Add flags for meshtasticd connection and self-signed cert support

- Revert default port to 4403 (original behavior)
- Add --port/-P flag to specify custom HTTP port
- Add --tls/-T flag to use HTTPS
- Add --insecure/-k flag to accept self-signed SSL certificates
- Update README with examples for meshtasticd connections
- Note that meshtasticd webserver must be enabled (port 8080)

Author: statico

README.md

@@ -94,9 +94,36 @@ Options:
   --skip-nodes       Skip downloading node database (faster connect)
   --meshview, -m     MeshView URL for packet/node links
   --fahrenheit, -F   Display temperatures in Fahrenheit
+  --port, -P         HTTP port number (default: 4403 if no port in address)
+  --tls, -T          Use HTTPS instead of HTTP
+  --insecure, -k     Accept self-signed SSL certificates
   --help, -h         Show help
 ```
 
+### Examples
+
+Connect to a Meshtastic device (default port 4403):
+```sh
+meshtastic-cli 192.168.0.123
+```
+
+Connect to meshtasticd HTTP API (port 8080 with HTTPS):
+```sh
+meshtastic-cli 127.0.0.1 --port 8080 --tls --insecure
+```
+
+> **Note:** meshtasticd servers need to have the webserver enabled. The webserver typically runs on port 8080 with HTTPS. Check your meshtasticd configuration to ensure the webserver is enabled.
+
+Connect to a device on a custom port:
+```sh
+meshtastic-cli 192.168.1.100 --port 8080
+```
+
+Connect with HTTPS and accept self-signed certificate:
+```sh
+meshtastic-cli example.com --tls --insecure
+```
+
 ## Message Status Indicators
 
 In Chat and DM views, messages show delivery status:

src/index.ts

@@ -109,6 +109,9 @@ let meshViewUrl: string | undefined;
 let useFahrenheit = false;
 let enableLogging = true;
 let packetLimit = 1000;
+let httpPort: number | undefined;
+let useTls = false;
+let insecure = false;
 
 for (let i = 0; i < args.length; i++) {
   const arg = args[i];
@@ -148,6 +151,22 @@ for (let i = 0; i < args.length; i++) {
       process.exit(1);
     }
     packetLimit = limit;
+  } else if (arg === "--port" || arg === "-P") {
+    const portArg = args[++i];
+    if (!portArg) {
+      console.error("--port requires a port number");
+      process.exit(1);
+    }
+    const port = parseInt(portArg, 10);
+    if (isNaN(port) || port < 1 || port > 65535) {
+      console.error("Port must be between 1 and 65535");
+      process.exit(1);
+    }
+    httpPort = port;
+  } else if (arg === "--tls" || arg === "-T") {
+    useTls = true;
+  } else if (arg === "--insecure" || arg === "-k") {
+    insecure = true;
   } else if (arg === "--help" || arg === "-h") {
     console.log(`
 Meshtastic CLI Viewer
@@ -165,6 +184,9 @@ Options:
   --meshview, -m        MeshView URL for packet/node links (default: from settings or disabled)
   --fahrenheit, -F      Display temperatures in Fahrenheit instead of Celsius
   --packet-limit, -p    Maximum packets to store in database (default: 1000)
+  --port, -P            HTTP port number (default: 4403 if no port in address)
+  --tls, -T             Use HTTPS instead of HTTP
+  --insecure, -k        Accept self-signed SSL certificates
   --enable-logging, -L  Enable verbose logging to ~/.config/meshtastic-cli/log
   --help, -h            Show this help message
 `);
@@ -239,6 +261,9 @@ const { waitUntilExit } = render(
     skipNodes,
     meshViewUrl: resolvedMeshViewUrl,
     useFahrenheit,
+    httpPort,
+    useTls,
+    insecure,
   })
 );
 

src/transport/http.ts

@@ -6,6 +6,32 @@ import { validateUrl } from "../utils/safe-exec";
 const POLL_INTERVAL_MS = parseInt(process.env.MESHTASTIC_POLL_INTERVAL_MS || "3000", 10);
 const TIMEOUT_MS = parseInt(process.env.MESHTASTIC_TIMEOUT_MS || "5000", 10);
 
+// Helper to check if URL is localhost (for self-signed cert handling)
+function isLocalhost(url: string): boolean {
+  try {
+    const parsed = new URL(url);
