scottk/wlan-cloud-ucentralsec
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git synced 2025-10-30 18:27:49 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Compare commits

base: scottk:release/v2.2.0
Branches Tags
scottk:main scottk:release/v4.1.0 scottk:WIFI-13821-bump-versions scottk:release/v4.0.0 scottk:fix_improve_exeception_handling scottk:fix_ci scottk:release/v3.2.0 scottk:version_update scottk:release/v3.1.0 scottk:WIFI-13857-fix-svc-kafka-startup scottk:WIFI-13597-fix-kafka-producer-using-poll scottk:release/v3.0.0 scottk:release/v2.11.0 scottk:release/v2.10.0 scottk:release/v2.9.0 scottk:release/v2.8.0 scottk:gh-pages scottk:release/v2.7.0 scottk:WIFI-10942 scottk:WIFI-10581-switch-images-to-debian-slim scottk:release/v2.4.0 scottk:WIFI-10345 scottk:release/v2.5.0 scottk:release/v2.6.0 scottk:feature/test-jira-key-without-key scottk:feature/wifi-5702--add-change-password-cli-command-on-startup scottk:release/v2.3.0 scottk:release/v2.2.0 scottk:release/v2.1.0 scottk:release/v2.0.0
scottk:v4.1.0 scottk:v4.1.0-RC1 scottk:v4.0.0 scottk:v3.2.0 scottk:v3.2.0-RC2 scottk:v3.2.0-RC1 scottk:v3.1.0 scottk:v3.1.0-RC1 scottk:v3.0.2-RC1 scottk:v3.0.0 scottk:v3.0.0-RC2 scottk:v3.0.0-RC1 scottk:v2.11.0 scottk:v2.11.0-RC2 scottk:v2.11.0-RC1 scottk:v2.10.0 scottk:v2.10.0-RC1 scottk:v2.9.0 scottk:v2.9.0-RC2 scottk:v2.9.0-RC1 scottk:v2.8.0 scottk:v2.8.0-RC2 scottk:v2.8.0-RC1 scottk:v2.7.0 scottk:v2.7.0-RC5 scottk:v2.7.0-RC4 scottk:v2.7.0-RC3 scottk:v2.7.0-RC2 scottk:v2.7.0-RC1 scottk:v2.5.2 scottk:v2.4.2 scottk:v2.4.1 scottk:v2.6.0 scottk:v2.6.0-RC3 scottk:v2.6.0-RC2 scottk:v2.6.0-RC1 scottk:v2.5.0 scottk:v2.5.0-RC1 scottk:v2.4.0 scottk:v2.4.0-RC5 scottk:v2.4.0-RC4 scottk:v2.4.0-RC3 scottk:v2.4.0-RC2 scottk:v2.4.0-RC1 scottk:v2.3.0-RC2 scottk:v2.3.0-RC1 scottk:v2.2.0-RC1 scottk:v2.1.0-RC1 scottk:v2.0.0-RC1 scottk:v2.0.0
..
compare: scottk:release/v2.1.0
Branches Tags
scottk:release/v4.1.0 scottk:main scottk:WIFI-13821-bump-versions scottk:release/v4.0.0 scottk:fix_improve_exeception_handling scottk:fix_ci scottk:release/v3.2.0 scottk:version_update scottk:release/v3.1.0 scottk:WIFI-13857-fix-svc-kafka-startup scottk:WIFI-13597-fix-kafka-producer-using-poll scottk:release/v3.0.0 scottk:release/v2.11.0 scottk:release/v2.10.0 scottk:release/v2.9.0 scottk:release/v2.8.0 scottk:gh-pages scottk:release/v2.7.0 scottk:WIFI-10942 scottk:WIFI-10581-switch-images-to-debian-slim scottk:release/v2.4.0 scottk:WIFI-10345 scottk:release/v2.5.0 scottk:release/v2.6.0 scottk:feature/test-jira-key-without-key scottk:feature/wifi-5702--add-change-password-cli-command-on-startup scottk:release/v2.3.0 scottk:release/v2.2.0 scottk:release/v2.1.0 scottk:release/v2.0.0
scottk:v4.1.0 scottk:v4.1.0-RC1 scottk:v4.0.0 scottk:v3.2.0 scottk:v3.2.0-RC2 scottk:v3.2.0-RC1 scottk:v3.1.0 scottk:v3.1.0-RC1 scottk:v3.0.2-RC1 scottk:v3.0.0 scottk:v3.0.0-RC2 scottk:v3.0.0-RC1 scottk:v2.11.0 scottk:v2.11.0-RC2 scottk:v2.11.0-RC1 scottk:v2.10.0 scottk:v2.10.0-RC1 scottk:v2.9.0 scottk:v2.9.0-RC2 scottk:v2.9.0-RC1 scottk:v2.8.0 scottk:v2.8.0-RC2 scottk:v2.8.0-RC1 scottk:v2.7.0 scottk:v2.7.0-RC5 scottk:v2.7.0-RC4 scottk:v2.7.0-RC3 scottk:v2.7.0-RC2 scottk:v2.7.0-RC1 scottk:v2.5.2 scottk:v2.4.2 scottk:v2.4.1 scottk:v2.6.0 scottk:v2.6.0-RC3 scottk:v2.6.0-RC2 scottk:v2.6.0-RC1 scottk:v2.5.0 scottk:v2.5.0-RC1 scottk:v2.4.0 scottk:v2.4.0-RC5 scottk:v2.4.0-RC4 scottk:v2.4.0-RC3 scottk:v2.4.0-RC2 scottk:v2.4.0-RC1 scottk:v2.3.0-RC2 scottk:v2.3.0-RC1 scottk:v2.2.0-RC1 scottk:v2.1.0-RC1 scottk:v2.0.0-RC1 scottk:v2.0.0

1 Commits
release/v2 ... release/v2

Author SHA1 Message Date
oblom0v
7439051e54 Change image tag to rc version 2021-08-31 14:02:55 +02:00
81 changed files with 1607 additions and 2516 deletions
Expand all files Collapse all files

6
.github/workflows/ci.yml vendored
View File

@@ -28,7 +28,7 @@ jobs:
- uses: actions/checkout@v2
- name: Build Docker image
run: docker build -t wlan-cloud-owsec:${{ github.sha }} .
run: docker build -t wlan-cloud-ucentralsec:${{ github.sha }} .
- name: Tag Docker image
run: |
@@ -52,7 +52,7 @@ jobs:
echo "Result tags: $TAGS"
for tag in $TAGS; do
docker tag wlan-cloud-owsec:${{ github.sha }} ${{ env.DOCKER_REGISTRY_URL }}/owsec:$tag
docker tag wlan-cloud-ucentralsec:${{ github.sha }} ${{ env.DOCKER_REGISTRY_URL }}/ucentralsec:$tag
done
- name: Log into Docker registry
@@ -66,4 +66,4 @@ jobs:
- name: Push Docker images
if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
run: |
docker images | grep ${{ env.DOCKER_REGISTRY_URL }}/owsec | awk -F ' ' '{print $1":"$2}' | xargs -I {} docker push {}
docker images | grep ${{ env.DOCKER_REGISTRY_URL }}/ucentralsec | awk -F ' ' '{print $1":"$2}' | xargs -I {} docker push {}

2
.github/workflows/cleanup.yml vendored
View File

@@ -16,4 +16,4 @@ jobs:
steps:
- run: |
export PR_BRANCH_TAG=$(echo ${GITHUB_HEAD_REF#refs/heads/} | tr '/' '-')
curl -uucentral:${{ secrets.DOCKER_REGISTRY_PASSWORD }} -X DELETE "https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral/owsec/$PR_BRANCH_TAG"
curl -uucentral:${{ secrets.DOCKER_REGISTRY_PASSWORD }} -X DELETE "https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral/ucentralsec/$PR_BRANCH_TAG"

87
CLI.md
View File

@@ -1,9 +1,9 @@
# Security Service CLI Documentation
## Before using the CLI
You must set the environment variable `OWSEC`. You must specify the host and port for the security service. Here is an example
You must set the environment variable `UCENTRALSEC`. You must specify the host and port for the security service. Here is an example
```csh
export OWSEC=mysecurityservice,example.com:16001
export UCENTRALSEC=mysecurityservice,example.com:16001
```
Once set, you can start using the `CLI`.
@@ -12,59 +12,64 @@ Most commands will take from 0 to 2 parameters. You should include all parameter
## The commands
### listendpoints
Get all the system endpoints.
### `cli createuser <email> <initial password>`
This will create a simple user as admin using the email as login ID and setting the initial password.
### emailtest
Generate a forgot Password e-amil to the logged in user.
### `cli createuser_v <email> <initial password>`
This will create a simple user and force email verification.
### me
Show information about the logged user.
### `cli deleteuser <id>`
Delete the specified user using the user's UUID.
### createuser <email> <password>
Create a user with an initial password and force the user to change password.
### `cli getuser <id>`
Get the specified user using the user's UUID.
### createuser_v <email> <password>
Same as create user but also force an e-mail verification.
### `cli listusers`
Get a list of users.
### deleteuser <user UUID>
Delete the user.
### getuser <user UUID>
Get the user information.
### `cli policies`
List the link used to display password and usage policies for the management site.
### listusers
List users.
### `cli setavatar <id> <filename>`
Sets the avatar for the user with ID. The file should be gif, png, svg.
### policies
List the login and access policies.
### `cli deleteavatar <id>`
Remove the avatar fort the specified user ID.
### setavatar <user UUID> <filename>
Sets the avatar for user to the image in filename.
### `cli secversion`
Get the vewrsion of the secufiry service.
### getavatar <user UUID>
Get the avatar for the user.
### `cli sectimes`
Get the starttime and uptime for the security service.
### deleteavatar <user UUID>
Remove the avatar for a user.
### sendemail <recipient> <from>
Sends a test email to see if the e-mail system is working.
### setloglevel <subsystem> <loglevel>
Set the log level for s specific subsystem.
### getloglevels
Get the current log levels for all subsystems.
### `cli revisions`
Get the list of currently available revisions.
### getloglevelnames
Get the log level names available.
### `cli devicetypes`
Retrieve the list of known `device_types`
### getsubsystemnames
Get the list of subsystems.
### `cli firmwareage <device_type> <revision>`
If you specify your `device_type` and `revision`, the system will do its best to estimate how
far in the past you `revision` is compared to the latest revision.
### systeminfo
Get basic system information.
### `cli gethistory <serialNumber>`
Get the revision history for a given device.
### `cli connecteddevices`
Get a list of the currently known devices and the last connection information we have about the,
### `cli connecteddevice <serialNumber>`
Get the information relevant to a specific device.
### `cli devicereport`
Give a simplified dashboard report of the data in the service.
### `cli fmsversion`
Display the version of the service.
### `cli fmstimes`
Display the uptime and start time of the service.
### reloadsubsystem <subsystem name>
Reload the configuration for a subsystem.

14
CMakeLists.txt
View File

@@ -1,5 +1,5 @@
cmake_minimum_required(VERSION 3.13)
project(owsec VERSION 2.2.0)
project(ucentralsec VERSION 2.1.0)
set(CMAKE_CXX_STANDARD 17)
@@ -47,7 +47,7 @@ find_package(PostgreSQL REQUIRED)
find_package(MySQL REQUIRED)
find_package(Poco REQUIRED COMPONENTS JSON Crypto JWT Net Util NetSSL Data DataSQLite DataPostgreSQL DataMySQL)
add_executable( owsec
add_executable( ucentralsec
build
src/Daemon.h src/Daemon.cpp
src/MicroService.cpp src/MicroService.h
@@ -73,18 +73,14 @@ add_executable( owsec
src/RESTAPI_AssetServer.cpp src/RESTAPI_AssetServer.h
src/RESTAPI_avatarHandler.cpp src/RESTAPI_avatarHandler.h
src/storage_avatar.cpp src/storage_avatar.h src/storage_users.h
src/OpenWifiTypes.h src/RESTAPI_email_handler.cpp src/RESTAPI_email_handler.h
src/storage_tokens.cpp
src/RESTAPI_GenericServer.h src/RESTAPI_GenericServer.cpp
src/RESTAPI_errors.h
)
src/OpenWifiTypes.h )
if(NOT SMALL_BUILD)
target_link_libraries(owsec PUBLIC
target_link_libraries(ucentralsec PUBLIC
${Poco_LIBRARIES} ${Boost_LIBRARIES} ${MySQL_LIBRARIES} ${ZLIB_LIBRARIES}
CppKafka::cppkafka
)
if(UNIX AND NOT APPLE)
target_link_libraries(owsec PUBLIC PocoJSON)
target_link_libraries(ucentralsec PUBLIC PocoJSON)
endif()
endif()

