From 416e736ea991b3fca213fd670f95ff45daf97a9a Mon Sep 17 00:00:00 2001 From: Rick Watson Date: Tue, 30 Apr 2019 00:30:43 +0100 Subject: [PATCH] Start work on security manager --- data/config/securitySettings.json | 15 +++++++ src/SecurityManager.cpp | 51 +++++++++++++++++++++ src/SecurityManager.h | 74 +++++++++++++++++++++++++++++++ 3 files changed, 140 insertions(+) create mode 100644 data/config/securitySettings.json create mode 100644 src/SecurityManager.cpp create mode 100644 src/SecurityManager.h diff --git a/data/config/securitySettings.json b/data/config/securitySettings.json new file mode 100644 index 0000000..4b7a9d2 --- /dev/null +++ b/data/config/securitySettings.json @@ -0,0 +1,15 @@ +{ + "jwt_secret":"esp8266-react", + "users": [ + { + "username": "admin", + "password": "admin", + "role": "admin" + }, + { + "username": "guest", + "password": "guest", + "role": "guest" + } + ] +} \ No newline at end of file diff --git a/src/SecurityManager.cpp b/src/SecurityManager.cpp new file mode 100644 index 0000000..01909e4 --- /dev/null +++ b/src/SecurityManager.cpp @@ -0,0 +1,51 @@ +#include + +SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) { +} + +SecurityManager::~SecurityManager() {} + +void SecurityManager::readFromJsonObject(JsonObject& root) { + _jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET; + + while (_numUsers > 0){ + delete _users[--_numUsers]; + } + + if (root["users"].is()) { + JsonArray users = root["users"]; + _numUsers = 0; + // TODO - complete defence against bad data + for (int i =0; i < min(SECURITY_MANAGER_MAX_USERS, (int) users.size()); i++){ + JsonObject user = users[i]; + String username = user["username"];; + String password = user["password"]; + String role = user["role"]; + _users[_numUsers++] = new User(username, password, role); + } + } +} + +void SecurityManager::writeToJsonObject(JsonObject& root) { + // TODO +} + +void SecurityManager::begin() { + // TODO +} + +User SecurityManager::verifyUser(String jwt) { + // TODO + return NOT_AUTHENTICATED; +} +User authenticate(String username, String password) { + // TODO + return NOT_AUTHENTICATED; +} + +String generateJWT(User user) { + // TODO + return ""; +} + + diff --git a/src/SecurityManager.h b/src/SecurityManager.h new file mode 100644 index 0000000..8f419a4 --- /dev/null +++ b/src/SecurityManager.h @@ -0,0 +1,74 @@ +#ifndef APSettingsConfig_h +#define APSettingsConfig_h + +#include +#include +#include + +#define DEFAULT_JWT_SECRET "esp8266-react" + +#define SECURITY_SETTINGS_FILE "/config/securitySettings.json" +#define AUTHENTICATE_PATH "/rest/authenticate" + +#define SECURITY_MANAGER_MAX_USERS 5 + +#define UNAUTHENTICATED_USERNAME "" +#define UNAUTHENTICATED_PASSWORD "" +#define UNAUTHENTICATED_ROLE "" + +#define ROLE_ADMIN "admin" +#define ROLE_GUEST "guest" + +class User { + private: + String _username; + String _password; + String _role; + public: + User(String username, String password, String role): _username(username), _password(password), _role(role) {} + String getUsername() { + return _username; + } + String getPassword() { + return _password; + } + String getRole() { + return _role; + } + bool isAuthenticated() { + return _username != UNAUTHENTICATED_USERNAME; + } + bool isAdmin() { + return isAuthenticated() && _username == ROLE_ADMIN; + } +}; + +const User NOT_AUTHENTICATED = User(UNAUTHENTICATED_USERNAME, UNAUTHENTICATED_PASSWORD, UNAUTHENTICATED_ROLE); + +class SecurityManager : public SettingsPersistence { + + public: + + SecurityManager(AsyncWebServer* server, FS* fs); + ~SecurityManager(); + + void begin(); + + User verifyUser(String jwt); + User authenticate(); + String generateJWT(User user); + + protected: + + void readFromJsonObject(JsonObject& root); + void writeToJsonObject(JsonObject& root); + + private: + + // access point settings + String _jwtSecret; + User *_users[SECURITY_MANAGER_MAX_USERS]; + int _numUsers; +}; + +#endif // end APSettingsConfig_h \ No newline at end of file