+    const hostname = parsed.hostname.toLowerCase();
+    return hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1" || hostname.startsWith("127.") || hostname === "[::1]";
+  } catch {
+    return false;
+  }
+}
+
+// Helper to create fetch options with TLS configuration for self-signed certs
+function getFetchOptions(url: string, insecure: boolean, additionalOptions: RequestInit = {}): RequestInit {
+  const options: RequestInit = { ...additionalOptions };
+  
+  // Accept self-signed certificates if insecure flag is set or if connecting to localhost
+  if (url.startsWith("https://") && (insecure || isLocalhost(url))) {
+    // Bun's fetch supports tls option to configure TLS
+    (options as any).tls = {
+      rejectUnauthorized: false,
+    };
+  }
+  
+  return options;
+}
+
 // Validate timeout values
 if (isNaN(POLL_INTERVAL_MS) || POLL_INTERVAL_MS < 100 || POLL_INTERVAL_MS > 60000) {
   throw new Error(`Invalid POLL_INTERVAL_MS: ${process.env.MESHTASTIC_POLL_INTERVAL_MS}. Must be between 100 and 60000`);
@@ -16,6 +42,7 @@ if (isNaN(TIMEOUT_MS) || TIMEOUT_MS < 1000 || TIMEOUT_MS > 60000) {
 
 export class HttpTransport implements Transport {
   private url: string;
+  private insecure: boolean;
   private running = false;
   private outputs: DeviceOutput[] = [];
   private resolvers: Array<(value: IteratorResult<DeviceOutput>) => void> = [];
@@ -24,11 +51,12 @@ export class HttpTransport implements Transport {
   private consecutiveErrors = 0;
   private readonly MAX_CONSECUTIVE_ERRORS = 10;
 
-  constructor(url: string) {
+  constructor(url: string, insecure = false) {
     this.url = url.replace(/\/$/, "");
+    this.insecure = insecure;
   }
 
-  static async create(address: string, tls = false): Promise<HttpTransport> {
+  static async create(address: string, tls = false, port?: number, insecure = false): Promise<HttpTransport> {
     // Validate address format
     try {
       // Basic validation - address should not contain protocol
@@ -40,7 +68,26 @@ export class HttpTransport implements Transport {
       throw error;
     }
 
-    const url = `${tls ? "https" : "http"}://${address}`;
+    // Check if address already includes a port
+    const hasPort = /:\d+$/.test(address) || /]:\d+$/.test(address);
+    let addressWithPort = address;
+    let useTlsFlag = tls;
+    
+    if (!hasPort) {
+      // If no port in address, use provided port or default to 4403
+      const defaultPort = port || 4403;
+      addressWithPort = `${address}:${defaultPort}`;
+    }
+    // If port is provided via flag but address also has a port, flag takes precedence
+    else if (port) {
+      // Extract hostname/IP from address
+      const hostnameMatch = address.match(/^(.+):\d+$/);
+      if (hostnameMatch) {
+        addressWithPort = `${hostnameMatch[1]}:${port}`;
+      }
+    }
+
+    const url = `${useTlsFlag ? "https" : "http"}://${addressWithPort}`;
 
     // Validate the constructed URL
     try {
@@ -50,20 +97,16 @@ export class HttpTransport implements Transport {
       throw error;
     }
 
-    Logger.info("HttpTransport", "Attempting connection", { address, tls, url });
-    try {
-      await fetch(`${url}/api/v1/fromradio`, {
-        method: "GET",
-        signal: AbortSignal.timeout(TIMEOUT_MS),
-      });
-      Logger.info("HttpTransport", "Connection successful", { url });
-      const transport = new HttpTransport(url);
-      transport.startPolling();
-      return transport;
-    } catch (error) {
-      Logger.error("HttpTransport", "Connection failed", error as Error, { url });
-      throw error;
-    }
+    Logger.info("HttpTransport", "Attempting connection", { address, tls: useTlsFlag, url });
+    
+    // Skip strict connection test - start polling immediately
+    // The polling loop will handle connection errors gracefully
+    // This is more resilient for cases where the server accepts connections