37
Dockerfile
View File

@@ -26,39 +26,36 @@ RUN cmake ..
RUN cmake --build . --config Release -j8
RUN cmake --build . --target install
ADD CMakeLists.txt build /owsec/
ADD cmake /owsec/cmake
ADD src /owsec/src
ADD CMakeLists.txt build /ucentralsec/
ADD cmake /ucentralsec/cmake
ADD src /ucentralsec/src
WORKDIR /owsec
WORKDIR /ucentralsec
RUN mkdir cmake-build
WORKDIR /owsec/cmake-build
WORKDIR /ucentralsec/cmake-build
RUN cmake ..
RUN cmake --build . --config Release -j8
FROM alpine
ENV OWSEC_USER=owsec \
OWSEC_ROOT=/owsec-data \
OWSEC_CONFIG=/owsec-data
ENV UCENTRALSEC_USER=ucentralsec \
UCENTRALSEC_ROOT=/ucentralsec-data \
UCENTRALSEC_CONFIG=/ucentralsec-data
RUN addgroup -S "$OWSEC_USER" && \
adduser -S -G "$OWSEC_USER" "$OWSEC_USER"
RUN addgroup -S "$UCENTRALSEC_USER" && \
adduser -S -G "$UCENTRALSEC_USER" "$UCENTRALSEC_USER"
RUN mkdir /openwifi
RUN mkdir -p "$OWSEC_ROOT" "$OWSEC_CONFIG" && \
chown "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG"
RUN apk add --update --no-cache librdkafka mariadb-connector-c libpq unixodbc su-exec gettext ca-certificates
COPY --from=builder /owsec/cmake-build/owsec /openwifi/owsec
RUN mkdir /ucentral
RUN mkdir -p "$UCENTRALSEC_ROOT" "$UCENTRALSEC_CONFIG" && \
chown "$UCENTRALSEC_USER": "$UCENTRALSEC_ROOT" "$UCENTRALSEC_CONFIG"
RUN apk add --update --no-cache librdkafka mariadb-connector-c libpq unixodbc su-exec
COPY --from=builder /ucentralsec/cmake-build/ucentralsec /ucentral/ucentralsec
COPY --from=builder /cppkafka/cmake-build/src/lib/* /lib/
COPY --from=builder /poco/cmake-build/lib/* /lib/
COPY owsec.properties.tmpl ${OWSEC_CONFIG}/
COPY docker-entrypoint.sh /
RUN wget https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentral-deploy/main/docker-compose/certs/restapi-ca.pem \
-O /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
EXPOSE 16001 17001 16101
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["/openwifi/owsec"]
CMD ["/ucentral/ucentralsec"]

72
README.md
View File

@@ -21,7 +21,7 @@ The entire uCentral systems uses several MicroServices. In order for the whole s
access
- Security
- Properties file: owsec.properties
- Properties file: ucentralsec.properties
- Ports
- Public: 16001
- Private: 17001
@@ -42,7 +42,7 @@ access
- ALB: 16104
## Security Configuration
The service relies on a properties configuration file called `owsec.properties`. In this file, you should configure several entries. Many values are optional
The service relies on a properties configuration file called `ucentralsec.properties`. In this file, you should configure several entries. Many values are optional
and you can rely on the defaults. Here are some values of note:
### `authentication.default.password`
@@ -52,7 +52,7 @@ Set the hash of the default username and password. Please look below on how to d
Set the default username to use to login.
### Default username and password
The default username and password are set in `owsec.properties` file. The following entries manage the username and password
The default username and password are set in `ucentralsec.properties` file. The following entries manage the username and password
```text
authentication.default.username = tip@ucentral.com
authentication.default.password = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
@@ -97,19 +97,19 @@ This security service uses Kafka to coordinate security with other services that
in order to use this. You can find several examples of Kafka services available with Docker. Here are the values you need to configure.
```asm
openwifi.kafka.group.id = security
openwifi.kafka.client.id = security1
openwifi.kafka.enable = true
openwifi.kafka.brokerlist = my.kafkaserver.arilia.com:9092
openwifi.kafka.auto.commit = false
openwifi.kafka.queue.buffering.max.ms = 50
ucentral.kafka.group.id = security
ucentral.kafka.client.id = security1
ucentral.kafka.enable = true
ucentral.kafka.brokerlist = my.kafkaserver.arilia.com:9092
ucentral.kafka.auto.commit = false
ucentral.kafka.queue.buffering.max.ms = 50
```
#### `openwifi.kafka.brokerlist`
#### `ucentral.kafka.brokerlist`
This is the list of your kafka brokers. This is a comma separated list. You should use IP addresses or FQDNs and the relevant ports, usually 9092 is the
default.
#### `openwifi.kafka.group.id`
#### `ucentral.kafka.group.id`
Every service on the Kafka bux must have a unique value (at least in our case). This should be a string. We suggest using a name corresponding to the
function provided. In this case, security.
@@ -124,17 +124,17 @@ Here are the parameters for the public interface. The important files are:
- `restapi-ca.pem` : the CA of your certificate
- `restapi-cert.pem` : the certificate for the public interface
- `restapi-key.pem` : the key associated with this certificate
- `openwifi.restapi.host.0.key.password` : if you key is password protected, you may supply that password here.
- `ucentral.restapi.host.0.key.password` : if you key is password protected, you may supply that password here.
```asm
openwifi.restapi.host.0.backlog = 100
openwifi.restapi.host.0.security = relaxed
openwifi.restapi.host.0.rootca = $OWSEC_ROOT/certs/restapi-ca.pem
openwifi.restapi.host.0.address = *
openwifi.restapi.host.0.port = 16001
openwifi.restapi.host.0.cert = $OWSEC_ROOT/certs/restapi-cert.pem
openwifi.restapi.host.0.key = $OWSEC_ROOT/certs/restapi-key.pem
openwifi.restapi.host.0.key.password = mypassword
ucentral.restapi.host.0.backlog = 100
ucentral.restapi.host.0.security = relaxed
ucentral.restapi.host.0.rootca = $UCENTRALSEC_ROOT/certs/restapi-ca.pem
ucentral.restapi.host.0.address = *
ucentral.restapi.host.0.port = 16001
ucentral.restapi.host.0.cert = $UCENTRALSEC_ROOT/certs/restapi-cert.pem
ucentral.restapi.host.0.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
ucentral.restapi.host.0.key.password = mypassword
```
#### The private interface
@@ -142,14 +142,14 @@ The private interface is used for service-to-service communication. You can use
to the filenames used in the previous section.
```asm
openwifi.internal.restapi.host.0.backlog = 100
openwifi.internal.restapi.host.0.security = relaxed
openwifi.internal.restapi.host.0.rootca = $OWSEC_ROOT/certs/restapi-ca.pem
openwifi.internal.restapi.host.0.address = *
openwifi.internal.restapi.host.0.port = 17001
openwifi.internal.restapi.host.0.cert = $OWSEC_ROOT/certs/restapi-cert.pem
openwifi.internal.restapi.host.0.key = $OWSEC_ROOT/certs/restapi-key.pem
openwifi.internal.restapi.host.0.key.password = mypassword
ucentral.internal.restapi.host.0.backlog = 100
ucentral.internal.restapi.host.0.security = relaxed
ucentral.internal.restapi.host.0.rootca = $UCENTRALSEC_ROOT/certs/restapi-ca.pem
ucentral.internal.restapi.host.0.address = *
ucentral.internal.restapi.host.0.port = 17001
ucentral.internal.restapi.host.0.cert = $UCENTRALSEC_ROOT/certs/restapi-cert.pem
ucentral.internal.restapi.host.0.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
ucentral.internal.restapi.host.0.key.password = mypassword
```
### Other important values
@@ -157,19 +157,19 @@ Here are other important values you must set.
```asm
openwifi.system.data = $OWSEC_ROOT/data
openwifi.system.uri.private = https://localhost:17001
openwifi.system.uri.public = https://openwifi.dpaas.arilia.com:16001
openwifi.system.commandchannel = /tmp/app.ucentralsec
openwifi.service.key = $OWSEC_ROOT/certs/restapi-key.pem
ucentral.system.data = $UCENTRALSEC_ROOT/data
ucentral.system.uri.private = https://localhost:17001
ucentral.system.uri.public = https://ucentral.dpaas.arilia.com:16001
ucentral.system.commandchannel = /tmp/app.ucentralsec
ucentral.service.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
```
#### `openwifi.system.data`
#### `ucentral.system.data`
The location of some important data files including the user name database.
#### `openwifi.system.uri.private`
#### `ucentral.system.uri.private`
This is the FQDN used internally between services.
#### `openwifi.system.uri.public`
#### `ucentral.system.uri.public`
This is the FQDN used externally serving the OpenAPI interface.

2
build
View File

@@ -1 +1 @@
29
11

51
docker-entrypoint.sh
View File

@@ -1,56 +1,11 @@
#!/bin/sh
set -e
if [ "$SELFSIGNED_CERTS" = 'true' ]; then
update-ca-certificates
fi
if [[ "$TEMPLATE_CONFIG" = 'true' && ! -f "$OWSEC_CONFIG"/owsec.properties ]]; then
RESTAPI_HOST_ROOTCA=${RESTAPI_HOST_ROOTCA:-"\$OWSEC_ROOT/certs/restapi-ca.pem"} \
RESTAPI_HOST_PORT=${RESTAPI_HOST_PORT:-"16001"} \
RESTAPI_HOST_CERT=${RESTAPI_HOST_CERT:-"\$OWSEC_ROOT/certs/restapi-cert.pem"} \
RESTAPI_HOST_KEY=${RESTAPI_HOST_KEY:-"\$OWSEC_ROOT/certs/restapi-key.pem"} \
RESTAPI_HOST_KEY_PASSWORD=${RESTAPI_HOST_KEY_PASSWORD:-"mypassword"} \
RESTAPI_WWWASSETS=${RESTAPI_WWWASSETS:-"\$OWSEC_ROOT/wwwassets"} \
INTERNAL_RESTAPI_HOST_ROOTCA=${INTERNAL_RESTAPI_HOST_ROOTCA:-"\$OWSEC_ROOT/certs/restapi-ca.pem"} \
INTERNAL_RESTAPI_HOST_PORT=${INTERNAL_RESTAPI_HOST_PORT:-"17001"} \
INTERNAL_RESTAPI_HOST_CERT=${INTERNAL_RESTAPI_HOST_CERT:-"\$OWSEC_ROOT/certs/restapi-cert.pem"} \
INTERNAL_RESTAPI_HOST_KEY=${INTERNAL_RESTAPI_HOST_KEY:-"\$OWSEC_ROOT/certs/restapi-key.pem"} \
INTERNAL_RESTAPI_HOST_KEY_PASSWORD=${INTERNAL_RESTAPI_HOST_KEY_PASSWORD:-"mypassword"} \
AUTHENTICATION_DEFAULT_USERNAME=${AUTHENTICATION_DEFAULT_USERNAME:-"tip@ucentral.com"} \
AUTHENTICATION_DEFAULT_PASSWORD=${AUTHENTICATION_DEFAULT_PASSWORD:-"13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf"} \
SYSTEM_DATA=${SYSTEM_DATA:-"\$OWSEC_ROOT/data"} \
SYSTEM_URI_PRIVATE=${SYSTEM_URI_PRIVATE:-"https://localhost:17001"} \
SYSTEM_URI_PUBLIC=${SYSTEM_URI_PUBLIC:-"https://localhost:16001"} \
SYSTEM_URI_UI=${SYSTEM_URI_UI:-"http://localhost"} \
SERVICE_KEY=${SERVICE_KEY:-"\$OWSEC_ROOT/certs/restapi-key.pem"} \
SERVICE_KEY_PASSWORD=${SERVICE_KEY_PASSWORD:-"mypassword"} \
MAILER_HOSTNAME=${MAILER_HOSTNAME:-"smtp.gmail.com"} \
MAILER_USERNAME=${MAILER_USERNAME:-"************************"} \
MAILER_PASSWORD=${MAILER_PASSWORD:-"************************"} \
MAILER_SENDER=${MAILER_SENDER:-"OpenWIFI"} \
MAILER_PORT=${MAILER_PORT:-"587"} \
KAFKA_ENABLE=${KAFKA_ENABLE:-"true"} \
KAFKA_BROKERLIST=${KAFKA_BROKERLIST:-"localhost:9092"} \
STORAGE_TYPE=${STORAGE_TYPE:-"sqlite"} \
STORAGE_TYPE_POSTGRESQL_HOST=${STORAGE_TYPE_POSTGRESQL_HOST:-"localhost"} \
STORAGE_TYPE_POSTGRESQL_USERNAME=${STORAGE_TYPE_POSTGRESQL_USERNAME:-"owsec"} \
STORAGE_TYPE_POSTGRESQL_PASSWORD=${STORAGE_TYPE_POSTGRESQL_PASSWORD:-"owsec"} \
STORAGE_TYPE_POSTGRESQL_DATABASE=${STORAGE_TYPE_POSTGRESQL_DATABASE:-"owsec"} \
STORAGE_TYPE_POSTGRESQL_PORT=${STORAGE_TYPE_POSTGRESQL_PORT:-"5432"} \
STORAGE_TYPE_MYSQL_HOST=${STORAGE_TYPE_MYSQL_HOST:-"localhost"} \
STORAGE_TYPE_MYSQL_USERNAME=${STORAGE_TYPE_MYSQL_USERNAME:-"owsec"} \
STORAGE_TYPE_MYSQL_PASSWORD=${STORAGE_TYPE_MYSQL_PASSWORD:-"owsec"} \
STORAGE_TYPE_MYSQL_DATABASE=${STORAGE_TYPE_MYSQL_DATABASE:-"owsec"} \
STORAGE_TYPE_MYSQL_PORT=${STORAGE_TYPE_MYSQL_PORT:-"3306"} \
envsubst < $OWSEC_CONFIG/owsec.properties.tmpl > $OWSEC_CONFIG/owsec.properties
fi
if [ "$1" = '/openwifi/owsec' -a "$(id -u)" = '0' ]; then
if [ "$1" = '/ucentral/ucentralsec' -a "$(id -u)" = '0' ]; then
if [ "$RUN_CHOWN" = 'true' ]; then
chown -R "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG"
chown -R "$UCENTRALSEC_USER": "$UCENTRALSEC_ROOT" "$UCENTRALSEC_CONFIG"
fi
exec su-exec "$OWSEC_USER" "$@"
exec su-exec "$UCENTRALSEC_USER" "$@"
fi
exec "$@"

2
helm/Chart.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v2
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: owsec
name: ucentralsec
version: 0.1.0
dependencies:
- name: postgresql

46
helm/README.md
View File

@@ -1,6 +1,6 @@
# owsec
# ucentralsec
This Helm chart helps to deploy OpenWIFI Security (further on refered as __Security__) to the Kubernetes clusters. It is mainly used in [assembly chart](https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) as Security requires other services as dependencies that are considered in that Helm chart. This chart is purposed to define deployment logic close to the application code itself and define default values that could be overriden during deployment.
This Helm chart helps to deploy uCentralSec to the Kubernetes clusters. It is mainly used in [assembly chart](https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) as uCentralSec requires other services as dependencies that are considered in that Helm chart. This chart is purposed to define deployment logic close to the application code itself and define default values that could be overriden during deployment.
## TL;DR;
@@ -11,7 +11,7 @@ $ helm install .
## Introduction
This chart bootstraps the Security on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
This chart bootstraps an ucentralsec on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Installing the Chart
@@ -23,7 +23,7 @@ To install the chart with the release name `my-release`:
$ helm install --name my-release git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=main
```
The command deploys the Security on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
The command deploys ucentralsec on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
@@ -47,30 +47,30 @@ The following table lists the configurable parameters of the chart and their def
| strategyType | string | Application deployment strategy | `'Recreate'` |
| nameOverride | string | Override to be used for application deployment | |
| fullnameOverride | string | Override to be used for application deployment (has priority over nameOverride) | |
| images.owsec.repository | string | Docker image repository | |
| images.owsec.tag | string | Docker image tag | `'master'` |
| images.owsec.pullPolicy | string | Docker image pull policy | `'Always'` |
| services.owsec.type | string | OpenWIFI Security service type | `'LoadBalancer'` |
| services.owsec.ports.restapi.servicePort | number | REST API endpoint port to be exposed on service | `16001` |
| services.owsec.ports.restapi.targetPort | number | REST API endpoint port to be targeted by service | `16001` |
| services.owsec.ports.restapi.protocol | string | REST API endpoint protocol | `'TCP'` |
| services.owsec.ports.restapiinternal.servicePort | string | Internal REST API endpoint port to be exposed on service | `17001` |
| services.owsec.ports.restapiinternal.targetPort | number | Internal REST API endpoint port to be targeted by service | `17001` |
| services.owsec.ports.restapiinternal.protocol | string | Internal REST API endpoint protocol | `'TCP'` |
| checks.owsec.liveness.httpGet.path | string | Liveness check path to be used | `'/'` |
| checks.owsec.liveness.httpGet.port | number | Liveness check port to be used (should be pointint to ALB endpoint) | `16101` |
| checks.owsec.readiness.httpGet.path | string | Readiness check path to be used | `'/'` |
| checks.owsec.readiness.httpGet.port | number | Readiness check port to be used (should be pointint to ALB endpoint) | `16101` |
| images.ucentralsec.repository | string | Docker image repository | |
| images.ucentralsec.tag | string | Docker image tag | `'master'` |
| images.ucentralsec.pullPolicy | string | Docker image pull policy | `'Always'` |
| services.ucentralsec.type | string | uCentralSec service type | `'LoadBalancer'` |
| services.ucentralsec.ports.restapi.servicePort | number | REST API endpoint port to be exposed on service | `16001` |
| services.ucentralsec.ports.restapi.targetPort | number | REST API endpoint port to be targeted by service | `16001` |
| services.ucentralsec.ports.restapi.protocol | string | REST API endpoint protocol | `'TCP'` |
| services.ucentralsec.ports.restapiinternal.servicePort | string | Internal REST API endpoint port to be exposed on service | `17001` |
| services.ucentralsec.ports.restapiinternal.targetPort | number | Internal REST API endpoint port to be targeted by service | `17001` |
| services.ucentralsec.ports.restapiinternal.protocol | string | Internal REST API endpoint protocol | `'TCP'` |
| checks.ucentralsec.liveness.httpGet.path | string | Liveness check path to be used | `'/'` |
| checks.ucentralsec.liveness.httpGet.port | number | Liveness check port to be used (should be pointint to ALB endpoint) | `16101` |
| checks.ucentralsec.readiness.httpGet.path | string | Readiness check path to be used | `'/'` |
| checks.ucentralsec.readiness.httpGet.port | number | Readiness check port to be used (should be pointint to ALB endpoint) | `16101` |
| ingresses.restapi.enabled | boolean | Defines if REST API endpoint should be exposed via Ingress controller | `False` |
| ingresses.restapi.hosts | array | List of hosts for exposed REST API | |
| ingresses.restapi.paths | array | List of paths to be exposed for REST API | |
| volumes.owsec | array | Defines list of volumes to be attached to the Security | |
| persistence.enabled | boolean | Defines if Security requires Persistent Volume (required for permanent files storage and SQLite DB if enabled) | `True` |
| volumes.ucentralsec | array | Defines list of volumes to be attached to uCentralSec | |
| persistence.enabled | boolean | Defines if uCentralSec requires Persistent Volume (required for permanent files storage and SQLite DB if enabled) | `True` |
| persistence.accessModes | array | Defines PV access modes | |
| persistence.size | string | Defines PV size | `'10Gi'` |
| public_env_variables | hash | Defines list of environment variables to be passed to the Security | |
| configProperties | hash | Configuration properties that should be passed to the application in `owsec.properties`. May be passed by key in set (i.e. `configProperties."rtty\.token"`) | |
| certs | hash | Defines files (keys and certificates) that should be passed to the Security (PEM format is adviced to be used) (see `volumes.owsec` on where it is mounted) | |
| public_env_variables | hash | Defines list of environment variables to be passed to uCentralSec | |
| configProperties | hash | Configuration properties that should be passed to the application in `ucentralsec.properties`. May be passed by key in set (i.e. `configProperties."rtty\.token"`) | |
| certs | hash | Defines files (keys and certificates) that should be passed to uCentralSec (PEM format is adviced to be used) (see `volumes.ucentralsec` on where it is mounted) | |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

