Web Server Design Specification¶

This document specifies the design of the ESP32 web server component that provides HTTP-based user interface, WiFi configuration, and device configuration capabilities.

Architecture Overview¶

Design Specification: Web Server Architecture SPEC_WEB_ARCH_1

status: approved

tags: web, architecture

links outgoing: REQ_WEB_1, REQ_WEB_2, REQ_WEB_3, REQ_WEB_CONF_1

Overview: The web server component provides a layered HTTP server architecture based on ESP-IDF’s esp_http_server library. It serves three main pages (dashboard, WiFi setup, settings) plus REST API endpoints.

Architecture Layers:

ESP-IDF HTTP Server Layer: - httpd_start() with custom config (port, max connections, LRU purge) - Event-driven non-blocking connection handling - URI handler registration system
Static Content Layer: - HTML/CSS/JS files embedded in flash using EMBED_FILES - Binary symbols generated at build time (_binary_xxx_start/end) - MIME type detection based on file extension - Cache control headers (no-cache for development)
REST API Layer: - WiFi management endpoints (/scan, /connect, /status, /reset) - Configuration endpoints (/api/config, /api/config/reset) - System health endpoint (/api/system/health) - JSON request/response using cJSON library
Integration Layer: - Calls to wifi_manager component for WiFi operations - Calls to config_manager component for configuration access - Error code mapping from ESP-IDF to HTTP status codes

Component Dependencies:

wifi_manager: WiFi connection state, credentials, scanning
config_manager: Configuration read/write, factory reset
esp_http_server: HTTP protocol handling
cJSON: JSON serialization/deserialization
cert_handler: HTTPS support (future)

Data Flow Example (Schema-Driven Configuration Update):

Browser GET /api/config/schema
  ↓
schema_get_handler() → config_get_schema_json()
  ↓
Return embedded config_schema.json
  ↓
Browser generates dynamic form from schema
  ↓
Browser POST /api/config (flat JSON)
  ↓
config_set_handler() → config_set_all_from_json()
  ↓
Config manager parses JSON using schema for type validation
  ↓
Bulk NVS write (all fields, single commit)
  ↓
Return HTTP 200 with success response

Static File Embedding¶

Design Specification: Static File Embedding Strategy SPEC_WEB_STATIC_1

status: approved

tags: web, build, embedding

links outgoing: REQ_WEB_1, REQ_WEB_2, REQ_WEB_3, REQ_WEB_NF_1

Problem: ESP32 has no filesystem by default. HTML/CSS/JS files must be embedded in firmware flash.

Solution: Use ESP-IDF’s EMBED_FILES CMake directive to convert static files into binary symbols at build time.

CMakeLists.txt Configuration:

idf_component_register(
    SRCS "web_server.c" "wifi_manager.c"
    INCLUDE_DIRS "."
    EMBED_FILES
        "www/index.html"
        "www/wifi-setup.html"
        "www/settings.html"
        "www/favicon.svg"
        "www/css/style.css"
        "www/js/app.js"
    REQUIRES
        config_manager
        esp_wifi
        esp_http_server
        json
)

Generated Binary Symbols:

For each file path/to/file.ext, CMake generates:

_binary_file_ext_start: Pointer to start of file data
_binary_file_ext_end: Pointer to end of file data

C Code Access:

extern const uint8_t index_html_start[] asm("_binary_index_html_start");
extern const uint8_t index_html_end[] asm("_binary_index_html_end");

size_t size = index_html_end - index_html_start;
httpd_resp_send(req, (const char*)index_html_start, size);

File Lookup Function:

The get_embedded_file() function maps URI paths to embedded file symbols:

static esp_err_t get_embedded_file(const char *filename,
                                   const uint8_t **data,
                                   size_t *size)
{
    // Strip query parameters (?v=2 for cache busting)
    char clean_filename[128];
    strncpy(clean_filename, filename, sizeof(clean_filename) - 1);
    char *query = strchr(clean_filename, '?');
    if (query != NULL) *query = '\0';

    if (strcmp(clean_filename, "/index.html") == 0) {
        *data = index_html_start;
        *size = index_html_end - index_html_start;
    }
    // ... more file mappings ...
    else {
        return ESP_ERR_NOT_FOUND;
    }
    return ESP_OK;
}

MIME Type Detection:

static const char *get_mime_type(const char *filename)
{
    const char *ext = strrchr(filename, '.');
    if (strcmp(ext, ".html") == 0) return "text/html";
    if (strcmp(ext, ".css") == 0) return "text/css";
    if (strcmp(ext, ".js") == 0) return "application/javascript";
    if (strcmp(ext, ".svg") == 0) return "image/svg+xml";
    if (strcmp(ext, ".json") == 0) return "application/json";
    return "text/plain";
}

Cache Control:

For template/development, caching is disabled:

httpd_resp_set_hdr(req, "Cache-Control", "no-cache, no-store, must-revalidate");
httpd_resp_set_hdr(req, "Pragma", "no-cache");
httpd_resp_set_hdr(req, "Expires", "0");

URI Routing and Handlers¶

Design Specification: URI Routing Table SPEC_WEB_ROUTES_1

status: approved

tags: web, routing

links outgoing: REQ_WEB_4, REQ_WEB_5

Handler Registration:

All URI handlers are registered in web_server_init() using httpd_register_uri_handler().

