mirror of
https://github.com/emsesp/EMS-ESP32.git
synced 2025-12-06 07:49:52 +03:00
108 lines
2.7 KiB
C++
108 lines
2.7 KiB
C++
#ifndef SecurityManager_h
|
|
#define SecurityManager_h
|
|
|
|
#include <Features.h>
|
|
#include <ArduinoJsonJWT.h>
|
|
#include <ESPAsyncWebServer.h>
|
|
#include <ESPUtils.h>
|
|
#include <AsyncJson.h> // TODO neede for AsyncJsonResponse
|
|
#include <list>
|
|
|
|
#ifndef FACTORY_JWT_SECRET
|
|
#define FACTORY_JWT_SECRET ESPUtils::defaultDeviceValue()
|
|
#endif
|
|
|
|
#define ACCESS_TOKEN_PARAMATER "access_token"
|
|
|
|
#define AUTHORIZATION_HEADER "Authorization"
|
|
#define AUTHORIZATION_HEADER_PREFIX "Bearer "
|
|
#define AUTHORIZATION_HEADER_PREFIX_LEN 7
|
|
|
|
#define MAX_JWT_SIZE 128
|
|
|
|
class User {
|
|
public:
|
|
String username;
|
|
String password;
|
|
bool admin;
|
|
|
|
public:
|
|
User(String username, String password, bool admin)
|
|
: username(username)
|
|
, password(password)
|
|
, admin(admin) {
|
|
}
|
|
};
|
|
|
|
class Authentication {
|
|
public:
|
|
User * user;
|
|
boolean authenticated;
|
|
|
|
public:
|
|
Authentication(User & user)
|
|
: user(new User(user))
|
|
, authenticated(true) {
|
|
}
|
|
Authentication()
|
|
: user(nullptr)
|
|
, authenticated(false) {
|
|
}
|
|
~Authentication() {
|
|
delete (user);
|
|
}
|
|
};
|
|
|
|
typedef std::function<boolean(Authentication & authentication)> AuthenticationPredicate;
|
|
|
|
class AuthenticationPredicates {
|
|
public:
|
|
static bool NONE_REQUIRED(Authentication & authentication) {
|
|
return true;
|
|
};
|
|
static bool IS_AUTHENTICATED(Authentication & authentication) {
|
|
return authentication.authenticated;
|
|
};
|
|
static bool IS_ADMIN(Authentication & authentication) {
|
|
return authentication.authenticated && authentication.user->admin;
|
|
};
|
|
};
|
|
|
|
class SecurityManager {
|
|
public:
|
|
#if FT_ENABLED(FT_SECURITY)
|
|
/*
|
|
* Authenticate, returning the user if found
|
|
*/
|
|
virtual Authentication authenticate(const String & username, const String & password) = 0;
|
|
|
|
/*
|
|
* Generate a JWT for the user provided
|
|
*/
|
|
virtual String generateJWT(User * user) = 0;
|
|
|
|
#endif
|
|
|
|
/*
|
|
* Check the request header for the Authorization token
|
|
*/
|
|
virtual Authentication authenticateRequest(AsyncWebServerRequest * request) = 0;
|
|
|
|
/**
|
|
* Filter a request with the provided predicate, only returning true if the predicate matches.
|
|
*/
|
|
virtual ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate) = 0;
|
|
|
|
/**
|
|
* Wrap the provided request to provide validation against an AuthenticationPredicate.
|
|
*/
|
|
virtual ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate) = 0;
|
|
|
|
/**
|
|
* Wrap the provided json request callback to provide validation against an AuthenticationPredicate.
|
|
*/
|
|
virtual ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction onRequest, AuthenticationPredicate predicate) = 0;
|
|
};
|
|
|
|
#endif // end SecurityManager_h
|