2
helm/templates/_config.tpl
View File

@@ -1,4 +1,4 @@
{{- define "owsec.config" -}}
{{- define "ucentralsec.config" -}}
{{- range $key, $value := .Values.configProperties }}
{{ $key }} = {{ $value }}
{{- end }}

6
helm/templates/_helpers.tpl
View File

@@ -2,7 +2,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "owsec.name" -}}
{{- define "ucentralsec.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "owsec.fullname" -}}
{{- define "ucentralsec.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
@@ -27,6 +27,6 @@ If release name contains chart name it will be used as a full name.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "owsec.chart" -}}
{{- define "ucentralsec.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

38
helm/templates/deployment.yaml
View File

@@ -3,10 +3,10 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "owsec.fullname" . }}
name: {{ include "ucentralsec.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "owsec.name" . }}
helm.sh/chart: {{ include "owsec.chart" . }}
app.kubernetes.io/name: {{ include "ucentralsec.name" . }}
helm.sh/chart: {{ include "ucentralsec.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
@@ -15,28 +15,28 @@ spec:
type: {{ .Values.strategyType }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "owsec.name" . }}
app.kubernetes.io/name: {{ include "ucentralsec.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.services.owsec.labels }}
{{- with .Values.services.ucentralsec.labels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
annotations:
checksum/config: {{ include "owsec.config" . | sha256sum }}
checksum/config: {{ include "ucentralsec.config" . | sha256sum }}
labels:
app.kubernetes.io/name: {{ include "owsec.name" . }}
app.kubernetes.io/name: {{ include "ucentralsec.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.services.owsec.labels }}
{{- with .Values.services.ucentralsec.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
containers:
- name: owsec
image: "{{ .Values.images.owsec.repository }}:{{ .Values.images.owsec.tag }}"
imagePullPolicy: {{ .Values.images.owsec.pullPolicy }}
- name: ucentralsec
image: "{{ .Values.images.ucentralsec.repository }}:{{ .Values.images.ucentralsec.tag }}"
imagePullPolicy: {{ .Values.images.ucentralsec.pullPolicy }}
env:
- name: KUBERNETES_DEPLOYED
@@ -49,19 +49,19 @@ spec:
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ include "owsec.fullname" $root }}-env
name: {{ include "ucentralsec.fullname" $root }}-env
key: {{ $key }}
{{- end }}
ports:
{{- range $port, $portValue := .Values.services.owsec.ports }}
{{- range $port, $portValue := .Values.services.ucentralsec.ports }}
- name: {{ $port }}
containerPort: {{ $portValue.targetPort }}
protocol: {{ $portValue.protocol }}
{{- end }}
volumeMounts:
{{- range .Values.volumes.owsec }}
{{- range .Values.volumes.ucentralsec }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
{{- if .subPath }}
@@ -69,13 +69,13 @@ spec:
{{- end }}
{{- end }}
{{- if .Values.checks.owsec.liveness }}
{{- if .Values.checks.ucentralsec.liveness }}
livenessProbe:
{{- toYaml .Values.checks.owsec.liveness | nindent 12 }}
{{- toYaml .Values.checks.ucentralsec.liveness | nindent 12 }}
{{- end }}
{{- if .Values.checks.owsec.readiness }}
{{- if .Values.checks.ucentralsec.readiness }}
readinessProbe:
{{- toYaml .Values.checks.owsec.readiness | nindent 12 }}
{{- toYaml .Values.checks.ucentralsec.readiness | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
@@ -91,7 +91,7 @@ spec:
imagePullSecrets:
{{- range $image, $imageValue := .Values.images }}
{{- if $imageValue.regcred }}
- name: {{ include "owsec.fullname" $root }}-{{ $image }}-regcred
- name: {{ include "ucentralsec.fullname" $root }}-{{ $image }}-regcred
{{- end }}
{{- end }}

8
helm/templates/ingress.yaml
View File

@@ -5,10 +5,10 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ include "owsec.fullname" $root }}-{{ $ingress }}
name: {{ include "ucentralsec.fullname" $root }}-{{ $ingress }}
labels:
app.kubernetes.io/name: {{ include "owsec.name" $root }}
helm.sh/chart: {{ include "owsec.chart" $root }}
app.kubernetes.io/name: {{ include "ucentralsec.name" $root }}
helm.sh/chart: {{ include "ucentralsec.chart" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
app.kubernetes.io/managed-by: {{ $root.Release.Service }}
{{- with $ingressValue.annotations }}
@@ -37,7 +37,7 @@ spec:
{{- range $ingressValue.paths }}
- path: {{ .path }}
backend:
serviceName: {{ include "owsec.fullname" $root }}-{{ .serviceName }}
serviceName: {{ include "ucentralsec.fullname" $root }}-{{ .serviceName }}
servicePort: {{ .servicePort }}
{{- end }}
{{- end }}

6
helm/templates/pvc.yaml
View File

@@ -3,10 +3,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "owsec.fullname" . }}-pvc
name: {{ template "ucentralsec.fullname" . }}-pvc
labels:
app.kubernetes.io/name: {{ include "owsec.name" . }}
helm.sh/chart: {{ include "owsec.chart" . }}
app.kubernetes.io/name: {{ include "ucentralsec.name" . }}
helm.sh/chart: {{ include "ucentralsec.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.persistence.annotations }}

6
helm/templates/secret-certs.yaml
View File

@@ -2,11 +2,11 @@
apiVersion: v1
metadata:
labels:
app.kuberentes.io/name: {{ include "owsec.name" . }}
helm.sh/chart: {{ include "owsec.chart" . }}
app.kuberentes.io/name: {{ include "ucentralsec.name" . }}
helm.sh/chart: {{ include "ucentralsec.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
name: {{ include "owsec.fullname" . }}-certs
name: {{ include "ucentralsec.fullname" . }}-certs
kind: Secret
type: Opaque
data:

8
helm/templates/secret-config.yaml
View File

@@ -2,12 +2,12 @@
apiVersion: v1
metadata:
labels:
app.kuberentes.io/name: {{ include "owsec.name" . }}
helm.sh/chart: {{ include "owsec.chart" . }}
app.kuberentes.io/name: {{ include "ucentralsec.name" . }}
helm.sh/chart: {{ include "ucentralsec.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
name: {{ include "owsec.fullname" . }}-config
name: {{ include "ucentralsec.fullname" . }}-config
kind: Secret
type: Opaque
data:
owsec.properties: {{ include "owsec.config" . | b64enc }}
ucentralsec.properties: {{ include "ucentralsec.config" . | b64enc }}

6
helm/templates/secret-env.yaml
View File

@@ -2,11 +2,11 @@
apiVersion: v1
metadata:
labels:
app.kuberentes.io/name: {{ include "owsec.name" . }}
helm.sh/chart: {{ include "owsec.chart" . }}
app.kuberentes.io/name: {{ include "ucentralsec.name" . }}
helm.sh/chart: {{ include "ucentralsec.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
name: {{ include "owsec.fullname" . }}-env
name: {{ include "ucentralsec.fullname" . }}-env
kind: Secret
type: Opaque
data:

