xiaozhi-esp32-server
Verified Safeby xinnan-tech
Overview
This project provides a comprehensive backend service for ESP32-based intelligent terminal devices, enabling AI interaction, device control, voice recognition, and managing various smart features through MQTT, Websocket, and custom MCP protocols.
Installation
docker-compose up --build -dEnvironment Variables
- VUE_APP_PUBLIC_PATH
- VUE_APP_USE_CDN
- VUE_APP_API_BASE_URL
- VITE_SERVER_BASEURL
- VITE_UPLOAD_BASEURL
- VITE_LOGIN_URL
- XIAOZHI_CONFIG_FILE
- XIAOZHI_MODEL_DIR
- OPENAI_API_KEY
- ALIYUN_ACCESS_KEY_ID
- TENCENT_SECRET_ID
- GEMINI_API_KEY
- COZE_PERSONAL_ACCESS_TOKEN
- HOME_ASSISTANT_API_KEY
Security Notes
The system demonstrates strong security practices including XSS/SQL injection filtering, Shiro for authentication/authorization, and explicit token generation for WebSocket connections. The use of `JSON.parse` on configuration data retrieved from the backend (which typically requires super admin privileges to modify) and base64 encoding of device IP for internal WebSocket usernames are noted, but do not appear to be critical remote vulnerabilities under normal operating conditions given the existing security layers. Secure handling of API keys for integrated AI services is crucial and expected to be managed via environment variables or secure configuration.
Similar Servers
xiaozhi-esp32-server-java
Provides backend support and a management platform for smart hardware devices, focusing on AI-powered voice interaction, device management, and IoT control.
mcp-server-mysql
A backend server application for a Modular Control Platform (MCP) or Microservice Control Plane, likely built with Node.js/TypeScript and integrating with MySQL, potentially featuring AI/LLM evaluation capabilities.
ha-mcp
Provides AI agents with complete control over Home Assistant via REST and WebSocket APIs, offering a comprehensive suite of tools for smart home management, automation, and debugging.
advanced-homeassistant-mcp
A powerful, secure, and extensible Model Context Protocol (MCP) server that enables AI assistants like Claude, GPT, and Cursor to seamlessly interact with Home Assistant. Control your lights, climate, automations, and more through natural language commands.