diff --git a/CMakeLists.txt b/CMakeLists.txt index 1582525..6aa19c0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -47,6 +47,7 @@ add_definitions(-DAWS_CUSTOM_MEMORY_MANAGEMENT) set(BUILD_SHARED_LIBS 1) add_definitions(-DTIP_SECURITY_SERVICE="1") +add_definitions(-DPOCO_LOG_DEBUG="1") add_compile_options(-Wall -Wextra) if(ASAN) diff --git a/build b/build index 9a03714..dec2bf5 100644 --- a/build +++ b/build @@ -1 +1 @@ -10 \ No newline at end of file +19 \ No newline at end of file diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0d4df29..ceb3a05 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -23,6 +23,7 @@ if [[ "$TEMPLATE_CONFIG" = 'true' ]]; then SYSTEM_URI_PRIVATE=${SYSTEM_URI_PRIVATE:-"https://localhost:17001"} \ SYSTEM_URI_PUBLIC=${SYSTEM_URI_PUBLIC:-"https://localhost:16001"} \ SYSTEM_URI_UI=${SYSTEM_URI_UI:-"http://localhost"} \ + SECURITY_RESTAPI_DISABLE=${SECURITY_RESTAPI_DISABLE:-"false"} \ SERVICE_KEY=${SERVICE_KEY:-"\$OWSEC_ROOT/certs/restapi-key.pem"} \ SERVICE_KEY_PASSWORD=${SERVICE_KEY_PASSWORD:-"mypassword"} \ SMSSENDER_ENABLED=${SMSSENDER_ENABLED:-"false"} \ diff --git a/helm/README.md b/helm/README.md index 7b7612f..d8e108b 100644 --- a/helm/README.md +++ b/helm/README.md @@ -70,8 +70,8 @@ The following table lists the configurable parameters of the chart and their def | persistence.size | string | Defines PV size | `'10Gi'` | | public_env_variables | hash | Defines list of environment variables to be passed to the Security | | | configProperties | hash | Configuration properties that should be passed to the application in `owsec.properties`. May be passed by key in set (i.e. `configProperties."rtty\.token"`) | | -| certs | hash | Defines files (keys and certificates) that should be passed to the Security (PEM format is adviced to be used) (see `volumes.owsec` on where it is mounted) | | - +| existingCertsSecret | string | Existing Kubernetes secret containing all required certificates and private keys for microservice operation. If set, certificates from `certs` key are ignored | `""` | +| certs | hash | Defines files (keys and certificates) that should be passed to the Gateway (PEM format is adviced to be used) (see `volumes.owsec` on where it is mounted). If `existingCertsSecret` is set, certificates passed this way will not be used. | | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/helm/values.yaml b/helm/values.yaml index 3f94628..e7144d4 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -71,7 +71,7 @@ volumes: mountPath: /owsec-data/certs volumeDefinition: | secret: - secretName: {{ include "owsec.fullname" . }}-certs + secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsec.fullname" . }}-certs{{ end }} # Change this if you want to use another volume type - name: persist mountPath: /owsec-data/persist @@ -228,6 +228,9 @@ configProperties: storage.type.mysql.username: stephb storage.type.mysql.password: snoopy99 +# NOTE: List of required certificates may be found in "certs" key. Alternative way to pass required certificates is to create external secret with all required certificates and set secret name in "existingCertsSecret" key. Details may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart#tldr +existingCertsSecret: "" + certs: # restapi-ca.pem: "" # restapi-cert.pem: "" diff --git a/owsec.properties b/owsec.properties index 45577a5..3ca7353 100644 --- a/owsec.properties +++ b/owsec.properties @@ -36,6 +36,7 @@ openwifi.system.data = $OWSEC_ROOT/data openwifi.system.uri.private = https://localhost:17001 openwifi.system.uri.public = https://local.dpaas.arilia.com:16001 openwifi.system.uri.ui = https://ucentral-ui.arilia.com +openwifi.security.restapi.disable = false openwifi.system.commandchannel = /tmp/app.ucentralsec openwifi.service.key = $OWSEC_ROOT/certs/restapi-key.pem openwifi.service.key.password = mypassword @@ -132,4 +133,4 @@ storage.type.mysql.connectiontimeout = 60 ######################################################################## logging.type = file logging.path = $OWSEC_ROOT/logs -logging.level = debug \ No newline at end of file +logging.level = debug diff --git a/owsec.properties.tmpl b/owsec.properties.tmpl index c9dfff7..6f54d37 100644 --- a/owsec.properties.tmpl +++ b/owsec.properties.tmpl @@ -36,6 +36,7 @@ openwifi.system.data = ${SYSTEM_DATA} openwifi.system.uri.private = ${SYSTEM_URI_PRIVATE} openwifi.system.uri.public = ${SYSTEM_URI_PUBLIC} openwifi.system.uri.ui = ${SYSTEM_URI_UI} +openwifi.security.restapi.disable = ${SECURITY_RESTAPI_DISABLE} openwifi.system.commandchannel = /tmp/app.ucentralsec openwifi.service.key = ${SERVICE_KEY} openwifi.service.key.password = ${SERVICE_KEY_PASSWORD} diff --git a/src/ActionLinkManager.cpp b/src/ActionLinkManager.cpp index 7b0d50e..85b3feb 100644 --- a/src/ActionLinkManager.cpp +++ b/src/ActionLinkManager.cpp @@ -10,17 +10,20 @@ namespace OpenWifi { int ActionLinkManager::Start() { + poco_information(Logger(),"Starting..."); if(!Running_) Thr_.start(*this); return 0; } void ActionLinkManager::Stop() { + poco_information(Logger(),"Stopping..."); if(Running_) { Running_ = false; Thr_.wakeUp(); Thr_.join(); } + poco_information(Logger(),"Stopped..."); } void ActionLinkManager::run() { @@ -63,7 +66,7 @@ namespace OpenWifi { switch(i.action) { case OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD: { if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::FORGOT_PASSWORD)) { - Logger().information(fmt::format("Send password reset link to {}",UInfo.email)); + poco_information(Logger(),fmt::format("Send password reset link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); } @@ -71,7 +74,7 @@ namespace OpenWifi { case OpenWifi::SecurityObjects::LinkActions::VERIFY_EMAIL: { if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::EMAIL_VERIFICATION)) { - Logger().information(fmt::format("Send email verification link to {}",UInfo.email)); + poco_information(Logger(),fmt::format("Send email verification link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); } @@ -79,7 +82,7 @@ namespace OpenWifi { case OpenWifi::SecurityObjects::LinkActions::EMAIL_INVITATION: { if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::EMAIL_INVITATION)) { - Logger().information(fmt::format("Send new subscriber email invitation link to {}",UInfo.email)); + poco_information(Logger(),fmt::format("Send new subscriber email invitation link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); } @@ -88,7 +91,7 @@ namespace OpenWifi { case OpenWifi::SecurityObjects::LinkActions::SUB_FORGOT_PASSWORD: { auto Signup = Poco::StringTokenizer(UInfo.signingUp,":"); if(AuthService::SendEmailToSubUser(i.id, UInfo.email,MessagingTemplates::SUB_FORGOT_PASSWORD, Signup.count()==1 ? "" : Signup[0])) { - Logger().information(fmt::format("Send subscriber password reset link to {}",UInfo.email)); + poco_information(Logger(),fmt::format("Send subscriber password reset link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); } @@ -97,7 +100,7 @@ namespace OpenWifi { case OpenWifi::SecurityObjects::LinkActions::SUB_VERIFY_EMAIL: { auto Signup = Poco::StringTokenizer(UInfo.signingUp,":"); if(AuthService::SendEmailToSubUser(i.id, UInfo.email, MessagingTemplates::SUB_EMAIL_VERIFICATION, Signup.count()==1 ? "" : Signup[0])) { - Logger().information(fmt::format("Send