gohab
Verified Safeby mbocsi
Overview
A message-based home automation server for managing IoT devices and sensors using capabilities and pub/sub messaging.
Installation
No command providedSecurity Notes
The server's WebSocket transport (`server/wsTransport.go`) explicitly sets `CheckOrigin: func(r *http.Request) bool { return true }` for its `websocket.Upgrader`. This setting bypasses all CORS origin checks, meaning any website could potentially connect to the WebSocket server. While this might be acceptable for a server strictly intended for local network use (as suggested by the 'home automation' context), it is a significant security risk if the server were to be exposed to the public internet without additional layers of authentication or network protection. No direct code injection (e.g., 'eval') or obvious hardcoded secrets were found. JSON parsing is handled by the standard library, which is generally robust.
Similar Servers
xiaozhi-esp32-server
Provides a robust backend service for the Xiaozhi ESP32 intelligent terminal hardware, enabling AI assistant functionalities such as voice recognition, natural language processing, knowledge base integration, voice cloning, and device control through MQTT, Websocket, and MCP protocols.
xiaozhi-esp32-server-java
Java backend for smart hardware (ESP32) devices, providing powerful backend support, an intuitive management interface, and acting as a voice-controlled intelligent assistant.
ha-mcp
A Model Context Protocol (MCP) server that provides AI agents with comprehensive control and monitoring capabilities for Home Assistant through REST API and WebSocket integration, offering over 20 enhanced tools for smart home management and automation.
advanced-homeassistant-mcp
A Model Context Protocol (MCP) server that enables AI assistants (like Claude, GPT, Cursor) to seamlessly interact with Home Assistant, allowing control of smart home devices through natural language commands.