Main Pages:

URI	HTTP Method	Handler Function	Purpose
`/`	GET	`root_handler()`	Dashboard (redirects to /index.html)
`/index.html`	GET	`static_file_handler()`	Main dashboard page
`/wifi-setup.html`	GET	`static_file_handler()`	WiFi configuration page
`/settings.html`	GET	`static_file_handler()`	Device settings page
`/config`	GET	`config_handler()`	Captive portal redirect (→ /wifi-setup.html)

Static Assets:

URI	HTTP Method	Handler Function	Content Type
`/css/style.css`	GET	`static_file_handler()`	text/css
`/js/app.js`	GET	`static_file_handler()`	application/javascript
`/favicon.svg`	GET	`static_file_handler()`	image/svg+xml
`/favicon.ico`	GET	`static_file_handler()`	image/svg+xml (alias)

WiFi Management API:

URI	HTTP Method	Handler Function	Purpose
`/scan`	GET	`scan_handler()`	WiFi network scan
`/connect`	POST	`connect_handler()`	Connect to WiFi network
`/reset`	POST	`reset_handler()`	Clear WiFi credentials, restart
`/api/status`	GET	`wifi_status_handler()`	WiFi status (SSID, RSSI, mode)

Configuration Management API:

URI	HTTP Method	Handler Function	Purpose
`/api/config/schema`	GET	`schema_get_handler()`	Get JSON schema for UI generation
`/api/config`	GET	`config_get_handler()`	Get all configuration values (bulk)
`/api/config`	POST	`config_set_handler()`	Update configuration values (bulk)
`/api/config/reset`	POST	`config_reset_handler()`	Factory reset configuration

System Diagnostics API:

URI	HTTP Method	Handler Function	Purpose
`/api/system/health`	GET	`system_health_handler()`	System diagnostics (uptime, memory, health)

CORS Support:

URI	HTTP Method	Handler Function	Purpose
`/api/*`	OPTIONS	`cors_preflight_handler()`	CORS preflight

Handler Registration Pattern:

httpd_uri_t scan_uri = {
    .uri = "/scan",
    .method = HTTP_GET,
    .handler = scan_handler,
    .user_ctx = NULL
};
esp_err_t ret = httpd_register_uri_handler(server, &scan_uri);
ESP_LOGI(TAG, "Registered handler for '/scan' - %s",
         ret == ESP_OK ? "OK" : esp_err_to_name(ret));

Configuration:

max_uri_handlers: 32 (increased from default 8)
lru_purge_enable: true (automatically remove least recently used handlers if limit reached)

Configuration API Design¶

Design Specification: Configuration API Endpoints SPEC_WEB_REST_CFG_1

status: approved

tags: web, api, config, schema

links outgoing: REQ_WEB_CONF_1, REQ_WEB_SCHEMA_1

Architecture: The web server provides HTTP transport for configuration operations. All configuration logic is delegated to the config manager component.

Endpoints:

GET /api/config/schema - Retrieve JSON schema for UI generation
GET /api/config - Retrieve all configuration values
POST /api/config - Update configuration values

—

Endpoint: GET /api/config/schema

Purpose: Return JSON schema for frontend UI generation

Request: None

Response (200 OK):

{
  "title": "ESP32 Device Configuration",
  "version": "1.0.0",
  "fields": [
    {
      "key": "wifi_ssid",
      "type": "string",
      "label": "WiFi Network Name",
      "default": "",
      "required": false,
      "maxLength": 63,
      "group": "wifi"
    },
    {
      "key": "ap_ssid",
      "type": "string",
      "label": "AP SSID",
      "default": "ESP32-Setup",
      "required": true,
      "maxLength": 32,
      "group": "ap"
    }
  ]
}

Implementation:

static esp_err_t schema_get_handler(httpd_req_t *req)
{
    httpd_resp_set_hdr(req, "Content-Type", "application/json");
    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");

    char *schema_json = NULL;
    esp_err_t ret = config_get_schema_json(&schema_json);
    if (ret != ESP_OK) {
        httpd_resp_send_err(req, HTTPD_500_INTERNAL_SERVER_ERROR,
                            "Failed to load configuration schema");
        return ESP_FAIL;
    }

    httpd_resp_send(req, schema_json, HTTPD_RESP_USE_STRLEN);
    // Note: schema_json points to embedded flash data, no free() needed

    return ESP_OK;
}

—

Endpoint: GET /api/config

Purpose: Retrieve all current configuration values

Request: None

Response (200 OK):

{
  "wifi_ssid": "MyNetwork",
  "wifi_pass": "",
  "ap_ssid": "ESP32-Setup",
  "ap_pass": "12345678",
  "led_count": 50,
  "led_bright": 128,
  "device_name": "MyDevice"
}