subscriber email verification link to {}",UInfo.email)); + poco_information(Logger(),fmt::format("Send subscriber email verification link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); } @@ -106,7 +109,7 @@ namespace OpenWifi { case OpenWifi::SecurityObjects::LinkActions::SUB_SIGNUP: { auto Signup = Poco::StringTokenizer(UInfo.signingUp,":"); if(AuthService::SendEmailToSubUser(i.id, UInfo.email, MessagingTemplates::SIGNUP_VERIFICATION, Signup.count()==1 ? "" : Signup[0])) { - Logger().information(fmt::format("Send new subscriber email verification link to {}",UInfo.email)); + poco_information(Logger(),fmt::format("Send new subscriber email verification link to {}",UInfo.email)); } StorageService()->ActionLinksDB().SentAction(i.id); } diff --git a/src/AuthService.cpp b/src/AuthService.cpp index 4524d3e..14ae76b 100644 --- a/src/AuthService.cpp +++ b/src/AuthService.cpp @@ -8,15 +8,17 @@ #include +#include "framework/MicroService.h" +#include "framework/KafkaTopics.h" + #include "Poco/Net/OAuth20Credentials.h" #include "Poco/JWT/Token.h" #include "Poco/JWT/Signer.h" #include "Poco/StringTokenizer.h" -#include "framework/MicroService.h" #include "StorageService.h" #include "AuthService.h" -#include "framework/KafkaTopics.h" + #include "SMTPMailerService.h" #include "MFAServer.h" @@ -46,7 +48,7 @@ namespace OpenWifi { static const std::string DefaultPassword_8_u_l_n_1{"^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[\\{\\}\\(\\)~_\\+\\|\\\\\\[\\]\\;\\:\\<\\>\\.\\,\\/\\?\\\"\\'\\`\\=#?!@$%^&*-]).{8,}$"}; int AuthService::Start() { - Logger().notice("Starting..."); + poco_information(Logger(),"Starting..."); TokenAging_ = (uint64_t) MicroService::instance().ConfigGetInt("authentication.token.ageing", 30 * 24 * 60 * 60); RefreshTokenLifeSpan_ = (uint64_t) MicroService::instance().ConfigGetInt("authentication.refresh_token.lifespan", 90 * 24 * 60 * 600); HowManyOldPassword_ = MicroService::instance().ConfigGetInt("authentication.oldpasswords", 5); @@ -63,7 +65,8 @@ namespace OpenWifi { } void AuthService::Stop() { - Logger().notice("Stopping..."); + poco_information(Logger(),"Stopping..."); + poco_information(Logger(),"Stopped..."); } bool AuthService::RefreshUserToken(Poco::Net::HTTPServerRequest & Request, const std::string & RefreshToken, SecurityObjects::UserInfoAndPolicy & UI) { @@ -142,18 +145,20 @@ namespace OpenWifi { return false; } - bool AuthService::IsAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired ) + bool AuthService::IsAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired ) { - std::lock_guard Guard(Mutex_); + // std::lock_guard Guard(Mutex_); + std::string CallToken; Expired = false; + try { - std::string CallToken; Poco::Net::OAuth20Credentials Auth(Request); if (Auth.getScheme() == "Bearer") { CallToken = Auth.getBearerToken(); } if(CallToken.empty()) { + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; } @@ -161,35 +166,40 @@ namespace OpenWifi { uint64_t RevocationDate=0; std::string UserId; if(StorageService()->UserTokenDB().GetToken(CallToken, WT, UserId, RevocationDate)) { - if(RevocationDate!=0) + if(RevocationDate!=0) { + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; + } auto now=OpenWifi::Now(); Expired = (WT.created_ + WT.expires_in_) < now; if(StorageService()->UserDB().GetUserById(UserId,UInfo.userinfo)) { UInfo.webtoken = WT; SessionToken = CallToken; + poco_debug(Logger(), fmt::format("TokenValidation success for TID={} Token={}", TID, CallToken)); return true; } } - return false; } catch(const Poco::Exception &E) { Logger().log(E); } + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; } - bool AuthService::IsSubAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired ) + bool AuthService::IsSubAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired ) { - std::lock_guard Guard(Mutex_); + // std::lock_guard Guard(Mutex_); + + std::string CallToken; Expired = false; try { - std::string CallToken; Poco::Net::OAuth20Credentials Auth(Request); if (Auth.getScheme() == "Bearer") { CallToken = Auth.getBearerToken(); } if(CallToken.empty()) { + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; } @@ -197,20 +207,23 @@ namespace OpenWifi { uint64_t RevocationDate=0; std::string UserId; if(StorageService()->SubTokenDB().GetToken(CallToken, WT, UserId, RevocationDate)) { - if(RevocationDate!=0) + if(RevocationDate!=0) { + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; + } auto now=OpenWifi::Now(); Expired = (WT.created_ + WT.expires_in_) < now; if(StorageService()->SubDB().GetUserById(UserId,UInfo.userinfo)) { UInfo.webtoken = WT; SessionToken = CallToken; + poco_debug(Logger(), fmt::format("TokenValidation success for TID={} Token={}", TID, CallToken)); return true; } } - return false; } catch(const Poco::Exception &E) { Logger().log(E); } + poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken)); return false; } @@ -728,7 +741,8 @@ namespace OpenWifi { } return false; } - return IsValidSubToken(Token, WebToken, UserInfo, Expired); + // return IsValidSubToken(Token, WebToken, UserInfo, Expired); + return false; } bool AuthService::IsValidSubToken(const std::string &Token, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired) { diff --git a/src/AuthService.h b/src/AuthService.h index cc1ee59..0c3323c 100644 --- a/src/AuthService.h +++ b/src/AuthService.h @@ -11,6 +11,8 @@ #include +#include "framework/MicroService.h" + #include "Poco/JSON/Object.h" #include "Poco/Net/HTTPServerRequest.h" #include "Poco/Net/HTTPServerResponse.h" @@ -20,7 +22,6 @@ #include "Poco/HMACEngine.h" #include "Poco/ExpireLRUCache.h" -#include "framework/MicroService.h" #include "RESTObjects/RESTAPI_SecurityObjects.h" #include "MessagingTemplates.h" @@ -48,14 +49,14 @@ namespace OpenWifi{ int Start() override; void Stop() override; - [[nodiscard]] bool IsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired); + [[nodiscard]] bool IsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired); [[nodiscard]] UNAUTHORIZED_REASON Authorize( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired ); void CreateToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo); [[nodiscard]] bool SetPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo); [[nodiscard]] const std:: string & PasswordValidationExpression() const { return PasswordValidationStr_;}; void Logout(const std::string &token, bool EraseFromCache=true); - [[nodiscard]] bool IsSubAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired); + [[nodiscard]] bool IsSubAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired); [[nodiscard]] UNAUTHORIZED_REASON AuthorizeSub( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired ); void CreateSubToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo); [[nodiscard]] bool SetSubPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo); @@ -155,11 +156,11 @@ namespace OpenWifi{ inline auto AuthService() { return AuthService::instance(); } - [[nodiscard]] inline bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo , bool & Expired, bool Sub ) { + [[nodiscard]] inline bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo , std::uint64_t TID, bool & Expired, bool Sub ) { if(Sub) - return AuthService()->IsSubAuthorized(Request, SessionToken, UInfo, Expired ); + return