🪄 Formats SecuritySettingsService

2024-07-09 20:05:31 +02:00
parent 7d586eec90
commit 4e5f582978
2 changed files with 58 additions and 110 deletions
@@ -16,20 +16,16 @@

 #if FT_ENABLED(FT_SECURITY)

-SecuritySettingsService::SecuritySettingsService(PsychicHttpServer *server, FS *fs) : _server(server),
-                                                                                      _httpEndpoint(SecuritySettings::read, SecuritySettings::update, this, server, SECURITY_SETTINGS_PATH, this),
-                                                                                      _fsPersistence(SecuritySettings::read, SecuritySettings::update, this, fs, SECURITY_SETTINGS_FILE),
-                                                                                      _jwtHandler(FACTORY_JWT_SECRET)
-{
-    addUpdateHandler([&](const String &originId)
-                     { configureJWTHandler(); },
-                     false);
+SecuritySettingsService::SecuritySettingsService(PsychicHttpServer *server, FS *fs)
+    : _server(server),
+      _httpEndpoint(SecuritySettings::read, SecuritySettings::update, this, server, SECURITY_SETTINGS_PATH, this),
+      _fsPersistence(SecuritySettings::read, SecuritySettings::update, this, fs, SECURITY_SETTINGS_FILE),
+      _jwtHandler(FACTORY_JWT_SECRET) {
+    addUpdateHandler([&](const String &originId) { configureJWTHandler(); }, false);
 }

-void SecuritySettingsService::begin()
-{
-    _server->on(GENERATE_TOKEN_PATH,
-                HTTP_GET,
+void SecuritySettingsService::begin() {
+    _server->on(GENERATE_TOKEN_PATH, HTTP_GET,
                wrapRequest(std::bind(&SecuritySettingsService::generateToken, this, std::placeholders::_1),
                            AuthenticationPredicates::IS_ADMIN));

@@ -40,21 +36,16 @@ void SecuritySettingsService::begin()
    configureJWTHandler();
 }

-Authentication SecuritySettingsService::authenticateRequest(PsychicRequest *request)
-{
+Authentication SecuritySettingsService::authenticateRequest(PsychicRequest *request) {
    // Load the parameters from the request, as they are only loaded later with the regular handler
-    if (request->hasHeader(AUTHORIZATION_HEADER))
-    {
+    if (request->hasHeader(AUTHORIZATION_HEADER)) {
        auto value = request->header(AUTHORIZATION_HEADER);
        // ESP_LOGV("SecuritySettingsService", "Authorization header: %s", value.c_str());
-        if (value.startsWith(AUTHORIZATION_HEADER_PREFIX))
-        {
+        if (value.startsWith(AUTHORIZATION_HEADER_PREFIX)) {
            value = value.substring(AUTHORIZATION_HEADER_PREFIX_LEN);
            return authenticateJWT(value);
        }
-    }
-    else if (request->hasParam(ACCESS_TOKEN_PARAMATER))
-    {
+    } else if (request->hasParam(ACCESS_TOKEN_PARAMATER)) {
        String value = request->getParam(ACCESS_TOKEN_PARAMATER)->value();
        // ESP_LOGV("SecuritySettingsService", "Access token parameter: %s", value.c_str());
        return authenticateJWT(value);
@@ -62,23 +53,16 @@ Authentication SecuritySettingsService::authenticateRequest(PsychicRequest *requ
    return Authentication();
 }

-void SecuritySettingsService::configureJWTHandler()
-{
-    _jwtHandler.setSecret(_state.jwtSecret);
-}
+void SecuritySettingsService::configureJWTHandler() { _jwtHandler.setSecret(_state.jwtSecret); }

-Authentication SecuritySettingsService::authenticateJWT(String &jwt)
-{
+Authentication SecuritySettingsService::authenticateJWT(String &jwt) {
    JsonDocument payloadDocument;
    _jwtHandler.parseJWT(jwt, payloadDocument);
-    if (payloadDocument.is<JsonObject>())
-    {
+    if (payloadDocument.is<JsonObject>()) {
        JsonObject parsedPayload = payloadDocument.as<JsonObject>();
        String username = parsedPayload["username"];
-        for (User _user : _state.users)
-        {
-            if (_user.username == username && validatePayload(parsedPayload, &_user))
-            {
+        for (User _user : _state.users) {
+            if (_user.username == username && validatePayload(parsedPayload, &_user)) {
                return Authentication(_user);
            }
        }
@@ -86,44 +70,36 @@ Authentication SecuritySettingsService::authenticateJWT(String &jwt)
    return Authentication();
 }

