esp8266-react-framework/lib/framework/SecurityManager.h

#ifndef SecurityManager_h
#define SecurityManager_h

#include <Features.h>
#include <ArduinoJsonJWT.h>
#include <ESPAsyncWebServer.h>
#include <ESPUtils.h>
#include <AsyncJson.h>
#include <list>

#ifndef FACTORY_JWT_SECRET
#define FACTORY_JWT_SECRET ESPUtils::defaultDeviceValue()
#endif

#define ACCESS_TOKEN_PARAMATER "access_token"

#define AUTHORIZATION_HEADER "Authorization"
#define AUTHORIZATION_HEADER_PREFIX "Bearer "
#define AUTHORIZATION_HEADER_PREFIX_LEN 7

#define MAX_JWT_SIZE 128

class User {
 public:
  String username;
  String password;
  bool admin;

 public:
  User(String username, String password, bool admin) : username(username), password(password), admin(admin) {
  }
};

class Authentication {
 public:
  User* user;
  boolean authenticated;

 public:
  Authentication(User& user) : user(new User(user)), authenticated(true) {
  }
  Authentication() : user(nullptr), authenticated(false) {
  }
  ~Authentication() {
    delete (user);
  }
};

typedef std::function<boolean(Authentication& authentication)> AuthenticationPredicate;

class AuthenticationPredicates {
 public:
  static bool NONE_REQUIRED(Authentication& authentication) {
    return true;
  };
  static bool IS_AUTHENTICATED(Authentication& authentication) {
    return authentication.authenticated;
  };
  static bool IS_ADMIN(Authentication& authentication) {
    return authentication.authenticated && authentication.user->admin;
  };
};

class SecurityManager {
 public:
#if FT_ENABLED(FT_SECURITY)
  /*
   * Authenticate, returning the user if found
   */
  virtual Authentication authenticate(const String& username, const String& password) = 0;

  /*
   * Generate a JWT for the user provided
   */
  virtual String generateJWT(User* user) = 0;

#endif

  /*
   * Check the request header for the Authorization token
   */
  virtual Authentication authenticateRequest(AsyncWebServerRequest* request) = 0;

  /**
   * Filter a request with the provided predicate, only returning true if the predicate matches.
   */
  virtual ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate) = 0;

  /**
   * Wrap the provided request to provide validation against an AuthenticationPredicate.
   */
  virtual ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest,
                                               AuthenticationPredicate predicate) = 0;

  /**
   * Wrap the provided json request callback to provide validation against an AuthenticationPredicate.
   */
  virtual ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction onRequest,
                                                    AuthenticationPredicate predicate) = 0;
};

#endif  // end SecurityManager_h
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`#ifndef SecurityManager_h`
			`#define SecurityManager_h`

Allow features to be disabled at build time (#143) * Add framework for built-time feature selection * Allow MQTT, NTP, OTA features to be disabled at build time * Allow Project screens to be disabled at build time * Allow security features to be disabled at build time * Switch to std::function for StatefulService function aliases for greater flexibility * Bump various UI lib versions * Update docs 2020-06-09 20:57:44 +00:00			`#include <Features.h>`
messing around with JWT implementation 2019-05-06 14:50:19 +00:00			`#include <ArduinoJsonJWT.h>`
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`#include <ESPAsyncWebServer.h>`
Factory reset feature (#114) Implemented factory-reset feature Extract factory settings into separate ini file Hide reset/factory reset from guest user Co-authored-by: kasedy <kasedy@gmail.com> 2020-05-19 23:32:49 +00:00			`#include <ESPUtils.h>`
Rework backend add MQTT and WebSocket support * Update back end to add MQTT and WebSocket support * Update demo project to demonstrate MQTT and WebSockets * Update documentation to describe newly added and modified functionallity * Introduce separate MQTT pub/sub, HTTP get/post and WebSocket rx/tx classes * Significant reanaming - more accurate class names * Use PROGMEM_WWW as default * Update README documenting PROGMEM_WWW as default * Update README with API changes 2020-05-14 22:23:45 +00:00			`#include <AsyncJson.h>`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`#include <list>`
Start work on security manager 2019-04-29 23:30:43 +00:00
Factory reset feature (#114) Implemented factory-reset feature Extract factory settings into separate ini file Hide reset/factory reset from guest user Co-authored-by: kasedy <kasedy@gmail.com> 2020-05-19 23:32:49 +00:00			`#ifndef FACTORY_JWT_SECRET`
			`#define FACTORY_JWT_SECRET ESPUtils::defaultDeviceValue()`
			`#endif`
Start work on security manager 2019-04-29 23:30:43 +00:00
Rework backend add MQTT and WebSocket support * Update back end to add MQTT and WebSocket support * Update demo project to demonstrate MQTT and WebSockets * Update documentation to describe newly added and modified functionallity * Introduce separate MQTT pub/sub, HTTP get/post and WebSocket rx/tx classes * Significant reanaming - more accurate class names * Use PROGMEM_WWW as default * Update README documenting PROGMEM_WWW as default * Update README with API changes 2020-05-14 22:23:45 +00:00			`#define ACCESS_TOKEN_PARAMATER "access_token"`