AuthService()->IsSubAuthorized(Request, SessionToken, UInfo, TID, Expired ); else - return AuthService()->IsAuthorized(Request, SessionToken, UInfo, Expired ); + return AuthService()->IsAuthorized(Request, SessionToken, UInfo, TID, Expired ); } } // end of namespace diff --git a/src/Daemon.h b/src/Daemon.h index d76d428..4c3bd9a 100644 --- a/src/Daemon.h +++ b/src/Daemon.h @@ -10,6 +10,8 @@ #include #include +#include "framework/MicroService.h" + #include "Poco/Util/Application.h" #include "Poco/Util/ServerApplication.h" #include "Poco/Util/Option.h" @@ -20,7 +22,6 @@ #include "Poco/Crypto/CipherFactory.h" #include "Poco/Crypto/Cipher.h" -#include "framework/MicroService.h" namespace OpenWifi { diff --git a/src/MFAServer.cpp b/src/MFAServer.cpp index 9d952c4..1b8ac93 100644 --- a/src/MFAServer.cpp +++ b/src/MFAServer.cpp @@ -2,10 +2,11 @@ // Created by stephane bourque on 2021-10-11. // +#include "framework/MicroService.h" + #include "MFAServer.h" #include "SMSSender.h" #include "SMTPMailerService.h" -#include "framework/MicroService.h" #include "AuthService.h" #include "TotpCache.h" diff --git a/src/RESTObjects/RESTAPI_GWobjects.cpp b/src/RESTObjects/RESTAPI_GWobjects.cpp index 285517d..d6b3f1d 100644 --- a/src/RESTObjects/RESTAPI_GWobjects.cpp +++ b/src/RESTObjects/RESTAPI_GWobjects.cpp @@ -203,6 +203,10 @@ namespace OpenWifi::GWObjects { field_to_json(Obj,"kafkaClients", kafkaClients); field_to_json(Obj,"kafkaPackets", kafkaPackets); field_to_json(Obj,"locale", locale); + field_to_json(Obj,"started", started); + field_to_json(Obj,"sessionId", sessionId); + field_to_json(Obj,"connectionCompletionTime", connectionCompletionTime); + field_to_json(Obj,"totalConnectionTime", OpenWifi::Now() - started); switch(VerifiedCertificate) { case NO_CERTIFICATE: @@ -218,6 +222,21 @@ namespace OpenWifi::GWObjects { } } + void DeviceConnectionStatistics::to_json(Poco::JSON::Object &Obj) const { + field_to_json(Obj,"averageConnectionTime", averageConnectionTime); + field_to_json(Obj,"connectedDevices", connectedDevices ); + } + + bool DeviceConnectionStatistics::from_json(const Poco::JSON::Object::Ptr &Obj) { + try { + field_from_json(Obj,"averageConnectionTime", averageConnectionTime); + field_from_json(Obj,"connectedDevices", connectedDevices ); + return true; + } catch (const Poco::Exception &E) { + } + return false; + } + void RttySessionDetails::to_json(Poco::JSON::Object &Obj) const { field_to_json(Obj,"serialNumber", SerialNumber); field_to_json(Obj,"server", Server); @@ -293,7 +312,6 @@ namespace OpenWifi::GWObjects { } catch (const Poco::Exception &E) { } return false; - } void RadiusProxyPoolList::to_json(Poco::JSON::Object &Obj) const { @@ -314,6 +332,8 @@ namespace OpenWifi::GWObjects { field_to_json(Obj,"description",description); field_to_json(Obj,"authConfig",authConfig); field_to_json(Obj,"acctConfig",acctConfig); + field_to_json(Obj,"coaConfig",coaConfig); + field_to_json(Obj,"useByDefault",useByDefault); } bool RadiusProxyPool::from_json(const Poco::JSON::Object::Ptr &Obj) { @@ -322,6 +342,8 @@ namespace OpenWifi::GWObjects { field_from_json(Obj,"description",description); field_from_json(Obj,"authConfig",authConfig); field_from_json(Obj,"acctConfig",acctConfig); + field_from_json(Obj,"coaConfig",coaConfig); + field_from_json(Obj,"useByDefault",useByDefault); return true; } catch (const Poco::Exception &E) { } @@ -329,7 +351,7 @@ namespace OpenWifi::GWObjects { } void RadiusProxyServerConfig::to_json(Poco::JSON::Object &Obj) const { - field_to_json(Obj,"policy",strategy); + field_to_json(Obj,"strategy",strategy); field_to_json(Obj,"monitor",monitor); field_to_json(Obj,"monitorMethod",monitorMethod); field_to_json(Obj,"methodParameters",methodParameters); @@ -338,7 +360,7 @@ namespace OpenWifi::GWObjects { bool RadiusProxyServerConfig::from_json(const Poco::JSON::Object::Ptr &Obj) { try { - field_from_json(Obj,"policy",strategy); + field_from_json(Obj,"strategy",strategy); field_from_json(Obj,"monitor",monitor); field_from_json(Obj,"monitorMethod",monitorMethod); field_from_json(Obj,"methodParameters",methodParameters); @@ -354,6 +376,16 @@ namespace OpenWifi::GWObjects { field_to_json(Obj,"ip",ip); field_to_json(Obj,"port",port); field_to_json(Obj,"weight",weight); + field_to_json(Obj,"secret",secret); + field_to_json(Obj,"certificate",certificate); + field_to_json(Obj,"radsec",radsec); + field_to_json(Obj,"radsecPort",radsecPort); + field_to_json(Obj,"radsecSecret",radsecSecret); + field_to_json(Obj,"radsecCacerts",radsecCacerts); + field_to_json(Obj,"radsecCert",radsecCert); + field_to_json(Obj,"radsecKey",radsecKey); + field_to_json(Obj,"radsecRealms",radsecRealms); + field_to_json(Obj,"ignore",ignore); } bool RadiusProxyServerEntry::from_json(const Poco::JSON::Object::Ptr &Obj) { @@ -362,6 +394,16 @@ namespace OpenWifi::GWObjects { field_from_json(Obj,"ip",ip); field_from_json(Obj,"port",port); field_from_json(Obj,"weight",weight); + field_from_json(Obj,"secret",secret); + field_from_json(Obj,"certificate",certificate); + field_from_json(Obj,"radsec",radsec); + field_from_json(Obj,"radsecSecret",radsecSecret); + field_from_json(Obj,"radsecPort",radsecPort); + field_from_json(Obj,"radsecCacerts",radsecCacerts); + field_from_json(Obj,"radsecCert",radsecCert); + field_from_json(Obj,"radsecKey",radsecKey); + field_from_json(Obj,"radsecRealms",radsecRealms); + field_from_json(Obj,"ignore",ignore); return true; } catch (const Poco::Exception &E) { } diff --git a/src/RESTObjects/RESTAPI_GWobjects.h b/src/RESTObjects/RESTAPI_GWobjects.h index 7395545..2a2b2a9 100644 --- a/src/RESTObjects/RESTAPI_GWobjects.h +++ b/src/RESTObjects/RESTAPI_GWobjects.h @@ -38,6 +38,10 @@ namespace OpenWifi::GWObjects { uint64_t kafkaPackets=0; uint64_t websocketPackets=0; std::string locale; + uint64_t started=0; + uint64_t sessionId=0; + double connectionCompletionTime=0.0; + void to_json(Poco::JSON::Object &Obj) const; }; @@ -71,6 +75,13 @@ namespace OpenWifi::GWObjects { void Print() const; }; + struct DeviceConnectionStatistics { + std::uint64_t connectedDevices = 0; + std::uint64_t averageConnectionTime = 0; + void to_json(Poco::JSON::Object &Obj) const; + bool from_json(const Poco::JSON::Object::Ptr &Obj); + }; + struct Statistics { std::string SerialNumber; uint64_t UUID = 0 ; @@ -216,6 +227,16 @@ namespace OpenWifi::GWObjects { std::string ip; uint16_t port=0; uint64_t weight=0; + std::string secret; + std::string certificate; + bool radsec=false; + uint16_t radsecPort=2083; + std::string radsecSecret; + std::string radsecKey; + std::string radsecCert; + std::vector radsecCacerts; + std::vector radsecRealms; + bool ignore=false; void to_json(Poco::JSON::Object &Obj) const; bool from_json(const Poco::JSON::Object::Ptr &Obj); @@ -237,6 +258,8 @@ namespace OpenWifi::GWObjects { std::string description; RadiusProxyServerConfig authConfig; RadiusProxyServerConfig acctConfig; + RadiusProxyServerConfig coaConfig; + bool useByDefault=false; void to_json(Poco::JSON::Object &Obj) const; bool from_json(const Poco::JSON::Object::Ptr &Obj); diff --git a/src/SMSSender.cpp b/src/SMSSender.cpp index 04faf98..e52b66b 100644 --- a/src/SMSSender.cpp +++ b/src/SMSSender.cpp @@ -2,16 +2,14 @@ // Created by stephane bourque on 2021-10-09. // -#include -#include #include -#include + +#include "framework/MicroService.h" #include "MFAServer.h" #include "SMS_provider_aws.h" #include "SMS_provider_twilio.h" #include "SMSSender.h" -#include "framework/MicroService.h" namespace OpenWifi { @@ -85,7 +83,7 @@ namespace OpenWifi { bool SMSSender::Send(const std::string &PhoneNumber, const std::string &Message) { if(!Enabled_) { - Logger().information("SMS has not been enabled. Messages cannot be sent."); + poco_information(Logger(),"SMS has not been enabled. Messages cannot be sent."); return false; } return ProviderImpl_->Send(PhoneNumber,Message); diff --git a/src/SMS_provider_aws.cpp b/src/SMS_provider_aws.cpp index 6188b1a..20023d8 100644 --- a/src/SMS_provider_aws.cpp +++ b/src/SMS_provider_aws.cpp @@ -17,7 +17,7 @@ namespace OpenWifi { Region_ = MicroService::instance().ConfigGetString("smssender.aws.region",""); if(SecretKey_.empty() || AccessKey_.empty() || Region_.empty()) { - Logger().debug("SMSSender is disabled. Please provide key, secret, and region."); + poco_debug(Logger(),"SMSSender is disabled. Please provide key, secret, and region."); return false; } Running_=true; @@ -51,16 +51,16 @@ namespace OpenWifi { auto psms_out = sns.Publish(psms_req); if (psms_out.IsSuccess()) { - Logger().debug(fmt::format("SMS sent to {}",PhoneNumber)); + poco_debug(Logger(),fmt::format("SMS sent to {}",PhoneNumber)); return true; } std::string ErrMsg{psms_out.GetError().GetMessage()}; - Logger().debug(fmt::format("SMS NOT sent to {}: {}",PhoneNumber, ErrMsg)); + poco_debug(Logger(),fmt::format("SMS NOT sent to {}: {}",PhoneNumber, ErrMsg)); return false; } catch (...) { } - Logger().debug(fmt::format("SMS NOT sent to {}: failure in SMS service",PhoneNumber)); + poco_debug(Logger(),fmt::format("SMS NOT sent to {}: failure in SMS service",PhoneNumber)); return false; } diff --git a/src/SMS_provider_twilio.cpp b/src/SMS_provider_twilio.cpp index 6ed9eb1..7709753 100644 --- a/src/SMS_provider_twilio.cpp +++ b/src/SMS_provider_twilio.cpp @@ -4,12 +4,13 @@ #include "SMS_provider_twilio.h" +#include "framework/MicroService.h" + #include "Poco/Net/HTTPBasicCredentials.h" #include "Poco/URI.h" #include "Poco/Net/HTMLForm.h" #include "Poco/Net/HTTPSClientSession.h" #include "Poco/Net/HTTPResponse.h" -#include "framework/MicroService.h" namespace OpenWifi { bool SMS_provider_twilio::Initialize() { @@ -18,7 +19,7 @@ namespace OpenWifi { PhoneNumber_ = MicroService::instance().ConfigGetString("smssender.twilio.phonenumber",""); if(Sid_.empty() || Token_.empty() || PhoneNumber_.empty()) { - Logger().debug("SMSSender is disabled. Please provide SID, TOKEN, and PHONE NUMBER."); + poco_debug(Logger(),"SMSSender is disabled. Please provide SID, TOKEN, and PHONE NUMBER."); return false; } Running_=true; @@ -64,12 +65,12 @@ namespace OpenWifi { std::istream& rs = session.receiveResponse(res); if(res.getStatus()==Poco::Net::HTTPResponse::HTTP_OK) { - Logger().information(fmt::format("Message sent to {}", PhoneNumber)); + poco_information(Logger(),fmt::format("Message sent to {}", PhoneNumber)); return true; } else { std::ostringstream os; Poco::StreamCopier::copyStream(rs,os); - Logger().information(fmt::format("Message was not to {}: Error:{}", PhoneNumber, os.str())); + poco_information(Logger(),fmt::format("Message was not to {}: Error:{}", PhoneNumber, os.str())); return false; } } diff --git a/src/SMTPMailerService.cpp b/src/SMTPMailerService.cpp index 2f0040e..56080c6 100644 --- a/src/SMTPMailerService.cpp +++ b/src/SMTPMailerService.cpp @@ -2,7 +2,8 @@ // Created by stephane bourque on 2021-06-17. // #include -#include + +#include "framework/MicroService.h" #include "Poco/Net/MailMessage.h" #include "Poco/Net/MailRecipient.h" @@ -15,7 +16,6 @@ #include "Poco/Net/NetException.h" #include "SMTPMailerService.h" -#include "framework/MicroService.h" #include "AuthService.h" namespace OpenWifi { @@ -52,7 +52,7 @@ namespace OpenWifi { void SMTPMailerService::reinitialize([[maybe_unused]] Poco::Util::Application &self) { MicroService::instance().LoadConfigurationFile(); - Logger().information("Reinitializing."); + poco_information(Logger(),"Reinitializing."); LoadMyConfig(); } @@ -88,21 +88,21 @@ namespace OpenWifi { if((i->LastTry==0 || (now-i->LastTry)>MailRetry_)) { switch(SendIt(*i)) { case MessageSendStatus::msg_sent: { - Logger().information(fmt::format("Attempting to deliver for mail '{}'.", Recipient)); + poco_information(Logger(),fmt::format("Attempting to deliver for mail '{}'.", Recipient)); i = Messages_.erase(i); } break; case MessageSendStatus::msg_not_sent_but_resend: { - Logger().information(fmt::format("Mail for '{}' was not. We will retry later.", Recipient)); + poco_information(Logger(),fmt::format("Mail for '{}' was not. We will retry later.", Recipient)); i->LastTry = now; ++i; } break; case MessageSendStatus::msg_not_sent_but_do_not_resend: { - Logger().information(fmt::format("Mail for '{}' will not be sent. Check email address", Recipient)); + poco_information(Logger(),fmt::format("Mail for '{}' will not be sent. Check email address", Recipient)); i = Messages_.erase(i); } break; } } else if ((now-i->Posted)>MailAbandon_) { - Logger().information(fmt::format("Mail for '{}' has timed out and will not be sent.", Recipient)); + poco_information(Logger(),fmt::format("Mail for '{}' has timed out and will not be sent.", Recipient)); i = Messages_.erase(i); } else { ++i; @@ -138,7 +138,7 @@ namespace OpenWifi { Message->addRecipient(Poco::Net::MailRecipient(Poco::Net::MailRecipient::PRIMARY_RECIPIENT, Recipient)); Message->setSubject(Msg.Attrs.find(SUBJECT)->second); - Logger().information(fmt::format("Sending message to:{} from {}",Recipient,TheSender)); + poco_information(Logger(),fmt::format("Sending message to:{} from {}",Recipient,TheSender)); if(Msg.Attrs.find(TEXT) != Msg.Attrs.end()) { std::string Content = Msg.Attrs.find(TEXT)->second; @@ -163,7 +163,7 @@ namespace OpenWifi { Poco::StreamCopier::copyStream(IF, OS); Message->addAttachment("logo", new Poco::Net::StringPartSource(OS.str(), "image/png")); } catch (...) { - Logger().warning(fmt::format("Cannot add '{}' logo in email",AuthService::GetLogoAssetFileName())); + poco_warning(Logger(),fmt::format("Cannot add '{}' logo in email",AuthService::GetLogoAssetFileName())); } } @@ -198,7 +198,7 @@ namespace OpenWifi { return MessageSendStatus::msg_not_sent_but_resend; } catch (const std::exception &E) { - Logger().warning(fmt::format("Cannot send message to:{}, error: {}",Recipient, E.what())); + poco_warning(Logger(),fmt::format("Cannot send message to:{}, error: {}",Recipient, E.what())); return MessageSendStatus::msg_not_sent_but_do_not_resend; } } diff --git a/src/StorageService.cpp b/src/StorageService.cpp index 3a8b944..c408374 100644 --- a/src/StorageService.cpp +++ b/src/StorageService.cpp @@ -13,6 +13,7 @@ namespace OpenWifi { int StorageService::Start() { std::lock_guard Guard(Mutex_); + poco_information(Logger(),"Starting..."); StorageClass::Start(); @@ -57,9 +58,10 @@ namespace OpenWifi { } void StorageService::Stop() { - Logger().notice("Stopping."); + poco_information(Logger(),"Stopping..."); Timer_.stop(); StorageClass::Stop(); + poco_information(Logger(),"Stopped..."); } void Archiver::onTimer([[maybe_unused]] Poco::Timer &timer) { diff --git a/src/TotpCache.h b/src/TotpCache.h