Secure remote requests to Razberry

Discussions about RaZberry - Z-Wave board for Raspberry computer
xchatter
Posts: 25
Joined: 27 Mar 2015 16:27

Secure remote requests to Razberry

Post by xchatter »

Hi guys,

If anyone can help me with this, I will be grateful.
Is there a way to make secure requests to the Razberry from a remote server?
I know how to make requests from the Razberry to a remote host, but not vice-versa.

The basic idea is that I want to get some values from devices or switch some of them on demand in a webpage of my own and not the find.zwave.me.
I can forward the port 8083 through my router to the Razberry and by this way use the ZWayAPI/Run. But in this way anyone will be able to get/set etc. my devices.
Can anyone suggest a way for my goal?

Thanks
pofs
Posts: 688
Joined: 25 Mar 2011 19:03

Re: Secure remote requests to Razberry

Post by pofs »

You may use our service https://find.z-wave.me to securely forward requests to your box from anywhere.

Or you may set up nginx with any authorization you want and proxy requests thru it.
xchatter
Posts: 25
Joined: 27 Mar 2015 16:27

Re: Secure remote requests to Razberry

Post by xchatter »

Hi pofs,

Thanks for the tip.
Can you give me some clues where do I read how to use the find.zwave.me to make secure requests from external server to the Razberry?
I don't seem to fully understand what you mean.

Regards
pofs
Posts: 688
Joined: 25 Mar 2011 19:03

Re: Secure remote requests to Razberry

Post by pofs »

Not sure about remote service, but basically you'll need to pass authorization cookie with your requests.
You may get it by logging in on the page.

Also you'll need to enable remote access in admin interface (port 8084)
User avatar
RizingFenix
Posts: 2
Joined: 02 Apr 2015 14:32

Re: Secure remote requests to Razberry

Post by RizingFenix »

xchatter wrote: The basic idea is that I want to get some values from devices or switch some of them on demand in a webpage of my own and not the find.zwave.me.

I can forward the port 8083 through my router to the Razberry and by this way use the ZWayAPI/Run. But in this way anyone will be able to get/set etc. my devices.
I have the same goal. My plan is to set up L2TP/IPSec into my home Internet connection. My iPhone can do this via the VPN settings under General. In theory, I would just enable VPN on my phone and then could access the web server on my home network as if I were home.

Anyone else try something like this yet and have success?
-----------------------------------------------------------------------------------
Z-Way v2.0.1-rc15 | RaZberry Firmware 6.51.03 | Raspberry Pi 2 B+
-----------------------------------------------------------------------------------
xchatter
Posts: 25
Joined: 27 Mar 2015 16:27

Re: Secure remote requests to Razberry

Post by xchatter »

Hi guys,


pofs, thanks for the tip. I will try to use what you suggest, but I doubt I will be able to pass commands like "find.zwave.me:8083/zwaveapi/run/" because even when I'm logged via the browser(cookie is passed), I am not able to do this. I might got your idea wrong though. Can you please help me with some example? Thanks. :)

RisingFenix , hi :) What my configuration does now is the following:

- All device changes are bound to a PHP script1 at my server. The PHP script1 writes data changes to a mysql DB.;
- A dedicated mailbox is created for the automation system. It passes all mails which come to it to a PHP script2. This script2 checks the mail content(sender,subject,message). So if the mail is from me or my girfriend, the script will continue, if not, the sender will get an automatic email with message to f*ck off :). If the script continues with the right senders, it parses the mail message and searches for keywords. For example: if the script2 finds the key phrase "last motion", me and my girlfriend will receive a respond from the system "The last motion was detected at $time on $date.(this data is fetched from the mysql DB)"; (and a few other checks like this - temp,light level)
-Another thing what script2 does is , if it receives message with key phrase for example "away mode", it sets a value of a cell in the DB to 1 and responds with message that the away mode is ON. Now when the motion sensor sends data to script1 that motion is detected, script1 not only saves the data, but it also checks if the "away" cell is 1 or 0. So when it's 1, we will get notified immediately that motion is detected at our apartment while we are away. When we get back, we send mail to the automation system with key phrase lets say "coming home" and now script 2 will set the "away" value to 0. So script1 will read it and won't notify us with every movement detected.

It's pretty simple, but cool for me and I play a lot :) But those operations are just for reading data from the devices and PHP scripts. The next level is to find a way to pass commands to the devices from external server, so I can set values to them(stop/start lights, control thermostat etc.) with my own scripts, and not through the UI. So i'm trying to find secure ways. Maybe I can try what you have in mind-VPN, but i will have to find some custom firm to the router to set up a VPN to be always available, then find a way how to connect a php script to the vpn with auth , and then pass the Zwaveapi http requests. Thanks for your tip :)

Don't know if that is interesting to anyone, but the idea of these forums is to share, so I share. :)
pz1
Posts: 2053
Joined: 08 Apr 2012 13:44

Re: Secure remote requests to Razberry

Post by pz1 »

xchatter wrote:the sender will get an automatic email with message to f*ck off
Please do refrain from using foul laguage on this forum
xchatter
Posts: 25
Joined: 27 Mar 2015 16:27

Re: Secure remote requests to Razberry

Post by xchatter »

Sorry for that.

Still no one can help me with my goal ? :/ (sadface)
xchatter
Posts: 25
Joined: 27 Mar 2015 16:27

Re: Secure remote requests to Razberry

Post by xchatter »

Ok, So i found out what pofs had in mind.
Requests are possible via http://find.z-wave.me/ZWaveAPI/Run/ . No 8083 port is required. Now I need a way to pass authentication so I can make requests through my script.
So far I haven't find a proper way.
I tried just to see if working the following way:
function make_base_auth(user, password) {
var tok = user + ':' + password;
var hash = btoa(tok);
return 'Basic ' + hash;
}
$(document).ready(function(){
$.ajax({
type: 'GET',
url: 'http://find.z-wave.me/ZWaveAPI/Run/devi ... level.data',
dataType: 'json',
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', make_base_auth('user', 'pass'));
},
success: function (data) {
console.log(data);
}
});
});

No luck for now.
dolpheen
Posts: 119
Joined: 10 Feb 2015 00:38

Re: Secure remote requests to Razberry

Post by dolpheen »

The 'find.z-wave.me/zboxweb' doesn't use basic auth for authentication.
In order to be autenticated you should do a POST request with URL encoded params

Code: Select all

act = login
login=[your login]
pass=[your pass]
or URL encoded act=login&login=[your login]&pass=[your pass]

Then you will recieve a ZBW_SESSID cookie that you should use in your conseсutive requests.

For more security you can use 'https' prefix to login via SSL.

If you want to access you Razberry remotely without find.z-wave.me, you can install nginx on Razberry, configure SSL Basic Authentication and reverse proxy for nginx.
Razberry B+ 2.0.1-rc25 on ZW500 + 15 devices / Razberry B 2.0.1-rc25 on ZW300 for test
Post Reply