Post PW Upgrade to 21.20.2

[natrlhy]

Looks like I got upgraded to 21.20.2 for my Powerwalls sometime last night.

For my solar graph it doesn't seem to be collecting data normally. Not sure how/where to troubleshoot.

[natrlhy]

Seems that the Powerwall data is matching the Home output data. here's all my graphs:

Gateway is fine:

[natewalck]

I can confirm my data has stopped flowing as well. Tesla must have changed something upstream again.

[rhodesman]

I encountered the same issue. I have not been able to confirm the new API endpoints....yet. If anyone discovered how to get them again, please post it here. Thanks

[natewalck]

I poked at the new APIs a while back, but since that bash script was working, I stopped spending time on it 🤣. The new auth is a tiny bit more complicated, but I think it is doable (and several libraries are doing work on the car side of the API).

[natrlhy]

I'm using the docker port of your project and the author of that project is looking into the cookie creation portion here: https://github.com/liveaverage/docker-powerwall-dashboard/issues/15

[liveaverage]

Posting here as well for those not using the container images:

Request payload structure changed and the force_sm_off parameter may be breaking auth ... I'll merge changes and it should be working in a few:

This is working for cookie requests (identified by inspecting JSON request payload):

{"username": "customer", "password": "$PASSWORD", "email": "$EMAIL"}

This isn't:

 {"username": "$USERNAME", "password": "$PASSWORD", "email":"$EMAIL", "force_sm_off":false}

[rhodesman]

@liveaverage you beat me to it! I literally just spent the last 30 minutes finding this out. thank you for your help!

[liveaverage]

@rhodesman that might not be the only issue... I can now generate a cookie without issue but I am receiving 403's attempting to use the cookie against the aggregates or soe endpoints :(

curl -k -c /var/tmp/PWcookie.txt https://192.168.1.92/api/meters/aggregates
{"code":403,"error":"Unable to GET to resource","message":"User does not have adequate access rights"}

[rhodesman]

this works for me but I'm still stuck trying to get the cookies saved correctly.
curl --location --request GET 'https://10.0.10.220/api/meters/aggregates' \ --header 'Cookie: AuthCookie=[authCookie here]; UserRecord=[user key here]' Biut I can only do this manually using postman and not within my node app...yet

[liveaverage]

ahhhhhh. Bearer token is needed (which is returned from the initial auth request) 🤦

This is working now...

## Create your cookie and token:
 export TOKEN=`curl -s -k -c /var/tmp/PWCookie.txt -X POST -H "Content-Type: application/json" -d "{\"username\":\"customer\",\"password\":\"${PASSWORD}\", \"email\":\"Lt.Dan@bubbagump.com\"}" "https://192.168.1.92/api/login/Basic" | jq -r '.token'`

## Make sure it's there:
echo $TOKEN

## Use your bearer token:
 curl -k -b /var/tmp/PWCookie.txt -H "Authorization: Bearer $TOKEN" https://192.168.1.92/api/meters/aggregates

[rhodesman]

I'm stuck with Nodejs unable to proceed due to SSL cert issues. how are you getting past this problem?

Error: unable to verify the first certificate

[liveaverage]

Unfortunately I'm not using nodejs on my project -- it's exclusively InfluxDB, telegraf, and grafana.... are you referencing the self-signed cert from the Powerwall for validation, or setting something like NODE_TLS_REJECT_UNAUTHORIZED to 0 or false?

[rhodesman]

@liveaverage my nodejs module is now acting as the authentication layer for the power walls and passing the api data into influxdb. I have the code working now on my local build and after some more extensive testing I will merge my local build with GitHub and everyone will be able to get past the most recent security wall.

[liveaverage]

@rhodesman just a note I'm still working through some issues testing on my side... auth is not an issue any more, but hitting my Powerwall via DNS name/alias using curl, telegraf, etc. is not working -- IP address works fine but forcing this removes a layer of abstraction using a docker image hostname override... Regardless of where I attempt to curl (Windows, Docker container, RHEL/Centos sys, etc.) I'm receiving the following error:

 curl https://teslapw -k -v
* Rebuilt URL to: https://teslapw/
*   Trying 192.168.1.92...
* TCP_NODELAY set
* Connected to teslapw (192.168.1.92) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to teslapw:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to teslapw:443

This actually works, but powerwall matches a subject alt name on the certificate:

curl -k -v --resolve powerwall:443:192.168.1.92 https://powerwall

I'm wondering if the latest update toggled SNI ...

[natewalck]

I can confirm that when using update-powerwall-cookie.sh, removing "force_sm_off":false makes it work again.

[natrlhy]

What other edits need to be made to get it working?

[rhodesman]

@natrlhy i will have an update pushed tomorrow that will address all this. I had to essentially redo the entire nodejs project to accommodate the new Tesla security. This update will essentially be v3.0.0 of my nodejs app. Stay tuned!

[blharveymi]

good afternoon. Any update on the fixes?

