WordClockESP/src/SecurityManager.h

#ifndef SecurityManager_h
#define SecurityManager_h

#include <list>

#include <SettingsService.h>
#include <DNSServer.h>
#include <IPAddress.h>
#include <ArduinoJsonJWT.h>

#define DEFAULT_JWT_SECRET "esp8266-react"

#define SECURITY_SETTINGS_FILE "/config/securitySettings.json"

#define USERS_PATH "/rest/users"

#define AUTHORIZATION_HEADER "Authorization"
#define AUTHORIZATION_HEADER_PREFIX "Bearer "
#define AUTHORIZATION_HEADER_PREFIX_LEN 7

#define MAX_JWT_SIZE 128
#define MAX_SECURITY_MANAGER_SETTINGS_SIZE 512
#define SECURITY_MANAGER_MAX_USERS 5

#define MAX_USERS_SIZE 1024

class User {
  private:
    String _username;
    String _password;
    bool _admin;
  public:
    User(String username, String password, bool admin): _username(username), _password(password), _admin(admin) {}
    String getUsername() {
      return _username;
    }
    String getPassword() {
      return _password;
    }    
    bool isAdmin() {
      return _admin;
    }
};

class Authentication {
  private:
    User *_user;
    boolean _authenticated;
  public:
    Authentication(User& user): _user(new User(user)), _authenticated(true) {}
    Authentication() : _user(NULL), _authenticated(false) {}  
    ~Authentication() {
      if (_user != NULL){
        delete(_user);
      }      
    }
    User* getUser() {
      return _user;
    }
    bool isAuthenticated() {
      return _authenticated;
    }
};

class SecurityManager : public SettingsService {

  public:

    SecurityManager(AsyncWebServer* server, FS* fs);
    ~SecurityManager();

    void begin();

    /*
    * Authenticate, returning the user if found
    */
    Authentication authenticate(String username, String password);

    /*
    * Check the request header for the Authorization token
    */
    Authentication authenticateRequest(AsyncWebServerRequest *request);
    
    /*
    * Generate a JWT for the user provided
    */
    String generateJWT(User *user);

  protected:

    void readFromJsonObject(JsonObject& root);
    void writeToJsonObject(JsonObject& root);

  private:
    // jwt handler
    ArduinoJsonJWT _jwtHandler = ArduinoJsonJWT(DEFAULT_JWT_SECRET);

    // access point settings
    String _jwtSecret;
    std::list<User> _users;

    // endpoint functions
    void fetchUsers(AsyncWebServerRequest *request);

    /*
    * Lookup the user by JWT
    */
    Authentication authenticateJWT(String jwt);

    /*
    * Verify the payload is correct
    */
    boolean validatePayload(JsonObject &parsedPayload, User *user);

};

#endif // end SecurityManager_h
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`#ifndef SecurityManager_h`
			`#define SecurityManager_h`

			`#include <list>`
Start work on security manager 2019-04-29 23:30:43 +00:00
			`#include <SettingsService.h>`
			`#include <DNSServer.h>`
			`#include <IPAddress.h>`
messing around with JWT implementation 2019-05-06 14:50:19 +00:00			`#include <ArduinoJsonJWT.h>`
Start work on security manager 2019-04-29 23:30:43 +00:00
			`#define DEFAULT_JWT_SECRET "esp8266-react"`

			`#define SECURITY_SETTINGS_FILE "/config/securitySettings.json"`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00
			`#define USERS_PATH "/rest/users"`
add authentication service 2019-05-18 18:35:27 +00:00
			`#define AUTHORIZATION_HEADER "Authorization"`
			`#define AUTHORIZATION_HEADER_PREFIX "Bearer "`
			`#define AUTHORIZATION_HEADER_PREFIX_LEN 7`
Start work on security manager 2019-04-29 23:30:43 +00:00
add JWT encoding 2019-05-02 23:31:20 +00:00			`#define MAX_JWT_SIZE 128`
			`#define MAX_SECURITY_MANAGER_SETTINGS_SIZE 512`
Start work on security manager 2019-04-29 23:30:43 +00:00			`#define SECURITY_MANAGER_MAX_USERS 5`

playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`#define MAX_USERS_SIZE 1024`
Start work on security manager 2019-04-29 23:30:43 +00:00
			`class User {`
			`private:`
			`String _username;`
			`String _password;`
remove roles, as a simplification 2019-05-25 08:45:49 +00:00			`bool _admin;`
Start work on security manager 2019-04-29 23:30:43 +00:00			`public:`
remove roles, as a simplification 2019-05-25 08:45:49 +00:00			`User(String username, String password, bool admin): _username(username), _password(password), _admin(admin) {}`
Start work on security manager 2019-04-29 23:30:43 +00:00			`String getUsername() {`
			`return _username;`
			`}`
			`String getPassword() {`
			`return _password;`
			`}`
remove roles, as a simplification 2019-05-25 08:45:49 +00:00			`bool isAdmin() {`
			`return _admin;`
Start work on security manager 2019-04-29 23:30:43 +00:00			`}`
			`};`

WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`class Authentication {`
			`private:`
add authentication service 2019-05-18 18:35:27 +00:00			`User *_user;`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`boolean _authenticated;`
			`public:`
add authentication service 2019-05-18 18:35:27 +00:00			`Authentication(User& user): _user(new User(user)), _authenticated(true) {}`
			`Authentication() : _user(NULL), _authenticated(false) {}`
			`~Authentication() {`
			`if (_user != NULL){`
			`delete(_user);`
			`}`
			`}`
			`User* getUser() {`
WIP - more experimenting with the security manager 2019-05-15 23:19:41 +00:00			`return _user;`
			`}`
			`bool isAuthenticated() {`
			`return _authenticated;`
			`}`
			`};`

Upgrade to material ui 4 Add user management and roles - TBA Menu Label Renames - TBA 2019-05-24 11:19:27 +00:00			`class SecurityManager : public SettingsService {`
Start work on security manager 2019-04-29 23:30:43 +00:00
			`public:`

			`SecurityManager(AsyncWebServer* server, FS* fs);`
			`~SecurityManager();`

			`void begin();`

add JWT encoding 2019-05-02 23:31:20 +00:00			`/*`
add authentication service 2019-05-18 18:35:27 +00:00			`* Authenticate, returning the user if found`
add JWT encoding 2019-05-02 23:31:20 +00:00			`*/`
add authentication service 2019-05-18 18:35:27 +00:00			`Authentication authenticate(String username, String password);`
add JWT encoding 2019-05-02 23:31:20 +00:00
			`/*`
add authentication service 2019-05-18 18:35:27 +00:00			`* Check the request header for the Authorization token`
add JWT encoding 2019-05-02 23:31:20 +00:00			`*/`
add authentication service 2019-05-18 18:35:27 +00:00			`Authentication authenticateRequest(AsyncWebServerRequest *request);`

add JWT encoding 2019-05-02 23:31:20 +00:00			`/*`
			`* Generate a JWT for the user provided`
			`*/`
add authentication service 2019-05-18 18:35:27 +00:00			`String generateJWT(User *user);`
Start work on security manager 2019-04-29 23:30:43 +00:00
			`protected:`

			`void readFromJsonObject(JsonObject& root);`
			`void writeToJsonObject(JsonObject& root);`

			`private:`
add JWT encoding 2019-05-02 23:31:20 +00:00			`// jwt handler`
add security form, begin work on routing 2019-05-26 18:09:34 +00:00			`ArduinoJsonJWT _jwtHandler = ArduinoJsonJWT(DEFAULT_JWT_SECRET);`
Start work on security manager 2019-04-29 23:30:43 +00:00
			`// access point settings`
			`String _jwtSecret;`
playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`std::list<User> _users;`

			`// endpoint functions`
			`void fetchUsers(AsyncWebServerRequest *request);`
add authentication service 2019-05-18 18:35:27 +00:00
			`/*`
			`* Lookup the user by JWT`
			`*/`
			`Authentication authenticateJWT(String jwt);`

			`/*`
			`* Verify the payload is correct`
			`*/`
			`boolean validatePayload(JsonObject &parsedPayload, User *user);`

Start work on security manager 2019-04-29 23:30:43 +00:00			`};`

playing with some ideas for security management 2019-04-30 22:49:28 +00:00			`#endif // end SecurityManager_h`