e771ab134a
* Use text formatting for default factory values to produce dynamic names. Header files contains duplicates of factory values defined in factory_settings.ini Removed them to simplify the code. * Use text formatting for default factory values to produce dynamic names. Header files contains duplicates of factory values defined in factory_settings.ini Removed them to simplify the code. * Configured the WiFi host name to contain the device id by default * Removed possibility to use placeholders for FACTORY_WIFI_SSID factory setting. * Update README.md Updated documentation * Use text formatting for default factory values to produce dynamic names. Header files contains duplicates of factory values defined in factory_settings.ini Removed them to simplify the code. * Configured the WiFi host name to contain the device id by default * Removed possibility to use placeholders for FACTORY_WIFI_SSID factory setting. * Added a space to the end of the file to comply project code style * fix typos clang formatting use 2 spaces in ini files use ${platform}-${chip_id} for hostname put chip id in brackets in AP SSID * restore (and update) factory setting ifndefs - this is so src can be built without an exaustive set build-time defines - standardize ordering of defines: factory settings, paths, config * format and modify comment * escape spaces in pio defines experiment with removing $'s from our format strings (they are being substituted with empty values by pio) * fix formatting in readme rename FactoryValue to SettingValue, put in own header give example of direct usage of FactorySetting::format in README.md * auto format * use hash to delimit placeholders * fix factory_settings.ini * remove flash string helpers * format ini file * use MAC address instead of chip id for properly unique identifier * use lower case hex encoding for unique id use chip id and unique id for more secure secret * fix comment * Use random values for JWT secret Arduino uses the ESP random number generator for "true random" numbers on both esp32 and esp8266 This makes a better JWT secret and may be useful for other factory defaults too In addition a modification has been made to force the FSPersistance to save the file if applying defaults * Don't use spaces in default AP SSID * restore helpful comment in factory_settings.ini fix default defines Co-authored-by: kasedy <kasedy@gmail.com>
98 lines
2.5 KiB
C++
98 lines
2.5 KiB
C++
#ifndef SecurityManager_h
|
|
#define SecurityManager_h
|
|
|
|
#include <Features.h>
|
|
#include <ArduinoJsonJWT.h>
|
|
#include <ESPAsyncWebServer.h>
|
|
#include <AsyncJson.h>
|
|
#include <list>
|
|
|
|
#define ACCESS_TOKEN_PARAMATER "access_token"
|
|
|
|
#define AUTHORIZATION_HEADER "Authorization"
|
|
#define AUTHORIZATION_HEADER_PREFIX "Bearer "
|
|
#define AUTHORIZATION_HEADER_PREFIX_LEN 7
|
|
|
|
#define MAX_JWT_SIZE 128
|
|
|
|
class User {
|
|
public:
|
|
String username;
|
|
String password;
|
|
bool admin;
|
|
|
|
public:
|
|
User(String username, String password, bool admin) : username(username), password(password), admin(admin) {
|
|
}
|
|
};
|
|
|
|
class Authentication {
|
|
public:
|
|
User* user;
|
|
boolean authenticated;
|
|
|
|
public:
|
|
Authentication(User& user) : user(new User(user)), authenticated(true) {
|
|
}
|
|
Authentication() : user(nullptr), authenticated(false) {
|
|
}
|
|
~Authentication() {
|
|
delete (user);
|
|
}
|
|
};
|
|
|
|
typedef std::function<boolean(Authentication& authentication)> AuthenticationPredicate;
|
|
|
|
class AuthenticationPredicates {
|
|
public:
|
|
static bool NONE_REQUIRED(Authentication& authentication) {
|
|
return true;
|
|
};
|
|
static bool IS_AUTHENTICATED(Authentication& authentication) {
|
|
return authentication.authenticated;
|
|
};
|
|
static bool IS_ADMIN(Authentication& authentication) {
|
|
return authentication.authenticated && authentication.user->admin;
|
|
};
|
|
};
|
|
|
|
class SecurityManager {
|
|
public:
|
|
#if FT_ENABLED(FT_SECURITY)
|
|
/*
|
|
* Authenticate, returning the user if found
|
|
*/
|
|
virtual Authentication authenticate(const String& username, const String& password) = 0;
|
|
|
|
/*
|
|
* Generate a JWT for the user provided
|
|
*/
|
|
virtual String generateJWT(User* user) = 0;
|
|
|
|
#endif
|
|
|
|
/*
|
|
* Check the request header for the Authorization token
|
|
*/
|
|
virtual Authentication authenticateRequest(AsyncWebServerRequest* request) = 0;
|
|
|
|
/**
|
|
* Filter a request with the provided predicate, only returning true if the predicate matches.
|
|
*/
|
|
virtual ArRequestFilterFunction filterRequest(AuthenticationPredicate predicate) = 0;
|
|
|
|
/**
|
|
* Wrap the provided request to provide validation against an AuthenticationPredicate.
|
|
*/
|
|
virtual ArRequestHandlerFunction wrapRequest(ArRequestHandlerFunction onRequest,
|
|
AuthenticationPredicate predicate) = 0;
|
|
|
|
/**
|
|
* Wrap the provided json request callback to provide validation against an AuthenticationPredicate.
|
|
*/
|
|
virtual ArJsonRequestHandlerFunction wrapCallback(ArJsonRequestHandlerFunction onRequest,
|
|
AuthenticationPredicate predicate) = 0;
|
|
};
|
|
|
|
#endif // end SecurityManager_h
|