6
helm/templates/secret-regcred.yaml
View File

@@ -10,11 +10,11 @@ kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
labels:
app.kuberentes.io/name: {{ include "owsec.name" $root }}
helm.sh/chart: {{ include "owsec.chart" $root }}
app.kuberentes.io/name: {{ include "ucentralsec.name" $root }}
helm.sh/chart: {{ include "ucentralsec.chart" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
app.kubernetes.io/managed-by: {{ $root.Release.Service }}
name: {{ include "owsec.fullname" $root }}-{{ $image }}-regcred
name: {{ include "ucentralsec.fullname" $root }}-{{ $image }}-regcred
data:
.dockerconfigjson: {{ template "imagePullSecret" $imageValue.regcred }}
{{- end }}

8
helm/templates/service.yaml
View File

@@ -4,14 +4,14 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "owsec.fullname" $root }}-{{ $service }}
name: {{ include "ucentralsec.fullname" $root }}-{{ $service }}
{{- with $serviceValue.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "owsec.name" $root }}
helm.sh/chart: {{ include "owsec.chart" $root }}
app.kubernetes.io/name: {{ include "ucentralsec.name" $root }}
helm.sh/chart: {{ include "ucentralsec.chart" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
app.kubernetes.io/managed-by: {{ $root.Release.Service }}
@@ -39,7 +39,7 @@ spec:
{{- end }}
{{- end }}
selector:
app.kubernetes.io/name: {{ include "owsec.name" $root }}
app.kubernetes.io/name: {{ include "ucentralsec.name" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
{{- with $serviceValue.labels }}
{{- toYaml . | nindent 4 }}

125
helm/values.yaml
View File

@@ -6,9 +6,9 @@ nameOverride: ""
fullnameOverride: ""
images:
owsec:
repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owsec
tag: v2.2.0-RC1
ucentralsec:
repository: tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralsec
tag: v2.1.0-RC1
pullPolicy: Always
# regcred:
# registry: tip-tip-wlan-cloud-ucentral.jfrog.io
@@ -16,7 +16,7 @@ images:
# password: password
services:
owsec:
ucentralsec:
type: LoadBalancer
ports:
restapi:
@@ -29,7 +29,7 @@ services:
protocol: TCP
checks:
owsec:
ucentralsec:
liveness:
httpGet:
path: /
@@ -49,29 +49,29 @@ ingresses:
- restapi.chart-example.local
paths:
- path: /
serviceName: owsec
serviceName: ucentralsec
servicePort: restapi
volumes:
owsec:
ucentralsec:
- name: config
mountPath: /owsec-data/owsec.properties
subPath: owsec.properties
mountPath: /ucentralsec-data/ucentralsec.properties
subPath: ucentralsec.properties
# Template below will be rendered in template
volumeDefinition: |
secret:
secretName: {{ include "owsec.fullname" . }}-config
secretName: {{ include "ucentralsec.fullname" . }}-config
- name: certs
mountPath: /owsec-data/certs
mountPath: /ucentralsec-data/certs
volumeDefinition: |
secret:
secretName: {{ include "owsec.fullname" . }}-certs
secretName: {{ include "ucentralsec.fullname" . }}-certs
# Change this if you want to use another volume type
- name: persist
mountPath: /owsec-data/persist
mountPath: /ucentralsec-data/persist
volumeDefinition: |
persistentVolumeClaim:
claimName: {{ template "owsec.fullname" . }}-pvc
claimName: {{ template "ucentralsec.fullname" . }}-pvc
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
@@ -104,49 +104,48 @@ persistence:
# Application
public_env_variables:
OWSEC_ROOT: /owsec-data
OWSEC_CONFIG: /owsec-data
UCENTRALSEC_ROOT: /ucentralsec-data
UCENTRALSEC_CONFIG: /ucentralsec-data
secret_env_variables: {}
configProperties:
# -> Public part
# REST API
openwifi.restapi.host.0.backlog: 100
openwifi.restapi.host.0.security: relaxed
openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-ca.pem
openwifi.restapi.host.0.address: "*"
openwifi.restapi.host.0.port: 16001
openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-cert.pem
openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-key.pem
openwifi.restapi.wwwassets: $OWSEC_ROOT/wwwassets
openwifi.internal.restapi.host.0.backlog: 100
openwifi.internal.restapi.host.0.security: relaxed
openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-ca.pem
openwifi.internal.restapi.host.0.address: "*"
openwifi.internal.restapi.host.0.port: 17001
openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-cert.pem
openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-key.pem
ucentral.restapi.host.0.backlog: 100
ucentral.restapi.host.0.security: relaxed
ucentral.restapi.host.0.rootca: $UCENTRALSEC_ROOT/certs/restapi-ca.pem
ucentral.restapi.host.0.address: "*"
ucentral.restapi.host.0.port: 16001
ucentral.restapi.host.0.cert: $UCENTRALSEC_ROOT/certs/restapi-cert.pem
ucentral.restapi.host.0.key: $UCENTRALSEC_ROOT/certs/restapi-key.pem
ucentral.restapi.wwwassets: $UCENTRALSEC_ROOT/wwwassets
ucentral.internal.restapi.host.0.backlog: 100
ucentral.internal.restapi.host.0.security: relaxed
ucentral.internal.restapi.host.0.rootca: $UCENTRALSEC_ROOT/certs/restapi-ca.pem
ucentral.internal.restapi.host.0.address: "*"
ucentral.internal.restapi.host.0.port: 17001
ucentral.internal.restapi.host.0.cert: $UCENTRALSEC_ROOT/certs/restapi-cert.pem
ucentral.internal.restapi.host.0.key: $UCENTRALSEC_ROOT/certs/restapi-key.pem
# Authentication
authentication.enabled: true
authentication.default.access: master
authentication.service.type: internal
# Mailer
mailer.hostname: smtp.gmail.com
mailer.sender: OpenWIFI
mailer.loginmethod: login
mailer.port: 587
mailer.templates: $OWSEC_ROOT/templates
mailer.templates: $UCENTRALSEC_ROOT/templates
# ALB
alb.enable: "true"
alb.port: 16101
# Kafka
openwifi.kafka.enable: "false"
openwifi.kafka.group.id: security
openwifi.kafka.client.id: security1
openwifi.kafka.brokerlist: localhost:9092
openwifi.kafka.auto.commit: false
openwifi.kafka.queue.buffering.max.ms: 50
ucentral.kafka.enable: "false"
ucentral.kafka.group.id: security
ucentral.kafka.client.id: security1
ucentral.kafka.brokerlist: localhost:9092
ucentral.kafka.auto.commit: false
ucentral.kafka.queue.buffering.max.ms: 50
# Storage
storage.type: sqlite # (sqlite|postgresql|mysql|odbc)
## SQLite
@@ -157,24 +156,24 @@ configProperties:
storage.type.postgresql.maxsessions: 64
storage.type.postgresql.idletime: 60
storage.type.postgresql.host: localhost
storage.type.postgresql.database: owsec
storage.type.postgresql.database: ucentral
storage.type.postgresql.port: 5432
storage.type.postgresql.connectiontimeout: 60
## MySQL
storage.type.mysql.maxsessions: 64
storage.type.mysql.idletime: 60
storage.type.mysql.host: localhost
storage.type.mysql.database: owsec
storage.type.mysql.database: ucentral
storage.type.mysql.port: 3306
storage.type.mysql.connectiontimeout: 60
# System
openwifi.service.key: $OWSEC_ROOT/certs/restapi-key.pem
openwifi.system.data: $OWSEC_ROOT/persist
openwifi.system.debug: "true"
openwifi.system.uri.private: https://localhost:17001
openwifi.system.uri.public: https://localhost:16001
openwifi.system.uri.ui: https://localhost
openwifi.system.commandchannel: /tmp/app_owsec
ucentral.service.key: $UCENTRALSEC_ROOT/certs/restapi-key.pem
ucentral.system.data: $UCENTRALSEC_ROOT/persist
ucentral.system.debug: "true"
ucentral.system.uri.private: https://localhost:17001
ucentral.system.uri.public: https://localhost:16001
ucentral.system.uri.ui: https://localhost
ucentral.system.commandchannel: /tmp/app_ucentralsec
# Logging
logging.formatters.f1.class: PatternFormatter
logging.formatters.f1.pattern: "%Y-%m-%d %H:%M:%S %s: [%p] %t"
@@ -182,7 +181,7 @@ configProperties:
logging.channels.c1.class: ConsoleChannel
logging.channels.c1.formatter: f1
logging.channels.c2.class: FileChannel
logging.channels.c2.path: /tmp/log_owsec
logging.channels.c2.path: /tmp/log_ucentralsec
logging.channels.c2.formatter.class: PatternFormatter
logging.channels.c2.formatter.pattern: "%Y-%m-%d %H:%M:%S %s: [%p] %t"
logging.channels.c2.rotation: "20 M"
@@ -195,8 +194,8 @@ configProperties:
# -> Secret part
# REST API
openwifi.restapi.host.0.key.password: mypassword
openwifi.internal.restapi.host.0.key.password: mypassword
ucentral.restapi.host.0.key.password: mypassword
ucentral.internal.restapi.host.0.key.password: mypassword
# Authentication
authentication.default.username: tip@ucentral.com
authentication.default.password: 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
@@ -225,10 +224,10 @@ postgresql:
repository: bitnami/postgresql
tag: 11.13.0-debian-10-r0
postgresqlPostgresPassword: "rootPassword"
postgresqlUsername: stephb
postgresqlPassword: snoopy99
postgresqlDatabase: owgw
postgresqlPostgresPassword: ""
postgresqlUsername: postgres
postgresqlPassword: ""
postgresqlDatabase: ""
persistence:
enabled: true
@@ -245,10 +244,10 @@ mysql:
tag: 8.0.26-debian-10-r10
auth:
rootPassword: rootPassword
database: owgw
username: stephb
password: snoopy99
rootPassword: ""
database: my_database
username: ""
password: ""
primary:
persistence:
@@ -266,10 +265,10 @@ mariadb:
tag: 10.5.12-debian-10-r0
auth:
rootPassword: rootPassword
database: owgw
username: stephb
password: snoopy99
rootPassword: ""
database: my_database
username: ""
password: ""
primary:
persistence:

261
openpapi/ucentralsec/owsec.yaml → openpapi/ucentralsec/ucentralsec.yaml
View File

@@ -287,8 +287,6 @@ components:
securityPolicyChange:
type: integer
format: int64
userTypeProprietaryInfo:
type: string
UserList:
type: object
@@ -298,21 +296,6 @@ components:
items:
$ref: '#/components/schemas/UserInfo'
EMailInfo:
type: object
properties:
from:
type: string
format: email
subject:
type: string
recipients:
type: array
items:
type: string
format: email
text:
type: string
#########################################################################################
##
@@ -382,34 +365,6 @@ components:
- $ref: '#/components/schemas/StringList'
- $ref: '#/components/schemas/TagValuePairList'
SystemInfoResults:
type: object
properties:
version:
type: string
uptime:
type: integer
format: integer64
start:
type: integer
format: integer64
os:
type: string
processors:
type: integer
hostname:
type: string
certificates:
type: array
items:
type: object
properties:
filename:
type: string
expires:
type: integer
format: int64
ProfileAction:
type: object
properties:
@@ -484,80 +439,6 @@ components:
$ref: '#/components/schemas/UserInfo'
tokenInfo:
$ref: '#/components/schemas/WebTokenResult'
SystemCommandSetLogLevel:
type: object
properties:
command:
type: string
enum:
- setloglevel
subsystems:
type: array
items:
$ref: '#/components/schemas/TagValuePair'
SystemCommandReload:
type: object
properties:
command:
type: string
enum:
- reload
subsystems:
type: array
items:
type: string
example: these are the SubSystems names retrieve with the GetSubSystemsNamesResult.
SystemCommandGetLogLevels:
type: object
properties:
command:
type: string
enum:
- getloglevels
SystemGetLogLevelsResult:
type: object
properties:
taglist:
type: array
items:
$ref: '#/components/schemas/TagValuePair'
SystemCommandGetLogLevelNames:
type: object
properties:
command:
type: string
enum:
- getloglevelnames
SystemCommandGetSubsystemNames:
type: object
properties:
command:
type: string
enum:
- getsubsystemnames
SystemCommandGetLogLevelNamesResult:
type: object
properties:
list:
type: array
items:
type: string
SystemGetSubSystemNemesResult:
type: object
properties:
taglist:
type: array
items:
$ref: '#/components/schemas/TagValuePair'
#########################################################################################
##
## End of uCentral system wide values
@@ -894,42 +775,63 @@ paths:
404:
$ref: '#/components/responses/NotFound'
/email:
post:
tags:
- EMail
summary: Send test email with the system
operationId: Send a test email
requestBody:
description: The requested message
content:
application/json:
schema:
$ref: '#/components/schemas/EMailInfo'
responses:
200:
$ref: '#/components/responses/Success'
403:
$ref: '#/components/responses/Unauthorized'
404:
$ref: '#/components/responses/NotFound'
500:
description: Error description
content:
application/json:
schema:
type: object
properties:
errors:
type: array
items:
type: string
#########################################################################################
##
## These are endpoints that all services in the uCentral stack must provide
##
#########################################################################################
/system:
post:
tags:
- System Commands
summary: Perform some systeme wide commands
operationId: systemCommand
requestBody:
description: Command details
content:
application/json:
schema:
$ref: '#/components/schemas/SystemCommandDetails'
responses:
200:
description: Successfull command execution
content:
application/json:
schema:
$ref: '#/components/schemas/SystemCommandResults'
403:
$ref: '#/components/responses/Unauthorized'
404:
$ref: '#/components/responses/NotFound'
get:
tags:
- System Commands
summary: Retrieve different values from the running service.
operationId: getSystemCommand
parameters:
- in: query
description: Get a value
name: command
schema:
type: string
enum:
- version
- times
required: true
responses:
200:
description: Successfull command execution
content:
application/json:
schema:
$ref: '#/components/schemas/TagValuePair'
403:
$ref: '#/components/responses/Unauthorized'
404:
$ref: '#/components/responses/NotFound'
/securityProfiles:
get:
tags:
@@ -1000,65 +902,6 @@ paths:
404:
$ref: '#/components/responses/NotFound'
/system:
post:
tags:
- System Commands
summary: Perform some systeme wide commands
operationId: systemCommand
requestBody:
description: Command details
content:
application/json:
schema:
oneOf:
- $ref: '#/components/schemas/SystemCommandSetLogLevel'
- $ref: '#/components/schemas/SystemCommandReload'
- $ref: '#/components/schemas/SystemCommandGetLogLevels'
- $ref: '#/components/schemas/SystemCommandGetLogLevelNames'
- $ref: '#/components/schemas/SystemCommandGetSubsystemNames'
responses:
200:
description: Successfull command execution
content:
application/json:
schema:
oneOf:
- $ref: '#/components/schemas/SystemGetLogLevelsResult'
- $ref: '#/components/schemas/SystemCommandGetLogLevelNamesResult'
- $ref: '#/components/schemas/SystemGetSubSystemNemesResult'
403:
$ref: '#/components/responses/Unauthorized'
404:
$ref: '#/components/responses/NotFound'
get:
tags:
- System Commands
summary: Retrieve different values from the running service.
operationId: getSystemCommand
parameters:
- in: query
description: Get a value
name: command
schema:
type: string
enum:
- info
required: true
responses:
200:
description: Successfull command execution
content:
application/json:
schema:
oneOf:
- $ref: '#/components/schemas/SystemInfoResults'
403:
$ref: '#/components/responses/Unauthorized'
404:
$ref: '#/components/responses/NotFound'
#########################################################################################
##

