449d3c91ce
* Add framework for built-time feature selection * Allow MQTT, NTP, OTA features to be disabled at build time * Allow Project screens to be disabled at build time * Allow security features to be disabled at build time * Switch to std::function for StatefulService function aliases for greater flexibility * Bump various UI lib versions * Update docs
115 lines
3.5 KiB
C++
115 lines
3.5 KiB
C++
#ifndef SecuritySettingsService_h
|
|
#define SecuritySettingsService_h
|
|
|
|
#include <Features.h>
|
|
#include <SecurityManager.h>
|
|
#include <HttpEndpoint.h>
|
|
#include <FSPersistence.h>
|
|
|
|
#ifndef FACTORY_ADMIN_USERNAME
|
|
#define FACTORY_ADMIN_USERNAME "admin"
|
|
#endif
|
|
|
|
#ifndef FACTORY_ADMIN_PASSWORD
|
|
#define FACTORY_ADMIN_PASSWORD "admin"
|
|
#endif
|
|
|
|
#ifndef FACTORY_GUEST_USERNAME
|
|
#define FACTORY_GUEST_USERNAME "guest"
|
|
#endif
|
|
|
|
#ifndef FACTORY_GUEST_PASSWORD
|
|
#define FACTORY_GUEST_PASSWORD "guest"
|
|
#endif
|
|
|
|
#define SECURITY_SETTINGS_FILE "/config/securitySettings.json"
|
|
#define SECURITY_SETTINGS_PATH "/rest/securitySettings"
|
|
|
|
#if FT_ENABLED(FT_SECURITY)
|
|
|
|
class SecuritySettings {
|
|
public:
|
|
String jwtSecret;
|
|
std::list<User> users;
|
|
|
|
static void read(SecuritySettings& settings, JsonObject& root) {
|
|
// secret
|
|
root["jwt_secret"] = settings.jwtSecret;
|
|
|
|
// users
|
|
JsonArray users = root.createNestedArray("users");
|
|
for (User user : settings.users) {
|
|
JsonObject userRoot = users.createNestedObject();
|
|
userRoot["username"] = user.username;
|
|
userRoot["password"] = user.password;
|
|
userRoot["admin"] = user.admin;
|
|
}
|
|
}
|
|
|
|
static StateUpdateResult update(JsonObject& root, SecuritySettings& settings) {
|
|
// secret
|
|
settings.jwtSecret = root["jwt_secret"] | FACTORY_JWT_SECRET;
|
|
|
|
// users
|
|
settings.users.clear();
|
|
if (root["users"].is<JsonArray>()) {
|
|
for (JsonVariant user : root["users"].as<JsonArray>()) {
|
|
settings.users.push_back(User(user["username"], user["password"], user["admin"]));
|
|
}
|
|
} else {
|
|
settings.users.push_back(User(FACTORY_ADMIN_USERNAME, FACTORY_ADMIN_PASSWORD, true));
|
|
settings.users.push_back(User(FACTORY_GUEST_USERNAME, FACTORY_GUEST_PASSWORD, false));
|
|
}
|
|
return StateUpdateResult::CHANGED;
|
|
}
|
|
};
|
|
|
|
class SecuritySettingsService : public StatefulService<SecuritySettings>, public SecurityManager {
|
|
public:
|
|
SecuritySettingsService(AsyncWebServer* server, FS* fs);
|
|
|
|
void begin();
|
|
|
|
// Functions to implement SecurityManager
|
|
Authentication authenticate(const String& username, const String& password);
|
|
Authentication authenticateRequest(AsyncWebServerRequest* request);
|
|
String generateJWT(User* user);
|
|
ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate);
|
|
ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate);
|
|
ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction callback, AuthenticationPredicate predicate);
|
|
|
|
private:
|
|
HttpEndpoint<SecuritySettings> _httpEndpoint;
|
|
FSPersistence<SecuritySettings> _fsPersistence;
|
|
ArduinoJsonJWT _jwtHandler;
|
|
|
|
void configureJWTHandler();
|
|
|
|
/*
|
|
* Lookup the user by JWT
|
|
*/
|
|
Authentication authenticateJWT(String& jwt);
|
|
|
|
/*
|
|
* Verify the payload is correct
|
|
*/
|
|
boolean validatePayload(JsonObject& parsedPayload, User* user);
|
|
};
|
|
|
|
#else
|
|
|
|
class SecuritySettingsService : public SecurityManager {
|
|
public:
|
|
SecuritySettingsService(AsyncWebServer* server, FS* fs);
|
|
~SecuritySettingsService();
|
|
|
|
// minimal set of functions to support framework with security settings disabled
|
|
Authentication authenticateRequest(AsyncWebServerRequest* request);
|
|
ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate);
|
|
ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate);
|
|
ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction onRequest, AuthenticationPredicate predicate);
|
|
};
|
|
|
|
#endif // end FT_ENABLED(FT_SECURITY)
|
|
#endif // end SecuritySettingsService_h
|