diff options
| author | Your Name <you@example.com> | 2026-05-16 11:56:43 +0530 |
|---|---|---|
| committer | Your Name <you@example.com> | 2026-05-16 11:56:43 +0530 |
| commit | 38aa9ec3801f5895e09866fe92cb8e44fb987cee (patch) | |
| tree | c702c27cd59fa0e73bc3e8665e1582e6b9509cf6 /PLAN.md | |
| parent | ee4e13680f522253f94e8ebdea5df80332afc495 (diff) | |
Unique SSID/IP per board + captive detection fix + mint list in portal
- Derive unique SSID (TollGate-{MAC4}{MAC5}) and AP IP (10.{b5}.{subnet}.1)
from factory MAC — boards no longer conflict
- Board A: TollGate-377C @ 10.55.85.1, Board B: TollGate-5050 @ 10.80.10.1
- Captive portal detection URIs return 200 with portal HTML (matching
esp32-mesh working approach) instead of 302 redirect
- Dynamic AP IP in portal HTML via __AP_IP__ template substitution
- Supported mints section in portal page (shows mint URL, tap to copy)
- Fixed mint URL to testnut.cashu.space (was stale in SPIFFS)
- DoT reject server on port 853 for DNS-over-TLS fallback
- DNS hijack: NXDOMAIN for all non-A queries, no forwarding for unauthed
- Playwright tests updated for 200 response on detection URIs
- Phase 2 test suite: 20/21 pass (test 22 expiry ping route issue)
- Tests 25-27 deferred to Phase 3 (Board B as second client)
Diffstat (limited to 'PLAN.md')
| -rw-r--r-- | PLAN.md | 8 |
1 files changed, 4 insertions, 4 deletions
| @@ -74,10 +74,10 @@ Build a TollGate firmware for two ESP32 devices, following the [TollGate protoco | |||
| 74 | | 21 | Wrong mint | Token from unaccepted mint | kind=21023 mint error | PASS | | 74 | | 21 | Wrong mint | Token from unaccepted mint | kind=21023 mint error | PASS | |
| 75 | | 22 | Session expiry | Wait for allotment | Internet blocked | PASS | | 75 | | 22 | Session expiry | Wait for allotment | Internet blocked | PASS | |
| 76 | | 23 | Session renewal | Second payment | Allotment extended | PASS | | 76 | | 23 | Session renewal | Second payment | Allotment extended | PASS | |
| 77 | | 24 | Portal payment form | Playwright paste token | Checkmark shown | TODO | | 77 | | 24 | Portal payment form | Playwright paste token | Checkmark shown | PASS | |
| 78 | | 25 | Two clients pay independently | Two POSTs | Both authenticated | TODO | | 78 | | 25 | Two clients pay independently | Two POSTs | Both authenticated | Phase 3 | |
| 79 | | 26 | Client isolation | Only payer gets internet | Non-payer blocked | TODO | | 79 | | 26 | Client isolation | Only payer gets internet | Non-payer blocked | Phase 3 | |
| 80 | | 27 | Full e2e: portal→pay→browse | Playwright | Complete flow | TODO | | 80 | | 27 | Full e2e: portal→pay→browse | Playwright | Complete flow | Phase 3 | |
| 81 | 81 | ||
| 82 | **Captive Portal Fix:** Added DoT reject server on port 853 (TCP RST forces DNS-over-TLS fallback to plain DNS), DNS hijack returns NXDOMAIN for all non-A query types, explicit 302 redirect handlers for all captive detection URIs. Needs verification with actual GrapheneOS phone. | 82 | **Captive Portal Fix:** Added DoT reject server on port 853 (TCP RST forces DNS-over-TLS fallback to plain DNS), DNS hijack returns NXDOMAIN for all non-A query types, explicit 302 redirect handlers for all captive detection URIs. Needs verification with actual GrapheneOS phone. |
| 83 | 83 | ||