Add HTTP request body size limits and update API docs

Introduced a maximum HTTP body size for the viewer to prevent memory exhaustion, returning 413 if exceeded. Updated the server and viewer code to handle large payloads safely. Expanded the README with detailed REST API endpoint documentation and clarified security considerations.

Author: dorkmo

TankAlarm-112025-Server-BluesOpta/README.md

@@ -90,8 +90,22 @@ Configure server behavior:
 The server exposes a simple REST API:
 
 - `GET /` - Web dashboard (HTML)
-- `GET /api/status` - JSON status of all clients and tanks
-- `POST /api/config` - Push configuration to a specific client
+- `GET /client-console` - Client configuration console (HTML)
+- `GET /serial-monitor` - Server + client serial log viewer (HTML)
+- `GET /calibration` - Calibration dashboard (HTML)
+- `GET /api/tanks` - Tank records (JSON)
+- `GET /api/clients` - Client metadata + cached configs (JSON)
+- `GET /api/calibration` - Calibration status (JSON)
+- `GET /api/serial-logs?...` - Fetch serial logs (JSON)
+- `GET /api/serial-export?...` - Download serial logs (CSV)
+- `POST /api/pin` - Set/verify/change admin PIN
+- `POST /api/config` - Update server settings and/or push client configuration (PIN required)
+- `POST /api/refresh` - Trigger manual refresh of a client (PIN required)
+- `POST /api/relay` - Send relay command to a client (PIN required)
+- `POST /api/relay/clear` - Clear a relay alarm on a client tank (PIN required if PIN configured)
+- `POST /api/pause` - Pause/resume Notecard processing (PIN required if PIN configured)
+- `POST /api/ftp-backup` - Backup configs to FTP (PIN required)
+- `POST /api/ftp-restore` - Restore configs from FTP (PIN required)
 
 Example: Push config to client
 ```bash
@@ -306,13 +320,14 @@ Ethernet.begin(mac, ip, dns, gateway, subnet);
 ## Security Considerations
 
 **Intranet Use Only:**
-- Web dashboard has no authentication
+- Read-only pages and `GET` endpoints have no authentication
+- Control endpoints are protected by a 4-digit admin PIN once configured
 - Designed for trusted local networks only
 - Do not expose port 80 to internet
 - Use firewall rules to restrict access
 
 **For Internet Access:**
-- Implement authentication (not included)
+- Implement authentication (not included) and avoid exposing the Opta directly
 - Use HTTPS with valid certificates
 - Consider VPN for remote access
 - Add rate limiting and input validation

TankAlarm-112025-Server-BluesOpta/TankAlarm-112025-Server-BluesOpta.ino

@@ -7186,6 +7186,12 @@ static bool readHttpRequest(EthernetClient &client, String &method, String &path
     }
   }
 
+  // If the body is already too large, don't read it into RAM.
+  // We'll respond with 413 and close the connection.
+  if (bodyTooLarge) {
+    return true;
+  }
+
   if (contentLength > 0) {
     size_t readBytes = 0;
     while (readBytes < contentLength && client.connected()) {

TankAlarm-112025-Viewer-BluesOpta/TankAlarm-112025-Viewer-BluesOpta.ino

@@ -107,6 +107,11 @@
 #define SUMMARY_FETCH_BASE_HOUR 6
 #endif
 
+// Viewer is intended for GET-only use; cap request bodies to avoid memory exhaustion.
+#ifndef MAX_HTTP_BODY_BYTES
+#define MAX_HTTP_BODY_BYTES 1024
+#endif
+
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)
 
@@ -393,7 +398,7 @@ static const char VIEWER_DASHBOARD_HTML[] PROGMEM = R"HTML(
 static void initializeNotecard();
 static void initializeEthernet();
 static void handleWebRequests();
-static bool readHttpRequest(EthernetClient &client, String &method, String &path, String &body, size_t &contentLength);
+static bool readHttpRequest(EthernetClient &client, String &method, String &path, String &body, size_t &contentLength, bool &bodyTooLarge);
 static void respondHtml(EthernetClient &client, const char *body, size_t len);
 static void respondJson(EthernetClient &client, const String &body);
 static void respondStatus(EthernetClient &client, int status, const char *message);
@@ -584,13 +589,20 @@ static void handleWebRequests() {
   String path;
   String body;
   size_t contentLength = 0;
+  bool bodyTooLarge = false;
 
-  if (!readHttpRequest(client, method, path, body, contentLength)) {
+  if (!readHttpRequest(client, method, path, body, contentLength, bodyTooLarge)) {
     respondStatus(client, 400, "Bad Request");
     client.stop();
     return;
   }
 
+  if (bodyTooLarge) {
+    respondStatus(client, 413, "Payload Too Large");
+    client.stop();
+    return;
+  }
+
   if (method == "GET" && path == "/") {
     sendDashboard(client);
   } else if (method == "GET" && path == "/api/tanks") {
@@ -603,11 +615,12 @@ static void handleWebRequests() {
   client.stop();
 }
 
-static bool readHttpRequest(EthernetClient &client, String &method, String &path, String &body, size_t &contentLength) {
+static bool readHttpRequest(EthernetClient &client, String &method, String &path, String &body, size_t &contentLength, bool &bodyTooLarge) {
   method = "";
   path = "";
   contentLength = 0;
   body = "";
+  bodyTooLarge = false;
 
   String line;
   bool firstLine = true;
@@ -648,6 +661,10 @@ static bool readHttpRequest(EthernetClient &client, String &method, String &path
           headerValue.trim();
           if (headerKey.equalsIgnoreCase("Content-Length")) {
             contentLength = headerValue.toInt();
+            if (contentLength > MAX_HTTP_BODY_BYTES) {
+              bodyTooLarge = true;
+              contentLength = MAX_HTTP_BODY_BYTES;
+            }
           }
         }
       }
@@ -668,6 +685,10 @@ static bool readHttpRequest(EthernetClient &client, String &method, String &path
         body += c;
         readBytes++;
       }
+      if (readBytes >= MAX_HTTP_BODY_BYTES) {
+        bodyTooLarge = true;
+        break;
+      }
     }
   }