xiaozhi-esp32-server-java
by joey-zhou
Overview
Provides backend support and a management platform for smart hardware devices, focusing on AI-powered voice interaction, device management, and IoT control.
Installation
docker-compose up -dEnvironment Variables
- WECHAT_APPID
- WECHAT_SECRET
- SMS_ALIYUN_ACCESS_KEY_ID
- SMS_ALIYUN_ACCESS_KEY_SECRET
- SMS_ALIYUN_SIGN_NAME
- SMS_ALIYUN_TEMPLATE_CODE
- EMAIL_SMTP_USERNAME
- EMAIL_SMTP_PASSWORD
- SPRING_DATASOURCE_URL
- SPRING_DATASOURCE_USERNAME
- SPRING_DATASOURCE_PASSWORD
- SPRING_REDIS_HOST
- SPRING_REDIS_PORT
- SPRING_REDIS_PASSWORD
- SPRING_REDIS_DATABASE
- XIAOZHI_UPLOAD_PATH
- VAD_MODEL_PATH
Security Notes
A critical security vulnerability exists in `WebSocketHandler.java` where device authentication is commented out, allowing any device with a known `device-id` to connect without a valid token. The frontend code (`web/src/utils/jsencrypt.ts`) contains hardcoded RSA public and private keys, which is a significant client-side security risk if used for anything beyond local storage convenience. File upload functionality (`FileUploadController.java`) allows configurable upload paths, which could be exploited for arbitrary file writes if the target directory is not properly secured on the server. The application uses Spring Security/Sa-Token for API authentication, which is generally good, but this does not cover the unauthenticated WebSocket endpoint.
Similar Servers
xiaozhi-esp32-server
This project provides a comprehensive backend service for ESP32-based intelligent terminal devices, enabling AI interaction, device control, voice recognition, and managing various smart features through MQTT, Websocket, and custom MCP protocols.
ha-mcp
Provides AI agents with complete control over Home Assistant via REST and WebSocket APIs, offering a comprehensive suite of tools for smart home management, automation, and debugging.
IntelliConnect
An intelligent IoT platform enabling AI agent development, supporting various large language models, knowledge bases, voice applications, and device management for smart hardware like ESP-32.
advanced-homeassistant-mcp
A powerful, secure, and extensible Model Context Protocol (MCP) server that enables AI assistants like Claude, GPT, and Cursor to seamlessly interact with Home Assistant. Control your lights, climate, automations, and more through natural language commands.