HS-Esslingen/esp-firewall
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2024-10-30. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
esp-firewall/SourceCode/arduino/lib/Firewall/src/esp32API.cpp
Florian Hoss b531b5b360 Resolve "Auth for API"
2022-04-21 13:16:54 +00:00

235 lines
8.9 KiB
C++
Raw Blame History

#include "esp32API.hpp"
namespace firewall
{
API::API(const char *username, const char *password, const uint16_t port)
{
if (this->setup_auth(username, password) == ERROR)
endless_loop();
if (this->setup_certificate() == ERROR)
endless_loop();
this->server = new HTTPSServer(this->certificate, port, 5);
this->setup_routing();
log_i("Starting server...");
this->server->start();
if (this->server->isRunning())
log_i("Server ready on port: %i", port);
}
API::~API()
{
}
void API::handle_clients()
{
this->server->loop();
}
ok_t API::setup_auth(const char *username, const char *password)
{
if (!username || *username == 0x00 || strlen(username) > sizeof(this->username))
{
log_e("Username too long or missing!");
return ERROR;
}
strncpy(this->username, username, sizeof(this->username));
if (!password || *password == 0x00 || strlen(password) > sizeof(this->password))
{
log_e("Password too long or missing!");
return ERROR;
}
strncpy(this->password, password, sizeof(this->password));
return SUCCESS;
}
auth_t API::check_auth(HTTPRequest *request, HTTPResponse *response)
{
std::string reqUsername = request->getBasicAuthUser();
std::string reqPassword = request->getBasicAuthPassword();
if ((strncmp(this->username, reqUsername.c_str(), sizeof(this->username)) != 0) ||
(strncmp(this->password, reqPassword.c_str(), sizeof(this->password)) != 0))
{
this->json_message_response(response, "unauthorized", 403);
return DENIED;
}
return AUTHENTICATED;
}
ok_t API::setup_certificate()
{
this->certificate = retrieve_certificate();
if (certificate != NULL)
return NO_ACTION;
log_i("Creating a new certificate...");
this->certificate = new SSLCert();
int createCertResult = createSelfSignedCert(
*this->certificate,
KEYSIZE_2048,
"CN=myesp32.local,O=Firewall,C=DE",
"20220101000000",
"20320101000000");
if (createCertResult != 0)
{
log_e("Cannot create a server-certificate");
return ERROR;
}
store_certificate(certificate);
log_i("Creating a server-certificate was successful");
return SUCCESS;
}
void API::setup_routing()
{
ResourceNode *get_firewall_rule = new ResourceNode("/api/v1/firewall/*", "GET", std::bind(&API::get_firewall_rule_handler, this, std::placeholders::_1, std::placeholders::_2));
ResourceNode *get_firewall_rules = new ResourceNode("/api/v1/firewall", "GET", std::bind(&API::get_firewall_rules_handler, this, std::placeholders::_1, std::placeholders::_2));
ResourceNode *post_firewall = new ResourceNode("/api/v1/firewall", "POST", std::bind(&API::post_firewall_handler, this, std::placeholders::_1, std::placeholders::_2));
ResourceNode *delete_firewall = new ResourceNode("/api/v1/firewall/*", "DELETE", std::bind(&API::delete_firewall_handler, this, std::placeholders::_1, std::placeholders::_2));
ResourceNode *not_found = new ResourceNode("", "GET", std::bind(&API::not_found_handler, this, std::placeholders::_1, std::placeholders::_2));
this->server->registerNode(get_firewall_rule);
this->server->registerNode(get_firewall_rules);
this->server->registerNode(post_firewall);
this->server->registerNode(delete_firewall);
this->server->setDefaultNode(not_found);
}
void API::not_found_handler(HTTPRequest *request, HTTPResponse *response)
{
this->json_message_response(response, "not found", 404);
}
void API::get_firewall_rule_handler(HTTPRequest *request, HTTPResponse *response)
{
if (this->check_auth(request, response) == DENIED)
return;
ResourceParameters *params = request->getParams();
int rule_number = atoi(params->getPathParameter(0).c_str());
firewall_rule_t *rule_ptr = get_rule_from_firewall(rule_number);
