initial commit

2025-12-06 07:49:52 +03:00 · 2020-07-05 18:29:08 +02:00
parent 26b201ea2f
commit c5933e8c14
739 changed files with 86566 additions and 20952 deletions
--- a/lib/framework/SecuritySettingsService.h
+++ b/lib/framework/SecuritySettingsService.h
@@ -0,0 +1,114 @@
+#ifndef SecuritySettingsService_h
+#define SecuritySettingsService_h
+
+#include <Features.h>
+#include <SecurityManager.h>
+#include <HttpEndpoint.h>
+#include <FSPersistence.h>
+
+#ifndef FACTORY_ADMIN_USERNAME
+#define FACTORY_ADMIN_USERNAME "admin"
+#endif
+
+#ifndef FACTORY_ADMIN_PASSWORD
+#define FACTORY_ADMIN_PASSWORD "admin"
+#endif
+
+#ifndef FACTORY_GUEST_USERNAME
+#define FACTORY_GUEST_USERNAME "guest"
+#endif
+
+#ifndef FACTORY_GUEST_PASSWORD
+#define FACTORY_GUEST_PASSWORD "guest"
+#endif
+
+#define SECURITY_SETTINGS_FILE "/config/securitySettings.json"
+#define SECURITY_SETTINGS_PATH "/rest/securitySettings"
+
+#if FT_ENABLED(FT_SECURITY)
+
+class SecuritySettings {
+ public:
+  String jwtSecret;
+  std::list<User> users;
+
+  static void read(SecuritySettings& settings, JsonObject& root) {
+    // secret
+    root["jwt_secret"] = settings.jwtSecret;
+
+    // users
+    JsonArray users = root.createNestedArray("users");
+    for (User user : settings.users) {
+      JsonObject userRoot = users.createNestedObject();
+      userRoot["username"] = user.username;
+      userRoot["password"] = user.password;
+      userRoot["admin"] = user.admin;
+    }
+  }
+
+  static StateUpdateResult update(JsonObject& root, SecuritySettings& settings) {
+    // secret
+    settings.jwtSecret = root["jwt_secret"] | FACTORY_JWT_SECRET;
+
+    // users
+    settings.users.clear();
+    if (root["users"].is<JsonArray>()) {
+      for (JsonVariant user : root["users"].as<JsonArray>()) {
+        settings.users.push_back(User(user["username"], user["password"], user["admin"]));
+      }
+    } else {
+      settings.users.push_back(User(FACTORY_ADMIN_USERNAME, FACTORY_ADMIN_PASSWORD, true));
+      settings.users.push_back(User(FACTORY_GUEST_USERNAME, FACTORY_GUEST_PASSWORD, false));
+    }
+    return StateUpdateResult::CHANGED;
+  }
+};
+
+class SecuritySettingsService : public StatefulService<SecuritySettings>, public SecurityManager {
+ public:
+  SecuritySettingsService(AsyncWebServer* server, FS* fs);
+
+  void begin();
+
+  // Functions to implement SecurityManager
+  Authentication authenticate(const String& username, const String& password);
+  Authentication authenticateRequest(AsyncWebServerRequest* request);
+  String generateJWT(User* user);
+  ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate);
+  ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate);
+  ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction callback, AuthenticationPredicate predicate);
+
+ private:
+  HttpEndpoint<SecuritySettings> _httpEndpoint;
+  FSPersistence<SecuritySettings> _fsPersistence;
+  ArduinoJsonJWT _jwtHandler;
+
+  void configureJWTHandler();
+
+  /*
+   * Lookup the user by JWT
+   */
+  Authentication authenticateJWT(String& jwt);
+
+  /*
+   * Verify the payload is correct
+   */
+  boolean validatePayload(JsonObject& parsedPayload, User* user);
+};
+
+#else
+
+class SecuritySettingsService : public SecurityManager {
+ public:
+  SecuritySettingsService(AsyncWebServer* server, FS* fs);
+  ~SecuritySettingsService();
+
+  // minimal set of functions to support framework with security settings disabled  
+  Authentication authenticateRequest(AsyncWebServerRequest* request);
+  ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate);
+  ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate);
+  ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction onRequest, AuthenticationPredicate predicate);
+};
+
+#endif  // end FT_ENABLED(FT_SECURITY)
+#endif  // end SecuritySettingsService_h