WordClockESP/lib/framework/SecurityManager.h

#ifndef SecurityManager_h
#define SecurityManager_h

#include <list>
#include <ArduinoJsonJWT.h>
#include <ESPAsyncWebServer.h>

#define DEFAULT_JWT_SECRET "esp8266-react"

#define AUTHORIZATION_HEADER "Authorization"
#define AUTHORIZATION_HEADER_PREFIX "Bearer "
#define AUTHORIZATION_HEADER_PREFIX_LEN 7

#define MAX_JWT_SIZE 128

class User {
  private:
    String _username;
    String _password;
    bool _admin;
  public:
    User(String username, String password, bool admin): _username(username), _password(password), _admin(admin) {}
    String getUsername() {
      return _username;
    }
    String getPassword() {
      return _password;
    }    
    bool isAdmin() {
      return _admin;
    }
};

class Authentication {
  private:
    User *_user;
    boolean _authenticated;
  public:
    Authentication(User& user): _user(new User(user)), _authenticated(true) {}
    Authentication() : _user(nullptr), _authenticated(false) {}  
    ~Authentication() {
      delete(_user);   
    }
    User* getUser() {
      return _user;
    }
    bool isAuthenticated() {
      return _authenticated;
    }
};

typedef std::function<boolean(Authentication &authentication)> AuthenticationPredicate;

class AuthenticationPredicates {
  public:
    static bool NONE_REQUIRED(Authentication &authentication) {
      return true;
    };
    static bool IS_AUTHENTICATED(Authentication &authentication) {
      return authentication.isAuthenticated();
    };    
    static bool IS_ADMIN(Authentication &authentication) {
      return authentication.isAuthenticated() && authentication.getUser()->isAdmin();
    };
};

class SecurityManager {

  public:

    /*
    * Authenticate, returning the user if found
    */
    Authentication authenticate(String username, String password);

    /*
    * Check the request header for the Authorization token
    */
    Authentication authenticateRequest(AsyncWebServerRequest *request);
    
    /*
    * Generate a JWT for the user provided
    */
    String generateJWT(User *user);

    /**
     * Wrap the provided request to provide validation against an AuthenticationPredicate.
     */
    ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate); 

  protected:

    ArduinoJsonJWT _jwtHandler = ArduinoJsonJWT(DEFAULT_JWT_SECRET);
    std::list<User> _users;

  private:

    /*
    * Lookup the user by JWT
    */
    Authentication authenticateJWT(String jwt);

    /*
    * Verify the payload is correct
    */
    boolean validatePayload(JsonObject &parsedPayload, User *user);

};

#endif // end SecurityManager_h
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`#ifndef SecurityManager_h`
			`#define SecurityManager_h`

			`#include <list>`
messing around with JWT implementation 2019-05-06 14:50:19 +00:00			`#include <ArduinoJsonJWT.h>`
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`#include <ESPAsyncWebServer.h>`
Start work on security manager 2019-04-29 23:30:43 +00:00
			`#define DEFAULT_JWT_SECRET "esp8266-react"`

add authentication service 2019-05-18 18:35:27 +00:00			`#define AUTHORIZATION_HEADER "Authorization"`
			`#define AUTHORIZATION_HEADER_PREFIX "Bearer "`
			`#define AUTHORIZATION_HEADER_PREFIX_LEN 7`
Start work on security manager 2019-04-29 23:30:43 +00:00
add JWT encoding 2019-05-02 23:31:20 +00:00			`#define MAX_JWT_SIZE 128`
Start work on security manager 2019-04-29 23:30:43 +00:00
			`class User {`
			`private:`
			`String _username;`
			`String _password;`
remove roles, as a simplification 2019-05-25 08:45:49 +00:00			`bool _admin;`
Start work on security manager 2019-04-29 23:30:43 +00:00			`public:`
remove roles, as a simplification 2019-05-25 08:45:49 +00:00			`User(String username, String password, bool admin): _username(username), _password(password), _admin(admin) {}`
Start work on security manager 2019-04-29 23:30:43 +00:00			`String getUsername() {`
			`return _username;`
			`}`
			`String getPassword() {`
			`return _password;`
			`}`
remove roles, as a simplification 2019-05-25 08:45:49 +00:00			`bool isAdmin() {`
			`return _admin;`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`
			`};`

WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`class Authentication {`
			`private:`
add authentication service 2019-05-18 18:35:27 +00:00			`User *_user;`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`boolean _authenticated;`
			`public:`
add authentication service 2019-05-18 18:35:27 +00:00			`Authentication(User& user): _user(new User(user)), _authenticated(true) {}`
Resolve some typos Use nullptr over NULL Fix confusing regexp Fix issue with non-compliant JWT encoding 2019-06-02 22:15:56 +00:00			`Authentication() : _user(nullptr), _authenticated(false) {}`
add authentication service 2019-05-18 18:35:27 +00:00			`~Authentication() {`
Resolve some typos Use nullptr over NULL Fix confusing regexp Fix issue with non-compliant JWT encoding 2019-06-02 22:15:56 +00:00			`delete(_user);`
add authentication service 2019-05-18 18:35:27 +00:00			`}`
			`User* getUser() {`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`return _user;`
			`}`
			`bool isAuthenticated() {`
			`return _authenticated;`
			`}`
			`};`

add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`typedef std::function<boolean(Authentication &authentication)> AuthenticationPredicate;`
Start work on security manager 2019-04-29 23:30:43 +00:00
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`class AuthenticationPredicates {`
Start work on security manager 2019-04-29 23:30:43 +00:00			`public:`
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`static bool NONE_REQUIRED(Authentication &authentication) {`
			`return true;`
			`};`
			`static bool IS_AUTHENTICATED(Authentication &authentication) {`
			`return authentication.isAuthenticated();`
			`};`
			`static bool IS_ADMIN(Authentication &authentication) {`
			`return authentication.isAuthenticated() && authentication.getUser()->isAdmin();`
			`};`
			`};`
Start work on security manager 2019-04-29 23:30:43 +00:00
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`class SecurityManager {`
Start work on security manager 2019-04-29 23:30:43 +00:00
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`public:`
Start work on security manager 2019-04-29 23:30:43 +00:00
add JWT encoding 2019-05-02 23:31:20 +00:00			`/*`
add authentication service 2019-05-18 18:35:27 +00:00			`* Authenticate, returning the user if found`
add JWT encoding 2019-05-02 23:31:20 +00:00			`*/`
add authentication service 2019-05-18 18:35:27 +00:00			`Authentication authenticate(String username, String password);`
add JWT encoding 2019-05-02 23:31:20 +00:00
			`/*`
add authentication service 2019-05-18 18:35:27 +00:00			`* Check the request header for the Authorization token`
add JWT encoding 2019-05-02 23:31:20 +00:00			`*/`
add authentication service 2019-05-18 18:35:27 +00:00			`Authentication authenticateRequest(AsyncWebServerRequest *request);`

add JWT encoding 2019-05-02 23:31:20 +00:00			`/*`
			`* Generate a JWT for the user provided`
			`*/`
add authentication service 2019-05-18 18:35:27 +00:00			`String generateJWT(User *user);`
Start work on security manager 2019-04-29 23:30:43 +00:00
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`/**`
			`* Wrap the provided request to provide validation against an AuthenticationPredicate.`
			`*/`
			`ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate);`
Start work on security manager 2019-04-29 23:30:43 +00:00
add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`protected:`
Start work on security manager 2019-04-29 23:30:43 +00:00
add security form, begin work on routing 2019-05-26 18:09:34 +00:00			`ArduinoJsonJWT _jwtHandler = ArduinoJsonJWT(DEFAULT_JWT_SECRET);`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`std::list<User> _users;`

add security to all admin endpoints 2019-05-29 22:48:16 +00:00			`private:`
add authentication service 2019-05-18 18:35:27 +00:00
			`/*`
			`* Lookup the user by JWT`
			`*/`
			`Authentication authenticateJWT(String jwt);`

			`/*`
			`* Verify the payload is correct`
			`*/`
			`boolean validatePayload(JsonObject &parsedPayload, User *user);`

Start work on security manager 2019-04-29 23:30:43 +00:00			`};`

playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`#endif // end SecurityManager_h`