+    // but endpoints may hang or require specific conditions
+    Logger.info("HttpTransport", "Starting transport (connection will be verified during polling)", { url, insecure });
+    const transport = new HttpTransport(url, insecure);
+    transport.startPolling();
+    return transport;
   }
 
   private startPolling() {
@@ -87,11 +130,11 @@ export class HttpTransport implements Transport {
         let batchCount = 0;
         while (gotPacket && this.running && batchCount < 50) {
           Logger.debug("HttpTransport", "Polling for packets", { url: `${this.url}/api/v1/fromradio` });
-          const response = await fetch(`${this.url}/api/v1/fromradio?all=false`, {
+          const response = await fetch(`${this.url}/api/v1/fromradio?all=false`, getFetchOptions(this.url, this.insecure, {
             method: "GET",
             headers: { Accept: "application/x-protobuf" },
             signal: AbortSignal.timeout(TIMEOUT_MS),
-          });
+          }));
 
           if (!response.ok) {
             Logger.warn("HttpTransport", "HTTP error response", { status: response.status, statusText: response.statusText });
@@ -197,12 +240,12 @@ export class HttpTransport implements Transport {
   async send(data: Uint8Array): Promise<void> {
     Logger.info("HttpTransport", "Sending packet", { size: data.byteLength, url: `${this.url}/api/v1/toradio` });
     try {
-      const response = await fetch(`${this.url}/api/v1/toradio`, {
+      const response = await fetch(`${this.url}/api/v1/toradio`, getFetchOptions(this.url, this.insecure, {
         method: "PUT",
         headers: { "Content-Type": "application/x-protobuf" },
         body: Buffer.from(data),
         signal: AbortSignal.timeout(TIMEOUT_MS),
-      });
+      }));
       if (!response.ok) {
         Logger.error("HttpTransport", "Send failed", undefined, { status: response.status, statusText: response.statusText });
         throw new Error(`HTTP ${response.status}`);
@@ -229,11 +272,11 @@ export class HttpTransport implements Transport {
     // Try /json/nodes endpoint to find local node (node with hopsAway=0 or smallest num)
     Logger.debug("HttpTransport", "Fetching owner info", { url: `${this.url}/json/nodes` });
     try {
-      const response = await fetch(`${this.url}/json/nodes`, {
+      const response = await fetch(`${this.url}/json/nodes`, getFetchOptions(this.url, this.insecure, {
         method: "GET",
         headers: { Accept: "application/json" },
         signal: AbortSignal.timeout(TIMEOUT_MS),
-      });
+      }));
       if (!response.ok) {
         Logger.warn("HttpTransport", "Failed to fetch owner", { status: response.status });
         return null;

src/ui/App.tsx

@@ -95,9 +95,12 @@ interface AppProps {
   skipNodes?: boolean;
   meshViewUrl?: string;
   useFahrenheit?: boolean;
+  httpPort?: number;
+  useTls?: boolean;
+  insecure?: boolean;
 }
 
-export function App({ address, packetStore, nodeStore, skipConfig = false, skipNodes = false, meshViewUrl, useFahrenheit = false }: AppProps) {
+export function App({ address, packetStore, nodeStore, skipConfig = false, skipNodes = false, meshViewUrl, useFahrenheit = false, httpPort, useTls = false, insecure = false }: AppProps) {
   const { exit } = useApp();
   const { stdout } = useStdout();
   const [transport, setTransport] = useState<Transport | null>(null);
@@ -153,7 +156,7 @@ export function App({ address, packetStore, nodeStore, skipConfig = false, skipN
     Logger.info("App", "Initiating device connection", { address });
     (async () => {
       try {
-        const t = await HttpTransport.create(address);
+        const t = await HttpTransport.create(address, useTls, httpPort, insecure);
         if (!cancelled) {
           Logger.info("App", "Transport created successfully", { address });
           setTransport(t);