Merge remote-tracking branch 'upstream/master'

2026-03-16 13:20:56 +00:00 · 2016-02-22 08:53:35 +01:00
parent 40fc7acbed 0b28387cb1
commit 16a29f302d
3 changed files with 27 additions and 5 deletions
--- a/lib/cli.js
+++ b/lib/cli.js
@@ -10,15 +10,30 @@ var log = require("./logger")._system;

 module.exports = function() {

+  var insecureAccess = false;
+
  program
    .version(version)
    .option('-P, --plugin-path [path]', 'look for plugins installed at [path] as well as the default locations ([path] can also point to a single plugin)', function(p) { Plugin.addPluginPath(p); })
    .option('-U, --user-storage-path [path]', 'look for homebridge user files at [path] instead of the default location (~/.homebridge)', function(p) { User.setStoragePath(p); })
    .option('-D, --debug', 'turn on debug level logging', function() { require('./logger').setDebugEnabled(true) })
+    .option('-I, --insecure', 'allow unauthenticated requests (for easier hacking)', function() { insecureAccess = true })
    .parse(process.argv);

  // Initialize HAP-NodeJS with a custom persist directory
  hap.init(User.persistPath());
  
-  new Server().run();
+  var server = new Server(insecureAccess);
+
+  var signals = { 'SIGINT': 2, 'SIGTERM': 15 };
+  Object.keys(signals).forEach(function (signal) {
+    process.on(signal, function () {
+      log.info("Got %s, shutting down Homebridge...", signal);
+
+      // FIXME: Shut down server cleanly
+      process.exit(128 + signals[signal]);
+    });
+  });
+
+  server.run();
 }
--- a/lib/server.js
+++ b/lib/server.js
@@ -19,11 +19,18 @@ module.exports = {
  Server: Server
 }

-function Server() {
+function Server(insecureAccess) {
  this._api = new API(); // object we feed to Plugins
  this._plugins = this._loadPlugins(); // plugins[name] = Plugin instance
  this._config = this._loadConfig();
  this._bridge = this._createBridge();
+
+  // Server is "secure by default", meaning it creates a top-level Bridge accessory that
+  // will not allow unauthenticated requests. This matches the behavior of actual HomeKit
+  // accessories. However you can set this to true to allow all requests without authentication,
+  // which can be useful for easy hacking. Note that this will expose all functions of your
+  // bridged accessories, like changing charactersitics (i.e. flipping your lights on and off).
+  this._allowInsecureAccess = insecureAccess || false;
 }

 Server.prototype.run = function() {
@@ -52,7 +59,7 @@ Server.prototype._publish = function() {
    port: bridgeConfig.port || 51826,
    pincode: bridgeConfig.pin || "031-45-154",
    category: Accessory.Categories.BRIDGE
-  });
+  }, this._allowInsecureAccess);

  log.info("Homebridge is running on port %s.", bridgeConfig.port || 51826);
 }
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "homebridge",
  "description": "HomeKit support for the impatient",
-  "version": "0.2.16",
+  "version": "0.2.18",
  "scripts": {
    "dev": "DEBUG=* ./bin/homebridge -D -P example-plugins/ || true"
  },
@@ -31,7 +31,7 @@
  "dependencies": {
    "chalk": "^1.1.1",
    "commander": "2.8.1",
-    "hap-nodejs": "0.1.1",
+    "hap-nodejs": "0.2.3",
    "semver": "5.0.3"
  }
 }