Implementation:

static esp_err_t config_get_handler(httpd_req_t *req)
{
    httpd_resp_set_hdr(req, "Content-Type", "application/json");
    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");

    char *config_json = NULL;
    esp_err_t ret = config_get_all_as_json(&config_json);
    if (ret != ESP_OK) {
        httpd_resp_send_err(req, HTTPD_500_INTERNAL_SERVER_ERROR,
                            "Failed to read configuration");
        return ESP_FAIL;
    }

    httpd_resp_send(req, config_json, HTTPD_RESP_USE_STRLEN);
    free(config_json);

    return ESP_OK;
}

—

Endpoint: POST /api/config

Purpose: Update configuration values

Request Body:

{
  "wifi_ssid": "NewNetwork",
  "wifi_pass": "newpassword123",
  "ap_ssid": "MyDevice-AP",
  "led_count": 144,
  "device_name": "UpdatedDevice"
}

Response (200 OK):

{
  "status": "success",
  "message": "Configuration saved successfully"
}

Implementation:

static esp_err_t config_set_handler(httpd_req_t *req)
{
    httpd_resp_set_hdr(req, "Content-Type", "application/json");
    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");

    // Read request body
    char content[1024];
    int ret = httpd_req_recv(req, content, sizeof(content) - 1);
    if (ret <= 0) {
        httpd_resp_send_err(req, HTTPD_400_BAD_REQUEST, "Invalid request body");
        return ESP_FAIL;
    }
    content[ret] = '\0';

    esp_err_t config_ret = config_set_all_from_json(content);
    if (config_ret != ESP_OK) {
        httpd_resp_send_err(req, HTTPD_400_BAD_REQUEST, "Configuration update failed");
        return ESP_FAIL;
    }

    const char *response = "{\"status\":\"success\",\"message\":\"Configuration saved successfully\"}";
    httpd_resp_send(req, response, HTTPD_RESP_USE_STRLEN);

    return ESP_OK;
}

—

Endpoint: POST /api/config/reset

Purpose: Reset all configuration to factory defaults

Request: None

Response (200 OK):

{
  "status": "success",
  "message": "Configuration reset to factory defaults"
}

Implementation:

static esp_err_t config_reset_handler(httpd_req_t *req)
{
    httpd_resp_set_hdr(req, "Content-Type", "application/json");
    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");

    esp_err_t ret = config_factory_reset();
    if (ret != ESP_OK) {
        httpd_resp_send_err(req, HTTPD_500_INTERNAL_SERVER_ERROR,
                            "Factory reset failed");
        return ESP_FAIL;
    }

    const char *response = "{\"status\":\"success\",\"message\":\"Configuration reset to factory defaults\"}";
    httpd_resp_send(req, response, HTTPD_RESP_USE_STRLEN);
    return ESP_OK;
}

Design Specification: WiFi Management REST API Endpoints SPEC_WEB_REST_WIFI_1

status: approved

tags: web, api, wifi

links outgoing: REQ_WEB_3

Endpoint: GET /scan

Purpose: Scan for available WiFi networks

Response:

{
  "networks": [
    {
      "ssid": "NetworkName",
      "rssi": -45,
      "authmode": 3
    }
  ]
}

Implementation Notes:

Automatically switches to APSTA mode if in AP mode (scanning requires STA)
Returns sorted list by signal strength (RSSI)
authmode: 0=Open, 2=WPA-PSK, 3=WPA2-PSK, 4=WPA/WPA2-PSK

—

Endpoint: POST /connect

Purpose: Connect to WiFi network with provided credentials

Request:

{
  "ssid": "NetworkName",
  "password": "secretpassword"
}

Response (200 OK):

{
  "success": true
}

Integration: Calls wifi_manager_set_credentials() to save credentials to NVS and initiate connection.

—

Endpoint: GET /status

Purpose: Get current WiFi connection status

Response:

{
  "mode": 1,
  "ssid": "ConnectedNetwork",
  "rssi": -52,
  "has_credentials": true,
  "ip": "192.168.1.100"
}

Integration: Calls wifi_manager_get_status() and wifi_manager_get_ip_address().

—

Endpoint: POST /reset

Purpose: Clear WiFi credentials and restart device in AP mode

Response:

{
  "success": true,
  "message": "Device will restart in AP mode in 3 seconds"
}

Implementation: Calls wifi_manager_clear_credentials() and schedules device restart.

Design Specification: System Health API Endpoint SPEC_WEB_REST_HEALTH_1

status: approved

tags: web, api, diagnostics

links outgoing: REQ_WEB_1

Endpoint: GET /api/system/health

Purpose: System diagnostics and health monitoring

Response:

{
  "uptime_seconds": 3542.5,
  "free_heap_bytes": 125432,
  "minimum_free_heap_bytes": 98234,
  "heap_fragmentation_percent": 21.7,
  "configuration": {
    "status": "healthy",
    "api_version": "2.0"
  },
  "wifi": {
    "status": "connected",
    "ssid": "MyNetwork",
    "rssi": -48
  },
  "overall_status": "healthy",
  "device_type": "ESP32 Template",
  "firmware_version": "1.0.0"
}