146
owsec.properties.tmpl
View File

@@ -1,146 +0,0 @@
#
# uCentral protocol server for devices. This is where you point
# all your devices. You can replace the * for address by the specific
# address of one of your interfaces
#
#
# REST API access
#
openwifi.restapi.host.0.backlog = 100
openwifi.restapi.host.0.security = relaxed
openwifi.restapi.host.0.rootca = ${RESTAPI_HOST_ROOTCA}
openwifi.restapi.host.0.address = *
openwifi.restapi.host.0.port = ${RESTAPI_HOST_PORT}
openwifi.restapi.host.0.cert = ${RESTAPI_HOST_CERT}
openwifi.restapi.host.0.key = ${RESTAPI_HOST_KEY}
openwifi.restapi.host.0.key.password = ${RESTAPI_HOST_KEY_PASSWORD}
openwifi.restapi.wwwassets = ${RESTAPI_WWWASSETS}
openwifi.internal.restapi.host.0.backlog = 100
openwifi.internal.restapi.host.0.security = relaxed
openwifi.internal.restapi.host.0.rootca = ${INTERNAL_RESTAPI_HOST_ROOTCA}
openwifi.internal.restapi.host.0.address = *
openwifi.internal.restapi.host.0.port = ${INTERNAL_RESTAPI_HOST_PORT}
openwifi.internal.restapi.host.0.cert = ${INTERNAL_RESTAPI_HOST_CERT}
openwifi.internal.restapi.host.0.key = ${INTERNAL_RESTAPI_HOST_KEY}
openwifi.internal.restapi.host.0.key.password = ${INTERNAL_RESTAPI_HOST_KEY_PASSWORD}
#
# Generic section that all microservices must have
#
authentication.enabled = true
authentication.default.username = ${AUTHENTICATION_DEFAULT_USERNAME}
authentication.default.password = ${AUTHENTICATION_DEFAULT_PASSWORD}
openwifi.system.data = ${SYSTEM_DATA}
openwifi.system.uri.private = ${SYSTEM_URI_PRIVATE}
openwifi.system.uri.public = ${SYSTEM_URI_PUBLIC}
openwifi.system.uri.ui = ${SYSTEM_URI_UI}
openwifi.system.commandchannel = /tmp/app.ucentralsec
openwifi.service.key = ${SERVICE_KEY}
openwifi.service.key.password = ${SERVICE_KEY_PASSWORD}
#
# Security Microservice Specific Section
#
mailer.hostname = ${MAILER_HOSTNAME}
mailer.username = ${MAILER_USERNAME}
mailer.password = ${MAILER_PASSWORD}
mailer.sender = ${MAILER_SENDER}
mailer.loginmethod = login
mailer.port = ${MAILER_PORT}
mailer.templates = $UCENTRALSEC_ROOT/templates
#############################
# Generic information for all micro services
#############################
#
# NLB Support
#
alb.enable = true
alb.port = 16101
#
# Kafka
#
openwifi.kafka.group.id = security
openwifi.kafka.client.id = security1
openwifi.kafka.enable = ${KAFKA_ENABLE}
openwifi.kafka.brokerlist = ${KAFKA_BROKERLIST}
openwifi.kafka.auto.commit = false
openwifi.kafka.queue.buffering.max.ms = 50
openwifi.document.policy.access = /wwwassets/access_policy.html
openwifi.document.policy.password = /wwwassets/password_policy.html
openwifi.avatar.maxsize = 2000000
#
# This section select which form of persistence you need
# Only one selected at a time. If you select multiple, this service will die if a horrible
# death and might make your beer flat.
#
storage.type = ${STORAGE_TYPE}
storage.type.sqlite.db = security.db
storage.type.sqlite.idletime = 120
storage.type.sqlite.maxsessions = 128
storage.type.postgresql.maxsessions = 64
storage.type.postgresql.idletime = 60
storage.type.postgresql.host = ${STORAGE_TYPE_POSTGRESQL_HOST}
storage.type.postgresql.username = ${STORAGE_TYPE_POSTGRESQL_USERNAME}
storage.type.postgresql.password = ${STORAGE_TYPE_POSTGRESQL_PASSWORD}
storage.type.postgresql.database = ${STORAGE_TYPE_POSTGRESQL_DATABASE}
storage.type.postgresql.port = ${STORAGE_TYPE_POSTGRESQL_PORT}
storage.type.postgresql.connectiontimeout = 60
storage.type.mysql.maxsessions = 64
storage.type.mysql.idletime = 60
storage.type.mysql.host = ${STORAGE_TYPE_MYSQL_HOST}
storage.type.mysql.username = ${STORAGE_TYPE_MYSQL_USERNAME}
storage.type.mysql.password = ${STORAGE_TYPE_MYSQL_PASSWORD}
storage.type.mysql.database = ${STORAGE_TYPE_MYSQL_DATABASE}
storage.type.mysql.port = ${STORAGE_TYPE_MYSQL_PORT}
storage.type.mysql.connectiontimeout = 60
########################################################################
########################################################################
#
# Logging: please leave as is for now.
#
########################################################################
logging.formatters.f1.class = PatternFormatter
logging.formatters.f1.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
logging.formatters.f1.times = UTC
logging.channels.c1.class = ConsoleChannel
logging.channels.c1.formatter = f1
# This is where the logs will be written. This path MUST exist
logging.channels.c2.class = FileChannel
logging.channels.c2.path = $UCENTRALSEC_ROOT/logs/log
logging.channels.c2.formatter.class = PatternFormatter
logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
logging.channels.c2.rotation = 20 M
logging.channels.c2.archive = timestamp
logging.channels.c2.purgeCount = 20
logging.channels.c3.class = ConsoleChannel
logging.channels.c3.pattern = %s: [%p] %t
# External Channel
logging.loggers.root.channel = c1
logging.loggers.root.level = debug
# Inline Channel with PatternFormatter
# logging.loggers.l1.name = logger1
# logging.loggers.l1.channel.class = ConsoleChannel
# logging.loggers.l1.channel.pattern = %s: [%p] %t
# logging.loggers.l1.level = information
# SplitterChannel
# logging.channels.splitter.class = SplitterChannel
# logging.channels.splitter.channels = l1,l2
# logging.loggers.l2.name = logger2
# logging.loggers.l2.channel = splitter

4
set_env.sh
View File

@@ -1,4 +1,4 @@
#!/bin/bash
export OWSEC_CONFIG=`pwd`
export OWSEC_ROOT=`pwd`
export UCENTRALSEC_CONFIG=`pwd`
export UCENTRALSEC_ROOT=`pwd`

14
src/ALBHealthCheckServer.h
View File

@@ -1,9 +1,5 @@
//
// License type: BSD 3-Clause License
// License copy: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
//
// Created by Stephane Bourque on 2021-03-04.
// Arilia Wireless Inc.
// Created by stephane bourque on 2021-06-04.
//
#ifndef UCENTRALGW_ALBHEALTHCHECKSERVER_H
@@ -30,12 +26,12 @@ namespace OpenWifi {
/// Return a HTML document with the current date and time.
{
public:
explicit ALBRequestHandler(Poco::Logger & L)
ALBRequestHandler(Poco::Logger & L)
: Logger_(L)
{
}
void handleRequest(Poco::Net::HTTPServerRequest& Request, Poco::Net::HTTPServerResponse& Response) override
void handleRequest(Poco::Net::HTTPServerRequest& Request, Poco::Net::HTTPServerResponse& Response)
{
Logger_.information(Poco::format("ALB-REQUEST(%s): New ALB request.",Request.clientAddress().toString()));
Response.setChunkedTransferEncoding(true);
@@ -87,7 +83,7 @@ namespace OpenWifi {
return instance_;
}
int Start() override {
int Start() {
if(Daemon()->ConfigGetBool("alb.enable",false)) {
Port_ = (int)Daemon()->ConfigGetInt("alb.port",15015);
Socket_ = std::make_unique<Poco::Net::ServerSocket>(Port_);
@@ -99,7 +95,7 @@ namespace OpenWifi {
return 0;
}
void Stop() override {
void Stop() {
if(Server_)
Server_->stop();
}

13
src/AuthClient.cpp
View File

@@ -1,11 +1,6 @@
//
// License type: BSD 3-Clause License
// License copy: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
// Created by stephane bourque on 2021-06-30.
//
// Created by Stephane Bourque on 2021-03-04.
// Arilia Wireless Inc.
//
#include <utility>
#include "AuthClient.h"
@@ -25,7 +20,7 @@ namespace OpenWifi {
}
void AuthClient::RemovedCachedToken(const std::string &Token) {
std::lock_guard G(Mutex_);
SubMutexGuard G(Mutex_);
UserCache_.erase(Token);
}
@@ -34,7 +29,7 @@ namespace OpenWifi {
}
bool AuthClient::IsAuthorized(Poco::Net::HTTPServerRequest & Request, std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo ) {
std::lock_guard G(Mutex_);
SubMutexGuard G(Mutex_);
auto User = UserCache_.find(SessionToken);
if(User != UserCache_.end() && !IsTokenExpired(User->second.webtoken)) {
@@ -63,7 +58,7 @@ namespace OpenWifi {
}
bool AuthClient::IsTokenAuthorized(const std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo) {
std::lock_guard G(Mutex_);
SubMutexGuard G(Mutex_);
auto User = UserCache_.find(SessionToken);
if(User != UserCache_.end() && !IsTokenExpired(User->second.webtoken)) {

