Start work on security manager

5 years ago · 416e736ea9
3 changed files with 140 additions and 0 deletions
--- a/data/config/securitySettings.json
+++ b/data/config/securitySettings.json
@ -0,0 +1,15 @@
+{
+    "jwt_secret":"esp8266-react",
+    "users": [
+        {
+            "username": "admin",
+            "password": "admin",
+            "role": "admin"
+        },
+        {
+            "username": "guest",
+            "password": "guest",
+            "role": "guest"
+        }
+    ]
+}
--- a/src/SecurityManager.cpp
+++ b/src/SecurityManager.cpp
@ -0,0 +1,51 @@
+#include <SecurityManager.h>
+
+SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) {
+}
+
+SecurityManager::~SecurityManager() {}
+
+void SecurityManager::readFromJsonObject(JsonObject& root) {
+  _jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET;
+
+  while (_numUsers > 0){
+    delete _users[--_numUsers];
+  }
+
+  if (root["users"].is<JsonArray>()) {
+    JsonArray users = root["users"];
+    _numUsers = 0;
+    // TODO - complete defence against bad data
+    for (int i =0; i < min(SECURITY_MANAGER_MAX_USERS, (int) users.size()); i++){
+      JsonObject user = users[i];
+      String username =  user["username"];;
+      String password = user["password"];
+      String role = user["role"];
+      _users[_numUsers++] = new User(username, password, role);
+    }
+  }
+}
+
+void SecurityManager::writeToJsonObject(JsonObject& root) {
+  // TODO
+}
+
+void SecurityManager::begin() {
+  // TODO
+}
+
+User SecurityManager::verifyUser(String jwt) {
+  // TODO
+  return NOT_AUTHENTICATED;
+}
+User authenticate(String username, String password) {
+  // TODO
+  return NOT_AUTHENTICATED;
+}
+
+String generateJWT(User user) {
+  // TODO
+  return "";
+}
+
+
--- a/src/SecurityManager.h
+++ b/src/SecurityManager.h
@ -0,0 +1,74 @@
+#ifndef APSettingsConfig_h
+#define APSettingsConfig_h
+
+#include <SettingsService.h>
+#include <DNSServer.h>
+#include <IPAddress.h>
+
+#define DEFAULT_JWT_SECRET "esp8266-react"
+
+#define SECURITY_SETTINGS_FILE "/config/securitySettings.json"
+#define AUTHENTICATE_PATH "/rest/authenticate"
+
+#define SECURITY_MANAGER_MAX_USERS 5
+
+#define UNAUTHENTICATED_USERNAME ""
+#define UNAUTHENTICATED_PASSWORD ""
+#define UNAUTHENTICATED_ROLE ""
+
+#define ROLE_ADMIN "admin"
+#define ROLE_GUEST "guest"
+
+class User {
+  private:
+    String _username;
+    String _password;
+    String _role;
+  public:
+    User(String username, String password, String role): _username(username), _password(password), _role(role) {}
+    String getUsername() {
+      return _username;
+    }
+    String getPassword() {
+      return _password;
+    }    
+    String getRole() {
+      return _role;
+    }
+    bool isAuthenticated() {
+      return _username != UNAUTHENTICATED_USERNAME;
+    }
+    bool isAdmin() {
+      return isAuthenticated() && _username == ROLE_ADMIN;
+    }
+};
+
+const User NOT_AUTHENTICATED = User(UNAUTHENTICATED_USERNAME, UNAUTHENTICATED_PASSWORD, UNAUTHENTICATED_ROLE);
+
+class SecurityManager :  public SettingsPersistence {
+
+  public:
+
+    SecurityManager(AsyncWebServer* server, FS* fs);
+    ~SecurityManager();
+
+    void begin();
+
+    User verifyUser(String jwt);
+    User authenticate();
+    String generateJWT(User user);
+
+  protected:
+
+    void readFromJsonObject(JsonObject& root);
+    void writeToJsonObject(JsonObject& root);
+
+  private:
+
+    // access point settings
+    String _jwtSecret;
+    User *_users[SECURITY_MANAGER_MAX_USERS];
+    int _numUsers;
+};
+
+#endif // end APSettingsConfig_h