Health Assessment Logic:

bool system_healthy = (wifi_status == ESP_OK) &&
                     (free_heap > 50000); // At least 50KB free

Use Cases:

Dashboard real-time monitoring
Remote diagnostics
Automated health checks

Configuration Manager Integration¶

Design Specification: Config Manager Integration Pattern SPEC_WEB_INTEGRATION_CFG_1

status: approved

tags: web, integration, config

links outgoing: REQ_WEB_CONF_1, REQ_CFG_JSON_10

Integration Points:

The web server integrates with the config manager component through a well-defined C API:

Include Header:

#include "config_manager.h"  // Provides config_get_*, config_set_* functions

Reading Configuration:

char wifi_ssid[CONFIG_STRING_MAX_LEN + 1];
uint16_t led_count;

esp_err_t ret = config_get_string(CONFIG_WIFI_SSID, wifi_ssid, sizeof(wifi_ssid));
if (ret != ESP_OK) {
    ESP_LOGE(TAG, "Failed to get WiFi SSID: %s", esp_err_to_name(ret));
    // Use default or return error to client
}

config_get_uint16(CONFIG_LED_COUNT, &led_count);

Writing Configuration:

const char *new_ssid = "NewNetwork";
esp_err_t ret = config_set_string(CONFIG_WIFI_SSID, new_ssid);
if (ret != ESP_OK) {
    ESP_LOGE(TAG, "Failed to set WiFi SSID: %s", esp_err_to_name(ret));
    httpd_resp_send_err(req, HTTPD_400_BAD_REQUEST, "Invalid WiFi SSID");
    return ESP_FAIL;
}

Factory Reset:

esp_err_t ret = config_factory_reset();
if (ret != ESP_OK) {
    httpd_resp_send_err(req, HTTPD_500_INTERNAL_SERVER_ERROR, "Factory reset failed");
    return ESP_FAIL;
}

Error Code Mapping:

Config Manager Error	HTTP Status Code	Response Action
`ESP_OK`	200 OK	Return data/success
`ESP_ERR_INVALID_ARG`	400 Bad Request	Invalid parameter
`ESP_ERR_NVS_NOT_FOUND`	404 Not Found	Key doesn’t exist
`ESP_ERR_NO_MEM`	500 Internal Server Error	Memory allocation failed
`ESP_FAIL` (NVS error)	500 Internal Server Error	Storage error

Separation of Concerns:

Config Manager owns NVS storage logic, key-value mapping, defaults
Web Server owns HTTP protocol, JSON serialization, client interaction
Interface: Simple C function calls with esp_err_t return codes

Note: Config Manager does NOT know about HTTP, JSON, or web interfaces. Web Server does NOT know about NVS internals or storage keys.

WiFi Manager Integration¶

Design Specification: WiFi Manager Integration Pattern SPEC_WEB_INTEGRATION_WIFI_1

status: approved

tags: web, integration, wifi

links outgoing: REQ_WEB_3

Integration Points:

#include "wifi_manager.h"

WiFi Scanning:

// Start scan (blocking)
wifi_scan_config_t scan_config = {
    .show_hidden = false,
    .scan_type = WIFI_SCAN_TYPE_ACTIVE,
    .scan_time.active.min = 100,
    .scan_time.active.max = 300,
};
esp_wifi_scan_start(&scan_config, true);

// Get results
uint16_t ap_count = 0;
esp_wifi_scan_get_ap_num(&ap_count);
wifi_ap_record_t *ap_records = malloc(sizeof(wifi_ap_record_t) * ap_count);
esp_wifi_scan_get_ap_records(&ap_count, ap_records);

Set WiFi Credentials:

wifi_credentials_t credentials = {0};
strncpy(credentials.ssid, "MyNetwork", sizeof(credentials.ssid) - 1);
strncpy(credentials.password, "password", sizeof(credentials.password) - 1);

esp_err_t ret = wifi_manager_set_credentials(&credentials);

Get WiFi Status:

wifi_status_t status;
wifi_manager_get_status(&status);

// status.mode, status.connected_ssid, status.rssi, status.has_credentials

Clear Credentials:

esp_err_t ret = wifi_manager_clear_credentials();

Lifecycle:

WiFi Manager starts web server when entering AP mode (captive portal)
WiFi Manager stops web server when successfully connecting to WiFi (optional behavior)
Web server can run independently in both AP and STA modes

Captive Portal Implementation¶

Design Specification: Captive Portal Design SPEC_WEB_CAPTIVE_1

status: approved

tags: web, captive-portal, wifi

links outgoing: REQ_WEB_3

Current Implementation:

The template provides a simplified captive portal approach:

AP Mode: Device starts in AP mode (ESP32-AP) if no WiFi credentials stored
Direct IP Access: Users connect to AP and navigate to device IP (e.g., 192.168.4.1)
WiFi Setup Page: /wifi-setup.html provides network scanning and credential entry
Manual Navigation: No DNS redirect - users manually enter IP address

Previous DNS Server Approach (Removed for Simplicity):

Earlier versions included a DNS server to redirect all DNS queries to device IP for automatic captive portal popup. This was removed to simplify the template.

