#include "esp32API.hpp" namespace firewall { API::API(const char *username, const char *password, const uint16_t port) { if (this->setup_auth(username, password) == ERROR) endless_loop(); if (this->setup_certificate() == ERROR) endless_loop(); this->server = new HTTPSServer(this->certificate, port, 5); this->setup_routing(); log_i("Starting server..."); this->server->start(); if (this->server->isRunning()) log_i("Server ready on port: %i", port); } API::~API() { } void API::handle_clients() { this->server->loop(); } ok_t API::setup_auth(const char *username, const char *password) { if (!username || *username == 0x00 || strlen(username) > CREDENTIALS_LENGTH) { log_e("Username too long or missing!"); return ERROR; } strncpy(credentials.username, username, CREDENTIALS_LENGTH); if (!password || *password == 0x00 || strlen(password) > CREDENTIALS_LENGTH) { log_e("Password too long or missing!"); return ERROR; } strncpy(credentials.password, password, CREDENTIALS_LENGTH); return SUCCESS; } auth_t API::check_auth(HTTPRequest *request, HTTPResponse *response) { std::string reqUsername = request->getBasicAuthUser(); std::string reqPassword = request->getBasicAuthPassword(); if ((strncmp(this->credentials.username, reqUsername.c_str(), CREDENTIALS_LENGTH) != 0) || (strncmp(this->credentials.password, reqPassword.c_str(), CREDENTIALS_LENGTH) != 0)) { this->json_message_response(response, "unauthorized", 403); return DENIED; } return AUTHENTICATED; } ok_t API::setup_certificate() { this->certificate = retrieve_certificate(); if (certificate != NULL) return NO_ACTION; log_i("Creating a new certificate..."); this->certificate = new SSLCert(); int createCertResult = createSelfSignedCert( *this->certificate, KEYSIZE_2048, "CN=myesp32.local,O=Firewall,C=DE", "20220101000000", "20320101000000"); if (createCertResult != 0) { log_e("Cannot create a server-certificate"); return ERROR; } store_certificate(certificate); log_i("Creating a server-certificate was successful"); return SUCCESS; } void API::setup_routing() { ResourceNode *get_firewall_rule = new ResourceNode("/api/v1/firewall/*", "GET", std::bind(&API::get_firewall_rule_handler, this, std::placeholders::_1, std::placeholders::_2)); ResourceNode *get_firewall_rules = new ResourceNode("/api/v1/firewall", "GET", std::bind(&API::get_firewall_rules_handler, this, std::placeholders::_1, std::placeholders::_2)); ResourceNode *post_firewall = new ResourceNode("/api/v1/firewall", "POST", std::bind(&API::post_firewall_handler, this, std::placeholders::_1, std::placeholders::_2)); ResourceNode *delete_firewall = new ResourceNode("/api/v1/firewall/*", "DELETE", std::bind(&API::delete_firewall_handler, this, std::placeholders::_1, std::placeholders::_2)); ResourceNode *not_found = new ResourceNode("", "GET", std::bind(&API::not_found_handler, this, std::placeholders::_1, std::placeholders::_2)); this->server->registerNode(get_firewall_rule); this->server->registerNode(get_firewall_rules); this->server->registerNode(post_firewall); this->server->registerNode(delete_firewall); this->server->setDefaultNode(not_found); } void API::not_found_handler(HTTPRequest *request, HTTPResponse *response) { this->json_message_response(response, "not found", 404); } void API::get_firewall_rule_handler(HTTPRequest *request, HTTPResponse *response) { if (this->check_auth(request, response) == DENIED) return; ResourceParameters *params = request->getParams(); int rule_number = atoi(params->getPathParameter(0).c_str()); firewall_rule_t *rule_ptr = get_rule_from_firewall(rule_number); if (rule_ptr == NULL) { this->json_message_response(response, "rule not found", 404); } else { response->setHeader("Content-Type", "application/json"); response->setStatusCode(200); response->print(this->construct_json_firewall_rule(rule_ptr)); } } void API::get_firewall_rules_handler(HTTPRequest *request, HTTPResponse *response) { if (this->check_auth(request, response) == DENIED) return; this->json_generic_response(response, this->construct_json_firewall(), 200); } bool API::request_has_firewall_parameter(ResourceParameters *params) { return params->isQueryParameterSet("source") || params->isQueryParameterSet("destination") || params->isQueryParameterSet("protocol") || params->isQueryParameterSet("target"); } void API::post_firewall_handler(HTTPRequest *request, HTTPResponse *response) { if (this->check_auth(request, response) == DENIED) return; ResourceParameters *params = request->getParams(); if (request_has_firewall_parameter(params)) { firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t)); rule_ptr->key = ++amount_of_rules; std::string source; params->getQueryParameter("source", source); strncpy(rule_ptr->source, source.c_str(), sizeof(rule_ptr->source)); std::string destination; params->getQueryParameter("destination", destination); strncpy(rule_ptr->destination, destination.c_str(), sizeof(rule_ptr->destination)); std::string protocol; params->getQueryParameter("protocol", protocol); rule_ptr->protocol = string_to_protocol(protocol); std::string target; params->getQueryParameter("target", target); rule_ptr->target = string_to_target(target); add_rule_to_firewall(rule_ptr); this->json_generic_response(response, this->construct_json_firewall_rule(rule_ptr), 200); } else { this->json_message_response(response, "not enough parameter", 400); } } void API::delete_firewall_handler(HTTPRequest *request, HTTPResponse *response) { if (this->check_auth(request, response) == DENIED) return; ResourceParameters *params = request->getParams(); int rule_number = atoi(params->getPathParameter(0).c_str()); if (delete_rule_from_firewall(rule_number) == SUCCESS) { this->json_message_response(response, "firewall rule deleted", 200); } else { this->json_message_response(response, "cannot delete firewall rule", 500); } } void API::json_generic_response(HTTPResponse *response, String serialized, const uint16_t response_code) { response->setHeader("Content-Type", "application/json"); response->setStatusCode(response_code); response->println(serialized); } void API::json_message_response(HTTPResponse *response, String message, const uint16_t response_code) { response->setHeader("Content-Type", "application/json"); response->setStatusCode(response_code); StaticJsonDocument<96> json; String serialized; json["message"] = message; serializeJson(json, serialized); response->println(serialized); } String API::construct_json_firewall_rule(firewall_rule_t *rule_ptr) { StaticJsonDocument<256> doc; doc["key"] = rule_ptr->key; doc["source"] = rule_ptr->source; doc["destination"] = rule_ptr->destination; doc["protocol"] = protocol_to_string(rule_ptr->protocol); doc["target"] = target_to_string(rule_ptr->target); String response; serializeJson(doc, response); return response; } String API::construct_json_firewall() { firewall_rule_t *rule_ptr = head; // Size for approx. 12 Rules StaticJsonDocument<2048> doc; String response; doc["amount_of_rules"] = amount_of_rules; JsonArray rules = doc.createNestedArray("rules"); while (rule_ptr != NULL) { JsonObject rule = rules.createNestedObject(); rule["key"] = rule_ptr->key; rule["source"] = rule_ptr->source; rule["destination"] = rule_ptr->destination; rule["protocol"] = protocol_to_string(rule_ptr->protocol); rule["target"] = target_to_string(rule_ptr->target); rule_ptr = rule_ptr->next; } serializeJson(doc, response); return response; } }