playing with some ideas for security management

This commit is contained in:
Rick Watson 2019-04-30 23:49:28 +01:00
parent a05129be38
commit eca14cf81c
4 changed files with 75 additions and 27 deletions

View File

@ -1,5 +1,6 @@
{ {
"jwt_secret":"esp8266-react", "jwt_secret":"esp8266-react",
"roles": ["admin", "guest"],
"users": [ "users": [
{ {
"username": "admin", "username": "admin",

View File

@ -1,51 +1,84 @@
#include <SecurityManager.h> #include <SecurityManager.h>
SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) { SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) {
server->on(USERS_PATH, HTTP_GET, std::bind(&SecurityManager::fetchUsers, this, std::placeholders::_1));
} }
SecurityManager::~SecurityManager() {} SecurityManager::~SecurityManager() {}
void SecurityManager::readFromJsonObject(JsonObject& root) { void SecurityManager::readFromJsonObject(JsonObject& root) {
// secret
_jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET; _jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET;
while (_numUsers > 0){ // roles
delete _users[--_numUsers]; _roles.clear();
if (root["roles"].is<JsonArray>()) {
JsonArray roles = root["roles"];
for (JsonVariant role : roles) {
_roles.push_back(role.as<String>());
}
} }
// users
_users.clear();
if (root["users"].is<JsonArray>()) { if (root["users"].is<JsonArray>()) {
JsonArray users = root["users"]; JsonArray users = root["users"];
_numUsers = 0; for (JsonVariant user : users) {
// TODO - complete defence against bad data String username = user["username"];
for (int i =0; i < min(SECURITY_MANAGER_MAX_USERS, (int) users.size()); i++){
JsonObject user = users[i];
String username = user["username"];;
String password = user["password"]; String password = user["password"];
String role = user["role"]; String role = user["role"];
_users[_numUsers++] = new User(username, password, role); _users.push_back(User(username, password, role));
} }
} }
} }
void SecurityManager::writeToJsonObject(JsonObject& root) { void SecurityManager::writeToJsonObject(JsonObject& root) {
// TODO // secret
root["jwt_secret"] = _jwtSecret;
// roles
JsonArray roles = root.createNestedArray("roles");
for (String _role : _roles) {
roles.add(_role);
}
// users
JsonArray users = root.createNestedArray("users");
for (User _user : _users) {
JsonObject user = users.createNestedObject();
user["username"] = _user.getUsername();
user["password"] = _user.getPassword();
user["role"] = _user.getRole();
}
}
void SecurityManager::fetchUsers(AsyncWebServerRequest *request) {
AsyncJsonResponse * response = new AsyncJsonResponse(MAX_USERS_SIZE);
JsonObject jsonObject = response->getRoot();
writeToJsonObject(jsonObject);
response->setLength();
request->send(response);
} }
void SecurityManager::begin() { void SecurityManager::begin() {
// TODO readFromFS();
} }
User SecurityManager::verifyUser(String jwt) { User SecurityManager::verifyUser(String jwt) {
// TODO // TODO
return NOT_AUTHENTICATED; return NOT_AUTHENTICATED;
} }
User authenticate(String username, String password) {
// TODO User SecurityManager::authenticate(String username, String password) {
for (User _user : _users) {
if (_user.getUsername() == username && _user.getPassword() == password){
return _user;
}
}
return NOT_AUTHENTICATED; return NOT_AUTHENTICATED;
} }
String generateJWT(User user) { String SecurityManager::generateJWT(User user) {
// TODO // TODO
return ""; return "";
} }

