Rick Watson
5 years ago
4 changed files with 75 additions and 27 deletions
-
1data/config/securitySettings.json
-
63src/SecurityManager.cpp
-
32src/SecurityManager.h
-
6src/main.cpp
@ -1,51 +1,84 @@ |
|||
#include <SecurityManager.h>
|
|||
|
|||
SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) { |
|||
server->on(USERS_PATH, HTTP_GET, std::bind(&SecurityManager::fetchUsers, this, std::placeholders::_1)); |
|||
} |
|||
|
|||
SecurityManager::~SecurityManager() {} |
|||
|
|||
void SecurityManager::readFromJsonObject(JsonObject& root) { |
|||
// secret
|
|||
_jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET; |
|||
|
|||
while (_numUsers > 0){ |
|||
delete _users[--_numUsers]; |
|||
// roles
|
|||
_roles.clear(); |
|||
if (root["roles"].is<JsonArray>()) { |
|||
JsonArray roles = root["roles"]; |
|||
for (JsonVariant role : roles) { |
|||
_roles.push_back(role.as<String>()); |
|||
} |
|||
} |
|||
|
|||
// users
|
|||
_users.clear(); |
|||
if (root["users"].is<JsonArray>()) { |
|||
JsonArray users = root["users"]; |
|||
_numUsers = 0; |
|||
// TODO - complete defence against bad data
|
|||
for (int i =0; i < min(SECURITY_MANAGER_MAX_USERS, (int) users.size()); i++){ |
|||
JsonObject user = users[i]; |
|||
String username = user["username"];; |
|||
for (JsonVariant user : users) { |
|||
String username = user["username"]; |
|||
String password = user["password"]; |
|||
String role = user["role"]; |
|||
_users[_numUsers++] = new User(username, password, role); |
|||
_users.push_back(User(username, password, role)); |
|||
} |
|||
} |
|||
} |
|||
|
|||
void SecurityManager::writeToJsonObject(JsonObject& root) { |
|||
// TODO
|
|||
// secret
|
|||
root["jwt_secret"] = _jwtSecret; |
|||
|
|||
// roles
|
|||
JsonArray roles = root.createNestedArray("roles"); |
|||
for (String _role : _roles) { |
|||
roles.add(_role); |
|||
} |
|||
|
|||
// users
|
|||
JsonArray users = root.createNestedArray("users"); |
|||
for (User _user : _users) { |
|||
JsonObject user = users.createNestedObject(); |
|||
user["username"] = _user.getUsername(); |
|||
user["password"] = _user.getPassword(); |
|||
user["role"] = _user.getRole(); |
|||
} |
|||
} |
|||
|
|||
void SecurityManager::fetchUsers(AsyncWebServerRequest *request) { |
|||
AsyncJsonResponse * response = new AsyncJsonResponse(MAX_USERS_SIZE); |
|||
JsonObject jsonObject = response->getRoot(); |
|||
writeToJsonObject(jsonObject); |
|||
response->setLength(); |
|||
request->send(response); |
|||
} |
|||
|
|||
void SecurityManager::begin() { |
|||
// TODO
|
|||
readFromFS(); |
|||
} |
|||
|
|||
User SecurityManager::verifyUser(String jwt) { |
|||
// TODO
|
|||
return NOT_AUTHENTICATED; |
|||
} |
|||
User authenticate(String username, String password) { |
|||
// TODO
|
|||
|
|||
User SecurityManager::authenticate(String username, String password) { |
|||
for (User _user : _users) { |
|||
if (_user.getUsername() == username && _user.getPassword() == password){ |
|||
return _user; |
|||
} |
|||
} |
|||
return NOT_AUTHENTICATED; |
|||
} |
|||
|
|||
String generateJWT(User user) { |
|||
String SecurityManager::generateJWT(User user) { |
|||
// TODO
|
|||
return ""; |
|||
} |
|||
|
|||
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue