nova
/
esp8266-react-framework
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Fork of the excellent esp8266-react - https://github.com/rjwats/esp8266-react
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
240 Commits
1 Branch
0 Tags
4.4 MiB
Tree: 681b9f67cf
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '681b9f67cf'
${ noResults }
esp8266-react-framework/lib/framework/SecurityManager.h

97 lines
2.6 KiB
Raw Normal View History

playing with some ideas for security management
5 years ago
messing around with JWT implementation
5 years ago
add security to all admin endpoints
5 years ago
Factory reset feature (#114) Implemented factory-reset feature Extract factory settings into separate ini file Hide reset/factory reset from guest user Co-authored-by: kasedy <kasedy@gmail.com>
4 years ago
Rework backend add MQTT and WebSocket support * Update back end to add MQTT and WebSocket support * Update demo project to demonstrate MQTT and WebSockets * Update documentation to describe newly added and modified functionallity * Introduce separate MQTT pub/sub, HTTP get/post and WebSocket rx/tx classes * Significant reanaming - more accurate class names * Use PROGMEM_WWW as default * Update README documenting PROGMEM_WWW as default * Update README with API changes
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
Start work on security manager
5 years ago
Factory reset feature (#114) Implemented factory-reset feature Extract factory settings into separate ini file Hide reset/factory reset from guest user Co-authored-by: kasedy <kasedy@gmail.com>
4 years ago
Start work on security manager
5 years ago
Rework backend add MQTT and WebSocket support * Update back end to add MQTT and WebSocket support * Update demo project to demonstrate MQTT and WebSockets * Update documentation to describe newly added and modified functionallity * Introduce separate MQTT pub/sub, HTTP get/post and WebSocket rx/tx classes * Significant reanaming - more accurate class names * Use PROGMEM_WWW as default * Update README documenting PROGMEM_WWW as default * Update README with API changes
4 years ago
add authentication service
5 years ago
Start work on security manager
5 years ago
add JWT encoding
5 years ago
Start work on security manager
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
Start work on security manager
5 years ago
WIP - more experimenting with the security manager
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
WIP - more experimenting with the security manager
5 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
Start work on security manager
5 years ago
add security to all admin endpoints
5 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
add security to all admin endpoints
5 years ago
Start work on security manager
5 years ago
add security to all admin endpoints
5 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
Use references & flash strings where approperate (#110) * pass originId as const reference * store strings for serial logging in flash * Use string references where approperate.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
Rework backend add MQTT and WebSocket support * Update back end to add MQTT and WebSocket support * Update demo project to demonstrate MQTT and WebSockets * Update documentation to describe newly added and modified functionallity * Introduce separate MQTT pub/sub, HTTP get/post and WebSocket rx/tx classes * Significant reanaming - more accurate class names * Use PROGMEM_WWW as default * Update README documenting PROGMEM_WWW as default * Update README with API changes
4 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
External config Allow config to be accessed from outside the framework core code.
4 years ago
Rework backend add MQTT and WebSocket support * Update back end to add MQTT and WebSocket support * Update demo project to demonstrate MQTT and WebSockets * Update documentation to describe newly added and modified functionallity * Introduce separate MQTT pub/sub, HTTP get/post and WebSocket rx/tx classes * Significant reanaming - more accurate class names * Use PROGMEM_WWW as default * Update README documenting PROGMEM_WWW as default * Update README with API changes
4 years ago
Start work on security manager
5 years ago
reformat with .clang-format based on google's spec with some minor changes
5 years ago
  1. #ifndef SecurityManager_h
  2. #define SecurityManager_h
  4. #include <ArduinoJsonJWT.h>
  5. #include <ESPAsyncWebServer.h>
  6. #include <ESPUtils.h>
  7. #include <AsyncJson.h>
  8. #include <list>
  10. #ifndef FACTORY_JWT_SECRET
  11. #define FACTORY_JWT_SECRET ESPUtils::defaultDeviceValue()
  12. #endif
  14. #define ACCESS_TOKEN_PARAMATER "access_token"
  16. #define AUTHORIZATION_HEADER "Authorization"
  17. #define AUTHORIZATION_HEADER_PREFIX "Bearer "
  18. #define AUTHORIZATION_HEADER_PREFIX_LEN 7
  20. #define MAX_JWT_SIZE 128
  22. class User {
  23. public:
  24. String username;
  25. String password;
  26. bool admin;
  28. public:
  29. User(String username, String password, bool admin) : username(username), password(password), admin(admin) {
  30. }
  31. };
  33. class Authentication {
  34. public:
  35. User* user;
  36. boolean authenticated;
  38. public:
  39. Authentication(User& user) : user(new User(user)), authenticated(true) {
  40. }
  41. Authentication() : user(nullptr), authenticated(false) {
  42. }
  43. ~Authentication() {
  44. delete (user);
  45. }
  46. };
  48. typedef std::function<boolean(Authentication& authentication)> AuthenticationPredicate;
  50. class AuthenticationPredicates {
  51. public:
  52. static bool NONE_REQUIRED(Authentication& authentication) {
  53. return true;
  54. };
  55. static bool IS_AUTHENTICATED(Authentication& authentication) {
  56. return authentication.authenticated;
  57. };
  58. static bool IS_ADMIN(Authentication& authentication) {
  59. return authentication.authenticated && authentication.user->admin;
  60. };
  61. };
  63. class SecurityManager {
  64. public:
  65. /*
  66. * Authenticate, returning the user if found
  67. */
  68. virtual Authentication authenticate(const String& username, const String& password) = 0;
  70. /*
  71. * Check the request header for the Authorization token
  72. */
  73. virtual Authentication authenticateRequest(AsyncWebServerRequest* request) = 0;
  75. /*
  76. * Generate a JWT for the user provided
  77. */
  78. virtual String generateJWT(User* user) = 0;
  80. /**
  81. * Filter a request with the provided predicate, only returning true if the predicate matches.
  82. */
  83. virtual ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate) = 0;
  85. /**
  86. * Wrap the provided request to provide validation against an AuthenticationPredicate.
  87. */
  88. virtual ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest,
  89. AuthenticationPredicate predicate) = 0;
  91. /**
  92. * Wrap the provided json request callback to provide validation against an AuthenticationPredicate.
  93. */
  94. virtual ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction callback,
  95. AuthenticationPredicate predicate) = 0;
  96. };
  98. #endif // end SecurityManager_h