-Authentication SecuritySettingsService::authenticate(const String &username, const String &password)
-{
-    for (User _user : _state.users)
-    {
-        if (_user.username == username && _user.password == password)
-        {
+Authentication SecuritySettingsService::authenticate(const String &username, const String &password) {
+    for (User _user : _state.users) {
+        if (_user.username == username && _user.password == password) {
            return Authentication(_user);
        }
    }
    return Authentication();
 }

-inline void populateJWTPayload(JsonObject &payload, User *user)
-{
+inline void populateJWTPayload(JsonObject &payload, User *user) {
    payload["username"] = user->username;
    payload["admin"] = user->admin;
 }

-boolean SecuritySettingsService::validatePayload(JsonObject &parsedPayload, User *user)
-{
+boolean SecuritySettingsService::validatePayload(JsonObject &parsedPayload, User *user) {
    JsonDocument jsonDocument;
    JsonObject payload = jsonDocument.to<JsonObject>();
    populateJWTPayload(payload, user);
    return payload == parsedPayload;
 }

-String SecuritySettingsService::generateJWT(User *user)
-{
+String SecuritySettingsService::generateJWT(User *user) {
    JsonDocument jsonDocument;
    JsonObject payload = jsonDocument.to<JsonObject>();
    populateJWTPayload(payload, user);
    return _jwtHandler.buildJWT(payload);
 }

-PsychicRequestFilterFunction SecuritySettingsService::filterRequest(AuthenticationPredicate predicate)
-{
-    return [this, predicate](PsychicRequest *request)
-    {
+PsychicRequestFilterFunction SecuritySettingsService::filterRequest(AuthenticationPredicate predicate) {
+    return [this, predicate](PsychicRequest *request) {
        // ESP_LOGV("SecuritySettingsService", "Authenticating filter request: %s", request->uri().c_str());
        // ESP_LOGV("SecuritySettingsService", "Request Method: %s", request->methodStr().c_str());

@@ -131,12 +107,10 @@ PsychicRequestFilterFunction SecuritySettingsService::filterRequest(Authenticati
        // This is a temporary fix until the PsychicHttp websocket handler is fixed to not send a bogus filter request

        // Check if we have a bogus filter request and return true
-        if (request->uri().isEmpty() && request->method() == HTTP_DELETE)
-        {
+        if (request->uri().isEmpty() && request->method() == HTTP_DELETE) {
            // ESP_LOGV("SecuritySettingsService", "Bogus filter request - allowing");
            return true;
-        }
-        else
+        } else
            request->loadParams();

        Authentication authentication = authenticateRequest(request);
@@ -146,39 +120,32 @@ PsychicRequestFilterFunction SecuritySettingsService::filterRequest(Authenticati
    };
 }

-PsychicHttpRequestCallback SecuritySettingsService::wrapRequest(PsychicHttpRequestCallback onRequest, AuthenticationPredicate predicate)
-{
-    return [this, onRequest, predicate](PsychicRequest *request)
-    {
+PsychicHttpRequestCallback SecuritySettingsService::wrapRequest(PsychicHttpRequestCallback onRequest,
+                                                                AuthenticationPredicate predicate) {
+    return [this, onRequest, predicate](PsychicRequest *request) {
        Authentication authentication = authenticateRequest(request);
-        if (!predicate(authentication))
-        {
+        if (!predicate(authentication)) {
            return request->reply(401);
        }
        return onRequest(request);
    };
 }

-PsychicJsonRequestCallback SecuritySettingsService::wrapCallback(PsychicJsonRequestCallback onRequest, AuthenticationPredicate predicate)
-{
-    return [this, onRequest, predicate](PsychicRequest *request, JsonVariant &json)
-    {
+PsychicJsonRequestCallback SecuritySettingsService::wrapCallback(PsychicJsonRequestCallback onRequest,
+                                                                 AuthenticationPredicate predicate) {
+    return [this, onRequest, predicate](PsychicRequest *request, JsonVariant &json) {
        Authentication authentication = authenticateRequest(request);
-        if (!predicate(authentication))
-        {
+        if (!predicate(authentication)) {
            return request->reply(401);
        }
        return onRequest(request, json);
    };
 }

-esp_err_t SecuritySettingsService::generateToken(PsychicRequest *request)
-{
+esp_err_t SecuritySettingsService::generateToken(PsychicRequest *request) {
    String usernameParam = request->getParam("username")->value();
-    for (User _user : _state.users)
-    {
-        if (_user.username == usernameParam)
-        {
+    for (User _user : _state.users) {
+        if (_user.username == usernameParam) {
            PsychicJsonResponse response = PsychicJsonResponse(request, false);
            JsonObject root = response.getRoot();
            root["token"] = generateJWT(&_user);
@@ -192,38 +159,29 @@ esp_err_t SecuritySettingsService::generateToken(PsychicRequest *request)

