Darkages/SpotMicroESP32-Leika
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🪄 Formats SecuritySettingsService

Browse Source
This commit is contained in:
Rune Harlyk
2024-07-09 20:05:31 +02:00
committed by Rune Harlyk
parent 7d586eec90
commit 4e5f582978
2 changed files with 58 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files
esp32/lib/ESP32-sveltekit/SecuritySettingsService.cpp
+45 -87
View File
@@ -16,20 +16,16 @@
#if FT_ENABLED(FT_SECURITY)
SecuritySettingsService::SecuritySettingsService(PsychicHttpServer *server, FS *fs) : _server(server),
_httpEndpoint(SecuritySettings::read, SecuritySettings::update, this, server, SECURITY_SETTINGS_PATH, this),
_fsPersistence(SecuritySettings::read, SecuritySettings::update, this, fs, SECURITY_SETTINGS_FILE),
_jwtHandler(FACTORY_JWT_SECRET)
{
addUpdateHandler([&](const String &originId)
{ configureJWTHandler(); },
false);
SecuritySettingsService::SecuritySettingsService(PsychicHttpServer *server, FS *fs)
: _server(server),
_httpEndpoint(SecuritySettings::read, SecuritySettings::update, this, server, SECURITY_SETTINGS_PATH, this),
_fsPersistence(SecuritySettings::read, SecuritySettings::update, this, fs, SECURITY_SETTINGS_FILE),
_jwtHandler(FACTORY_JWT_SECRET) {
addUpdateHandler([&](const String &originId) { configureJWTHandler(); }, false);
}
void SecuritySettingsService::begin()
{
_server->on(GENERATE_TOKEN_PATH,
HTTP_GET,
void SecuritySettingsService::begin() {
_server->on(GENERATE_TOKEN_PATH, HTTP_GET,
wrapRequest(std::bind(&SecuritySettingsService::generateToken, this, std::placeholders::_1),
AuthenticationPredicates::IS_ADMIN));
@@ -40,21 +36,16 @@ void SecuritySettingsService::begin()
configureJWTHandler();
}
Authentication SecuritySettingsService::authenticateRequest(PsychicRequest *request)
{
Authentication SecuritySettingsService::authenticateRequest(PsychicRequest *request) {
// Load the parameters from the request, as they are only loaded later with the regular handler
if (request->hasHeader(AUTHORIZATION_HEADER))
{
if (request->hasHeader(AUTHORIZATION_HEADER)) {
auto value = request->header(AUTHORIZATION_HEADER);
// ESP_LOGV("SecuritySettingsService", "Authorization header: %s", value.c_str());
if (value.startsWith(AUTHORIZATION_HEADER_PREFIX))
{
if (value.startsWith(AUTHORIZATION_HEADER_PREFIX)) {
value = value.substring(AUTHORIZATION_HEADER_PREFIX_LEN);
return authenticateJWT(value);
}
}
else if (request->hasParam(ACCESS_TOKEN_PARAMATER))
{
} else if (request->hasParam(ACCESS_TOKEN_PARAMATER)) {
String value = request->getParam(ACCESS_TOKEN_PARAMATER)->value();
// ESP_LOGV("SecuritySettingsService", "Access token parameter: %s", value.c_str());
return authenticateJWT(value);
@@ -62,23 +53,16 @@ Authentication SecuritySettingsService::authenticateRequest(PsychicRequest *requ
return Authentication();
}
void SecuritySettingsService::configureJWTHandler()
{
_jwtHandler.setSecret(_state.jwtSecret);
}
void SecuritySettingsService::configureJWTHandler() { _jwtHandler.setSecret(_state.jwtSecret); }
Authentication SecuritySettingsService::authenticateJWT(String &jwt)
{
Authentication SecuritySettingsService::authenticateJWT(String &jwt) {
JsonDocument payloadDocument;
_jwtHandler.parseJWT(jwt, payloadDocument);
if (payloadDocument.is<JsonObject>())
{
if (payloadDocument.is<JsonObject>()) {
JsonObject parsedPayload = payloadDocument.as<JsonObject>();
String username = parsedPayload["username"];
for (User _user : _state.users)
{
if (_user.username == username && validatePayload(parsedPayload, &_user))
{
for (User _user : _state.users) {
if (_user.username == username && validatePayload(parsedPayload, &_user)) {
return Authentication(_user);
}
}
@@ -86,44 +70,36 @@ Authentication SecuritySettingsService::authenticateJWT(String &jwt)
return Authentication();
}
Authentication SecuritySettingsService::authenticate(const String &username, const String &password)
{
for (User _user : _state.users)
{
if (_user.username == username && _user.password == password)
{
Authentication SecuritySettingsService::authenticate(const String &username, const String &password) {
for (User _user : _state.users) {
if (_user.username == username && _user.password == password) {
return Authentication(_user);
}
}
return Authentication();
}
inline void populateJWTPayload(JsonObject &payload, User *user)
{
inline void populateJWTPayload(JsonObject &payload, User *user) {
payload["username"] = user->username;
payload["admin"] = user->admin;
}
boolean SecuritySettingsService::validatePayload(JsonObject &parsedPayload, User *user)
{
boolean SecuritySettingsService::validatePayload(JsonObject &parsedPayload, User *user) {
JsonDocument jsonDocument;
JsonObject payload = jsonDocument.to<JsonObject>();
populateJWTPayload(payload, user);
return payload == parsedPayload;
}
String SecuritySettingsService::generateJWT(User *user)