if (rule_ptr == NULL)
{
this->json_message_response(response, "rule not found", 404);
}
else
{
response->setHeader("Content-Type", "application/json");
response->setStatusCode(200);
response->print(this->construct_json_firewall_rule(rule_ptr));
}
}
void API::get_firewall_rules_handler(HTTPRequest *request, HTTPResponse *response)
{
if (this->check_auth(request, response) == DENIED)
return;
this->json_generic_response(response, this->construct_json_firewall(), 200);
}
bool API::request_has_firewall_parameter(ResourceParameters *params)
{
return params->isQueryParameterSet("source") ||
params->isQueryParameterSet("destination") ||
params->isQueryParameterSet("protocol") ||
params->isQueryParameterSet("target");
}
void API::post_firewall_handler(HTTPRequest *request, HTTPResponse *response)
{
if (this->check_auth(request, response) == DENIED)
return;
ResourceParameters *params = request->getParams();
if (request_has_firewall_parameter(params))
{
firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t));
rule_ptr->key = ++amount_of_rules;
std::string source;
params->getQueryParameter("source", source);
strncpy(rule_ptr->source, source.c_str(), sizeof(rule_ptr->source));
std::string destination;
params->getQueryParameter("destination", destination);
strncpy(rule_ptr->destination, destination.c_str(), sizeof(rule_ptr->destination));
std::string protocol;
params->getQueryParameter("protocol", protocol);
rule_ptr->protocol = string_to_protocol(protocol);
std::string target;
params->getQueryParameter("target", target);
rule_ptr->target = string_to_target(target);
add_rule_to_firewall(rule_ptr);
this->json_generic_response(response, this->construct_json_firewall_rule(rule_ptr), 200);
}
else
{
this->json_message_response(response, "not enough parameter", 400);
}
}
void API::delete_firewall_handler(HTTPRequest *request, HTTPResponse *response)
{
if (this->check_auth(request, response) == DENIED)
return;
ResourceParameters *params = request->getParams();
int rule_number = atoi(params->getPathParameter(0).c_str());
if (delete_rule_from_firewall(rule_number) == SUCCESS)
{
this->json_message_response(response, "firewall rule deleted", 200);
}
else
{
this->json_message_response(response, "cannot delete firewall rule", 500);
}
}
void API::json_generic_response(HTTPResponse *response, String serialized, const uint16_t response_code)
{
response->setHeader("Content-Type", "application/json");
response->setStatusCode(response_code);
response->println(serialized);
}
void API::json_message_response(HTTPResponse *response, String message, const uint16_t response_code)
{
response->setHeader("Content-Type", "application/json");
response->setStatusCode(response_code);
StaticJsonDocument<96> json;
String serialized;
json["message"] = message;
serializeJson(json, serialized);
response->println(serialized);
}
String API::construct_json_firewall_rule(firewall_rule_t *rule_ptr)
{
StaticJsonDocument<256> doc;
doc["key"] = rule_ptr->key;
doc["source"] = rule_ptr->source;
doc["destination"] = rule_ptr->destination;
doc["protocol"] = protocol_to_string(rule_ptr->protocol);
doc["target"] = target_to_string(rule_ptr->target);
String response;
serializeJson(doc, response);
return response;
}
String API::construct_json_firewall()
{
firewall_rule_t *rule_ptr = head;
// Size for approx. 12 Rules
StaticJsonDocument<2048> doc;
String response;
doc["amount_of_rules"] = amount_of_rules;
JsonArray rules = doc.createNestedArray("rules");
while (rule_ptr != NULL)
{
JsonObject rule = rules.createNestedObject();
rule["key"] = rule_ptr->key;
rule["source"] = rule_ptr->source;
rule["destination"] = rule_ptr->destination;
rule["protocol"] = protocol_to_string(rule_ptr->protocol);
rule["target"] = target_to_string(rule_ptr->target);
rule_ptr = rule_ptr->next;
}
serializeJson(doc, response);
return response;
}
}
Reference in a new issue View git blame Copy permalink