2019-04-30 22:49:28 +00:00
|
|
|
#ifndef SecurityManager_h
|
|
|
|
#define SecurityManager_h
|
|
|
|
|
|
|
|
#include <list>
|
2019-04-29 23:30:43 +00:00
|
|
|
|
|
|
|
#include <SettingsService.h>
|
|
|
|
#include <DNSServer.h>
|
|
|
|
#include <IPAddress.h>
|
2019-05-06 14:50:19 +00:00
|
|
|
#include <ArduinoJsonJWT.h>
|
2019-04-29 23:30:43 +00:00
|
|
|
|
|
|
|
#define DEFAULT_JWT_SECRET "esp8266-react"
|
|
|
|
|
|
|
|
#define SECURITY_SETTINGS_FILE "/config/securitySettings.json"
|
2019-04-30 22:49:28 +00:00
|
|
|
|
|
|
|
#define USERS_PATH "/rest/users"
|
2019-05-18 18:35:27 +00:00
|
|
|
|
|
|
|
#define AUTHORIZATION_HEADER "Authorization"
|
|
|
|
#define AUTHORIZATION_HEADER_PREFIX "Bearer "
|
|
|
|
#define AUTHORIZATION_HEADER_PREFIX_LEN 7
|
2019-04-29 23:30:43 +00:00
|
|
|
|
2019-05-02 23:31:20 +00:00
|
|
|
#define MAX_JWT_SIZE 128
|
|
|
|
#define MAX_SECURITY_MANAGER_SETTINGS_SIZE 512
|
2019-04-29 23:30:43 +00:00
|
|
|
#define SECURITY_MANAGER_MAX_USERS 5
|
|
|
|
|
2019-04-30 22:49:28 +00:00
|
|
|
#define MAX_USERS_SIZE 1024
|
2019-04-29 23:30:43 +00:00
|
|
|
|
|
|
|
class User {
|
|
|
|
private:
|
|
|
|
String _username;
|
|
|
|
String _password;
|
2019-05-24 11:19:27 +00:00
|
|
|
std::list<String> _roles;
|
2019-04-29 23:30:43 +00:00
|
|
|
public:
|
2019-05-24 11:19:27 +00:00
|
|
|
User(String username, String password, std::list<String> roles): _username(username), _password(password), _roles(roles) {}
|
2019-04-29 23:30:43 +00:00
|
|
|
String getUsername() {
|
|
|
|
return _username;
|
|
|
|
}
|
|
|
|
String getPassword() {
|
|
|
|
return _password;
|
|
|
|
}
|
2019-05-24 11:19:27 +00:00
|
|
|
std::list<String> getRoles() {
|
|
|
|
return _roles;
|
2019-04-29 23:30:43 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2019-05-15 23:19:41 +00:00
|
|
|
class Authentication {
|
|
|
|
private:
|
2019-05-18 18:35:27 +00:00
|
|
|
User *_user;
|
2019-05-15 23:19:41 +00:00
|
|
|
boolean _authenticated;
|
|
|
|
public:
|
2019-05-18 18:35:27 +00:00
|
|
|
Authentication(User& user): _user(new User(user)), _authenticated(true) {}
|
|
|
|
Authentication() : _user(NULL), _authenticated(false) {}
|
|
|
|
~Authentication() {
|
|
|
|
if (_user != NULL){
|
|
|
|
delete(_user);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
User* getUser() {
|
2019-05-15 23:19:41 +00:00
|
|
|
return _user;
|
|
|
|
}
|
|
|
|
bool isAuthenticated() {
|
|
|
|
return _authenticated;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2019-05-24 11:19:27 +00:00
|
|
|
class SecurityManager : public SettingsService {
|
2019-04-29 23:30:43 +00:00
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
SecurityManager(AsyncWebServer* server, FS* fs);
|
|
|
|
~SecurityManager();
|
|
|
|
|
|
|
|
void begin();
|
|
|
|
|
2019-05-02 23:31:20 +00:00
|
|
|
/*
|
2019-05-18 18:35:27 +00:00
|
|
|
* Authenticate, returning the user if found
|
2019-05-02 23:31:20 +00:00
|
|
|
*/
|
2019-05-18 18:35:27 +00:00
|
|
|
Authentication authenticate(String username, String password);
|
2019-05-02 23:31:20 +00:00
|
|
|
|
|
|
|
/*
|
2019-05-18 18:35:27 +00:00
|
|
|
* Check the request header for the Authorization token
|
2019-05-02 23:31:20 +00:00
|
|
|
*/
|
2019-05-18 18:35:27 +00:00
|
|
|
Authentication authenticateRequest(AsyncWebServerRequest *request);
|
|
|
|
|
2019-05-02 23:31:20 +00:00
|
|
|
/*
|
|
|
|
* Generate a JWT for the user provided
|
|
|
|
*/
|
2019-05-18 18:35:27 +00:00
|
|
|
String generateJWT(User *user);
|
2019-04-29 23:30:43 +00:00
|
|
|
|
|
|
|
protected:
|
|
|
|
|
|
|
|
void readFromJsonObject(JsonObject& root);
|
|
|
|
void writeToJsonObject(JsonObject& root);
|
|
|
|
|
|
|
|
private:
|
2019-05-02 23:31:20 +00:00
|
|
|
// jwt handler
|
|
|
|
ArduinoJsonJWT jwtHandler = ArduinoJsonJWT(DEFAULT_JWT_SECRET);
|
2019-04-29 23:30:43 +00:00
|
|
|
|
|
|
|
// access point settings
|
|
|
|
String _jwtSecret;
|
2019-04-30 22:49:28 +00:00
|
|
|
std::list<String> _roles;
|
|
|
|
std::list<User> _users;
|
|
|
|
|
|
|
|
// endpoint functions
|
|
|
|
void fetchUsers(AsyncWebServerRequest *request);
|
2019-05-18 18:35:27 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Lookup the user by JWT
|
|
|
|
*/
|
|
|
|
Authentication authenticateJWT(String jwt);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Verify the payload is correct
|
|
|
|
*/
|
|
|
|
boolean validatePayload(JsonObject &parsedPayload, User *user);
|
|
|
|
|
2019-04-29 23:30:43 +00:00
|
|
|
};
|
|
|
|
|
2019-04-30 22:49:28 +00:00
|
|
|
#endif // end SecurityManager_h
|