playing with some ideas for security management

This commit is contained in:
Rick Watson 2019-04-30 23:49:28 +01:00
parent a05129be38
commit eca14cf81c
4 changed files with 75 additions and 27 deletions

View File

@ -1,5 +1,6 @@
{
"jwt_secret":"esp8266-react",
"roles": ["admin", "guest"],
"users": [
{
"username": "admin",

View File

@ -1,51 +1,84 @@
#include <SecurityManager.h>
SecurityManager::SecurityManager(AsyncWebServer* server, FS* fs) : SettingsPersistence(fs, SECURITY_SETTINGS_FILE) {
server->on(USERS_PATH, HTTP_GET, std::bind(&SecurityManager::fetchUsers, this, std::placeholders::_1));
}
SecurityManager::~SecurityManager() {}
void SecurityManager::readFromJsonObject(JsonObject& root) {
// secret
_jwtSecret = root["jwt_secret"] | DEFAULT_JWT_SECRET;
while (_numUsers > 0){
delete _users[--_numUsers];
// roles
_roles.clear();
if (root["roles"].is<JsonArray>()) {
JsonArray roles = root["roles"];
for (JsonVariant role : roles) {
_roles.push_back(role.as<String>());
}
}
// users
_users.clear();
if (root["users"].is<JsonArray>()) {
JsonArray users = root["users"];
_numUsers = 0;
// TODO - complete defence against bad data
for (int i =0; i < min(SECURITY_MANAGER_MAX_USERS, (int) users.size()); i++){
JsonObject user = users[i];
String username = user["username"];;
for (JsonVariant user : users) {
String username = user["username"];
String password = user["password"];
String role = user["role"];
_users[_numUsers++] = new User(username, password, role);
_users.push_back(User(username, password, role));
}
}
}
void SecurityManager::writeToJsonObject(JsonObject& root) {
// TODO
// secret
root["jwt_secret"] = _jwtSecret;
// roles
JsonArray roles = root.createNestedArray("roles");
for (String _role : _roles) {
roles.add(_role);
}
// users
JsonArray users = root.createNestedArray("users");
for (User _user : _users) {
JsonObject user = users.createNestedObject();
user["username"] = _user.getUsername();
user["password"] = _user.getPassword();
user["role"] = _user.getRole();
}
}
void SecurityManager::fetchUsers(AsyncWebServerRequest *request) {
AsyncJsonResponse * response = new AsyncJsonResponse(MAX_USERS_SIZE);
JsonObject jsonObject = response->getRoot();
writeToJsonObject(jsonObject);
response->setLength();
request->send(response);
}
void SecurityManager::begin() {
// TODO
readFromFS();
}
User SecurityManager::verifyUser(String jwt) {
// TODO
return NOT_AUTHENTICATED;
}
User authenticate(String username, String password) {
// TODO
User SecurityManager::authenticate(String username, String password) {
for (User _user : _users) {
if (_user.getUsername() == username && _user.getPassword() == password){
return _user;
}
}
return NOT_AUTHENTICATED;
}
String generateJWT(User user) {
String SecurityManager::generateJWT(User user) {
// TODO
return "";
}

View File

@ -1,5 +1,8 @@
#ifndef APSettingsConfig_h
#define APSettingsConfig_h
#ifndef SecurityManager_h
#define SecurityManager_h
#include <list>
#include <ArduinoJWT.h>
#include <SettingsService.h>
#include <DNSServer.h>
@ -8,16 +11,17 @@
#define DEFAULT_JWT_SECRET "esp8266-react"
#define SECURITY_SETTINGS_FILE "/config/securitySettings.json"
#define USERS_PATH "/rest/users"
#define AUTHENTICATE_PATH "/rest/authenticate"
#define SECURITY_MANAGER_MAX_USERS 5
#define UNAUTHENTICATED_USERNAME ""
#define UNAUTHENTICATED_USERNAME "_anonymous"
#define UNAUTHENTICATED_PASSWORD ""
#define UNAUTHENTICATED_ROLE ""
#define ROLE_ADMIN "admin"
#define ROLE_GUEST "guest"
#define MAX_USERS_SIZE 1024
class User {
private:
@ -38,9 +42,6 @@ class User {
bool isAuthenticated() {
return _username != UNAUTHENTICATED_USERNAME;
}
bool isAdmin() {
return isAuthenticated() && _username == ROLE_ADMIN;
}
};
const User NOT_AUTHENTICATED = User(UNAUTHENTICATED_USERNAME, UNAUTHENTICATED_PASSWORD, UNAUTHENTICATED_ROLE);
@ -55,7 +56,7 @@ class SecurityManager : public SettingsPersistence {
void begin();
User verifyUser(String jwt);
User authenticate();
User authenticate(String username, String password);
String generateJWT(User user);
protected:
@ -65,10 +66,17 @@ class SecurityManager : public SettingsPersistence {
private:
// server instance
AsyncWebServer* _server;
// access point settings
String _jwtSecret;
User *_users[SECURITY_MANAGER_MAX_USERS];
int _numUsers;
std::list<String> _roles;
std::list<User> _users;
// endpoint functions
void fetchUsers(AsyncWebServerRequest *request);
};
#endif // end APSettingsConfig_h
#endif // end SecurityManager_h

View File

@ -18,11 +18,14 @@
#include <NTPStatus.h>
#include <OTASettingsService.h>
#include <APStatus.h>
#include <SecurityManager.h>
#define SERIAL_BAUD_RATE 115200
AsyncWebServer server(80);
SecurityManager securityManager = SecurityManager(&server, &SPIFFS);
WiFiSettingsService wifiSettingsService = WiFiSettingsService(&server, &SPIFFS);
APSettingsService apSettingsService = APSettingsService(&server, &SPIFFS);
NTPSettingsService ntpSettingsService = NTPSettingsService(&server, &SPIFFS);
@ -40,6 +43,9 @@ void setup() {
Serial.begin(SERIAL_BAUD_RATE);
SPIFFS.begin();
// start security manager
securityManager.begin();
// start services
ntpSettingsService.begin();
otaSettingsService.begin();