From eBower Wiki
Jump to: navigation, search
(Google+ Authentication)
(Google+ Authentication)
Line 34: Line 34:
  
 
You can see <tt>index.php</tt> to see how to present the button, and <tt>insteon.php</tt> to see how I check the token against Google's APIs and then set a PHP session to let it flow through to other pages without needing additional API calls.
 
You can see <tt>index.php</tt> to see how to present the button, and <tt>insteon.php</tt> to see how I check the token against Google's APIs and then set a PHP session to let it flow through to other pages without needing additional API calls.
 +
 +
= Usage =
 +
 +
Just open it up and you'll see a web page that displays a summary of all of your devices. I default to four per row, but you can change this by editing <tt>$dev_per_row</tt> in <tt>insteon.php</tt>. The icons are designed to give you a nice, intuitive overview with basic black shapes differentiating between fan controllers and light controllers. There's an off-white circle that appears if a light is on, it will be filled with the level of the light if it's a dimmer. Fans will be animated if they're on, with a fan level indicator in the lower right.
 +
 +
The page is just a snapshot in time, it doesn't automatically update. However in the upper right is a blue refresh icon that will update that device. Updating all devices at once is easier with a page refresh.
 +
 +
Clicking the green power icon in the lower left of the device will bring up a device-specific remote. Clicking buttons should work in (near) realtime and the device will be refreshed when you close the remote (by clicking off the remote).
 +
 +
= Bugs and To-Do List =
 +
 +
* Refreshing the main page prompts for a submission of form data (the Google+ ID token). I should use a forwarding page for this and rely on PHP session data, but I'm not familiar enough with PHP sessions to tell if they're secure enough. This will also fix an issue with token expiration forcing a login to refresh it periodically.
 +
* Changing the fan speed will cause an error the next time the light level is read. Clicking refresh will clear the error.
 +
* I display dimmer information but I don't allow setting anything other than on/off.
 +
* On Android devices some light icons appear off-center.
 +
* There is no support for scenes or adding devices. This is not something I use so it may be a community-driven feature.

Revision as of 11:47, 7 March 2015

Unhappy with the security around the INSTEON Hub, I decided I wanted to front end it with a secure, modern webserver. I made the following assumptions:

  • I don't want to deal with password management, I want to use an OpenID(-like) solution.
  • All webservers should be TLS encrypted, even if there is no secure content.
  • I have a webserver on my home network that's world-accessible.
  • The webserver is a modern Linux system running php5.
  • I can either attach the Hub to a dedicated network on my webserver or rely on my router to filter traffic to it from only acceptable IP addresses.
  • I use an original Hub, however most of the code is abstracted that adding support for other controllers (or even WEMO via the [ouimeaux https://github.com/iancmcc/ouimeaux] libraries) should be easy enough.
  • The only browser I tested with is Chrome, but much of it is basic Javascript/HTML so other browsers should work.

Installation

Unpack the files into /var/www/insteon/ or the directory of your choice.

Edit insteon.conf to include your Hub information.

Edit insteon.ini, we're only interested in the [devices] section as of now. You can delete the sample entries, the format is:

short_name=insteon_id,device_details,friendly_name
short_name 
A short form of the device name, keep it small, unique, and one word. This is no longer used except as a key.
insteon_id 
The INSTEON ID, usually printed on the device or visible from the app. Use a format that's not mistakable for a number, like xx.xx.xx or xx:xx:xx.
device_details 
The product code for the device, visible from the app and provides a way to identify the type and version of the device. Today I just use this to determine if the device is a dimmer or one of my fan modules, but in theory device-specific icons and behavior are possible.
friendly_name 
What will be displayed in the UI. Avoid commas, but most other characters should be fine.

Google+ Authentication

Storing passwords locally is a Very Bad Idea™ unless you're a full-time IT guy. Password reuse is a big problem, and no matter what you think you're storing your passwords incorrectly. So is Google, but they have a large team of full-time IT guys on it. And you can use their password database to make sure there's one less password (including 2FA) you need to remember.

I choose the Google+ Sign-In mechanism. First, go to the Google Developers Console and follow this workflow. Once you're done, under APIs and Auth you can click "credentials." Find the "Client ID" (it looks like a mess of random characters ending in .apps.googleusercontent.com) and copy that value to the client ID in /etc/insteon.ini.

Now you should be able to open up the /insteon page on your web server and see the Google+ login button. Click on it, and log in. You'll be presented with a "Sorry, not authorized." message including your user ID. You can view your profile by entering that ID after https://plus.google.com/. If things are working, you can add that ID to /etc/insteon.ini as a unique user under the [valid_users] section (deleting the placeholders).

Finally, try refreshing the page and see if you can log in.

You can see index.php to see how to present the button, and insteon.php to see how I check the token against Google's APIs and then set a PHP session to let it flow through to other pages without needing additional API calls.

Usage

Just open it up and you'll see a web page that displays a summary of all of your devices. I default to four per row, but you can change this by editing $dev_per_row in insteon.php. The icons are designed to give you a nice, intuitive overview with basic black shapes differentiating between fan controllers and light controllers. There's an off-white circle that appears if a light is on, it will be filled with the level of the light if it's a dimmer. Fans will be animated if they're on, with a fan level indicator in the lower right.

The page is just a snapshot in time, it doesn't automatically update. However in the upper right is a blue refresh icon that will update that device. Updating all devices at once is easier with a page refresh.

Clicking the green power icon in the lower left of the device will bring up a device-specific remote. Clicking buttons should work in (near) realtime and the device will be refreshed when you close the remote (by clicking off the remote).

Bugs and To-Do List

  • Refreshing the main page prompts for a submission of form data (the Google+ ID token). I should use a forwarding page for this and rely on PHP session data, but I'm not familiar enough with PHP sessions to tell if they're secure enough. This will also fix an issue with token expiration forcing a login to refresh it periodically.
  • Changing the fan speed will cause an error the next time the light level is read. Clicking refresh will clear the error.
  • I display dimmer information but I don't allow setting anything other than on/off.
  • On Android devices some light icons appear off-center.
  • There is no support for scenes or adding devices. This is not something I use so it may be a community-driven feature.