Disable OTA updates automatically 60 seconds after device startup

lib/ota/ota.cpp

@@ -23,9 +23,14 @@
 
 #include "ota.h"
 
+const unsigned long bootTime = millis();
+bool enabled = true;
+
 void otaSetup(const char * const otaPassword) {
-    if(otaPassword[0] == '\0')
+    if(otaPassword[0] == '\0') {
+        enabled = false;
         return; // No password set up, disable OTA
+    }
     ArduinoOTA.setPassword(otaPassword);
 
     ArduinoOTA.onStart([]() {
@@ -58,5 +63,13 @@ void otaSetup(const char * const otaPassword) {
 }
 
 void otaUpdate() {
-    ArduinoOTA.handle();
+    if(enabled) {
+        if(bootTime + 60000 < millis()) {
+            // Disable OTA 60 seconds after boot as protection measure
+            enabled = false;
+            Serial.println("OTA disabled by timeout");
+            return;
+        }
+        ArduinoOTA.handle();
+    }
 }

platformio.ini

@@ -20,4 +20,4 @@ monitor_speed = 115200
 ;upload_protocol = espota
 ;upload_port = 192.168.1.49
 ;upload_flags =
-;  --auth=YOUROTAPASSWORDHERE
+;  --auth=SlimeVR-OTA

src/credentials.h

@@ -21,4 +21,11 @@
     THE SOFTWARE.
 */
 
-const char* otaPassword = ""; // YOUR OTA PASSWORD HERE, LEAVE EMPTY TO DISABLE OTA UPDATES
+// The OTA password is public, server should know it for OTA updates,
+// and devices don't have any authentification anyway.
+// We have password here to prevent random attacks on IOT things
+// that might try to hack all esp-based devices and upload malictious
+// firmware. We don't have any hardware buttons for the user to confirm
+// OTA update, so this is the best way we have.
+// OTA is allowed only for the first 60 seconds after device startup.
+const char* otaPassword = "SlimeVR-OTA"; // YOUR OTA PASSWORD HERE, LEAVE EMPTY TO DISABLE OTA UPDATES