103
src/AuthService.cpp
View File

@@ -67,7 +67,7 @@ namespace OpenWifi {
if(!Secure_)
return true;
std::lock_guard Guard(Mutex_);
SubMutexGuard Guard(Mutex_);
std::string CallToken;
@@ -80,48 +80,33 @@ namespace OpenWifi {
} catch(const Poco::Exception &E) {
}
if(!CallToken.empty()) {
if(Storage()->IsTokenRevoked(CallToken))
return false;
auto Client = UserCache_.find(CallToken);
if( Client == UserCache_.end() )
return ValidateToken(CallToken, CallToken, UInfo);
if(CallToken.empty())
CallToken = Request.get("X-API-KEY ", "");
if((Client->second.webtoken.created_ + Client->second.webtoken.expires_in_) > time(nullptr)) {
SessionToken = CallToken;
UInfo = Client->second ;
return true;
}
UserCache_.erase(CallToken);
Storage()->RevokeToken(CallToken);
return false;
if(CallToken.empty())
return false;
auto Client = UserCache_.find(CallToken);
if( Client == UserCache_.end() )
return ValidateToken(CallToken, CallToken, UInfo);
if((Client->second.webtoken.created_ + Client->second.webtoken.expires_in_) > time(nullptr)) {
SessionToken = CallToken;
UInfo = Client->second ;
return true;
}
UserCache_.erase(CallToken);
return false;
}
bool AuthService::DeleteUserFromCache(const std::string &UserName) {
std::lock_guard Guard(Mutex_);
for(auto i=UserCache_.begin();i!=UserCache_.end();) {
if (i->second.userinfo.email==UserName) {
Logout(i->first);
i = UserCache_.erase(i);
} else {
++i;
}
}
return true;
}
bool AuthService::ValidatePassword(const std::string &Password) {
return std::regex_match(Password, PasswordValidation_);
}
void AuthService::Logout(const std::string &token) {
std::lock_guard Guard(Mutex_);
UserCache_.erase(token);
SubMutexGuard Guard(Mutex_);
UserCache_.erase(token);
try {
Poco::JSON::Object Obj;
@@ -130,8 +115,6 @@ namespace OpenWifi {
Obj.set("token", token);
std::stringstream ResultText;
Poco::JSON::Stringifier::stringify(Obj, ResultText);
std::string Tmp{token};
Storage()->RevokeToken(Tmp);
KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, Daemon()->PrivateEndPoint(), ResultText.str(),
false);
} catch (const Poco::Exception &E) {
@@ -140,7 +123,7 @@ namespace OpenWifi {
}
std::string AuthService::GenerateToken(const std::string & Identity, ACCESS_TYPE Type) {
std::lock_guard Guard(Mutex_);
SubMutexGuard Guard(Mutex_);
Poco::JWT::Token T;
@@ -160,22 +143,37 @@ namespace OpenWifi {
}
bool AuthService::ValidateToken(const std::string & Token, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo ) {
std::lock_guard Guard(Mutex_);
SubMutexGuard Guard(Mutex_);
Poco::JWT::Token DecryptedToken;
try {
auto E = UserCache_.find(SessionToken);
if(E == UserCache_.end()) {
if(Storage()->GetToken(SessionToken,UInfo)) {
if(Storage()->GetUserById(UInfo.userinfo.email,UInfo.userinfo)) {
UserCache_[UInfo.webtoken.access_token_] = UInfo;
return true;
if (Signer_.tryVerify(Token, DecryptedToken)) {
auto Expires = DecryptedToken.getExpiration();
if (Expires > Poco::Timestamp()) {
auto Identity = DecryptedToken.payload().get("identity").toString();
if(Storage()->GetUserById(Identity,UInfo.userinfo)) {
auto IssuedAt = DecryptedToken.getIssuedAt();
auto Subject = DecryptedToken.getSubject();
UInfo.webtoken.access_token_ = Token;
UInfo.webtoken.refresh_token_ = Token;
UInfo.webtoken.username_ = Identity;
UInfo.webtoken.id_token_ = Token;
UInfo.webtoken.token_type_ = "Bearer";
UInfo.webtoken.created_ = IssuedAt.epochTime();
UInfo.webtoken.expires_in_ = Expires.epochTime() - IssuedAt.epochTime();
UInfo.webtoken.idle_timeout_ = 5 * 60;
UserCache_[UInfo.webtoken.access_token_] = UInfo;
return true;
}
}
}
} else {
UInfo = E->second;
return true;
}
} catch (const Poco::Exception &E ) {
Logger_.log(E);
}
@@ -184,26 +182,24 @@ namespace OpenWifi {
void AuthService::CreateToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo)
{
std::lock_guard Guard(Mutex_);
SubMutexGuard Guard(Mutex_);
std::string Token = GenerateToken(UInfo.userinfo.Id,USERNAME);
SecurityObjects::AclTemplate ACL;
ACL.PortalLogin_ = ACL.Read_ = ACL.ReadWrite_ = ACL.ReadWriteCreate_ = ACL.Delete_ = true;
UInfo.webtoken.acl_template_ = ACL;
UInfo.webtoken.expires_in_ = TokenAging_ ;
UInfo.webtoken.idle_timeout_ = 5 * 60;
UInfo.webtoken.token_type_ = "Bearer";
UInfo.webtoken.access_token_ = GenerateToken(UInfo.userinfo.Id,USERNAME);
UInfo.webtoken.id_token_ = GenerateToken(UInfo.userinfo.Id,USERNAME);
UInfo.webtoken.refresh_token_ = GenerateToken(UInfo.userinfo.Id,CUSTOM);
UInfo.webtoken.access_token_ = Token;
UInfo.webtoken.id_token_ = Token;
UInfo.webtoken.refresh_token_ = Token;
UInfo.webtoken.created_ = time(nullptr);
UInfo.webtoken.username_ = UserName;
UInfo.webtoken.errorCode = 0;
UInfo.webtoken.userMustChangePassword = false;
UserCache_[UInfo.webtoken.access_token_] = UInfo;
UserCache_[Token] = UInfo;
Storage()->SetLastLogin(UInfo.userinfo.Id);
Storage()->AddToken(UInfo.webtoken.username_, UInfo.webtoken.access_token_,
UInfo.webtoken.refresh_token_, UInfo.webtoken.token_type_,
UInfo.webtoken.expires_in_, UInfo.webtoken.idle_timeout_);
}
bool AuthService::SetPassword(const std::string &NewPassword, SecurityObjects::UserInfo & UInfo) {
@@ -224,7 +220,7 @@ namespace OpenWifi {
AuthService::AUTH_ERROR AuthService::Authorize( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo )
{
std::lock_guard Guard(Mutex_);
SubMutexGuard Guard(Mutex_);
SecurityObjects::AclTemplate ACL;
Poco::toLowerInPlace(UserName);
@@ -335,13 +331,6 @@ namespace OpenWifi {
}
bool AuthService::IsValidToken(const std::string &Token, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo) {
std::lock_guard G(Mutex_);
auto It = UserCache_.find(Token);
if(It==UserCache_.end())
return false;
WebToken = It->second.webtoken;
UserInfo = It->second.userinfo;
return true;
}

1
src/AuthService.h
View File

@@ -82,7 +82,6 @@ namespace OpenWifi{
[[nodiscard]] static bool VerifyEmail(SecurityObjects::UserInfo &UInfo);
[[nodiscard]] static bool SendEmailToUser(std::string &Email, EMAIL_REASON Reason);
[[nodiscard]] bool DeleteUserFromCache(const std::string &UserName);
private:
static AuthService *instance_;

18
src/Daemon.h
View File

@@ -26,23 +26,23 @@
namespace OpenWifi {
static const char * vDAEMON_PROPERTIES_FILENAME = "owsec.properties";
static const char * vDAEMON_ROOT_ENV_VAR = "OWSEC_ROOT";
static const char * vDAEMON_CONFIG_ENV_VAR = "OWSEC_CONFIG";
static const char * vDAEMON_PROPERTIES_FILENAME = "ucentralsec.properties";
static const char * vDAEMON_ROOT_ENV_VAR = "UCENTRALSEC_ROOT";
static const char * vDAEMON_CONFIG_ENV_VAR = "UCENTRALSEC_CONFIG";
static const char * vDAEMON_APP_NAME = uSERVICE_SECURITY.c_str();
static const uint64_t vDAEMON_BUS_TIMER = 5000;
class Daemon : public MicroService {
public:
explicit Daemon(const std::string & PropFile,
const std::string & RootEnv,
const std::string & ConfigEnv,
const std::string & AppName,
explicit Daemon(std::string PropFile,
std::string RootEnv,
std::string ConfigEnv,
std::string AppName,
uint64_t BusTimer,
const Types::SubSystemVec & SubSystems) :
Types::SubSystemVec SubSystems) :
MicroService( PropFile, RootEnv, ConfigEnv, AppName, BusTimer, SubSystems) {};
void initialize(Poco::Util::Application &self) override;
void initialize(Poco::Util::Application &self);
static Daemon *instance();
private:
static Daemon *instance_;

32
src/KafkaManager.cpp
View File

@@ -17,13 +17,13 @@ namespace OpenWifi {
class KafkaManager *KafkaManager::instance_ = nullptr;
KafkaManager::KafkaManager() noexcept:
SubSystemServer("KafkaManager", "KAFKA-SVR", "openwifi.kafka")
SubSystemServer("KafkaManager", "KAFKA-SVR", "ucentral.kafka")
{
}
void KafkaManager::initialize(Poco::Util::Application & self) {
SubSystemServer::initialize(self);
KafkaEnabled_ = Daemon()->ConfigGetBool("openwifi.kafka.enable",false);
KafkaEnabled_ = Daemon()->ConfigGetBool("ucentral.kafka.enable",false);
}
#ifdef SMALL_BUILD
@@ -55,8 +55,8 @@ namespace OpenWifi {
void KafkaManager::ProducerThr() {
cppkafka::Configuration Config({
{ "client.id", Daemon()->ConfigGetString("openwifi.kafka.client.id") },
{ "metadata.broker.list", Daemon()->ConfigGetString("openwifi.kafka.brokerlist") }
{ "client.id", Daemon()->ConfigGetString("ucentral.kafka.client.id") },
{ "metadata.broker.list", Daemon()->ConfigGetString("ucentral.kafka.brokerlist") }
});
SystemInfoWrapper_ = R"lit({ "system" : { "id" : )lit" +
std::to_string(Daemon()->ID()) +
@@ -68,7 +68,7 @@ namespace OpenWifi {
std::this_thread::sleep_for(std::chrono::milliseconds(200));
try
{
std::lock_guard G(ProducerMutex_);
SubMutexGuard G(ProducerMutex_);
auto Num=0;
while (!Queue_.empty()) {
const auto M = Queue_.front();
@@ -96,10 +96,10 @@ namespace OpenWifi {
void KafkaManager::ConsumerThr() {
cppkafka::Configuration Config({
{ "client.id", Daemon()->ConfigGetString("openwifi.kafka.client.id") },
{ "metadata.broker.list", Daemon()->ConfigGetString("openwifi.kafka.brokerlist") },
{ "group.id", Daemon()->ConfigGetString("openwifi.kafka.group.id") },
{ "enable.auto.commit", Daemon()->ConfigGetBool("openwifi.kafka.auto.commit",false) },
{ "client.id", Daemon()->ConfigGetString("ucentral.kafka.client.id") },
{ "metadata.broker.list", Daemon()->ConfigGetString("ucentral.kafka.brokerlist") },
{ "group.id", Daemon()->ConfigGetString("ucentral.kafka.group.id") },
{ "enable.auto.commit", Daemon()->ConfigGetBool("ucentral.kafka.auto.commit",false) },
{ "auto.offset.reset", "latest" } ,
{ "enable.partition.eof", false }
});
@@ -125,8 +125,8 @@ namespace OpenWifi {
}
});
bool AutoCommit = Daemon()->ConfigGetBool("openwifi.kafka.auto.commit",false);
auto BatchSize = Daemon()->ConfigGetInt("openwifi.kafka.consumer.batchsize",20);
bool AutoCommit = Daemon()->ConfigGetBool("ucentral.kafka.auto.commit",false);
auto BatchSize = Daemon()->ConfigGetInt("ucentral.kafka.consumer.batchsize",20);
Types::StringVec Topics;
for(const auto &i:Notifiers_)
@@ -148,7 +148,7 @@ namespace OpenWifi {
Consumer.async_commit(Msg);
continue;
}
std::lock_guard G(ConsumerMutex_);
SubMutexGuard G(ConsumerMutex_);
auto It = Notifiers_.find(Msg.get_topic());
if (It != Notifiers_.end()) {
Types::TopicNotifyFunctionList &FL = It->second;
@@ -174,9 +174,9 @@ namespace OpenWifi {
return std::move( SystemInfoWrapper_ + PayLoad + "}");
}
void KafkaManager::PostMessage(const std::string &topic, const std::string & key, const std::string &PayLoad, bool WrapMessage ) {
void KafkaManager::PostMessage(std::string topic, std::string key, std::string PayLoad, bool WrapMessage ) {
if(KafkaEnabled_) {
std::lock_guard G(Mutex_);
SubMutexGuard G(Mutex_);
KMessage M{
.Topic = topic,
.Key = key,
@@ -187,7 +187,7 @@ namespace OpenWifi {
int KafkaManager::RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F) {
if(KafkaEnabled_) {
std::lock_guard G(Mutex_);
SubMutexGuard G(Mutex_);
auto It = Notifiers_.find(Topic);
if(It == Notifiers_.end()) {
Types::TopicNotifyFunctionList L;
@@ -204,7 +204,7 @@ namespace OpenWifi {
void KafkaManager::UnregisterTopicWatcher(const std::string &Topic, int Id) {
if(KafkaEnabled_) {
std::lock_guard G(Mutex_);
SubMutexGuard G(Mutex_);
auto It = Notifiers_.find(Topic);
if(It != Notifiers_.end()) {
Types::TopicNotifyFunctionList & L = It->second;

6
src/KafkaManager.h
View File

@@ -41,7 +41,7 @@ namespace OpenWifi {
int Start() override;
void Stop() override;
void PostMessage(const std::string &topic, const std::string & key, const std::string &payload, bool WrapMessage = true);
void PostMessage(std::string topic, std::string key, std::string payload, bool WrapMessage = true);
[[nodiscard]] std::string WrapSystemId(const std::string & PayLoad);
[[nodiscard]] bool Enabled() { return KafkaEnabled_; }
int RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction & F);
@@ -52,8 +52,8 @@ namespace OpenWifi {
private:
static KafkaManager *instance_;
std::mutex ProducerMutex_;
std::mutex ConsumerMutex_;
SubMutex ProducerMutex_;
SubMutex ConsumerMutex_;
bool KafkaEnabled_ = false;
std::atomic_bool ProducerRunning_ = false;
std::atomic_bool ConsumerRunning_ = false;

