esp8266-react-framework/src/SecurityManager.cpp

#include <SecurityManager.h>

SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) {
  server->on(USERS_PATH, HTTP_GET, std::bind(&SecurityManager::fetchUsers, this, std::placeholders::_1));
}

SecurityManager::~SecurityManager() {}

void SecurityManager::readFromJsonObject(JsonObject& root) {
  // secret  
  _jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET;

  // roles
  _roles.clear();
  if (root["roles"].is<JsonArray>()) {
    JsonArray roles = root["roles"];
    for (JsonVariant role : roles) {
      _roles.push_back(role.as<String>());
    }
  }

  // users
  _users.clear();
  if (root["users"].is<JsonArray>()) {
    JsonArray users = root["users"];
    for (JsonVariant user : users) {
      String username =  user["username"];
      String password = user["password"];
      String role = user["role"];
      _users.push_back(User(username, password, role));
    }
  }
}

void SecurityManager::writeToJsonObject(JsonObject& root) {
  // secret
  root["jwt_secret"] = _jwtSecret;

  // roles
  JsonArray roles = root.createNestedArray("roles");
  for (String _role : _roles) {
    roles.add(_role);
  }

  // users
  JsonArray users = root.createNestedArray("users");
  for (User _user : _users) {
    JsonObject user = users.createNestedObject();
    user["username"] = _user.getUsername();
    user["password"] = _user.getPassword();
    user["role"] = _user.getRole();
  }
}

void SecurityManager::fetchUsers(AsyncWebServerRequest *request) {
  AsyncJsonResponse * response = new AsyncJsonResponse(MAX_USERS_SIZE);
  JsonObject jsonObject = response->getRoot();  
  writeToJsonObject(jsonObject);
  response->setLength();
  request->send(response);
}

void SecurityManager::begin() {
  // read config
  readFromFS();

  // configure secret
  jwtHandler.setSecret(_jwtSecret);
}

Authentication SecurityManager::authenticateRequest(AsyncWebServerRequest *request) {
  AsyncWebHeader* authorizationHeader = request->getHeader(AUTHORIZATION_HEADER);
  if (authorizationHeader) {
    String value = authorizationHeader->value();
    value.startsWith(AUTHORIZATION_HEADER_PREFIX);
    value = value.substring(AUTHORIZATION_HEADER_PREFIX_LEN);
    return authenticateJWT(value);
  }  
  return Authentication();
}

Authentication SecurityManager::authenticateJWT(String jwt) {
  DynamicJsonDocument payloadDocument(MAX_JWT_SIZE);
  jwtHandler.parseJWT(jwt, payloadDocument);
  if (payloadDocument.is<JsonObject>()) {
    JsonObject parsedPayload = payloadDocument.as<JsonObject>();
    String username = parsedPayload["username"];
    for (User _user : _users) {
      if (_user.getUsername() == username && validatePayload(parsedPayload, &_user)){
        return Authentication(_user);
      }
    }
  }
  return Authentication();
}

Authentication SecurityManager::authenticate(String username, String password) {
  for (User _user : _users) {
    if (_user.getUsername() == username && _user.getPassword() == password){
      return Authentication(_user);
    }
  }
  return Authentication();
}

inline void populateJWTPayload(JsonObject &payload, User *user) {
  payload["username"] = user->getUsername();
  payload["role"] = user->getRole();
}

boolean SecurityManager::validatePayload(JsonObject &parsedPayload, User *user) {
  DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);      
  JsonObject payload = _jsonDocument.to<JsonObject>();
  populateJWTPayload(payload, user);
  return payload == parsedPayload;
}

String SecurityManager::generateJWT(User *user) {
  DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);      
  JsonObject payload = _jsonDocument.to<JsonObject>();
  populateJWTPayload(payload, user);
  return jwtHandler.buildJWT(payload);
}
Start work on security manager 2019-04-29 23:30:43 +00:00			`#include <SecurityManager.h>`

			`SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) {`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`server->on(USERS_PATH, HTTP_GET, std::bind(&SecurityManager::fetchUsers, this, std::placeholders::_1));`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`

			`SecurityManager::~SecurityManager() {}`

			`void SecurityManager::readFromJsonObject(JsonObject& root) {`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`// secret`
Start work on security manager 2019-04-29 23:30:43 +00:00			`_jwtSecret = root["jwt_secret"] \| DEFAULT_JWT_SECRET;`

playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`// roles`
			`_roles.clear();`
			`if (root["roles"].is<JsonArray>()) {`
			`JsonArray roles = root["roles"];`
			`for (JsonVariant role : roles) {`
			`_roles.push_back(role.as<String>());`
			`}`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`

playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`// users`
			`_users.clear();`
Start work on security manager 2019-04-29 23:30:43 +00:00			`if (root["users"].is<JsonArray>()) {`
			`JsonArray users = root["users"];`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`for (JsonVariant user : users) {`
			`String username = user["username"];`
Start work on security manager 2019-04-29 23:30:43 +00:00			`String password = user["password"];`
			`String role = user["role"];`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`_users.push_back(User(username, password, role));`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`
			`}`
			`}`

			`void SecurityManager::writeToJsonObject(JsonObject& root) {`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`// secret`
			`root["jwt_secret"] = _jwtSecret;`

			`// roles`
			`JsonArray roles = root.createNestedArray("roles");`
			`for (String _role : _roles) {`
			`roles.add(_role);`
			`}`

			`// users`
			`JsonArray users = root.createNestedArray("users");`
			`for (User _user : _users) {`
			`JsonObject user = users.createNestedObject();`
			`user["username"] = _user.getUsername();`
			`user["password"] = _user.getPassword();`
			`user["role"] = _user.getRole();`
			`}`
			`}`

			`void SecurityManager::fetchUsers(AsyncWebServerRequest *request) {`
			`AsyncJsonResponse * response = new AsyncJsonResponse(MAX_USERS_SIZE);`
			`JsonObject jsonObject = response->getRoot();`
			`writeToJsonObject(jsonObject);`
			`response->setLength();`
			`request->send(response);`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`

			`void SecurityManager::begin() {`
add JWT encoding 2019-05-02 23:31:20 +00:00			`// read config`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`readFromFS();`
add JWT encoding 2019-05-02 23:31:20 +00:00
			`// configure secret`
messing around with JWT implementation 2019-05-06 14:50:19 +00:00			`jwtHandler.setSecret(_jwtSecret);`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`

add authentication service 2019-05-18 18:35:27 +00:00			`Authentication SecurityManager::authenticateRequest(AsyncWebServerRequest *request) {`
			`AsyncWebHeader* authorizationHeader = request->getHeader(AUTHORIZATION_HEADER);`
			`if (authorizationHeader) {`
			`String value = authorizationHeader->value();`
			`value.startsWith(AUTHORIZATION_HEADER_PREFIX);`
			`value = value.substring(AUTHORIZATION_HEADER_PREFIX_LEN);`
			`return authenticateJWT(value);`
			`}`
			`return Authentication();`
			`}`

			`Authentication SecurityManager::authenticateJWT(String jwt) {`
			`DynamicJsonDocument payloadDocument(MAX_JWT_SIZE);`
			`jwtHandler.parseJWT(jwt, payloadDocument);`
			`if (payloadDocument.is<JsonObject>()) {`
			`JsonObject parsedPayload = payloadDocument.as<JsonObject>();`
			`String username = parsedPayload["username"];`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`for (User _user : _users) {`
add authentication service 2019-05-18 18:35:27 +00:00			`if (_user.getUsername() == username && validatePayload(parsedPayload, &_user)){`
			`return Authentication(_user);`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`}`
			`}`
			`}`
add authentication service 2019-05-18 18:35:27 +00:00			`return Authentication();`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`Authentication SecurityManager::authenticate(String username, String password) {`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`for (User _user : _users) {`
			`if (_user.getUsername() == username && _user.getPassword() == password){`
add authentication service 2019-05-18 18:35:27 +00:00			`return Authentication(_user);`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`}`
			`}`
add authentication service 2019-05-18 18:35:27 +00:00			`return Authentication();`
			`}`

			`inline void populateJWTPayload(JsonObject &payload, User *user) {`
			`payload["username"] = user->getUsername();`
			`payload["role"] = user->getRole();`
			`}`

			`boolean SecurityManager::validatePayload(JsonObject &parsedPayload, User *user) {`
			`DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);`
			`JsonObject payload = _jsonDocument.to<JsonObject>();`
			`populateJWTPayload(payload, user);`
			`return payload == parsedPayload;`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`

add authentication service 2019-05-18 18:35:27 +00:00			`String SecurityManager::generateJWT(User *user) {`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`DynamicJsonDocument _jsonDocument(MAX_JWT_SIZE);`
add authentication service 2019-05-18 18:35:27 +00:00			`JsonObject payload = _jsonDocument.to<JsonObject>();`
			`populateJWTPayload(payload, user);`
			`return jwtHandler.buildJWT(payload);`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`