"; badge = "FOLDER"; typeStr = "Folder"; sizeStr = "-"; // Build the path to this folder String folderPath = currentPath; if (!folderPath.endsWith("/")) folderPath += "/"; folderPath += file.name; html += ""; html += ""; html += ""; html += ""; // Escape quotes for JavaScript string String escapedName = file.name; escapedName.replace("'", "\\'"); String escapedPath = folderPath; escapedPath.replace("'", "\\'"); html += ""; html += ""; } else { rowClass = file.isEpub ? "epub-file" : ""; icon = file.isEpub ? "📗" : "📄"; badge = file.isEpub ? "EPUB" : ""; String ext = file.name.substring(file.name.lastIndexOf('.') + 1); ext.toUpperCase(); typeStr = ext; sizeStr = formatFileSize(file.size); // Build file path for delete String filePath = currentPath; if (!filePath.endsWith("/")) filePath += "/"; filePath += file.name; html += ""; html += ""; html += ""; html += ""; // Escape quotes for JavaScript string String escapedName = file.name; escapedName.replace("'", "\\'"); String escapedPath = filePath; escapedPath.replace("'", "\\'"); html += ""; html += ""; } } html += "
NameTypeSizeActions
" + icon + ""; html += "" + escapeHtml(file.name) + "" + badge + "" + typeStr + "" + sizeStr + "
" + icon + "" + escapeHtml(file.name) + badge + "" + typeStr + "" + sizeStr + "
"; } html += "
"; html += FILES_PAGE_FOOTER; server->send(200, "text/html", html); Serial.printf("[%lu] [WEB] Served file listing page for path: %s\n", millis(), currentPath.c_str()); } // Static variables for upload handling static File uploadFile; static String uploadFileName; static String uploadPath = "/"; static size_t uploadSize = 0; static bool uploadSuccess = false; static String uploadError = ""; void CrossPointWebServer::handleUpload() { HTTPUpload& upload = server->upload(); if (upload.status == UPLOAD_FILE_START) { uploadFileName = upload.filename; uploadSize = 0; uploadSuccess = false; uploadError = ""; // Get upload path from query parameter (defaults to root if not specified) // Note: We use query parameter instead of form data because multipart form // fields aren't available until after file upload completes if (server->hasArg("path")) { uploadPath = server->arg("path"); // Ensure path starts with / if (!uploadPath.startsWith("/")) { uploadPath = "/" + uploadPath; } // Remove trailing slash unless it's root if (uploadPath.length() > 1 && uploadPath.endsWith("/")) { uploadPath = uploadPath.substring(0, uploadPath.length() - 1); } } else { uploadPath = "/"; } Serial.printf("[%lu] [WEB] Upload start: %s to path: %s\n", millis(), uploadFileName.c_str(), uploadPath.c_str()); // Validate file extension if (!isEpubFile(uploadFileName)) { uploadError = "Only .epub files are allowed"; Serial.printf("[%lu] [WEB] Upload rejected - not an epub file\n", millis()); return; } // Create file path String filePath = uploadPath; if (!filePath.endsWith("/")) filePath += "/"; filePath += uploadFileName; // Check if file already exists if (SD.exists(filePath.c_str())) { Serial.printf("[%lu] [WEB] Overwriting existing file: %s\n", millis(), filePath.c_str()); SD.remove(filePath.c_str()); } // Open file for writing uploadFile = SD.open(filePath.c_str(), FILE_WRITE); if (!uploadFile) { uploadError = "Failed to create file on SD card"; Serial.printf("[%lu] [WEB] Failed to create file: %s\n", millis(), filePath.c_str()); return; } Serial.printf("[%lu] [WEB] File created: %s\n", millis(), filePath.c_str()); } else if (upload.status == UPLOAD_FILE_WRITE) { if (uploadFile && uploadError.isEmpty()) { size_t written = uploadFile.write(upload.buf, upload.currentSize); if (written != upload.currentSize) { uploadError = "Failed to write to SD card - disk may be full"; uploadFile.close(); Serial.printf("[%lu] [WEB] Write error - expected %d, wrote %d\n", millis(), upload.currentSize, written); } else { uploadSize += written; } } } else if (upload.status == UPLOAD_FILE_END) { if (uploadFile) { uploadFile.close(); if (uploadError.isEmpty()) { uploadSuccess = true; Serial.printf("[%lu] [WEB] Upload complete: %s (%d bytes)\n", millis(), uploadFileName.c_str(), uploadSize); } } } else if (upload.status == UPLOAD_FILE_ABORTED) { if (uploadFile) { uploadFile.close(); // Try to delete the incomplete file String filePath = uploadPath; if (!filePath.endsWith("/")) filePath += "/"; filePath += uploadFileName; SD.remove(filePath.c_str()); } uploadError = "Upload aborted"; Serial.printf("[%lu] [WEB] Upload aborted\n", millis()); } } void CrossPointWebServer::handleUploadPost() { if (uploadSuccess) { server->send(200, "text/plain", "File uploaded successfully: " + uploadFileName); } else { String error = uploadError.isEmpty() ? "Unknown error during upload" : uploadError; server->send(400, "text/plain", error); } } void CrossPointWebServer::handleCreateFolder() { // Get folder name from form data if (!server->hasArg("name")) { server->send(400, "text/plain", "Missing folder name"); return; } String folderName = server->arg("name"); // Validate folder name if (folderName.isEmpty()) { server->send(400, "text/plain", "Folder name cannot be empty"); return; } // Get parent path String parentPath = "/"; if (server->hasArg("path")) { parentPath = server->arg("path"); if (!parentPath.startsWith("/")) { parentPath = "/" + parentPath; } if (parentPath.length() > 1 && parentPath.endsWith("/")) { parentPath = parentPath.substring(0, parentPath.length() - 1); } } // Build full folder path String folderPath = parentPath; if (!folderPath.endsWith("/")) folderPath += "/"; folderPath += folderName; Serial.printf("[%lu] [WEB] Creating folder: %s\n", millis(), folderPath.c_str()); // Check if already exists if (SD.exists(folderPath.c_str())) { server->send(400, "text/plain", "Folder already exists"); return; } // Create the folder if (SD.mkdir(folderPath.c_str())) { Serial.printf("[%lu] [WEB] Folder created successfully: %s\n", millis(), folderPath.c_str()); server->send(200, "text/plain", "Folder created: " + folderName); } else { Serial.printf("[%lu] [WEB] Failed to create folder: %s\n", millis(), folderPath.c_str()); server->send(500, "text/plain", "Failed to create folder"); } } void CrossPointWebServer::handleDelete() { // Get path from form data if (!server->hasArg("path")) { server->send(400, "text/plain", "Missing path"); return; } String itemPath = server->arg("path"); String itemType = server->hasArg("type") ? server->arg("type") : "file"; // Validate path if (itemPath.isEmpty() || itemPath == "/") { server->send(400, "text/plain", "Cannot delete root directory"); return; } // Ensure path starts with / if (!itemPath.startsWith("/")) { itemPath = "/" + itemPath; } // Security check: prevent deletion of protected items String itemName = itemPath.substring(itemPath.lastIndexOf('/') + 1); // Check if item starts with a dot (hidden/system file) if (itemName.startsWith(".")) { Serial.printf("[%lu] [WEB] Delete rejected - hidden/system item: %s\n", millis(), itemPath.c_str()); server->send(403, "text/plain", "Cannot delete system files"); return; } // Check against explicitly protected items for (size_t i = 0; i < HIDDEN_ITEMS_COUNT; i++) { if (itemName.equals(HIDDEN_ITEMS[i])) { Serial.printf("[%lu] [WEB] Delete rejected - protected item: %s\n", millis(), itemPath.c_str()); server->send(403, "text/plain", "Cannot delete protected items"); return; } } // Check if item exists if (!SD.exists(itemPath.c_str())) { Serial.printf("[%lu] [WEB] Delete failed - item not found: %s\n", millis(), itemPath.c_str()); server->send(404, "text/plain", "Item not found"); return; } Serial.printf("[%lu] [WEB] Attempting to delete %s: %s\n", millis(), itemType.c_str(), itemPath.c_str()); bool success = false; if (itemType == "folder") { // For folders, try to remove (will fail if not empty) File dir = SD.open(itemPath.c_str()); if (dir && dir.isDirectory()) { // Check if folder is empty File entry = dir.openNextFile(); if (entry) { // Folder is not empty entry.close(); dir.close(); Serial.printf("[%lu] [WEB] Delete failed - folder not empty: %s\n", millis(), itemPath.c_str()); server->send(400, "text/plain", "Folder is not empty. Delete contents first."); return; } dir.close(); } success = SD.rmdir(itemPath.c_str()); } else { // For files, use remove success = SD.remove(itemPath.c_str()); } if (success) { Serial.printf("[%lu] [WEB] Successfully deleted: %s\n", millis(), itemPath.c_str()); server->send(200, "text/plain", "Deleted successfully"); } else { Serial.printf("[%lu] [WEB] Failed to delete: %s\n", millis(), itemPath.c_str()); server->send(500, "text/plain", "Failed to delete item"); } }