add authentication service 2019-05-18 18:35:27 +00:00			`#define AUTHORIZATION_HEADER "Authorization"`
			`#define AUTHORIZATION_HEADER_PREFIX "Bearer "`
			`#define AUTHORIZATION_HEADER_PREFIX_LEN 7`
Start work on security manager 2019-04-29 23:30:43 +00:00
add JWT encoding 2019-05-02 23:31:20 +00:00			`#define MAX_JWT_SIZE 128`
Start work on security manager 2019-04-29 23:30:43 +00:00
			`class User {`
External config Allow config to be accessed from outside the framework core code. 2020-02-01 08:44:26 +00:00			`public:`
			`String username;`
			`String password;`
			`bool admin;`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00
			`public:`
External config Allow config to be accessed from outside the framework core code. 2020-02-01 08:44:26 +00:00			`User(String username, String password, bool admin) : username(username), password(password), admin(admin) {`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`}`
Start work on security manager 2019-04-29 23:30:43 +00:00			`};`

WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`class Authentication {`
External config Allow config to be accessed from outside the framework core code. 2020-02-01 08:44:26 +00:00			`public:`
			`User* user;`
			`boolean authenticated;`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00
			`public:`
External config Allow config to be accessed from outside the framework core code. 2020-02-01 08:44:26 +00:00			`Authentication(User& user) : user(new User(user)), authenticated(true) {`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`}`
External config Allow config to be accessed from outside the framework core code. 2020-02-01 08:44:26 +00:00			`Authentication() : user(nullptr), authenticated(false) {`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`}`
			`~Authentication() {`
External config Allow config to be accessed from outside the framework core code. 2020-02-01 08:44:26 +00:00			`delete (user);`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`}`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`};`

reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`typedef std::function<boolean(Authentication& authentication)> AuthenticationPredicate;`
Start work on security manager 2019-04-29 23:30:43 +00:00
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`class AuthenticationPredicates {`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`public:`
			`static bool NONE_REQUIRED(Authentication& authentication) {`
			`return true;`
			`};`
			`static bool IS_AUTHENTICATED(Authentication& authentication) {`
External config Allow config to be accessed from outside the framework core code. 2020-02-01 08:44:26 +00:00			`return authentication.authenticated;`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`};`
			`static bool IS_ADMIN(Authentication& authentication) {`
External config Allow config to be accessed from outside the framework core code. 2020-02-01 08:44:26 +00:00			`return authentication.authenticated && authentication.user->admin;`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`};`
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`};`
Start work on security manager 2019-04-29 23:30:43 +00:00
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`class SecurityManager {`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`public:`
Allow features to be disabled at build time (#143) * Add framework for built-time feature selection * Allow MQTT, NTP, OTA features to be disabled at build time * Allow Project screens to be disabled at build time * Allow security features to be disabled at build time * Switch to std::function for StatefulService function aliases for greater flexibility * Bump various UI lib versions * Update docs 2020-06-09 20:57:44 +00:00			`#if FT_ENABLED(FT_SECURITY)`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`/*`
			`* Authenticate, returning the user if found`
			`*/`
Use references & flash strings where approperate (#110) * pass originId as const reference * store strings for serial logging in flash * Use string references where approperate. 2020-05-21 07:42:21 +00:00			`virtual Authentication authenticate(const String& username, const String& password) = 0;`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00
			`/*`
Allow features to be disabled at build time (#143) * Add framework for built-time feature selection * Allow MQTT, NTP, OTA features to be disabled at build time * Allow Project screens to be disabled at build time * Allow security features to be disabled at build time * Switch to std::function for StatefulService function aliases for greater flexibility * Bump various UI lib versions * Update docs 2020-06-09 20:57:44 +00:00			`* Generate a JWT for the user provided`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`*/`
Allow features to be disabled at build time (#143) * Add framework for built-time feature selection * Allow MQTT, NTP, OTA features to be disabled at build time * Allow Project screens to be disabled at build time * Allow security features to be disabled at build time * Switch to std::function for StatefulService function aliases for greater flexibility * Bump various UI lib versions * Update docs 2020-06-09 20:57:44 +00:00			`virtual String generateJWT(User* user) = 0;`

			`#endif`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00
			`/*`
Allow features to be disabled at build time (#143) * Add framework for built-time feature selection * Allow MQTT, NTP, OTA features to be disabled at build time * Allow Project screens to be disabled at build time * Allow security features to be disabled at build time * Switch to std::function for StatefulService function aliases for greater flexibility * Bump various UI lib versions * Update docs 2020-06-09 20:57:44 +00:00			`* Check the request header for the Authorization token`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`*/`
Allow features to be disabled at build time (#143) * Add framework for built-time feature selection * Allow MQTT, NTP, OTA features to be disabled at build time * Allow Project screens to be disabled at build time * Allow security features to be disabled at build time * Switch to std::function for StatefulService function aliases for greater flexibility * Bump various UI lib versions * Update docs 2020-06-09 20:57:44 +00:00			`virtual Authentication authenticateRequest(AsyncWebServerRequest* request) = 0;`
reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00
Rework backend add MQTT and WebSocket support * Update back end to add MQTT and WebSocket support * Update demo project to demonstrate MQTT and WebSockets * Update documentation to describe newly added and modified functionallity * Introduce separate MQTT pub/sub, HTTP get/post and WebSocket rx/tx classes * Significant reanaming - more accurate class names * Use PROGMEM_WWW as default * Update README documenting PROGMEM_WWW as default * Update README with API changes 2020-05-14 22:23:45 +00:00			`/**`
			`* Filter a request with the provided predicate, only returning true if the predicate matches.`
			`*/`
			`virtual ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate) = 0;`

reformat with .clang-format based on google's spec with some minor changes 2019-12-03 23:16:06 +00:00			`/**`
			`* Wrap the provided request to provide validation against an AuthenticationPredicate.`
			`*/`
External config Allow config to be accessed from outside the framework core code. 2020-02-01 08:44:26 +00:00			`virtual ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest,`
			`AuthenticationPredicate predicate) = 0;`
Rework backend add MQTT and WebSocket support * Update back end to add MQTT and WebSocket support * Update demo project to demonstrate MQTT and WebSockets * Update documentation to describe newly added and modified functionallity * Introduce separate MQTT pub/sub, HTTP get/post and WebSocket rx/tx classes * Significant reanaming - more accurate class names * Use PROGMEM_WWW as default * Update README documenting PROGMEM_WWW as default * Update README with API changes 2020-05-14 22:23:45 +00:00
			`/**`
			`* Wrap the provided json request callback to provide validation against an AuthenticationPredicate.`
			`*/`
Allow features to be disabled at build time (#143) * Add framework for built-time feature selection * Allow MQTT, NTP, OTA features to be disabled at build time * Allow Project screens to be disabled at build time * Allow security features to be disabled at build time * Switch to std::function for StatefulService function aliases for greater flexibility * Bump various UI lib versions * Update docs 2020-06-09 20:57:44 +00:00			`virtual ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction onRequest,`
Rework backend add MQTT and WebSocket support * Update back end to add MQTT and WebSocket support * Update demo project to demonstrate MQTT and WebSockets * Update documentation to describe newly added and modified functionallity * Introduce separate MQTT pub/sub, HTTP get/post and WebSocket rx/tx classes * Significant reanaming - more accurate class names * Use PROGMEM_WWW as default * Update README documenting PROGMEM_WWW as default * Update README with API changes 2020-05-14 22:23:45 +00:00			`AuthenticationPredicate predicate) = 0;`
Start work on security manager 2019-04-29 23:30:43 +00:00			`};`

Allow features to be disabled at build time (#143) * Add framework for built-time feature selection * Allow MQTT, NTP, OTA features to be disabled at build time * Allow Project screens to be disabled at build time * Allow security features to be disabled at build time * Switch to std::function for StatefulService function aliases for greater flexibility * Bump various UI lib versions * Update docs 2020-06-09 20:57:44 +00:00			`#endif // end SecurityManager_h`