Skip to content

ludotosk/gestore-cassa-custom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
client
client
 
 
database
database
 
 
server
server
 
 
test
test
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
ecosystem.config.js
ecosystem.config.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Custom cash register remote web controller

With this server, you can control your Custom cash register present in the local area network

Feature

  • automated connection to the cash registry
  • local database (for sold items)
  • product database (without the need to set the products in the cash registry)
  • it works on every device also cellphones
  • encryption of the communication between client and server
  • can run in less than 100 Mb of ram
  • authentication

A video where I show to a friend of mine how the login works and some interface features

Watch the video click the image to play

How does the automated connection work?

Unfortunately, the javascript application can see only the IP address and not the mac address, so I used Evilscan to search all the clients in the local network, and then I read the header to see whether or not is the webserver of the cash registry. In case of failure of this process, the operator is able to insert the IP of the cash registry manually.

Is safe the usage of this method?

After the server establishes the connection with the cash registry the cash registry notifies the connection so it's safe.

What happens if someone tries to do a man-in-the-middle attack?

I can't prevent this issue because the connection between the cash registry and the server isn't encrypted. So it is not in my capability.

Local database

Even if the cash registry saves all the data in its database with mine I'm able to perform analysis and there is also room for feature improvements in the future.

Why I don't use the product database of the registry?

I made this choice because it is easier to add items to the server than add in the registry, and I want to make it possible to perform less operations in the registry as possible.

How did I implement cryptography over HTTP?

I expose an HTTP page with an RSA 4096 bit key that the client reads, then the client sends an encrypted message to the server with an aes256 key that is then used in the rest of the communication. After the key exchange, I encrypt all the data in the body of the HTTP message. So the AES key is generated for each communication, while the RSA key is generated by the server at the first boot.

How does the authentication work?

In order to authenticate, the client uses one 4 digit code that the server print in the home directory, after the client makes the authentication the server make on a json web token that is necessary for each communication with the server. I decided to print the code in the home directory because if the server is running on the same computer as the client the user can read it, but the true reason why I chose a code is that you can run this server on raspberry with a 16 chars screen.

How it is possible to have such a light server?

Thanks to Vue I'm able to client side render the web interface, for the database instead I have chosen SQLite. So the server works only to send and receive data from the client and to send static assets like HTML, CSS etc.

About

Web manager for Custom cash register

Topics

nodejs vue fastify tailwindcss evilscan

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages