Posted: July 1, 2018 | Categories: Internet of Things (IoT)
The Particle Platform (devices and cloud services) enables developers to write code running on an Arduino-compatible device that can be remotely executed via a cloud service. Connect a Photon and a relay to a garage opener and you have the gist of my project.
One of the cool features of the project's mobile app is that it enables app users to generate a single-use key, deploy it to the garage door opener, then send a URL to someone who requires access to the garage. The feature is something I hacked together and it works pretty well (I've been using it in my house for years). The system only supports one single-use code at a time, but when you need to get someone into your house when you're not around, it works great.
I've been working on an update to the project, and one of the things I wanted to do is protect the homeowner's private information in the URL sent to others. In order to use the Particle platform from an application, you must have the Particle user's Access Token plus the device ID for the Particle Photon attached to the garage door opener. For the single-use code scenario, you also need the single-use code.
For my project, I basically built a web application that has the user's configuration hard-coded in the app's configuration. The mobile app that generates the single-use code merely builds a URL pointing to a hosted web app and passes in the single-use code on the URL. The hosted web app pulls the access token and device ID from it's local config file, and it's all ready to go. The problem with this approach is that it requires the user to modify a web app and host it somewhere in order to deploy the project. Now, there are a few places where you can host a web application for free, but it's still too complicated for many users to configure, setup and deploy the web app. I needed a better way.
I decided to build my own hosted web page to use for the garage opener project, I'd remove the configuration from the web application code and just include the three required configuration settings in the URL generated by my project's mobile app.
As I started thinking through the implementation of this approach, I quickly realized that I didn't want to pass the Access Token, Device ID, and Single-Use code in clear text in the generated URL. Nope, I needed a way to encrypt those values in the URL. Otherwise, anyone snooping traffic could grab those values and hack their way into the garage. Granted it's not a high risk that someone will be snooping your garage door opener traffic, but I'd rather be safe than sorry, and this gave me an interesting computing problem to solve (my favorite).
I tried to quickly discount this approach because I didn't want to pay for compute in the cloud, but then he reminded me that I could use Azure Functions for free (Microsoft offers Azure Functions in a free tier for a ridiculous number of function calls per month [more than I think I'll ever use for this project]).
To prove the validity of this solution, I logged into my personal Azure account, created an Azure App Service Functions instance and got to work. Before long I had it working; it was quick, simple, and a rather elegant solution to my problem. The purpose of this article is to show you how I did it in order to help others who may have this same problem.
For my implementation, I created two services:
- Gets the Particle Access Token and Device ID in the body of an HTTP request.
- Generates a single use code
- Calls my project's Particle API to register the single-use code with the selected device (by the Device ID passed to the function)
- Once the function knows that the single-use code was successfully registered with the Photon device, it:
- Creates a JSON object containing Access Token, Device ID, and Single-use code.
- Encrypts the JSON object using my super special, secret encrypting key.
- Builds a URL for my hosted web application, appending the encrypted data as a parameter in the URL.
- Returns the URL to the calling application.
The calling application copies the URL to the clipboard, enabling the user to open and email or SMS message, and paste the URL in the message body.
When the receiving user invokes the URL, my hosted web application opens, then:
- Validates the format of the URL (that the encrypted data is there).
- Displays a button the user clicks/taps to open the garage door.
- When the user clicks/taps the button, the application invokes the
pushButtonWithCodeAzure function, passing it the encrypted data from the URL.
- Decrypts the data from the request
- Uses the decrypted Access Token, Device ID, and single-use code to call the Particle Cloud and invoke a function on the selected Particle Photon device.
I'm still working through what I want to do with this thing. My ultimate goal is to make this whole project public and share the code. I'll let you know when that happens.
Next Post: Apache Cordova 3 Programming Site Retired
Previous Post: Particle Photon and the National Control Devices Relay Board
If this content helps you in some way, please consider buying me a coffee.