{
String SecuritySettingsService::generateJWT(User *user) {
JsonDocument jsonDocument;
JsonObject payload = jsonDocument.to<JsonObject>();
populateJWTPayload(payload, user);
return _jwtHandler.buildJWT(payload);
}
PsychicRequestFilterFunction SecuritySettingsService::filterRequest(AuthenticationPredicate predicate)
{
return [this, predicate](PsychicRequest *request)
{
PsychicRequestFilterFunction SecuritySettingsService::filterRequest(AuthenticationPredicate predicate) {
return [this, predicate](PsychicRequest *request) {
// ESP_LOGV("SecuritySettingsService", "Authenticating filter request: %s", request->uri().c_str());
// ESP_LOGV("SecuritySettingsService", "Request Method: %s", request->methodStr().c_str());
@@ -131,12 +107,10 @@ PsychicRequestFilterFunction SecuritySettingsService::filterRequest(Authenticati
// This is a temporary fix until the PsychicHttp websocket handler is fixed to not send a bogus filter request
// Check if we have a bogus filter request and return true
if (request->uri().isEmpty() && request->method() == HTTP_DELETE)
{
if (request->uri().isEmpty() && request->method() == HTTP_DELETE) {
// ESP_LOGV("SecuritySettingsService", "Bogus filter request - allowing");
return true;
}
else
} else
request->loadParams();
Authentication authentication = authenticateRequest(request);
@@ -146,39 +120,32 @@ PsychicRequestFilterFunction SecuritySettingsService::filterRequest(Authenticati
};
}
PsychicHttpRequestCallback SecuritySettingsService::wrapRequest(PsychicHttpRequestCallback onRequest, AuthenticationPredicate predicate)
{
return [this, onRequest, predicate](PsychicRequest *request)
{
PsychicHttpRequestCallback SecuritySettingsService::wrapRequest(PsychicHttpRequestCallback onRequest,
AuthenticationPredicate predicate) {
return [this, onRequest, predicate](PsychicRequest *request) {
Authentication authentication = authenticateRequest(request);
if (!predicate(authentication))
{
if (!predicate(authentication)) {
return request->reply(401);
}
return onRequest(request);
};
}
PsychicJsonRequestCallback SecuritySettingsService::wrapCallback(PsychicJsonRequestCallback onRequest, AuthenticationPredicate predicate)
{
return [this, onRequest, predicate](PsychicRequest *request, JsonVariant &json)
{
PsychicJsonRequestCallback SecuritySettingsService::wrapCallback(PsychicJsonRequestCallback onRequest,
AuthenticationPredicate predicate) {
return [this, onRequest, predicate](PsychicRequest *request, JsonVariant &json) {
Authentication authentication = authenticateRequest(request);
if (!predicate(authentication))
{
if (!predicate(authentication)) {
return request->reply(401);
}
return onRequest(request, json);
};
}
esp_err_t SecuritySettingsService::generateToken(PsychicRequest *request)
{
esp_err_t SecuritySettingsService::generateToken(PsychicRequest *request) {
String usernameParam = request->getParam("username")->value();
for (User _user : _state.users)
{
if (_user.username == usernameParam)
{
for (User _user : _state.users) {
if (_user.username == usernameParam) {
PsychicJsonResponse response = PsychicJsonResponse(request, false);
JsonObject root = response.getRoot();
root["token"] = generateJWT(&_user);
@@ -192,38 +159,29 @@ esp_err_t SecuritySettingsService::generateToken(PsychicRequest *request)
User ADMIN_USER = User(FACTORY_ADMIN_USERNAME, FACTORY_ADMIN_PASSWORD, true);
SecuritySettingsService::SecuritySettingsService(PsychicHttpServer *server, FS *fs) : SecurityManager()
{
}
SecuritySettingsService::~SecuritySettingsService()
{
}
SecuritySettingsService::SecuritySettingsService(PsychicHttpServer *server, FS *fs) : SecurityManager() {}
SecuritySettingsService::~SecuritySettingsService() {}
PsychicRequestFilterFunction SecuritySettingsService::filterRequest(AuthenticationPredicate predicate)
{
return [this, predicate](PsychicRequest *request)
{
PsychicRequestFilterFunction SecuritySettingsService::filterRequest(AuthenticationPredicate predicate) {
return [this, predicate](PsychicRequest *request) {
// ESP_LOGV("SecuritySettingsService", "Security disabled - all requests are allowed");
return true;
};
}
// Return the admin user on all request - disabling security features
Authentication SecuritySettingsService::authenticateRequest(PsychicRequest *request)
{
Authentication SecuritySettingsService::authenticateRequest(PsychicRequest *request) {
return Authentication(ADMIN_USER);
}
// Return the function unwrapped
PsychicHttpRequestCallback SecuritySettingsService::wrapRequest(PsychicHttpRequestCallback onRequest,
AuthenticationPredicate predicate)
{
AuthenticationPredicate predicate) {
return onRequest;
}
PsychicJsonRequestCallback SecuritySettingsService::wrapCallback(PsychicJsonRequestCallback onRequest,
AuthenticationPredicate predicate)
{
AuthenticationPredicate predicate) {
return onRequest;
}