initial commit

2025-12-06 07:49:52 +03:00 · 2020-07-05 18:29:08 +02:00
parent 26b201ea2f
commit c5933e8c14
739 changed files with 86566 additions and 20952 deletions
--- a/lib/framework/SecurityManager.h
+++ b/lib/framework/SecurityManager.h
@@ -0,0 +1,102 @@
+#ifndef SecurityManager_h
+#define SecurityManager_h
+
+#include <Features.h>
+#include <ArduinoJsonJWT.h>
+#include <ESPAsyncWebServer.h>
+#include <ESPUtils.h>
+#include <AsyncJson.h>
+#include <list>
+
+#ifndef FACTORY_JWT_SECRET
+#define FACTORY_JWT_SECRET ESPUtils::defaultDeviceValue()
+#endif
+
+#define ACCESS_TOKEN_PARAMATER "access_token"
+
+#define AUTHORIZATION_HEADER "Authorization"
+#define AUTHORIZATION_HEADER_PREFIX "Bearer "
+#define AUTHORIZATION_HEADER_PREFIX_LEN 7
+
+#define MAX_JWT_SIZE 128
+
+class User {
+ public:
+  String username;
+  String password;
+  bool admin;
+
+ public:
+  User(String username, String password, bool admin) : username(username), password(password), admin(admin) {
+  }
+};
+
+class Authentication {
+ public:
+  User* user;
+  boolean authenticated;
+
+ public:
+  Authentication(User& user) : user(new User(user)), authenticated(true) {
+  }
+  Authentication() : user(nullptr), authenticated(false) {
+  }
+  ~Authentication() {
+    delete (user);
+  }
+};
+
+typedef std::function<boolean(Authentication& authentication)> AuthenticationPredicate;
+
+class AuthenticationPredicates {
+ public:
+  static bool NONE_REQUIRED(Authentication& authentication) {
+    return true;
+  };
+  static bool IS_AUTHENTICATED(Authentication& authentication) {
+    return authentication.authenticated;
+  };
+  static bool IS_ADMIN(Authentication& authentication) {
+    return authentication.authenticated && authentication.user->admin;
+  };
+};
+
+class SecurityManager {
+ public:
+#if FT_ENABLED(FT_SECURITY)
+  /*
+   * Authenticate, returning the user if found
+   */
+  virtual Authentication authenticate(const String& username, const String& password) = 0;
+
+  /*
+   * Generate a JWT for the user provided
+   */
+  virtual String generateJWT(User* user) = 0;
+
+#endif
+
+  /*
+   * Check the request header for the Authorization token
+   */
+  virtual Authentication authenticateRequest(AsyncWebServerRequest* request) = 0;
+
+  /**
+   * Filter a request with the provided predicate, only returning true if the predicate matches.
+   */
+  virtual ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate) = 0;
+
+  /**
+   * Wrap the provided request to provide validation against an AuthenticationPredicate.
+   */
+  virtual ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest,
+                                               AuthenticationPredicate predicate) = 0;
+
+  /**
+   * Wrap the provided json request callback to provide validation against an AuthenticationPredicate.
+   */
+  virtual ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction onRequest,
+                                                    AuthenticationPredicate predicate) = 0;
+};
+
+#endif  // end SecurityManager_h