Close

Access API (current operation)

A project log for CarontePass: Open Access Control

CarontePass is an access control designed for collaborative spaces. Ideal for Hackerspaces, Makerspace, FabLabs, Hacklabs...

torehctorehc 03/27/2016 at 16:270 Comments

Here's how it works now, now asks username and password to access the info.

But I'm already working on a version with access token and under https.

By raising the project I thought many ways to do it, but the scalability thinking I was left with the option of that clients (doors) to be as "dumb / simple" possible.

To achieve this required a part of the powerful server, so I chose Django and ... How to have N doors? How to make it cheaper-single doors possible?

The easy thing would have been to put a guy Raspberry Pi computer-door, but that was not what I wanted (if it was the easiest).

The best option I found was to make an API, which could use different technologies to clients but to run only need an Internet connection to make inquiries.

How does it work now?

A web request to the url defined in Django project is:

yourdomain/api/1/device/code

Explanation:

  1. The client (a door) NFC reader reads and gets the tag.
  2. That tag puts it in "code" and makes the previous request.
  3. The server parses the url, receives the "code" and searches the table of "devices" where all tag IDs are stored.
  4. The tag is an associated usaurio so already has the identidicación.


Here is an example:

django-admin-device

There are a user with Tag "123456" of the NFC type. Passing this NFC reader gets the Tag creates the url and makes the web request:

yourdomain/api/1/device/123456

For the answer we will have to authenticate:

django-api-auth

If you have access to the API devuleve following the Django framework REST:

django-api-response

Responds to the request in JSON format, we parser on the client to get the data that interests us.

For example, to activate the relay to open the door should be fixed in the "result" field. If the user meets the access requirements will result "True" and the relay will be activated.

Now security is not the maximum possible from my point of view, so I'm studying how to implement HTTPS.

Other forms of access


The project leaves open the possibility to add different forms of access.

One may be for Telegram, having the only Chatid each user could search for it using the "/ open" command Bot Telegram. I like it because it is a safe and smart way to enter a space with any device that has application without any extra hardware card carry any type NFC / RFID, etc ...
Previous log

Support for Telegram

03/24/2016 at 16:39 0 comments
Next log

Hardware Scheme

03/29/2016 at 13:00 0 comments

Discussions

Yes, delete it Cancel

Going up?

About Us Contact Hackaday.io Give Feedback Terms of Use Privacy Policy Hackaday API

© 2024 Hackaday