Re-enabling Captive Portal (Optional):

Users can optionally implement DNS redirect:

Start DNS server in AP mode (listen UDP port 53)
Respond to all DNS queries with device AP IP (192.168.4.1)
Trigger browser captive portal detection (iOS, Android, Windows)

Current User Experience:

Connect to ESP32-AP WiFi network
Open browser and navigate to http://192.168.4.1
Click “WiFi” in navigation menu
Scan networks, select SSID, enter password, click “Connect”
Device saves credentials and restarts in STA mode

Note: This simplified approach works well for template usage. Production deployments may want full DNS redirect captive portal.

Server Configuration and Lifecycle¶

Design Specification: HTTP Server Configuration SPEC_WEB_CONFIG_1

status: approved

tags: web, config, performance

links outgoing: REQ_WEB_5

Server Configuration:

typedef struct {
    uint16_t port;              // Default: 80
    uint8_t max_open_sockets;   // Default: 7
} web_server_config_t;

#define WEB_SERVER_DEFAULT_CONFIG() { \
    .port = 80, \
    .max_open_sockets = 7 \
}

ESP-IDF httpd_config_t Settings:

httpd_config_t httpd_config = HTTPD_DEFAULT_CONFIG();
httpd_config.server_port = 80;
httpd_config.max_open_sockets = 7;     // Concurrent connections
httpd_config.max_uri_handlers = 32;    // Increased from default 8
httpd_config.lru_purge_enable = true;  // Auto-remove LRU handlers

Performance Characteristics:

Max Concurrent Connections: 7 (ESP32 memory constraint)
Connection Timeout: 20 seconds default (ESP-IDF)
Non-blocking I/O: Event-driven, doesn’t block FreeRTOS tasks
Memory per Connection: ~1-2KB depending on request size

Initialization Sequence:

esp_err_t web_server_init(const web_server_config_t *config)
{
    // 1. Store configuration
    current_config = *config;

    // 2. Start HTTP server
    httpd_config_t httpd_config = HTTPD_DEFAULT_CONFIG();
    httpd_config.server_port = current_config.port;
    httpd_config.max_open_sockets = current_config.max_open_sockets;
    httpd_config.max_uri_handlers = 32;
    httpd_config.lru_purge_enable = true;

    if (httpd_start(&server, &httpd_config) != ESP_OK) {
        return ESP_FAIL;
    }

    // 3. Register all URI handlers (32 handlers total)
    // ... (registration code)

    return ESP_OK;
}

Start/Stop Functions:

esp_err_t web_server_start(void)
{
    server_running = true;
    ESP_LOGI(TAG, "Web server started successfully");
    return ESP_OK;
}

esp_err_t web_server_stop(void)
{
    if (server != NULL) {
        httpd_stop(server);
        server = NULL;
    }
    server_running = false;
    return ESP_OK;
}

Query Functions:

bool web_server_is_running(void);      // Check running state
uint16_t web_server_get_port(void);    // Get configured port

Adding New Pages and Endpoints¶

Design Specification: Extension Guide for Web Pages SPEC_WEB_EXTEND_1

status: approved

tags: web, extensibility, guide

links outgoing: REQ_WEB_4

Adding a New Static HTML Page:

Create HTML File:

Create main/components/web_server/www/my-page.html

Update CMakeLists.txt:

EMBED_FILES
    "www/index.html"
    "www/wifi-setup.html"
    "www/settings.html"
    "www/my-page.html"   # ADD THIS LINE

Add Binary Symbol Declarations:

In web_server.c:

extern const uint8_t my_page_html_start[] asm("_binary_my_page_html_start");
extern const uint8_t my_page_html_end[] asm("_binary_my_page_html_end");

Update ``get_embedded_file()``:

else if (strcmp(clean_filename, "/my-page.html") == 0)
{
    *data = my_page_html_start;
    *size = my_page_html_end - my_page_html_start;
}

Register URI Handler:

httpd_uri_t my_page_uri = {
    .uri = "/my-page.html",
    .method = HTTP_GET,
    .handler = static_file_handler,
    .user_ctx = NULL
};
httpd_register_uri_handler(server, &my_page_uri);

Add Navigation Link:

Update navbar in all HTML files:

<a href="/my-page.html" class="nav-btn">My Page</a>

Adding a New REST API Endpoint:

Implement Handler Function:

static esp_err_t my_api_handler(httpd_req_t *req)
{
    httpd_resp_set_type(req, "application/json");
    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");

    // Your API logic here

    const char *response = "{\"status\":\"success\"}";
    return httpd_resp_send(req, response, HTTPD_RESP_USE_STRLEN);
}

Register URI Handler:

httpd_uri_t my_api_uri = {
    .uri = "/api/my-endpoint",
    .method = HTTP_GET,  // or HTTP_POST
    .handler = my_api_handler,
    .user_ctx = NULL
};
httpd_register_uri_handler(server, &my_api_uri);

Update JavaScript:

Add API call in www/js/app.js:

async function fetchMyData() {
    const response = await fetch('/api/my-endpoint');
    const data = await response.json();
    // Handle data
}

CORS and Security¶

Design Specification: CORS Configuration SPEC_WEB_SECURITY_1

status: approved

tags: web, security, cors

links outgoing: REQ_WEB_5

Current CORS Policy:

All API endpoints return:

httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");

Rationale: Template simplicity - allows development from any origin (GitHub Pages, local files, etc.)

Production Recommendation:

For production deployments, restrict CORS to specific origins:

// Option 1: Lock to device IP only (no external access)
httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "null");

// Option 2: Allow specific external domain (hybrid GitHub Pages approach)
httpd_resp_set_hdr(req, "Access-Control-Allow-Origin",
                  "https://yourusername.github.io");

CORS Preflight Handler:

static esp_err_t cors_preflight_handler(httpd_req_t *req)
{
    httpd_resp_set_hdr(req, "Access-Control-Allow-Origin", "*");
    httpd_resp_set_hdr(req, "Access-Control-Allow-Methods", "GET, POST, OPTIONS");
    httpd_resp_set_hdr(req, "Access-Control-Allow-Headers", "Content-Type, Authorization");
    httpd_resp_set_hdr(req, "Access-Control-Max-Age", "86400"); // 24 hours
    httpd_resp_send(req, "", 0);
    return ESP_OK;
}

Registered for:

httpd_uri_t options_uri = {
    .uri = "/api/*",    // Wildcard for all API endpoints
    .method = HTTP_OPTIONS,
    .handler = cors_preflight_handler,
    .user_ctx = NULL
};

Password Exposure Protection:

Configuration GET endpoints never return password fields:

cJSON_AddStringToObject(wifi, "password", "");  // Always empty string

Passwords are only accepted in POST requests, never echoed back.

Testing and Debugging¶

Design Specification: Web Server Testing Strategy SPEC_WEB_TEST_1

status: approved

tags: web, testing

links outgoing: REQ_WEB_5

Manual Testing:

QEMU Testing (No Hardware):
- Build and run in QEMU emulator
- HTTP proxy required for browser access: python tools/http_proxy.py
- Access via http://localhost:8000
Hardware Testing:
- Flash to ESP32 device
- Connect to ESP32-AP WiFi network
- Navigate to http://192.168.4.1

Browser Developer Tools:

Network Tab: Monitor HTTP requests/responses, status codes
Console Tab: Check for JavaScript errors
Application Tab: Inspect localStorage/sessionStorage

ESP32 Serial Monitor:

I (1234) web_server: Initializing web server on port 80
I (1235) web_server: Registered handler for '/' - OK
I (1236) web_server: Registered handler for '/scan' - OK
I (1237) web_server: Web server initialized successfully
I (5678) web_server: Serving static file: /index.html
I (5679) web_server: Found index.html, size: 4823

Common Issues:

404 Not Found: Check get_embedded_file() has correct path mapping
Empty Response: Verify EMBED_FILES in CMakeLists.txt
CORS Errors: Ensure Access-Control-Allow-Origin header set
Memory Errors: Reduce max_open_sockets or check heap usage

Traceability¶

All traceability is automatically generated by Sphinx-Needs based on the :links: attributes in each specification.