index 1034f20..52ae1e3 100644 --- a/src/TotpCache.h +++ b/src/TotpCache.h @@ -6,6 +6,7 @@ #define OWSEC_TOTPCACHE_H #include "framework/MicroService.h" + #include "seclibs/cpptotp/bytes.h" #include "seclibs/qrcode/qrcodegen.hpp" #include "seclibs/cpptotp/otp.h" diff --git a/src/framework/ConfigurationValidator.cpp b/src/framework/ConfigurationValidator.cpp index 7a4a571..5170ef6 100644 --- a/src/framework/ConfigurationValidator.cpp +++ b/src/framework/ConfigurationValidator.cpp @@ -44,7 +44,7 @@ static json DefaultUCentralSchema = R"( "switch": { "$ref": "#/$defs/switch" }, - "radios": { + "radiosgrep": { "type": "array", "items": { "$ref": "#/$defs/radio" diff --git a/src/framework/MicroService.h b/src/framework/MicroService.h index a62b46c..890fc12 100644 --- a/src/framework/MicroService.h +++ b/src/framework/MicroService.h @@ -23,6 +23,13 @@ #include #include + +// This must be defined for poco_debug and poco_trace macros to function. + +#ifndef POCO_LOG_DEBUG +#define POCO_LOG_DEBUG true +#endif + namespace OpenWifi { inline uint64_t Now() { return std::time(nullptr); }; } @@ -1345,17 +1352,17 @@ namespace OpenWifi { inline void exception(const Poco::Exception & E) { Poco::Thread * CurrentThread = Poco::Thread::current(); App_.logger().log(E); - App_.logger().error(fmt::format("Exception occurred in {}",CurrentThread->getName())); + poco_error(App_.logger(), fmt::format("Exception occurred in {}",CurrentThread->getName())); } inline void exception(const std::exception & E) { Poco::Thread * CurrentThread = Poco::Thread::current(); - App_.logger().warning(fmt::format("std::exception in {}: {}",CurrentThread->getName(),E.what())); + poco_warning(App_.logger(), fmt::format("std::exception in {}: {}",CurrentThread->getName(),E.what())); } inline void exception() { Poco::Thread * CurrentThread = Poco::Thread::current(); - App_.logger().warning(fmt::format("exception in {}",CurrentThread->getName())); + poco_warning(App_.logger(), fmt::format("exception in {}",CurrentThread->getName())); } private: Poco::Util::Application &App_; @@ -1363,12 +1370,17 @@ namespace OpenWifi { class BusEventManager : public Poco::Runnable { public: + explicit BusEventManager(Poco::Logger &L) : Logger_(L) { + + } inline void run() final; inline void Start(); inline void Stop(); + inline Poco::Logger & Logger() { return Logger_; } private: mutable std::atomic_bool Running_ = false; Poco::Thread Thread_; + Poco::Logger &Logger_; }; class MyPrivateKeyPassphraseHandler : public Poco::Net::PrivateKeyPassphraseHandler { @@ -1382,6 +1394,7 @@ namespace OpenWifi { Logger_.information("Returning key passphrase."); privateKey = Password_; }; + inline Poco::Logger & Logger() { return Logger_; } private: std::string Password_; Poco::Logger & Logger_; @@ -1650,14 +1663,14 @@ namespace OpenWifi { class SubSystemServer : public Poco::Util::Application::Subsystem { public: - SubSystemServer(std::string Name, const std::string &LoggingPrefix, - std::string SubSystemConfigPrefix); + SubSystemServer(const std::string & Name, const std::string &LoggingPrefix, + const std::string & SubSystemConfigPrefix); inline void initialize(Poco::Util::Application &self) override; inline void uninitialize() override { } inline void reinitialize([[maybe_unused]] Poco::Util::Application &self) override { - Logger().information("Reloading of this subsystem is not supported."); + Logger_->L_.information("Reloading of this subsystem is not supported."); } inline void defineOptions([[maybe_unused]] Poco::Util::OptionSet &options) override { } @@ -1666,30 +1679,30 @@ namespace OpenWifi { inline const PropertiesFileServerEntry & Host(uint64_t index) { return ConfigServersList_[index]; }; inline uint64_t HostSize() const { return ConfigServersList_.size(); } - inline Poco::Logger &Logger() { if(Log_) - return Log_->L; - return Poco::Logger::get("tmp"); - }; - inline void SetLoggingLevel(Poco::Message::Priority NewPriority) { Logger().setLevel(NewPriority); } - inline int GetLoggingLevel() { return Logger().getLevel(); } + inline Poco::Logger & Logger() const { return Logger_->L_; } + inline void SetLoggingLevel(const std::string & levelName) { + Logger_->L_.setLevel(Poco::Logger::parseLevel(levelName)); + } + inline int GetLoggingLevel() { return Logger_->L_.getLevel(); } virtual int Start() = 0; virtual void Stop() = 0; - struct LoggerWrapper { - Poco::Logger &L; - explicit inline LoggerWrapper(Poco::Logger &Logger) : L(Logger) {} - }; + struct LoggerWrapper { + Poco::Logger & L_; + LoggerWrapper(Poco::Logger &L) : + L_(L) {} + }; protected: std::recursive_mutex Mutex_; std::vector ConfigServersList_; + private: - std::unique_ptr Log_; - // Poco::Logger &Logger_; - std::string Name_; - std::string LoggerPrefix_; - std::string SubSystemConfigPrefix_; + std::unique_ptr Logger_; + std::string Name_; + std::string LoggerPrefix_; + std::string SubSystemConfigPrefix_; }; class RESTAPI_GenericServer { @@ -1823,7 +1836,7 @@ namespace OpenWifi { E->Count++; Cache_.update(H,E); if(E->Count > MaxCalls) { - Logger().warning(fmt::format("RATE-LIMIT-EXCEEDED: from '{}'", R.clientAddress().toString())); + poco_warning(Logger(),fmt::format("RATE-LIMIT-EXCEEDED: from '{}'", R.clientAddress().toString())); return true; } return false; @@ -2165,12 +2178,16 @@ namespace OpenWifi { SetCommonHeaders(CloseConnection); } - inline void BadRequest(const OpenWifi::RESTAPI::Errors::msg &E) { + inline void BadRequest(const OpenWifi::RESTAPI::Errors::msg &E, const std::string & Extra="") { PrepareResponse(Poco::Net::HTTPResponse::HTTP_BAD_REQUEST); Poco::JSON::Object ErrorObject; ErrorObject.set("ErrorCode",400); ErrorObject.set("ErrorDetails",Request->getMethod()); - ErrorObject.set("ErrorDescription",fmt::format("{}: {}",E.err_num,E.err_txt)) ; + if(Extra.empty()) + ErrorObject.set("ErrorDescription",fmt::format("{}: {}",E.err_num,E.err_txt)) ; + else + ErrorObject.set("ErrorDescription",fmt::format("{}: {} ({})",E.err_num,E.err_txt, Extra)) ; + std::ostream &Answer = Response->send(); Poco::JSON::Stringifier::stringify(ErrorObject, Answer); } @@ -2214,7 +2231,7 @@ namespace OpenWifi { ErrorObject.set("ErrorDescription",fmt::format("{}: {}",E.err_num,E.err_txt)) ; std::ostream &Answer = Response->send(); Poco::JSON::Stringifier::stringify(ErrorObject, Answer); - Logger_.debug(fmt::format("RES-NOTFOUND: User='{}@{}' Method='{}' Path='{}", + poco_debug(Logger_,fmt::format("RES-NOTFOUND: User='{}@{}' Method='{}' Path='{}", UserInfo_.userinfo.email, Utils::FormatIPv6(Request->clientAddress().toString()), Request->getMethod(), @@ -2783,9 +2800,11 @@ namespace OpenWifi { inline void Stop() override { if(KafkaEnabled_) { + poco_information(Logger(),"Stopping..."); Dispatcher_.Stop(); ProducerThr_.Stop(); ConsumerThr_.Stop(); + poco_information(Logger(),"Stopped..."); return; } } @@ -2863,12 +2882,13 @@ namespace OpenWifi { } inline void Stop() override { + poco_information(Logger(),"Stopping..."); std::lock_guard G(Mutex_); Cache_.clear(); + poco_information(Logger(),"Stopped..."); } inline void RemovedCachedToken(const std::string &Token) { - std::lock_guard G(Mutex_); Cache_.remove(Token); } @@ -2878,6 +2898,7 @@ namespace OpenWifi { inline bool RetrieveTokenInformation(const std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, + std::uint64_t TID, bool & Expired, bool & Contacted, bool Sub=false) { try { Types::StringPairVec QueryData; @@ -2903,7 +2924,6 @@ namespace OpenWifi { return false; } Expired = false; - std::lock_guard G(Mutex_); Cache_.update(SessionToken, UInfo); return true; } else { @@ -2911,14 +2931,15 @@ namespace OpenWifi { } } } catch (...) { + poco_error(Logger(),fmt::format("Failed to retrieve token={} for TID={}", SessionToken, TID)); } Expired = false; return false; } inline bool IsAuthorized(const std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, + std::uint64_t TID, bool & Expired, bool & Contacted, bool Sub = false) { - std::lock_guard G(Mutex_); auto User = Cache_.get(SessionToken); if(!User.isNull()) { if(IsTokenExpired(User->webtoken)) { @@ -2929,7 +2950,7 @@ namespace OpenWifi { UInfo = *User; return true; } - return RetrieveTokenInformation(SessionToken, UInfo, Expired, Contacted, Sub); + return RetrieveTokenInformation(SessionToken, UInfo, TID, Expired, Contacted, Sub); } private: @@ -2947,12 +2968,12 @@ namespace OpenWifi { { } - void handleRequest(Poco::Net::HTTPServerRequest& Request, Poco::Net::HTTPServerResponse& Response) override + void handleRequest([[maybe_unused]] Poco::Net::HTTPServerRequest& Request, Poco::Net::HTTPServerResponse& Response) override { Utils::SetThreadName("alb-request"); try { if((id_ % 100) == 0) { - Logger_.debug(fmt::format("ALB-REQUEST({}): ALB Request {}.", + poco_debug(Logger_,fmt::format("ALB-REQUEST({}): ALB Request {}.", Request.clientAddress().toString(), id_)); } Response.setChunkedTransferEncoding(true); @@ -3010,8 +3031,10 @@ namespace OpenWifi { inline int Start() override; inline void Stop() override { + poco_information(Logger(),"Stopping..."); if(Running_) - Server_->stop(); + Server_->stopAll(true); + poco_information(Logger(),"Stopped..."); } private: @@ -3040,10 +3063,11 @@ namespace OpenWifi { inline void Stop() override { Logger().information("Stopping..."); for( const auto & svr : RESTServers_ ) - svr->stop(); + svr->stopAll(true); Pool_.stopAll(); Pool_.joinAll(); RESTServers_.clear(); + Logger().information("Stopped..."); } @@ -3058,7 +3082,7 @@ namespace OpenWifi { private: std::vector> RESTServers_; - Poco::ThreadPool Pool_{"x-rest",2,32}; + Poco::ThreadPool Pool_{"x-rest",4,128}; RESTAPI_GenericServer Server_; RESTAPI_ExtServer() noexcept: @@ -3175,9 +3199,10 @@ namespace OpenWifi { inline void Stop() override { Logger().information("Stopping..."); for( const auto & svr : RESTServers_ ) - svr->stop(); + svr->stopAll(true); Pool_.stopAll(); Pool_.joinAll(); + Logger().information("Stopped..."); } inline void reinitialize(Poco::Util::Application &self) override; @@ -3187,11 +3212,10 @@ namespace OpenWifi { Utils::SetThreadName(fmt::format("i-rest:{}",Id).c_str()); return RESTAPI_IntRouter(Path, Bindings, Logger(), Server_, Id); } - const Poco::ThreadPool & Pool() { return Pool_; } private: std::vector> RESTServers_; - Poco::ThreadPool Pool_{"i-rest",2,16}; + Poco::ThreadPool Pool_{"i-rest",4,96}; RESTAPI_GenericServer Server_; RESTAPI_IntServer() noexcept: @@ -3272,7 +3296,7 @@ namespace OpenWifi { return ((RandomEngine_() % (max-min)) + min); } - inline Poco::Logger & GetLogger(const std::string &Name) { +/* inline Poco::Logger & GetLogger(const std::string &Name) { static auto initialized = false; if(!initialized) { @@ -3281,7 +3305,7 @@ namespace OpenWifi { } return Poco::Logger::get(Name); } - +*/ virtual void GetExtraConfiguration(Poco::JSON::Object & Cfg) { Cfg.set("additionalConfiguration",false); } @@ -3374,7 +3398,6 @@ namespace OpenWifi { std::string MyPublicEndPoint_; std::string UIURI_; std::string Version_{ OW_VERSION::VERSION + "("+ OW_VERSION::BUILD + ")" + " - " + OW_VERSION::HASH }; - BusEventManager BusEventManager_; std::recursive_mutex InfraMutex_; std::default_random_engine RandomEngine_; Poco::Util::PropertyFileConfiguration * PropConfigurationFile_ = nullptr; @@ -3388,7 +3411,8 @@ namespace OpenWifi { bool NoBuiltInCrypto_=false; Poco::JWT::Signer Signer_; Poco::Logger &Logger_; - Poco::ThreadPool TimerPool_{"timer:pool",2,16}; + Poco::ThreadPool TimerPool_{"timer:pool",2,16}; + std::unique_ptr BusEventManager_; }; inline void MicroService::Exit(int Reason) { @@ -3469,7 +3493,7 @@ namespace OpenWifi { } } catch (const Poco::Exception &E) { - Logger_.log(E); + logger().log(E); } } @@ -3609,7 +3633,9 @@ namespace OpenWifi { SubSystems_.push_back(ALBHealthCheckServer()); SubSystems_.push_back(RESTAPI_ExtServer()); SubSystems_.push_back(RESTAPI_IntServer()); - +#ifndef TIP_SECURITY_SERVICE + SubSystems_.push_back(AuthClient()); +#endif Poco::Net::initializeSSL(); Poco::Net::HTTPStreamFactory::registerFactory(); Poco::Net::HTTPSStreamFactory::registerFactory(); @@ -3720,8 +3746,9 @@ namespace OpenWifi { } inline void MicroService::InitializeSubSystemServers() { - for(auto i:SubSystems_) - addSubsystem(i); + for(auto i:SubSystems_) { + addSubsystem(i); + } } inline void MicroService::StartSubSystemServers() { @@ -3729,12 +3756,13 @@ namespace OpenWifi { for(auto i:SubSystems_) { i->Start(); } - BusEventManager_.Start(); + BusEventManager_ = std::make_unique(Poco::Logger::create("BusEventManager",Poco::Logger::root().getChannel(),Poco::Logger::root().getLevel())); + BusEventManager_->Start(); } inline void MicroService::StopSubSystemServers() { AddActivity("Stopping"); - BusEventManager_.Stop(); + BusEventManager_->Stop(); for(auto i=SubSystems_.rbegin(); i!=SubSystems_.rend(); ++i) { (*i)->Stop(); } @@ -3911,14 +3939,15 @@ namespace OpenWifi { } } - inline SubSystemServer::SubSystemServer(std::string Name, const std::string &LoggingPrefix, - std::string SubSystemConfigPrefix): - Name_(std::move(Name)), - LoggerPrefix_(LoggingPrefix), - SubSystemConfigPrefix_(std::move(SubSystemConfigPrefix)) { + inline SubSystemServer::SubSystemServer(const std::string &Name, const std::string &LoggingPrefix, + const std::string &SubSystemConfigPrefix): + Name_(Name), + LoggerPrefix_(LoggingPrefix), + SubSystemConfigPrefix_(SubSystemConfigPrefix) { } inline int RESTAPI_ExtServer::Start() { + Logger().information("Starting."); Server_.InitLogging(); for(const auto & Svr: ConfigServersList_) { @@ -3950,7 +3979,6 @@ namespace OpenWifi { NewServer->start(); RESTServers_.push_back(std::move(NewServer)); } - return 0; } @@ -4040,7 +4068,11 @@ namespace OpenWifi { auto i = 0; bool good = true; - Log_ = std::make_unique(Poco::Logger::get(LoggerPrefix_)); + auto NewLevel = MicroService::instance().ConfigGetString("logging.level." + Name_, ""); + if(NewLevel.empty()) + Logger_ = std::make_unique(Poco::Logger::create(LoggerPrefix_, Poco::Logger::root().getChannel(), Poco::Logger::root().getLevel())); + else + Logger_ = std::make_unique(Poco::Logger::create(LoggerPrefix_, Poco::Logger::root().getChannel(), Poco::Logger::parseLevel(NewLevel))); ConfigServersList_.clear(); while (good) { @@ -4130,9 +4162,11 @@ namespace OpenWifi { inline void BusEventManager::Stop() { if(KafkaManager()->Enabled()) { + poco_information(Logger(),"Stopping..."); Running_ = false; Thread_.wakeUp(); Thread_.join(); + poco_information(Logger(),"Stopped..."); } } @@ -4144,37 +4178,37 @@ namespace OpenWifi { inline void KafkaLoggerFun([[maybe_unused]] cppkafka::KafkaHandleBase & handle, int level, const std::string & facility, const std::string &message) { switch ((cppkafka::LogLevel) level) { case cppkafka::LogLevel::LogNotice: { - KafkaManager()->Logger().notice(fmt::format("kafka-log: facility: {} message: {}",facility, message)); + poco_notice(KafkaManager()->Logger(),fmt::format("kafka-log: facility: {} message: {}",facility, message)); } break; case cppkafka::LogLevel::LogDebug: { - KafkaManager()->Logger().debug(fmt::format("kafka-log: facility: {} message: {}",facility, message)); + poco_debug(KafkaManager()->Logger(),fmt::format("kafka-log: facility: {} message: {}",facility, message)); } break; case cppkafka::LogLevel::LogInfo: { - KafkaManager()->Logger().information(fmt::format("kafka-log: facility: {} message: {}",facility, message)); + poco_information(KafkaManager()->Logger(),fmt::format("kafka-log: facility: {} message: {}",facility, message)); } break; - case cppkafka::LogLevel::LogWarning: { - KafkaManager()->Logger().warning(fmt::format("kafka-log: facility: {} message: {}",facility, message)); + case cppkafka::LogLevel::LogWarning: { + poco_warning(KafkaManager()->Logger(), fmt::format("kafka-log: facility: {} message: {}",facility, message)); } break; case cppkafka::LogLevel::LogAlert: case cppkafka::LogLevel::LogCrit: { - KafkaManager()->Logger().critical(fmt::format("kafka-log: facility: {} message: {}",facility, message)); + poco_critical(KafkaManager()->Logger(),fmt::format("kafka-log: facility: {} message: {}",facility, message)); } break; case cppkafka::LogLevel::LogErr: case cppkafka::LogLevel::LogEmerg: default: { - KafkaManager()->Logger().error(fmt::format("kafka-log: facility: {} message: {}",facility, message)); + poco_error(KafkaManager()->Logger(),fmt::format("kafka-log: facility: {} message: {}",facility, message)); } break; } } inline void KafkaErrorFun([[maybe_unused]] cppkafka::KafkaHandleBase & handle, int error, const std::string &reason) { - KafkaManager()->Logger().error(fmt::format("kafka-error: {}, reason: {}", error, reason)); + poco_error(KafkaManager()->Logger(),fmt::format("kafka-error: {}, reason: {}", error, reason)); } inline void AddKafkaSecurity(cppkafka::Configuration & Config) { @@ -4223,11 +4257,11 @@ namespace OpenWifi { cppkafka::MessageBuilder(Msg->Topic()).key(Msg->Key()).payload(Msg->Payload())); } } catch (const cppkafka::HandleException &E) { - KafkaManager()->Logger().warning(fmt::format("Caught a Kafka exception (producer): {}", E.what())); + poco_warning(KafkaManager()->Logger(),fmt::format("Caught a Kafka exception (producer): {}", E.what())); } catch( const Poco::Exception &E) { KafkaManager()->Logger().log(E); } catch (...) { - KafkaManager()->Logger().error("std::exception"); + poco_error(KafkaManager()->Logger(),"std::exception"); } Note = Queue_.waitDequeueNotification(); } @@ -4287,7 +4321,7 @@ namespace OpenWifi { continue; if (Msg.get_error()) { if (!Msg.is_eof()) { - KafkaManager()->Logger().error(fmt::format("Error: {}", Msg.get_error().to_string())); + poco_error(KafkaManager()->Logger(),fmt::format("Error: {}", Msg.get_error().to_string())); } if(!AutoCommit) Consumer.async_commit(Msg); @@ -4298,11 +4332,11 @@ namespace OpenWifi { Consumer.async_commit(Msg); } } catch (const cppkafka::HandleException &E) { - KafkaManager()->Logger().warning(fmt::format("Caught a Kafka exception (consumer): {}", E.what())); + poco_warning(KafkaManager()->Logger(),fmt::format("Caught a Kafka exception (consumer): {}", E.what())); } catch (const Poco::Exception &E) { KafkaManager()->Logger().log(E); } catch (...) { - KafkaManager()->Logger().error("std::exception"); + poco_error(KafkaManager()->Logger(),"std::exception"); } } Consumer.unsubscribe(); @@ -4746,7 +4780,7 @@ namespace OpenWifi { } #ifdef TIP_SECURITY_SERVICE - [[nodiscard]] bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired , bool Sub ); + [[nodiscard]] bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired , bool Sub ); #endif inline bool RESTAPIHandler::IsAuthorized( bool & Expired , [[maybe_unused]] bool & Contacted , bool Sub ) { if(Internal_ && Request->has("X-INTERNAL-NAME")) { @@ -4754,17 +4788,20 @@ namespace OpenWifi { Contacted = true; if(!Allowed) { if(Server_.LogBadTokens(false)) { - Logger_.debug(fmt::format("I-REQ-DENIED({}): Method={} Path={}", - Utils::FormatIPv6(Request->clientAddress().toString()), - Request->getMethod(), Request->getURI())); + poco_debug(Logger_,fmt::format("I-REQ-DENIED({}): TID={} Method={} Path={}", + Utils::FormatIPv6(Request->clientAddress().toString()), + TransactionId_, + Request->getMethod(), Request->getURI())); } } else { auto Id = Request->get("X-INTERNAL-NAME", "unknown"); REST_Requester_ = Id; if(Server_.LogIt(Request->getMethod(),true)) { - Logger_.debug(fmt::format("I-REQ-ALLOWED({}): User='{}' Method={} Path={}", - Utils::FormatIPv6(Request->clientAddress().toString()), Id, - Request->getMethod(), Request->getURI())); + poco_debug(Logger_,fmt::format("I-REQ-ALLOWED({}): TID={} User='{}' Method={} Path={}", + Utils::FormatIPv6(Request->clientAddress().toString()), + TransactionId_, + Id, + Request->getMethod(), Request->getURI())); } } return Allowed; @@ -4780,25 +4817,28 @@ namespace OpenWifi { } } #ifdef TIP_SECURITY_SERVICE - if (AuthServiceIsAuthorized(*Request, SessionToken_, UserInfo_, Expired, Sub)) { + if (AuthServiceIsAuthorized(*Request, SessionToken_, UserInfo_, TransactionId_, Expired, Sub)) { #else - if (AuthClient()->IsAuthorized( SessionToken_, UserInfo_, Expired, Contacted, Sub)) { + if (AuthClient()->IsAuthorized( SessionToken_, UserInfo_, TransactionId_, Expired, Contacted, Sub)) { #endif REST_Requester_ = UserInfo_.userinfo.email; if(Server_.LogIt(Request->getMethod(),true)) { - Logger_.debug(fmt::format("X-REQ-ALLOWED({}): User='{}@{}' Method={} Path={}", - UserInfo_.userinfo.email, - Utils::FormatIPv6(Request->clientAddress().toString()), - Request->clientAddress().toString(), - Request->getMethod(), - Request->getURI())); + poco_debug(Logger_,fmt::format("X-REQ-ALLOWED({}): TID={} User='{}@{}' Method={} Path={}", + UserInfo_.userinfo.email, + TransactionId_, + Utils::FormatIPv6(Request->clientAddress().toString()), + Request->clientAddress().toString(), + Request->getMethod(), + Request->getURI())); } return true; } else { if(Server_.LogBadTokens(true)) { - Logger_.debug(fmt::format("X-REQ-DENIED({}): Method={} Path={}", - Utils::FormatIPv6(Request->clientAddress().toString()), - Request->getMethod(), Request->getURI())); + poco_debug(Logger_,fmt::format("X-REQ-DENIED({}): TID={} Method={} Path={}", + Utils::FormatIPv6(Request->clientAddress().toString()), + TransactionId_, + Request->getMethod(), + Request->getURI())); } } return false; @@ -4867,7 +4907,7 @@ namespace OpenWifi { void run() override; // MyParallelSocketReactor &ReactorPool(); Poco::Net::SocketReactor & Reactor() { return Reactor_; } - void NewClient(Poco::Net::WebSocket &WS, const std::string &Id); + void NewClient(Poco::Net::WebSocket &WS, const std::string &Id, const std::string &UserName); bool Register(WebSocketClient *Client, const std::string &Id); void SetProcessor(WebSocketClientProcessor *F); void UnRegister(const std::string &Id); @@ -4918,18 +4958,22 @@ namespace OpenWifi { class WebSocketClient { public: - explicit WebSocketClient(Poco::Net::WebSocket &WS, const std::string &Id, Poco::Logger &L, - WebSocketClientProcessor *Processor); + explicit WebSocketClient(Poco::Net::WebSocket &WS, + const std::string &Id, + const std::string &UserName, + Poco::Logger &L, + WebSocketClientProcessor *Processor); virtual ~WebSocketClient(); [[nodiscard]] inline const std::string &Id(); [[nodiscard]] Poco::Logger &Logger(); inline bool Send(const std::string &Payload); private: std::unique_ptr WS_; - Poco::Net::SocketReactor &Reactor_; - std::string Id_; - Poco::Logger &Logger_; - bool Authenticated_ = false; + Poco::Net::SocketReactor &Reactor_; + std::string Id_; + std::string UserName_; + Poco::Logger &Logger_; + std::atomic_bool Authenticated_ = false; SecurityObjects::UserInfoAndPolicy UserInfo_; WebSocketClientProcessor *Processor_ = nullptr; void OnSocketReadable(const Poco::AutoPtr &pNf); @@ -4937,33 +4981,9 @@ namespace OpenWifi { void OnSocketError(const Poco::AutoPtr &pNf); }; -/* inline MyParallelSocketReactor::MyParallelSocketReactor(uint32_t NumReactors) : - NumReactors_(NumReactors) - { - Reactors_ = new Poco::Net::SocketReactor[NumReactors_]; - for(uint32_t i=0;iIsAuthorized(Tokens[1], UserInfo_, Expired, Contacted)) { + AuthClient()->IsAuthorized(Tokens[1], UserInfo_, 0, Expired, Contacted)) { Authenticated_ = true; + UserName_ = UserInfo_.userinfo.email; + poco_warning(Logger(),Poco::format("START(%s): %s UI Client is starting WS connection.", Id_, UserName_)); std::string S{"Welcome! Bienvenue! Bienvenidos!"}; WS_->sendFrame(S.c_str(), S.size()); WebSocketClientServer()->SetUser(Id_, UserInfo_.userinfo.email); @@ -5149,9 +5172,10 @@ namespace OpenWifi { } - inline WebSocketClient::WebSocketClient( Poco::Net::WebSocket & WS , const std::string &Id, Poco::Logger & L, WebSocketClientProcessor * Processor) : + inline WebSocketClient::WebSocketClient( Poco::Net::WebSocket & WS , const std::string &Id, const std::string &UserName, Poco::Logger & L, WebSocketClientProcessor * Processor) : Reactor_(WebSocketClientServer()->Reactor()), Id_(Id), + UserName_(UserName), Logger_(L), Processor_(Processor) { try { @@ -5165,7 +5189,10 @@ namespace OpenWifi { Reactor_.addEventHandler(*WS_, Poco::NObserver( *this, &WebSocketClient::OnSocketError)); - // WebSocketClientServer()->Register(this, Id_); + WS_->setNoDelay(true); + WS_->setKeepAlive(true); + WS_->setBlocking(false); + } catch (...) { delete this; } @@ -5231,9 +5258,8 @@ namespace OpenWifi { try { Poco::Net::WebSocket WS(*Request, *Response); - Logger().information("UI-WebSocket connection established."); auto Id = MicroService::CreateUUID(); - WebSocketClientServer()->NewClient(WS,Id); + WebSocketClientServer()->NewClient(WS,Id,UserInfo_.userinfo.email); } catch (...) { std::cout << "Cannot create websocket client..." << std::endl; diff --git a/src/framework/StorageClass.h b/src/framework/StorageClass.h index 34ecc2f..d9f3b98 100644 --- a/src/framework/StorageClass.h +++ b/src/framework/StorageClass.h @@ -33,7 +33,6 @@ namespace OpenWifi { int Start() override { std::lock_guard Guard(Mutex_); - Logger().setLevel(Poco::Message::PRIO_INFORMATION); Logger().notice("Starting."); std::string DBType = MicroService::instance().ConfigGetString("storage.type"); diff --git a/src/framework/WebSocketClientNotifications.h b/src/framework/WebSocketClientNotifications.h index a0c3a02..435732c 100644 --- a/src/framework/WebSocketClientNotifications.h +++ b/src/framework/WebSocketClientNotifications.h @@ -146,6 +146,10 @@ namespace OpenWifi { WebSocketClientServer()->SendUserNotification(User,N); } + ///// + ///// + ///// + struct WebSocketNotificationRebootList { std::string title, details, @@ -189,5 +193,58 @@ namespace OpenWifi { WebSocketClientServer()->SendUserNotification(User,N); } + ///// + ///// + ///// + + struct WebSocketNotificationUpgradeList { + std::string title, + details, + jobId; + std::vector success, + skipped, + no_firmware, + not_connected; + uint64_t timeStamp=OpenWifi::Now(); + + void to_json(Poco::JSON::Object &Obj) const; + bool from_json(const Poco::JSON::Object::Ptr &Obj); + }; + + typedef WebSocketNotification WebSocketClientNotificationVenueUpgradeList_t; + + inline void WebSocketNotificationUpgradeList::to_json(Poco::JSON::Object &Obj) const { + RESTAPI_utils::field_to_json(Obj,"title",title); + RESTAPI_utils::field_to_json(Obj,"jobId",jobId); + RESTAPI_utils::field_to_json(Obj,"success",success); + RESTAPI_utils::field_to_json(Obj,"notConnected",not_connected); + RESTAPI_utils::field_to_json(Obj,"noFirmware",no_firmware); + RESTAPI_utils::field_to_json(Obj,"skipped",skipped); + RESTAPI_utils::field_to_json(Obj,"timeStamp",timeStamp); + RESTAPI_utils::field_to_json(Obj,"details",details); + } + + inline bool WebSocketNotificationUpgradeList::from_json(const Poco::JSON::Object::Ptr &Obj) { + try { + RESTAPI_utils::field_from_json(Obj,"title",title); + RESTAPI_utils::field_from_json(Obj,"jobId",jobId); + RESTAPI_utils::field_from_json(Obj,"success",success); + RESTAPI_utils::field_from_json(Obj,"notConnected",not_connected); + RESTAPI_utils::field_from_json(Obj,"noFirmware",no_firmware); + RESTAPI_utils::field_from_json(Obj,"skipped",skipped); + RESTAPI_utils::field_from_json(Obj,"timeStamp",timeStamp); + RESTAPI_utils::field_from_json(Obj,"details",details); + return true; + } catch(...) { + + } + return false; + } + + inline void WebSocketClientNotificationVenueUpgradeCompletionToUser( const std::string & User, WebSocketClientNotificationVenueUpgradeList_t &N) { + N.type = "venue_upgrader"; + WebSocketClientServer()->SendUserNotification(User,N); + } + } // namespace OpenWifi diff --git a/src/framework/ow_constants.h b/src/framework/ow_constants.h index 443a457..5d70763 100644 --- a/src/framework/ow_constants.h +++ b/src/framework/ow_constants.h @@ -196,6 +196,8 @@ namespace OpenWifi::RESTAPI::Errors { static const struct msg InvalidRadiusServerEntry{1142,"RADIUS Server IP address invalid or port missing."}; static const struct msg InvalidRadiusServerWeigth{1143,"RADIUS Server IP weight cannot be 0."}; + static const struct msg MaximumRTTYSessionsReached{1144,"Too many RTTY sessions currently active"}; + static const struct msg DeviceIsAlreadyBusy{1145,"Device is already executing a command. Please try later."}; } @@ -428,6 +430,7 @@ namespace OpenWifi::uCentralProtocol { static const char *RADIUSDATA = "data"; static const char *RADIUSACCT = "acct"; static const char *RADIUSAUTH = "auth"; + static const char *RADIUSCOA = "coa"; static const char *RADIUSDST = "dst"; static const char *IES = "ies"; } @@ -444,6 +447,7 @@ namespace OpenWifi::uCentralProtocol::Events { static const char *RECOVERY = "recovery"; static const char *TELEMETRY = "telemetry"; static const char *DEVICEUPDATE = "deviceupdate"; + static const char *VENUE_BROADCAST = "venue_broadcast"; enum EVENT_MSG { ET_UNKNOWN, @@ -456,7 +460,8 @@ namespace OpenWifi::uCentralProtocol::Events { ET_CFGPENDING, ET_RECOVERY, ET_DEVICEUPDATE, - ET_TELEMETRY + ET_TELEMETRY, + ET_VENUEBROADCAST }; inline EVENT_MSG EventFromString(const std::string & Method) { @@ -480,6 +485,8 @@ namespace OpenWifi::uCentralProtocol::Events { return ET_RECOVERY; else if(strcmp(TELEMETRY,Method.c_str())==0) return ET_TELEMETRY; + else if(strcmp(VENUE_BROADCAST,Method.c_str())==0) + return ET_VENUEBROADCAST; return ET_UNKNOWN; }; }