99
src/MicroService.cpp
View File

@@ -1,11 +1,6 @@
//
// License type: BSD 3-Clause License
// License copy: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
// Created by stephane bourque on 2021-06-22.
//
// Created by Stephane Bourque on 2021-03-04.
// Arilia Wireless Inc.
//
#include <cstdlib>
#include <boost/algorithm/string.hpp>
@@ -62,7 +57,7 @@ namespace OpenWifi {
}
void MicroService::BusMessageReceived(const std::string &Key, const std::string & Message) {
std::lock_guard G(InfraMutex_);
SubMutexGuard G(InfraMutex_);
try {
Poco::JSON::Parser P;
auto Object = P.parse(Message).extract<Poco::JSON::Object::Ptr>();
@@ -133,7 +128,7 @@ namespace OpenWifi {
}
MicroServiceMetaVec MicroService::GetServices(const std::string & Type) {
std::lock_guard G(InfraMutex_);
SubMutexGuard G(InfraMutex_);
auto T = Poco::toLower(Type);
MicroServiceMetaVec Res;
@@ -145,7 +140,7 @@ namespace OpenWifi {
}
MicroServiceMetaVec MicroService::GetServices() {
std::lock_guard G(InfraMutex_);
SubMutexGuard G(InfraMutex_);
MicroServiceMetaVec Res;
for(const auto &[Id,ServiceRec]:Services_) {
@@ -154,42 +149,6 @@ namespace OpenWifi {
return Res;
}
void MicroService::LoadConfigurationFile() {
std::string Location = Poco::Environment::get(DAEMON_CONFIG_ENV_VAR,".");
Poco::Path ConfigFile;
ConfigFile = ConfigFileName_.empty() ? Location + "/" + DAEMON_PROPERTIES_FILENAME : ConfigFileName_;
if(!ConfigFile.isFile())
{
std::cerr << DAEMON_APP_NAME << ": Configuration "
<< ConfigFile.toString() << " does not seem to exist. Please set " + DAEMON_CONFIG_ENV_VAR
+ " env variable the path of the " + DAEMON_PROPERTIES_FILENAME + " file." << std::endl;
std::exit(Poco::Util::Application::EXIT_CONFIG);
}
loadConfiguration(ConfigFile.toString());
}
void MicroService::Reload() {
LoadConfigurationFile();
LoadMyConfig();
}
void MicroService::LoadMyConfig() {
std::string KeyFile = ConfigPath("openwifi.service.key");
std::string KeyFilePassword = ConfigPath("openwifi.service.key.password" , "" );
AppKey_ = Poco::SharedPtr<Poco::Crypto::RSAKey>(new Poco::Crypto::RSAKey("", KeyFile, KeyFilePassword));
Cipher_ = CipherFactory_.createCipher(*AppKey_);
ID_ = Utils::GetSystemId();
if(!DebugMode_)
DebugMode_ = ConfigGetBool("openwifi.system.debug",false);
MyPrivateEndPoint_ = ConfigGetString("openwifi.system.uri.private");
MyPublicEndPoint_ = ConfigGetString("openwifi.system.uri.public");
UIURI_ = ConfigGetString("openwifi.system.uri.ui");
MyHash_ = CreateHash(MyPublicEndPoint_);
}
void MicroService::initialize(Poco::Util::Application &self) {
// add the default services
SubSystems_.push_back(KafkaManager());
@@ -200,10 +159,22 @@ namespace OpenWifi {
Poco::Net::HTTPSStreamFactory::registerFactory();
Poco::Net::FTPStreamFactory::registerFactory();
Poco::Net::FTPSStreamFactory::registerFactory();
std::string Location = Poco::Environment::get(DAEMON_CONFIG_ENV_VAR,".");
Poco::Path ConfigFile;
LoadConfigurationFile();
ConfigFile = ConfigFileName_.empty() ? Location + "/" + DAEMON_PROPERTIES_FILENAME : ConfigFileName_;
static const char * LogFilePathKey = "logging.channels.c2.path";
if(!ConfigFile.isFile())
{
std::cerr << DAEMON_APP_NAME << ": Configuration "
<< ConfigFile.toString() << " does not seem to exist. Please set " + DAEMON_CONFIG_ENV_VAR
+ " env variable the path of the " + DAEMON_PROPERTIES_FILENAME + " file." << std::endl;
std::exit(Poco::Util::Application::EXIT_CONFIG);
}
static const char * LogFilePathKey = "logging.channels.c2.path";
loadConfiguration(ConfigFile.toString());
if(LogDir_.empty()) {
std::string OriginalLogFileValue = ConfigPath(LogFilePathKey);
@@ -211,8 +182,7 @@ namespace OpenWifi {
} else {
config().setString(LogFilePathKey, LogDir_);
}
Poco::File DataDir(ConfigPath("openwifi.system.data"));
Poco::File DataDir(ConfigPath("ucentral.system.data"));
DataDir_ = DataDir.path();
if(!DataDir.exists()) {
try {
@@ -221,9 +191,17 @@ namespace OpenWifi {
logger().log(E);
}
}
LoadMyConfig();
std::string KeyFile = ConfigPath("ucentral.service.key");
std::string KeyFilePassword = ConfigPath("ucentral.service.key.password" , "" );
AppKey_ = Poco::SharedPtr<Poco::Crypto::RSAKey>(new Poco::Crypto::RSAKey("", KeyFile, KeyFilePassword));
Cipher_ = CipherFactory_.createCipher(*AppKey_);
ID_ = Utils::GetSystemId();
if(!DebugMode_)
DebugMode_ = ConfigGetBool("ucentral.system.debug",false);
MyPrivateEndPoint_ = ConfigGetString("ucentral.system.uri.private");
MyPublicEndPoint_ = ConfigGetString("ucentral.system.uri.public");
UIURI_ = ConfigGetString("ucentral.system.uri.ui");
MyHash_ = CreateHash(MyPublicEndPoint_);
InitializeSubSystemServers();
ServerApplication::initialize(self);
@@ -358,23 +336,14 @@ namespace OpenWifi {
return false;
}
void MicroService::Reload(const std::string &Sub) {
for (auto i : SubSystems_) {
if (Poco::toLower(Sub) == Poco::toLower(i->Name())) {
i->reinitialize(Poco::Util::Application::instance());
return;
}
}
}
Types::StringVec MicroService::GetSubSystems() const {
Types::StringVec Result;
for(auto i:SubSystems_)
Result.push_back(Poco::toLower(i->Name()));
Result.push_back(i->Name());
return Result;
}
Types::StringPairVec MicroService::GetLogLevels() {
Types::StringPairVec MicroService::GetLogLevels() const {
Types::StringPairVec Result;
for(auto &i:SubSystems_) {
@@ -384,7 +353,7 @@ namespace OpenWifi {
return Result;
}
const Types::StringVec & MicroService::GetLogLevelNames() {
const Types::StringVec & MicroService::GetLogLevelNames() const {
static Types::StringVec LevelNames{"none", "fatal", "critical", "error", "warning", "notice", "information", "debug", "trace" };
return LevelNames;
}
@@ -458,7 +427,7 @@ namespace OpenWifi {
Poco::Thread::trySleep((unsigned long)Daemon()->DaemonBusTimer());
if(!Running_)
break;
Msg = Daemon()->MakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE);
auto Msg = Daemon()->MakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE);
KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS,Daemon()->PrivateEndPoint(),Msg, false);
}
Msg = Daemon()->MakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_LEAVE);

37
src/MicroService.h
View File

@@ -1,9 +1,5 @@
//
// License type: BSD 3-Clause License
// License copy: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
//
// Created by Stephane Bourque on 2021-03-04.
// Arilia Wireless Inc.
// Created by stephane bourque on 2021-06-22.
//
#ifndef UCENTRALGW_MICROSERVICE_H
@@ -33,12 +29,11 @@
namespace OpenWifi {
static const std::string uSERVICE_SECURITY{"owsec"};
static const std::string uSERVICE_GATEWAY{"owgw"};
static const std::string uSERVICE_FIRMWARE{ "owfms"};
static const std::string uSERVICE_SECURITY{"ucentralsec"};
static const std::string uSERVICE_GATEWAY{"ucentralgw"};
static const std::string uSERVICE_FIRMWARE{ "ucentralfms"};
static const std::string uSERVICE_TOPOLOGY{ "owtopo"};
static const std::string uSERVICE_PROVISIONING{ "owprov"};
static const std::string uSERVICE_OWLS{ "owls"};
class MyErrorHandler : public Poco::ErrorHandler {
public:
@@ -87,6 +82,9 @@ namespace OpenWifi {
DAEMON_APP_NAME(std::move(AppName)),
DAEMON_BUS_TIMER(BusTimer),
SubSystems_(std::move(Subsystems)) {
std::string V{APP_VERSION};
std::string B{BUILD_NUMBER};
Version_ = V + "(" + B + ")";
}
int main(const ArgVec &args) override;
@@ -113,8 +111,8 @@ namespace OpenWifi {
[[nodiscard]] bool Debug() const { return DebugMode_; }
[[nodiscard]] uint64_t ID() const { return ID_; }
[[nodiscard]] Types::StringVec GetSubSystems() const;
[[nodiscard]] Types::StringPairVec GetLogLevels() ;
[[nodiscard]] static const Types::StringVec & GetLogLevelNames();
[[nodiscard]] Types::StringPairVec GetLogLevels() const;
[[nodiscard]] const Types::StringVec & GetLogLevelNames() const;
[[nodiscard]] std::string ConfigGetString(const std::string &Key,const std::string & Default);
[[nodiscard]] std::string ConfigGetString(const std::string &Key);
[[nodiscard]] std::string ConfigPath(const std::string &Key,const std::string & Default);
@@ -131,7 +129,6 @@ namespace OpenWifi {
[[nodiscard]] std::string PrivateEndPoint() const { return MyPrivateEndPoint_; };
[[nodiscard]] std::string PublicEndPoint() const { return MyPublicEndPoint_; };
[[nodiscard]] std::string MakeSystemEventMessage( const std::string & Type ) const ;
[[nodiscard]] const Types::SubSystemVec & GetFullSubSystems() { return SubSystems_; }
inline uint64_t DaemonBusTimer() const { return DAEMON_BUS_TIMER; };
void BusMessageReceived( const std::string & Key, const std::string & Message);
@@ -139,17 +136,11 @@ namespace OpenWifi {
[[nodiscard]] MicroServiceMetaVec GetServices();
[[nodiscard]] bool IsValidAPIKEY(const Poco::Net::HTTPServerRequest &Request);
static void SavePID();
static inline uint64_t GetPID() { return Poco::Process::id(); };
[[nodiscard]] inline const std::string GetPublicAPIEndPoint() { return MyPublicEndPoint_ + "/api/v1"; };
void SavePID();
inline uint64_t GetPID() { return Poco::Process::id(); };
[[nodiscard]] inline const std::string GetPublicAPIEndPoint() const { return MyPublicEndPoint_ + "/api/v1"; };
[[nodiscard]] inline const std::string & GetUIURI() const { return UIURI_;};
void Reload(const std::string &Name); // reload a subsystem
void Reload(); // reload the daemon itself
void LoadMyConfig();
void LoadConfigurationFile();
private:
bool HelpRequested_ = false;
std::string LogDir_;
@@ -168,9 +159,9 @@ namespace OpenWifi {
std::string MyPrivateEndPoint_;
std::string MyPublicEndPoint_;
std::string UIURI_;
std::string Version_{std::string(APP_VERSION) + "("+ BUILD_NUMBER + ")"};
std::string Version_;
BusEventManager BusEventManager_;
std::mutex InfraMutex_;
SubMutex InfraMutex_;
std::string DAEMON_PROPERTIES_FILENAME;
std::string DAEMON_ROOT_ENV_VAR;

19
src/OpenAPIRequest.cpp
View File

@@ -1,20 +1,17 @@
//
// License type: BSD 3-Clause License
// License copy: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
// Created by stephane bourque on 2021-07-01.
//
// Created by Stephane Bourque on 2021-03-04.
// Arilia Wireless Inc.
//
//
#include <iostream>
#include "OpenAPIRequest.h"
#include "Poco/Net/HTTPSClientSession.h"
#include <Poco/Net/HTTPClientSession.h>
#include <Poco/Net/HTTPRequest.h>
#include <Poco/Net/HTTPResponse.h>
#include <Poco/StreamCopier.h>
#include <Poco/JSON/Parser.h>
#include <Poco/Path.h>
#include <Poco/URI.h>
#include <Poco/Exception.h>
#include "Utils.h"
@@ -22,12 +19,12 @@
namespace OpenWifi {
OpenAPIRequestGet::OpenAPIRequestGet( std::string ServiceType,
std::string EndPoint,
OpenAPIRequestGet::OpenAPIRequestGet( const std::string & ServiceType,
const std::string & EndPoint,
Types::StringPairVec & QueryData,
uint64_t msTimeout):
Type_(std::move(ServiceType)),
EndPoint_(std::move(EndPoint)),
Type_(ServiceType),
EndPoint_(EndPoint),
QueryData_(QueryData),
msTimeout_(msTimeout) {

10
src/OpenAPIRequest.h
View File

@@ -1,9 +1,5 @@
//
// License type: BSD 3-Clause License
// License copy: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
//
// Created by Stephane Bourque on 2021-03-04.
// Arilia Wireless Inc.
// Created by stephane bourque on 2021-07-01.
//
#ifndef UCENTRALGW_OPENAPIREQUEST_H
@@ -17,8 +13,8 @@ namespace OpenWifi {
class OpenAPIRequestGet {
public:
explicit OpenAPIRequestGet( std::string Type,
std::string EndPoint,
explicit OpenAPIRequestGet( const std::string & Type,
const std::string & EndPoint,
Types::StringPairVec & QueryData,
uint64_t msTimeout);
int Do(Poco::JSON::Object::Ptr &ResponseObject);

