Start work on security manager

This commit is contained in:
Rick Watson 2019-04-30 00:30:43 +01:00
parent e8de21aaf4
commit 416e736ea9
3 changed files with 140 additions and 0 deletions

View File

@ -0,0 +1,15 @@
{
"jwt_secret":"esp8266-react",
"users": [
{
"username": "admin",
"password": "admin",
"role": "admin"
},
{
"username": "guest",
"password": "guest",
"role": "guest"
}
]
}

51
src/SecurityManager.cpp Normal file
View File

@ -0,0 +1,51 @@
#include <SecurityManager.h>
SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) {
}
SecurityManager::~SecurityManager() {}
void SecurityManager::readFromJsonObject(JsonObject& root) {
_jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET;
while (_numUsers > 0){
delete _users[--_numUsers];
}
if (root["users"].is<JsonArray>()) {
JsonArray users = root["users"];
_numUsers = 0;
// TODO - complete defence against bad data
for (int i =0; i < min(SECURITY_MANAGER_MAX_USERS, (int) users.size()); i++){
JsonObject user = users[i];
String username = user["username"];;
String password = user["password"];
String role = user["role"];
_users[_numUsers++] = new User(username, password, role);
}
}
}
void SecurityManager::writeToJsonObject(JsonObject& root) {
// TODO
}
void SecurityManager::begin() {
// TODO
}
User SecurityManager::verifyUser(String jwt) {
// TODO
return NOT_AUTHENTICATED;
}
User authenticate(String username, String password) {
// TODO
return NOT_AUTHENTICATED;
}
String generateJWT(User user) {
// TODO
return "";
}

74
src/SecurityManager.h Normal file
View File

@ -0,0 +1,74 @@
#ifndef APSettingsConfig_h
#define APSettingsConfig_h
#include <SettingsService.h>
#include <DNSServer.h>
#include <IPAddress.h>
#define DEFAULT_JWT_SECRET "esp8266-react"
#define SECURITY_SETTINGS_FILE "/config/securitySettings.json"
#define AUTHENTICATE_PATH "/rest/authenticate"
#define SECURITY_MANAGER_MAX_USERS 5
#define UNAUTHENTICATED_USERNAME ""
#define UNAUTHENTICATED_PASSWORD ""
#define UNAUTHENTICATED_ROLE ""
#define ROLE_ADMIN "admin"
#define ROLE_GUEST "guest"
class User {
private:
String _username;
String _password;
String _role;
public:
User(String username, String password, String role): _username(username), _password(password), _role(role) {}
String getUsername() {
return _username;
}
String getPassword() {
return _password;
}
String getRole() {
return _role;
}
bool isAuthenticated() {
return _username != UNAUTHENTICATED_USERNAME;
}
bool isAdmin() {
return isAuthenticated() && _username == ROLE_ADMIN;
}
};
const User NOT_AUTHENTICATED = User(UNAUTHENTICATED_USERNAME, UNAUTHENTICATED_PASSWORD, UNAUTHENTICATED_ROLE);
class SecurityManager : public SettingsPersistence {
public:
SecurityManager(AsyncWebServer* server, FS* fs);
~SecurityManager();
void begin();
User verifyUser(String jwt);
User authenticate();
String generateJWT(User user);
protected:
void readFromJsonObject(JsonObject& root);
void writeToJsonObject(JsonObject& root);
private:
// access point settings
String _jwtSecret;
User *_users[SECURITY_MANAGER_MAX_USERS];
int _numUsers;
};
#endif // end APSettingsConfig_h