[natrlhy]

@blharveymi I'm back up and running. I'm using the container based method to run this project as it's easier to setup and maintain:

https://github.com/liveaverage/docker-powerwall-dashboard

[blharveymi]

@natrlhy thanks I am looking into it now and trying to figure out how to get it going locally right now. Very new to containers and docker. I got the repo downloaded, ran docker build -t tesla-power-dash, and now trying to figure out the next step in the readme. thinking doing those exports to a .sh or should this be a docker-compose.yml

[natrlhy]

@blharveymi I use docker-compose. Feel it's easier to manage that long commands

Sample of my yml file is here: https://github.com/liveaverage/docker-powerwall-dashboard/pull/17#issuecomment-874950525

Just change:

extra_hosts to powerwall:<your powerwall IP>
POWERWALL_PASS
POWERWALL_LOCATION

cd to the directory you want to save the docker-compose.yml file. I created ~/docker/PowerDash on my raspberry Pi 4 And run: docker-compose up -d

This will pull the latest version, start it and since I specify the volumes to be in the current working directory in the yml file it will create the volumes there.

[rhodesman]

good afternoon. Any update on the fixes?

my apologies on the (failed) timing. I am trying to get something pushed...soon. Just need to edit out my personal information from the code and I haven't had time to do that yet.

[blharveymi]

All good rhodesman! This is your own side project so no issues. Was just curious since it was mentioned :)

Sent from my iPhone

On Jul 7, 2021, at 2:33 PM, Jason Rhodes @.***> wrote:

 good afternoon. Any update on the fixes?

my apologies on the (failed) timing. I am trying to get something pushed...soon. Just need to edit out my personal information from the code and I haven't had time to do that yet.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

[rhodesman]

I was working on this just now and forgot I had built the GitHub code a little differently than my local config (mainly because of how I'm handling the removal of my personal info). So with that, I have a HOTFIX to get you guys back up and running while I work on this code base to marry the updates to each other.

go into the folder /middleware/api/controllers in that directory is a single file appController.js. Open that folder in a text/code editor (not a word processor) and replace all the code in there with this code. All you need to do is edit this code for your setup. You'll need to add in your Powerwall's IP address, and the email and password you setup for the "customer" profile on the Powerwalls.

const request = require("request");
var fs = require("fs");

var access_token;

exports.get_token_data = function (req, res, next) {
  var expDate;
  var todayDate = new Date().getTime()/1000|0;
  fs.readFile("settings.json", function read(err, rawdata) {
    if (err) {
      res.json('204', '', '');
    }
    var data = JSON.parse(rawdata);
    requestNewToken(function(newTokenBody) {
      console.log("Token Updated");
      res.send(newTokenBody);
    });

  });
};

function requestNewToken(callback) {
  var options = {
    'method': 'POST',
    'url': 'https://[POWERWALL IP ADDRESS]/api/login/Basic',
    'headers': {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      "username": "customer",
      "password": "[ADD POWERWALL PASSWORD]",
      "email": "[ADD POWERWALL EMAIL]"
    })

  };
  request(options, function (error, response) {
    if (error) throw new Error(error);
    //console.log(response.body);
    fs.writeFile("setup/pwSettings.json", response.body, (err) => {
      if (err) throw err;
    });
    var data = JSON.parse(response.body);

    access_token = data.token;

    callback(response.body);
  });
}

exports.get_live_status = function (req, res, next) {
  getAPIdata("https://[POWERWALL IP ADDRESS]/api/meters/aggregates",function(dataBody) {
    res.send(dataBody);
  });

};

exports.get_site_info = function (req, res, next) {
  getAPIdata("https://[POWERWALL IP ADDRESS]/api/site_info",function(dataBody) {
    res.send(dataBody);
  });
};

exports.get_solar = function (req, res, next) {
  getAPIdata("https://[POWERWALL IP ADDRESS]/api/meters/solar",function(dataBody) {
    res.send(dataBody);
  });
};

exports.get_site = function (req, res, next) {
  getAPIdata("https://[POWERWALL IP ADDRESS]/api/meters/site",function(dataBody) {
    res.send(dataBody);
  });
};

exports.get_load = function (req, res, next) {
  getAPIdata("https://[POWERWALL IP ADDRESS]/api/meters/load",function(dataBody) {
    res.send(dataBody);
  });
};

exports.get_status = function (req, res, next) {
  getAPIdata("https://[POWERWALL IP ADDRESS]/api/system_status/grid_status",function(dataBody) {
    res.send(dataBody);
  });
};

exports.get_master = function (req, res, next) {
  getAPIdata("https://[POWERWALL IP ADDRESS]/api/sitemaster",function(dataBody) {
    res.send(dataBody);
  });
};

exports.get_batt = function (req, res, next) {
  getAPIdata("https://[POWERWALL IP ADDRESS]/api/system_status/soe",function(dataBody) {
    res.send(dataBody);
  });
};

function getAPIdata(teslaUrl, callback) {
  var options = {
    "url": teslaUrl,
    "method": "GET",
    'headers': {
      'Authorization': 'Bearer ' + access_token
    }
  };
  request(options, function (error, response, body) {
    console.log(options);
    if (error) {
      console.log(error);
    }
    callback(body);
  });
}

[rhodesman]

@blharveymi & @natrlhy I have updated the GitHub code. The new middleware API uses the new Token authentication system and is a little more "automated" as it should open a browser window automatically and load up the settings page on first load. The code is a bit of a mess right now as I was copy/pasta-ing all over the place.

Code cleanup and optimization are my next steps but I can confirm it does work (on my test system) for now. If you have any problems, just let me know.

[rhodesman]

I'm closing this ticket now. Please open a new ticket if other help is needed.