ID	Title	Status	Tags
API_COMP_CERT_HANDLER	Certificate Handler	implemented
API_COMP_CONFIG_MANAGER	Config Manager	implemented
API_COMP_NETIF_TUNNEL	Network Tunnel	implemented
API_FUNC_CERT_HANDLER_GET_CA_CERT	cert_handler_get_ca_cert	implemented
API_FUNC_CERT_HANDLER_GET_INFO	cert_handler_get_info	implemented
API_FUNC_CERT_HANDLER_GET_SERVER_CERT	cert_handler_get_server_cert	implemented
API_FUNC_CERT_HANDLER_GET_SERVER_KEY	cert_handler_get_server_key	implemented
API_FUNC_CERT_HANDLER_INIT	cert_handler_init	implemented
API_FUNC_CONFIG_COMMIT	config_commit	implemented
API_FUNC_CONFIG_FACTORY_RESET	config_factory_reset	implemented
API_FUNC_CONFIG_GET_ALL_AS_JSON	config_get_all_as_json	implemented
API_FUNC_CONFIG_GET_BOOL	config_get_bool	implemented
API_FUNC_CONFIG_GET_INT16	config_get_int16	implemented
API_FUNC_CONFIG_GET_INT32	config_get_int32	implemented
API_FUNC_CONFIG_GET_SCHEMA_JSON	config_get_schema_json	implemented
API_FUNC_CONFIG_GET_STRING	config_get_string	implemented
API_FUNC_CONFIG_INIT	config_init	implemented
API_FUNC_CONFIG_SET_ALL_FROM_JSON	config_set_all_from_json	implemented
API_FUNC_CONFIG_SET_BOOL	config_set_bool	implemented
API_FUNC_CONFIG_SET_BOOL_NO_COMMIT	config_set_bool_no_commit	implemented
API_FUNC_CONFIG_SET_INT16	config_set_int16	implemented
API_FUNC_CONFIG_SET_INT16_NO_COMMIT	config_set_int16_no_commit	implemented
API_FUNC_CONFIG_SET_INT32	config_set_int32	implemented
API_FUNC_CONFIG_SET_STRING	config_set_string	implemented
API_FUNC_CONFIG_SET_STRING_NO_COMMIT	config_set_string_no_commit	implemented
API_FUNC_CONFIG_WRITE_FACTORY_DEFAULTS	config_write_factory_defaults	implemented
API_FUNC_NETIF_TUNNEL_DEINIT	netif_uart_tunnel_deinit	implemented
API_FUNC_NETIF_TUNNEL_GET_HANDLE	netif_uart_tunnel_get_handle	implemented
API_FUNC_NETIF_TUNNEL_INIT	netif_uart_tunnel_init	implemented
API_STRUCT_NETIF_TUNNEL_CONFIG	netif_uart_tunnel_config_t	implemented
REQ_CFG_JSON_1	JSON Schema as Configuration Source of Truth	draft	config; schema; architecture
REQ_CFG_JSON_10	Web Interface Integration Support	approved	config; integration
REQ_CFG_JSON_11	NVS Error Graceful Handling	draft	config; error-handling; reliability
REQ_CFG_JSON_12	Configuration Initialization on Boot	draft	config; boot
REQ_CFG_JSON_13	Simple Process to Add Configuration Fields	draft	config; extensibility; developer-experience
REQ_CFG_JSON_14	Type Safety via Optional Static Validation	draft	config; validation; developer-experience
REQ_CFG_JSON_15	Configuration Schema Versioning and Migration	open	config; versioning; migration; future
REQ_CFG_JSON_2	Parameter Grouping for UI Organization	draft	config; ui; schema
REQ_CFG_JSON_3	Parameter Type System	draft	config; types
REQ_CFG_JSON_4	Build-Time Factory Defaults Generation	draft	config; build; code-generation
REQ_CFG_JSON_5	No Runtime JSON Parsing in C Code	draft	config; performance; memory
REQ_CFG_JSON_6	Key-Based NVS Storage	draft	config; storage; nvs
REQ_CFG_JSON_7	Type-Safe Configuration API	draft	config; api; type-safety
REQ_CFG_JSON_8	Persistent Configuration Storage	draft	config; storage; nvs
REQ_CFG_JSON_9	Factory Reset Capability	draft	config; reset
REQ_NETIF_TUNNEL_1	QEMU UART Network Bridge	approved	emulation; network; qemu; uart
REQ_NETIF_TUNNEL_2	Packet Encapsulation	approved	emulation; protocol
REQ_NETIF_TUNNEL_3	Host-Side Bridge Script	approved	emulation; tooling; host
REQ_NETIF_TUNNEL_4	DHCP Client Support	approved	emulation; network; dhcp
REQ_NETIF_TUNNEL_5	Conditional Compilation	approved	emulation; build
REQ_NETIF_TUNNEL_DOC_1	Emulation Setup Documentation	approved	emulation; documentation
REQ_NETIF_TUNNEL_NF_1	Tunnel Throughput	approved	emulation; performance
REQ_NETIF_TUNNEL_NF_2	Packet Loss Handling	approved	emulation; reliability
REQ_SYS_ARCH_1	Component-based Architecture	approved	architecture; modularity
REQ_SYS_CFG_1	Non-volatile Configuration Storage	approved	storage; nvs; configuration
REQ_SYS_HW_1	ESP32 Hardware Platform	approved	hardware; platform
REQ_SYS_NET_1	WiFi Connectivity	approved	network; wifi
REQ_SYS_PERF_1	Memory Management	approved	performance; memory
REQ_SYS_REL_1	Error Handling and Recovery	approved	reliability; error-handling
REQ_SYS_SEC_1	HTTPS Support	open	security; https; future
REQ_SYS_SIM_1	Emulator Support	approved	emulator; qemu; testing
REQ_SYS_SIM_2	Emulator Network Connectivity	approved	emulator; qemu; network; development
REQ_SYS_TIME_1	System Time and NTP Support	open	time; ntp; future
REQ_SYS_WEB_1	Web-based Configuration	approved	web; configuration
REQ_WEB_1	Real-time Status Display	approved	web; ui; monitoring
