Feature Request for ESPHome based Garage Door Openers

I have a feature request that I think applies to both GDO White and GDO blaQ since I believe they are both based on ESPHome.

There is a default webserver running on ESPHome devices that is accessible from the local network without any authentication. On the GDO blaQ this webserver has buttons to control the garage, specifically open the garage.

I’d like the ability to disable these buttons so that control is only possible through Home Assistant via the encrypted ESPHome connection.

Turning off the entire webserver seems like overkill, please give us the ability to lock out the control buttons for unauthenticated requests.

The solution you’re probably looking for is is to enable the username and password option on the built-in webserver. There are two ways to do this:

  1. If you’re managing your ESPhome config yourself via ESPHome dashboard, use the auth config of the web_server component to enable a digest authentication username and password, for example:
web_server:
  auth:
    username: nate
    password: !secret my_web_password
  1. If you’re not into managing YAML or learning ESPHome config and want Konnected’s done-for-me solution, use the Konnected app to customize your device’s build. The authentication option can be added, or the web server disabled entirely on the Local Web Page / API settings screen:

This firmware configuration service will be rolled out for the GDO blaQ in the next app update within a week. It’s currently live for the GDO White as well as our Alarm Panel products.

ESPHome automatically builds the web page and REST API based on the device’s components, so as far as I know it’s not possible at this time to selectively disable a specific component on the web page. Also, simply hiding the buttons would not be truly secure because the underlying API endpoints will still be active.

The best solution at this time is to add the authentication or disable the web server entirely.

1 Like

Thanks for the thorough response!

I’ll probably end up going with ‘web_server: !remove’ eventually to disable it but glad I have options! While I’m helping test blaQ I’ll add auth.

@nate I’m not able to find any documentation on ESPHome auth. The docs only say “Enables a simple Digest authentication with username and password”.

From my limited auth knowledge “username and password” are used by Basic auth, but Digest is more complex

I have not really dug into it too much. It looks like the implementation is here

Looking at ESP source, the auth is Basic i.e. expecting header “Authorization” = “Basic encoded(username:password)”

It includes “esp_tls_crypto.h” but I can’t find the source for “esp_tls_crypto.h” anywhere?

It’s provided by ESP-IDF here:

I hijacked the post sorry. Just to let you know, I implemented Authentication.

It wasn’t only the WebServer API, but also the EventSource…

1 Like