# Eirik?
- eiriksm on drupal.org
- Works at Ny Media (Trondheim, Norway)
- Developer
- Beer nerd (although not beer snob)
- Not so good at soldering
# Internet of things?
> The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data.
# What we will cover
- Communication patterns / flow
- Authentication and security
- Animated GIFs, blinking LEDs, cats and dogs.
## What we will not cover
### Other ways to do Drupal and IoT
- Install Drupal on a Raspberry Pi
- Attach some wires
- Enable Php module
- create a node with PHP filter that reads $_GET
- Run `exec("sudo ...");`
- ...?
- Profit?
To demo or not to demo?
## Pros
- What could possibly go wrong?
## Cons
- That's a horrible idea
# 1st demo
## Offline status checker (esp8266 and LED)
[Video demo](video/offline-online.mp4)
# What happens here?
- Not a very smart "thing".
- One-way communication (Drupal site does not know what requests it)
- Only checks the status code (200 or not).
- Turns on LED based on status code.
- Not very Drupal specific.
- Uses no authentication (no secret data is used, status code is "public")
# 2nd demo
## Toggle maintenance mode with a TV remote.
[Video demo](video/remote-offline.mp4)
# What happens here?
- Microcontroller receives IR signal.
- Makes a request to a Drupal site, that has a path exposed to toggle maintenance mode.
- Request uses session cookie to authenticate.
- Kind of "headless" interaction with the Drupal site (we will expand on this later).
# Pros and cons about session authentication.
## Pros
- Easy to set up.
- Uses the same permission system as the regular front-end.
## Cons
- Not persistent (time based).
- Follows the browser session (if you log out of the browser, the "thing" will be logged out).
- If session gets compromised, all permissons with that user gets available to attacker. You don't compromise an endpoint, but a user.
### Reminder #1
# ALWAYS USE HTTPS
# 3rd demo
## Headless and decoupled "thing" counting nodes.
[Video demo](video/count-nodes.mp4)
# What happens here?
- Drupal saves a node, publishes a key in Redis.
- Counter is communicating with a node.js server that listens for a key in Redis.
- Upon change, query the "rest-version" of the front page and count number of nodes.
- Rest query is as anonymous user, so it reflects the state of the frontpage (published/promoted).
## Both decoupled and headless
# 4th demo
## Raspberry Pi monitoring temperatures and posting them as nodes.
[Video demo](video/post-temp.mp4)
# What happens here?
- Raspberry Pi senses temperature.
- Every 3 minutes (and on start) it sends the temperature to an endpoint using an API key.
- API keys are per user. If they are valid, a node is posted.
# Pros and cons about API keys.
## Pros
- If key is compromised, the key only gives access to one specific thing (not the whole permission system and thus the user).
- Keys can be regenerated system-wide and per user.
- Keys can be persistent and with no relation to user sessions.
## Cons
- Still can be sniffed over plain HTTP.
# 5th demo
## Arduino node analysis, post TV remote off signal when a picture of a dog appears.
[Video demo](video/node-dog-offline.mp4)
# What happens here?
- Arduino superspeed processor does a GIF frame by frame analysis and recognises a dog in the GIF. Sends a NUKE LAZER command that reaches all the way to London (where the server is) and melts down the server farm of Linode.
- ^^ (Just kidding).
- Same decoupled node.js backend receives the node title as a key, find the word "dog" in it.
- When "dog" is found, an IR signal is sent out (corresponding to a certain TV on/off toggle button)
- Ardiuno does not care what receives the signal, so it is picked up and the toggle maintenance mode is sent.
- The offline LED monitor picks up the offline mode of the site.
# Some thoughts on dependencies on devices, services and Drupal in general
- The Drupal site does not care who listens to a key, it just publishes something to redis.
- The node.js backend does not care where the redis publish came from. It just relays information.
- The Arduino does not care if the data it receives comes from Drupal or the node.js backend. Nor does it care if the IR signal is sent to a TV.
- The Tessel does not care about if the signal comes from a remote. Nor does it care if the toggle request is for a Drupal site.
- The Drupal site does not care about the origin of the toggle request, it only cares about authentication.
- The status monitoring does not care about anything at all.
# 6th demo
## Voice recognition, post a node based on this, with a picture, via the REST module.
[Video demo](video/voice-recognition.mp4)
- A "thing" is recording and upon silence is doing voice analysis of last recording.
- If the word "cat" or "dog" is found, a node posting starts:
- POST a new file entity via REST module (REST endpoint for file)
- POST a new node entity via REST module, and attach the newly created file (REST endpoint for node).
- The node has a title based on keyword (for example "a picture of a dog".
- If the word "dog" is in the title, the IR signal for TV on/off is sent.
- If the IR signal for TV ond/off is sent, request is sent for maintenance mode toggle on/off.
- If maintenance mode is enabled, status checker goes red.
# Autentication via REST module
- Uses the Basic auth module in core.
- Does not "interfere" with regular user sessions.
- Will (in theory) only provide access to REST resources if compromised.
- (although since this is basic auth you are basically giving away your password as well)
- Super important (still) with https.
# Take aways?
- Always, *always* use https.
- Different strategies for autentication and security
- Different patterns for communicating.
- Drupal 8 is awesome.
- Use https.
- Eirik is not very good at soldering.
- This upcoming gif
# Thanks!
- [ESP8266 offline/online LED](https://github.com/eiriksm/drupal-offline-status-gpio-esp)
- [TV remote to maintenance mode](https://github.com/eiriksm/tessel-ir-to-drupal)
- [The 7-segment node counter](https://github.com/eiriksm/segment-node-counter)
- [node.js server for monitoring redis key publishing](https://github.com/eiriksm/redis-key-poller)
- [Raspberry Pi temp poster](https://github.com/eiriksm/raspberry-temp-to-drupal)
- [API keys REST plugin](https://github.com/eiriksm/api_keys)
- [Send on/off on a picture of a dog](https://github.com/eiriksm/node-poller-send-ir)
- [Voice recognition to REST with a picture](https://github.com/eiriksm/voice-to-drupal-node)
- [Issue for base64 encoded data for file REST endpoint](https://www.drupal.org/node/1927648)