REQ_WEB_2	Configuration Interface	approved	web; ui; configuration
REQ_WEB_3	WiFi Setup Interface	approved	web; wifi; network
REQ_WEB_4	Web Interface Navigation	approved	web; ui; navigation
REQ_WEB_5	HTTP Server Concurrency	approved	web; performance
REQ_WEB_CONF_1	Configuration REST API	approved	web; api; config
REQ_WEB_NF_1	Web UI Responsiveness	approved	web; performance; ux
REQ_WEB_NF_2	Mobile-First Design	approved	web; ui; mobile
REQ_WEB_SCHEMA_1	Schema-Driven Configuration Form	approved	web; ui; config
SPEC_ARCH_BUILD_1	ESP-IDF CMake Integration	approved	build; cmake
SPEC_ARCH_CERT_1	Certificate Handler Component Design	draft	component; security
SPEC_ARCH_CODESPACES_1	GitHub Codespaces Integration	approved	development; devcontainer
SPEC_ARCH_COMM_1	Component Communication Pattern	approved	dataflow; communication
SPEC_ARCH_CONFIG_1	Configuration Manager Component Design	approved	component; config
SPEC_ARCH_CONFIG_FLOW_1	Configuration Data Flow	approved	dataflow; config
SPEC_ARCH_ERROR_RECOVERY_1	Error Recovery and Reset Strategy	approved	error-handling; reliability; reset
SPEC_ARCH_FLASH_1	Flash Memory Configuration	approved	flash; memory
SPEC_ARCH_HTTP_1	HTTP Server Architecture Details	approved	network; http; web
SPEC_ARCH_LAYERS_1	ESP32 Template Layered Architecture	approved	architecture; layering
SPEC_ARCH_LOGGING_1	Logging and Diagnostics Strategy	approved	logging; diagnostics; debugging
SPEC_ARCH_MEMORY_1	Memory Management Strategy	approved	memory; performance
SPEC_ARCH_NETIF_1	Network Tunnel Component Design	approved	component; qemu; network
SPEC_ARCH_PERF_1	System Performance Requirements	approved	performance; requirements
SPEC_ARCH_QEMU_1	QEMU Hardware Abstraction	approved	qemu; emulation
SPEC_ARCH_QEMU_BUILD_1	QEMU Component Selection	approved	qemu; build
SPEC_ARCH_TASKS_1	FreeRTOS Task Organization	approved	threading; rtos
SPEC_ARCH_WEB_1	Web Server Component Design	approved	component; web; network
SPEC_ARCH_WIFI_1	WiFi Manager Design Details	approved	network; wifi
SPEC_CFG_JSON_API_1	Type-Safe Configuration API	approved	api; interface; c-api
SPEC_CFG_JSON_ARCH_1	JSON Schema-Driven Architecture	draft	architecture; config; json-schema
SPEC_CFG_JSON_BULK_1	Bulk JSON Configuration API	approved	api; json; bulk-operations
SPEC_CFG_JSON_CODEGEN_1	Factory Reset via Bulk JSON Update	approved	build-process; code-generation; factory-reset
SPEC_CFG_JSON_EXTEND_1	Adding New Configuration Fields	approved	development; guide; extensibility
SPEC_CFG_JSON_SCHEMA_1	Configuration Schema Structure	approved	data-structure; schema
SPEC_CFG_JSON_SOURCE_1	JSON Schema as Single Source of Truth	approved	architecture; schema; design-pattern
SPEC_CFG_JSON_STORAGE_1	NVS Storage Format	approved	storage; nvs
SPEC_CFG_JSON_TYPESAFETY_1	Type Safety Without Code Generation	approved	type-safety; best-practices
SPEC_CFG_JSON_UI_1	JSON Schema for UI Generation	approved	web; ui; javascript
SPEC_CFG_WEB_ARCH_1	Configuration Webpage Architecture	open	frontend; javascript; ui
SPEC_CFG_WEB_COUNTDOWN_1	Device Reset Countdown Interface	open	ui; countdown; reset
SPEC_CFG_WEB_ERROR_1	Error Handling and User Feedback	open	error-handling; feedback
SPEC_CFG_WEB_FLOW_1	Configuration Data Flow	open	data-flow; json; api
SPEC_CFG_WEB_FORM_1	Dynamic Form Generation from Schema	open	form-generation; schema; javascript
SPEC_CFG_WEB_INIT_1	Complete Page Initialization Flow	open	initialization; lifecycle
SPEC_CFG_WEB_MAPPING_1	JSON Array to Form Field Mapping	open	data-mapping; json; form
SPEC_CFG_WEB_STATE_1	UI State Management	open	ui-state; javascript
SPEC_WEB_ARCH_1	Web Server Architecture	approved	web; architecture
SPEC_WEB_CAPTIVE_1	Captive Portal Design	approved	web; captive-portal; wifi
SPEC_WEB_CONFIG_1	HTTP Server Configuration	approved	web; config; performance
SPEC_WEB_EXTEND_1	Extension Guide for Web Pages	approved	web; extensibility; guide
SPEC_WEB_INTEGRATION_CFG_1	Config Manager Integration Pattern	approved	web; integration; config
SPEC_WEB_INTEGRATION_WIFI_1	WiFi Manager Integration Pattern	approved	web; integration; wifi
SPEC_WEB_REST_CFG_1	Configuration API Endpoints	approved	web; api; config; schema
SPEC_WEB_REST_HEALTH_1	System Health API Endpoint	approved	web; api; diagnostics
SPEC_WEB_REST_WIFI_1	WiFi Management REST API Endpoints	approved	web; api; wifi
SPEC_WEB_ROUTES_1	URI Routing Table	approved	web; routing
SPEC_WEB_SECURITY_1	CORS Configuration	approved	web; security; cors
SPEC_WEB_STATIC_1	Static File Embedding Strategy	approved	web; build; embedding
SPEC_WEB_TEST_1	Web Server Testing Strategy	approved	web; testing