 User ADMIN_USER = User(FACTORY_ADMIN_USERNAME, FACTORY_ADMIN_PASSWORD, true);

-SecuritySettingsService::SecuritySettingsService(PsychicHttpServer *server, FS *fs) : SecurityManager()
-{
-}
-SecuritySettingsService::~SecuritySettingsService()
-{
-}
+SecuritySettingsService::SecuritySettingsService(PsychicHttpServer *server, FS *fs) : SecurityManager() {}
+SecuritySettingsService::~SecuritySettingsService() {}

-PsychicRequestFilterFunction SecuritySettingsService::filterRequest(AuthenticationPredicate predicate)
-{
-    return [this, predicate](PsychicRequest *request)
-    {
+PsychicRequestFilterFunction SecuritySettingsService::filterRequest(AuthenticationPredicate predicate) {
+    return [this, predicate](PsychicRequest *request) {
        // ESP_LOGV("SecuritySettingsService", "Security disabled - all requests are allowed");
        return true;
    };
 }

 // Return the admin user on all request - disabling security features
-Authentication SecuritySettingsService::authenticateRequest(PsychicRequest *request)
-{
+Authentication SecuritySettingsService::authenticateRequest(PsychicRequest *request) {
    return Authentication(ADMIN_USER);
 }

 // Return the function unwrapped
 PsychicHttpRequestCallback SecuritySettingsService::wrapRequest(PsychicHttpRequestCallback onRequest,
-                                                                AuthenticationPredicate predicate)
-{
+                                                                AuthenticationPredicate predicate) {
    return onRequest;
 }

 PsychicJsonRequestCallback SecuritySettingsService::wrapCallback(PsychicJsonRequestCallback onRequest,
-                                                                 AuthenticationPredicate predicate)
-{
+                                                                 AuthenticationPredicate predicate) {
    return onRequest;
 }

@@ -48,21 +48,18 @@

 #if FT_ENABLED(FT_SECURITY)

-class SecuritySettings
-{
-public:
+class SecuritySettings {
+  public:
    String jwtSecret;
    std::list<User> users;

-    static void read(SecuritySettings &settings, JsonObject &root)
-    {
+    static void read(SecuritySettings &settings, JsonObject &root) {
        // secret
        root["jwt_secret"] = settings.jwtSecret;

        // users
        JsonArray users = root.to<JsonArray>();
-        for (User user : settings.users)
-        {
+        for (User user : settings.users) {
            JsonObject userRoot = users.add<JsonObject>();
            userRoot["username"] = user.username;
            userRoot["password"] = user.password;
@@ -70,22 +67,17 @@ public:
        }
    }

-    static StateUpdateResult update(JsonObject &root, SecuritySettings &settings)
-    {
+    static StateUpdateResult update(JsonObject &root, SecuritySettings &settings) {
        // secret
        settings.jwtSecret = root["jwt_secret"] | SettingValue::format(FACTORY_JWT_SECRET);

        // users
        settings.users.clear();
-        if (root["users"].is<JsonArray>())
-        {
-            for (JsonVariant user : root["users"].as<JsonArray>())
-            {
+        if (root["users"].is<JsonArray>()) {
+            for (JsonVariant user : root["users"].as<JsonArray>()) {
                settings.users.push_back(User(user["username"], user["password"], user["admin"]));
            }
-        }
-        else
-        {
+        } else {
            settings.users.push_back(User(FACTORY_ADMIN_USERNAME, FACTORY_ADMIN_PASSWORD, true));
            settings.users.push_back(User(FACTORY_GUEST_USERNAME, FACTORY_GUEST_PASSWORD, false));
        }
@@ -93,9 +85,8 @@ public:
    }
 };

-class SecuritySettingsService : public StatefulService<SecuritySettings>, public SecurityManager
-{
-public:
+class SecuritySettingsService : public StatefulService<SecuritySettings>, public SecurityManager {
+  public:
    SecuritySettingsService(PsychicHttpServer *server, FS *fs);

    void begin();
@@ -109,7 +100,7 @@ public:
    PsychicHttpRequestCallback wrapRequest(PsychicHttpRequestCallback onRequest, AuthenticationPredicate predicate);
    PsychicJsonRequestCallback wrapCallback(PsychicJsonRequestCallback onRequest, AuthenticationPredicate predicate);

-private:
+  private:
    PsychicHttpServer *_server;

    HttpEndpoint<SecuritySettings> _httpEndpoint;
@@ -133,9 +124,8 @@ private:

 #else

-class SecuritySettingsService : public SecurityManager
-{
-public:
+class SecuritySettingsService : public SecurityManager {
+  public:
    SecuritySettingsService(PsychicHttpServer *server, FS *fs);
    ~SecuritySettingsService();