h0bb3
commented
7 months ago Brief discussion with @Leitet
We likely want to limit what the ble service can access - i.e. a limited version of the API (e.g. reading modbus but not writing). To some degree this depends on what we want to be able to do in the ble client v.s. other types of clients (e.g. Homeassistant).
It could also be the case that we want to make some endpoints specific for the ble service i.e setting the wifi?
we likely want to limit the announce time with the gpio button.
Pin code and wallet stuff could make things more complex - and will tie ble service to a single user (at least if we use wallet signing) Depending on how the wallet API works maybe all transactions need to be signed and this would be a hassle.
The ble service can be connected to by anyone within ble reach. The service is currently announcing itself indefinitely and basically anyone could connect and control the gateway using the API.
I would say that this is maybe not super good.
There are some options.
Limit the announcement of the gatt service - gpio button could make this pretty smooth. Maybe also do this via the API? The downside is that you must activate the announcement before you connect.
Limit what can be done using the ble service. Atm you can do anything the API allows - maybe this is not good?
Use some form of authentication i.e. pin code (or maybe the walled public key can be used in some way, e.g sending a signed message from the ble client to the service (that already has been initated with the public key)
Simple auth via some pin/code