WordClockESP/lib/framework/SecurityManager.h

110 lines
2.6 KiB
C
Raw Normal View History

#ifndef SecurityManager_h
#define SecurityManager_h
#include <list>
2019-05-06 14:50:19 +00:00
#include <ArduinoJsonJWT.h>
2019-05-29 22:48:16 +00:00
#include <ESPAsyncWebServer.h>
2019-04-29 23:30:43 +00:00
#define DEFAULT_JWT_SECRET "esp8266-react"
2019-05-18 18:35:27 +00:00
#define AUTHORIZATION_HEADER "Authorization"
#define AUTHORIZATION_HEADER_PREFIX "Bearer "
#define AUTHORIZATION_HEADER_PREFIX_LEN 7
2019-04-29 23:30:43 +00:00
2019-05-02 23:31:20 +00:00
#define MAX_JWT_SIZE 128
2019-04-29 23:30:43 +00:00
class User {
private:
String _username;
String _password;
2019-05-25 08:45:49 +00:00
bool _admin;
2019-04-29 23:30:43 +00:00
public:
2019-05-25 08:45:49 +00:00
User(String username, String password, bool admin): _username(username), _password(password), _admin(admin) {}
2019-04-29 23:30:43 +00:00
String getUsername() {
return _username;
}
String getPassword() {
return _password;
}
2019-05-25 08:45:49 +00:00
bool isAdmin() {
return _admin;
2019-04-29 23:30:43 +00:00
}
};
class Authentication {
private:
2019-05-18 18:35:27 +00:00
User *_user;
boolean _authenticated;
public:
2019-05-18 18:35:27 +00:00
Authentication(User& user): _user(new User(user)), _authenticated(true) {}
Authentication() : _user(nullptr), _authenticated(false) {}
2019-05-18 18:35:27 +00:00
~Authentication() {
delete(_user);
2019-05-18 18:35:27 +00:00
}
User* getUser() {
return _user;
}
bool isAuthenticated() {
return _authenticated;
}
};
2019-05-29 22:48:16 +00:00
typedef std::function<boolean(Authentication &authentication)> AuthenticationPredicate;
2019-04-29 23:30:43 +00:00
2019-05-29 22:48:16 +00:00
class AuthenticationPredicates {
2019-04-29 23:30:43 +00:00
public:
2019-05-29 22:48:16 +00:00
static bool NONE_REQUIRED(Authentication &authentication) {
return true;
};
static bool IS_AUTHENTICATED(Authentication &authentication) {
return authentication.isAuthenticated();
};
static bool IS_ADMIN(Authentication &authentication) {
return authentication.isAuthenticated() && authentication.getUser()->isAdmin();
};
};
2019-04-29 23:30:43 +00:00
2019-05-29 22:48:16 +00:00
class SecurityManager {
2019-04-29 23:30:43 +00:00
2019-05-29 22:48:16 +00:00
public:
2019-04-29 23:30:43 +00:00
2019-05-02 23:31:20 +00:00
/*
2019-05-18 18:35:27 +00:00
* Authenticate, returning the user if found
2019-05-02 23:31:20 +00:00
*/
2019-05-18 18:35:27 +00:00
Authentication authenticate(String username, String password);
2019-05-02 23:31:20 +00:00
/*
2019-05-18 18:35:27 +00:00
* Check the request header for the Authorization token
2019-05-02 23:31:20 +00:00
*/
2019-05-18 18:35:27 +00:00
Authentication authenticateRequest(AsyncWebServerRequest *request);
2019-05-02 23:31:20 +00:00
/*
* Generate a JWT for the user provided
*/
2019-05-18 18:35:27 +00:00
String generateJWT(User *user);
2019-04-29 23:30:43 +00:00
2019-05-29 22:48:16 +00:00
/**
* Wrap the provided request to provide validation against an AuthenticationPredicate.
*/
ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest, AuthenticationPredicate predicate);
2019-04-29 23:30:43 +00:00
2019-05-29 22:48:16 +00:00
protected:
2019-04-29 23:30:43 +00:00
ArduinoJsonJWT _jwtHandler = ArduinoJsonJWT(DEFAULT_JWT_SECRET);
std::list<User> _users;
2019-05-29 22:48:16 +00:00
private:
2019-05-18 18:35:27 +00:00
/*
* Lookup the user by JWT
*/
Authentication authenticateJWT(String jwt);
/*
* Verify the payload is correct
*/
boolean validatePayload(JsonObject &parsedPayload, User *user);
2019-04-29 23:30:43 +00:00
};
#endif // end SecurityManager_h