View File

@ -1,5 +1,8 @@
#ifndef APSettingsConfig_h #ifndef SecurityManager_h
#define APSettingsConfig_h #define SecurityManager_h
#include <list>
#include <ArduinoJWT.h>
#include <SettingsService.h> #include <SettingsService.h>
#include <DNSServer.h> #include <DNSServer.h>
@ -8,16 +11,17 @@
#define DEFAULT_JWT_SECRET "esp8266-react" #define DEFAULT_JWT_SECRET "esp8266-react"
#define SECURITY_SETTINGS_FILE "/config/securitySettings.json" #define SECURITY_SETTINGS_FILE "/config/securitySettings.json"
#define USERS_PATH "/rest/users"
#define AUTHENTICATE_PATH "/rest/authenticate" #define AUTHENTICATE_PATH "/rest/authenticate"
#define SECURITY_MANAGER_MAX_USERS 5 #define SECURITY_MANAGER_MAX_USERS 5
#define UNAUTHENTICATED_USERNAME "" #define UNAUTHENTICATED_USERNAME "_anonymous"
#define UNAUTHENTICATED_PASSWORD "" #define UNAUTHENTICATED_PASSWORD ""
#define UNAUTHENTICATED_ROLE "" #define UNAUTHENTICATED_ROLE ""
#define ROLE_ADMIN "admin" #define MAX_USERS_SIZE 1024
#define ROLE_GUEST "guest"
class User { class User {
private: private:
@ -38,9 +42,6 @@ class User {
bool isAuthenticated() { bool isAuthenticated() {
return _username != UNAUTHENTICATED_USERNAME; return _username != UNAUTHENTICATED_USERNAME;
} }
bool isAdmin() {
return isAuthenticated() && _username == ROLE_ADMIN;
}
}; };
const User NOT_AUTHENTICATED = User(UNAUTHENTICATED_USERNAME, UNAUTHENTICATED_PASSWORD, UNAUTHENTICATED_ROLE); const User NOT_AUTHENTICATED = User(UNAUTHENTICATED_USERNAME, UNAUTHENTICATED_PASSWORD, UNAUTHENTICATED_ROLE);
@ -55,7 +56,7 @@ class SecurityManager : public SettingsPersistence {
void begin(); void begin();
User verifyUser(String jwt); User verifyUser(String jwt);
User authenticate(); User authenticate(String username, String password);
String generateJWT(User user); String generateJWT(User user);
protected: protected:
@ -65,10 +66,17 @@ class SecurityManager : public SettingsPersistence {
private: private:
// server instance
AsyncWebServer* _server;
// access point settings // access point settings
String _jwtSecret; String _jwtSecret;
User *_users[SECURITY_MANAGER_MAX_USERS]; std::list<String> _roles;
int _numUsers; std::list<User> _users;
// endpoint functions
void fetchUsers(AsyncWebServerRequest *request);
}; };
#endif // end APSettingsConfig_h #endif // end SecurityManager_h

View File

@ -18,11 +18,14 @@
#include <NTPStatus.h> #include <NTPStatus.h>
#include <OTASettingsService.h> #include <OTASettingsService.h>
#include <APStatus.h> #include <APStatus.h>
#include <SecurityManager.h>
#define SERIAL_BAUD_RATE 115200 #define SERIAL_BAUD_RATE 115200
AsyncWebServer server(80); AsyncWebServer server(80);
SecurityManager securityManager = SecurityManager(&server, &SPIFFS);
WiFiSettingsService wifiSettingsService = WiFiSettingsService(&server, &SPIFFS); WiFiSettingsService wifiSettingsService = WiFiSettingsService(&server, &SPIFFS);
APSettingsService apSettingsService = APSettingsService(&server, &SPIFFS); APSettingsService apSettingsService = APSettingsService(&server, &SPIFFS);
NTPSettingsService ntpSettingsService = NTPSettingsService(&server, &SPIFFS); NTPSettingsService ntpSettingsService = NTPSettingsService(&server, &SPIFFS);
@ -40,6 +43,9 @@ void setup() {
Serial.begin(SERIAL_BAUD_RATE); Serial.begin(SERIAL_BAUD_RATE);
SPIFFS.begin(); SPIFFS.begin();
// start security manager
securityManager.begin();
// start services // start services
ntpSettingsService.begin(); ntpSettingsService.begin();
otaSettingsService.begin(); otaSettingsService.begin();