66
src/OpenWifiTypes.h
View File

@@ -1,9 +1,5 @@
//
// License type: BSD 3-Clause License
// License copy: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
//
// Created by Stephane Bourque on 2021-03-04.
// Arilia Wireless Inc.
// Created by stephane bourque on 2021-06-13.
//
#ifndef UCENTRALGW_UCENTRALTYPES_H
@@ -20,8 +16,6 @@
#include <queue>
#include "Poco/StringTokenizer.h"
#include "Poco/JSON/Parser.h"
#include "Poco/JSON/Stringifier.h"
namespace OpenWifi::Types {
typedef std::pair<std::string,std::string> StringPair;
@@ -48,58 +42,26 @@ namespace OpenWifi::Types {
}
inline std::string to_string( const StringVec &V) {
Poco::JSON::Array O;
std::string Result;
bool first=true;
for(const auto &i:V) {
O.add(i);
}
std::stringstream SS;
Poco::JSON::Stringifier::stringify(O,SS);
return SS.str();
}
inline std::string to_string( const StringPairVec &V) {
Poco::JSON::Array O;
for(const auto &i:V) {
Poco::JSON::Array OO;
OO.add(i.first);
OO.add(i.second);
O.add(OO);
}
std::stringstream SS;
Poco::JSON::Stringifier::stringify(O,SS);
return SS.str();
}
inline void from_string(const std::string &S, StringPairVec &V) {
try {
Poco::JSON::Parser P;
auto O = P.parse(S).extract<Poco::JSON::Array::Ptr>();
for(const auto &i:*O) {
auto Inner = i.extract<Poco::JSON::Array::Ptr>();
for(const auto &j:*Inner) {
auto S1 = i[0].toString();
auto S2 = i[1].toString();
V.push_back(std::make_pair(S1,S2));
}
if(first) {
Result += i;
first = false;
} else {
Result += ",";
Result += i;
}
} catch (...) {
}
return Result;
}
inline void from_string(const std::string &S, StringVec &V) {
try {
Poco::JSON::Parser P;
auto O = P.parse(S).extract<Poco::JSON::Array::Ptr>();
Poco::StringTokenizer Tokens(S,",",Poco::StringTokenizer::TOK_TRIM | Poco::StringTokenizer::TOK_IGNORE_EMPTY);
for(auto const &i:*O) {
V.push_back(i.toString());
}
} catch (...) {
}
for(auto const &i:Tokens)
V.emplace_back(i);
}
};

15
src/RESTAPI_AssetServer.cpp
View File

@@ -10,19 +10,26 @@
#include "RESTAPI_protocol.h"
namespace OpenWifi {
void RESTAPI_AssetServer::DoGet() {
void RESTAPI_AssetServer::handleRequest(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
if(Request.getMethod()==Poco::Net::HTTPRequest::HTTP_GET)
DoGet(Request, Response);
else
NotFound(Request, Response);
}
void RESTAPI_AssetServer::DoGet(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
Poco::File AssetFile;
if(Request->getURI().find("/favicon.ico") != std::string::npos) {
if(Request.getURI().find("/favicon.ico") != std::string::npos) {
AssetFile = RESTAPI_Server()->AssetDir() + "/favicon.ico";
} else {
std::string AssetName = GetBinding(RESTAPI::Protocol::ID, "");
AssetFile = RESTAPI_Server()->AssetDir() + "/" + AssetName;
}
if(!AssetFile.isFile()) {
NotFound();
NotFound(Request, Response);
return;
}
SendFile(AssetFile);
SendFile(AssetFile,Request, Response);
}
}

10
src/RESTAPI_AssetServer.h
View File

@@ -10,7 +10,7 @@
namespace OpenWifi {
class RESTAPI_AssetServer : public RESTAPIHandler {
public:
RESTAPI_AssetServer(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, bool Internal)
RESTAPI_AssetServer(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, bool Internal)
: RESTAPIHandler(bindings, L,
std::vector<std::string>
{Poco::Net::HTTPRequest::HTTP_POST,
@@ -18,15 +18,11 @@ namespace OpenWifi {
Poco::Net::HTTPRequest::HTTP_PUT,
Poco::Net::HTTPRequest::HTTP_DELETE,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Server,
Internal) {}
void handleRequest(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) override;
static const std::list<const char *> PathName() { return std::list<const char *>{"/wwwassets/{id}" ,
"/favicon.ico"}; };
void DoGet() final;
void DoPost() final {};
void DoDelete() final {};
void DoPut() final {};
void DoGet(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
private:
};

5
src/RESTAPI_GenericServer.cpp
View File

@@ -1,5 +0,0 @@
//
// Created by stephane bourque on 2021-09-15.
//
#include "RESTAPI_GenericServer.h"

78
src/RESTAPI_GenericServer.h
View File

@@ -1,78 +0,0 @@
//
// Created by stephane bourque on 2021-09-15.
//
#ifndef OWPROV_RESTAPI_GENERICSERVER_H
#define OWPROV_RESTAPI_GENERICSERVER_H
#include <vector>
#include <string>
#include "Daemon.h"
#include "Poco/StringTokenizer.h"
#include "Poco/Net/HTTPRequest.h"
namespace OpenWifi {
class RESTAPI_GenericServer {
public:
enum {
LOG_GET=0,
LOG_DELETE,
LOG_PUT,
LOG_POST
};
void inline SetFlags(bool External, const std::string &Methods) {
Poco::StringTokenizer Tokens(Methods,",");
auto Offset = (External ? 0 : 4);
for(const auto &i:Tokens) {
if(Poco::icompare(i,Poco::Net::HTTPRequest::HTTP_DELETE)==0)
LogFlags_[Offset+LOG_DELETE]=true;
else if(Poco::icompare(i,Poco::Net::HTTPRequest::HTTP_PUT)==0)
LogFlags_[Offset+LOG_PUT]=true;
else if(Poco::icompare(i,Poco::Net::HTTPRequest::HTTP_POST)==0)
LogFlags_[Offset+LOG_POST]=true;
else if(Poco::icompare(i,Poco::Net::HTTPRequest::HTTP_GET)==0)
LogFlags_[Offset+LOG_GET]=true;
}
}
inline void InitLogging() {
std::string Public = Daemon()->ConfigGetString("apilogging.public.methods","PUT,POST,DELETE");
SetFlags(true, Public);
std::string Private = Daemon()->ConfigGetString("apilogging.private.methods","PUT,POST,DELETE");
SetFlags(false, Private);
std::string PublicBadTokens = Daemon()->ConfigGetString("apilogging.public.badtokens.methods","");
LogBadTokens_[0] = (Poco::icompare(PublicBadTokens,"true")==0);
std::string PrivateBadTokens = Daemon()->ConfigGetString("apilogging.private.badtokens.methods","");
LogBadTokens_[1] = (Poco::icompare(PrivateBadTokens,"true")==0);
}
[[nodiscard]] inline bool LogIt(const std::string &Method, bool External) const {
auto Offset = (External ? 0 : 4);
if(Method == Poco::Net::HTTPRequest::HTTP_GET)
return LogFlags_[Offset+LOG_GET];
if(Method == Poco::Net::HTTPRequest::HTTP_POST)
return LogFlags_[Offset+LOG_POST];
if(Method == Poco::Net::HTTPRequest::HTTP_PUT)
return LogFlags_[Offset+LOG_PUT];
if(Method == Poco::Net::HTTPRequest::HTTP_DELETE)
return LogFlags_[Offset+LOG_DELETE];
return false;
};
[[nodiscard]] inline bool LogBadTokens(bool External) const {
return LogBadTokens_[ (External ? 0 : 1) ];
};
private:
std::array<bool,8> LogFlags_{false};
std::array<bool,2> LogBadTokens_{false};
};
}
#endif //OWPROV_RESTAPI_GENERICSERVER_H

20
src/RESTAPI_InternalServer.cpp
View File

@@ -19,13 +19,12 @@ namespace OpenWifi {
class RESTAPI_InternalServer *RESTAPI_InternalServer::instance_ = nullptr;
RESTAPI_InternalServer::RESTAPI_InternalServer() noexcept:
SubSystemServer("RESTAPIInternalServer", "REST-ISRV", "openwifi.internal.restapi")
SubSystemServer("RESTAPIInternalServer", "REST-ISRV", "ucentral.internal.restapi")
{
}
int RESTAPI_InternalServer::Start() {
Logger_.information("Starting.");
Server_.InitLogging();
for(const auto & Svr: ConfigServersList_) {
Logger_.information(Poco::format("Starting: %s:%s Keyfile:%s CertFile: %s", Svr.Address(), std::to_string(Svr.Port()),
@@ -42,7 +41,7 @@ namespace OpenWifi {
Params->setMaxQueued(200);
Params->setKeepAlive(true);
auto NewServer = std::make_unique<Poco::Net::HTTPServer>(new InternalRequestHandlerFactory(Server_), Pool_, Sock, Params);
auto NewServer = std::make_unique<Poco::Net::HTTPServer>(new InternalRequestHandlerFactory, Pool_, Sock, Params);
NewServer->start();
RESTServers_.push_back(std::move(NewServer));
}
@@ -54,17 +53,14 @@ namespace OpenWifi {
Logger_.information("Stopping ");
for( const auto & svr : RESTServers_ )
svr->stop();
RESTServers_.clear();
}
void RESTAPI_InternalServer::reinitialize(Poco::Util::Application &self) {
Daemon()->LoadConfigurationFile();
Logger_.information("Reinitializing.");
Stop();
Start();
}
Poco::Net::HTTPRequestHandler *InternalRequestHandlerFactory::createRequestHandler(const Poco::Net::HTTPServerRequest & Request) {
Logger_.debug(Poco::format("REQUEST(%s): %s %s",
Utils::FormatIPv6(Request.clientAddress().toString()),
Request.getMethod(), Request.getURI()));
Poco::URI uri(Request.getURI());
const auto & Path = uri.getPath();
RESTAPIHandler::BindingMap Bindings;
@@ -74,7 +70,7 @@ namespace OpenWifi {
RESTAPI_system_command,
RESTAPI_action_links,
RESTAPI_validateToken_handler
>(Path,Bindings,Logger_, Server_);
>(Path,Bindings,Logger_);
}
}

11
src/RESTAPI_InternalServer.h
View File

@@ -11,7 +11,6 @@
#include "Poco/Net/HTTPRequestHandlerFactory.h"
#include "Poco/Net/HTTPServerRequest.h"
#include "Poco/Net/NetException.h"
#include "RESTAPI_GenericServer.h"
namespace OpenWifi {
@@ -28,27 +27,23 @@ namespace OpenWifi {
int Start() override;
void Stop() override;
void reinitialize(Poco::Util::Application &self) override;
private:
static RESTAPI_InternalServer *instance_;
std::vector<std::unique_ptr<Poco::Net::HTTPServer>> RESTServers_;
Poco::ThreadPool Pool_;
RESTAPI_GenericServer Server_;
Poco::ThreadPool Pool_;
};
inline RESTAPI_InternalServer * RESTAPI_InternalServer() { return RESTAPI_InternalServer::instance(); };
class InternalRequestHandlerFactory : public Poco::Net::HTTPRequestHandlerFactory {
public:
explicit InternalRequestHandlerFactory(RESTAPI_GenericServer & Server) :
Logger_(RESTAPI_InternalServer()->Logger()),
Server_(Server){}
InternalRequestHandlerFactory() :
Logger_(RESTAPI_InternalServer()->Logger()){}
Poco::Net::HTTPRequestHandler *createRequestHandler(const Poco::Net::HTTPServerRequest &request) override;
private:
Poco::Logger & Logger_;
RESTAPI_GenericServer & Server_;
};

2
src/RESTAPI_SecurityObjects.h
View File

@@ -160,7 +160,7 @@ namespace OpenWifi::SecurityObjects {
typedef std::vector<ProfileAction> ProfileActionVec;
struct SecurityProfile {
uint64_t id=0;
uint64_t id;
std::string name;
std::string description;
ProfileActionVec policy;

185
src/RESTAPI_action_links.cpp
View File

@@ -13,120 +13,121 @@
#include "Daemon.h"
namespace OpenWifi {
void RESTAPI_action_links::DoGet() {
void RESTAPI_action_links::handleRequest(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
// there is no authentication here, this is just someone clicking on a link
// and arriving here. There should be a UUID in the link and this is all we need to know
// what we need to do.
ParseParameters(Request);
auto Action = GetParameter("action","");
auto Id = GetParameter("id","");
if(Action=="password_reset")
RequestResetPassword(Id);
DoResetPassword(Id, Request, Response);
else if(Action=="email_verification")
DoEmailVerification(Id);
DoEmailVerification(Id, Request, Response);
else
DoReturnA404();
DoReturnA404(Request, Response);
}
void RESTAPI_action_links::DoPost() {
auto Action = GetParameter("action","");
auto Id = GetParameter("id","");
void RESTAPI_action_links::DoResetPassword(std::string &Id,Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
Logger_.information(Poco::format("COMPLETE-PASSWORD-RESET(%s): For ID=%s", Request->clientAddress().toString(), Id));
if(Action=="password_reset")
CompleteResetPassword(Id);
else
DoReturnA404();
}
void RESTAPI_action_links::RequestResetPassword(std::string &Id) {
Logger_.information(Poco::format("REQUEST-PASSWORD-RESET(%s): For ID=%s", Request->clientAddress().toString(), Id));
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"PASSWORD_VALIDATION", AuthService()->PasswordValidationExpression()}};
SendHTMLFileBack(FormFile,FormVars);
}
void RESTAPI_action_links::CompleteResetPassword(std::string &Id) {
// form has been posted...
RESTAPI_PartHandler PartHandler;
Poco::Net::HTMLForm Form(*Request, Request->stream(), PartHandler);
if (!Form.empty()) {
auto Password1 = Form.get("password1","bla");
auto Password2 = Form.get("password1","blu");
Id = Form.get("id","");
if(Password1!=Password2 || !AuthService()->ValidatePassword(Password2) || !AuthService()->ValidatePassword(Password1)) {
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset_error.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"ERROR_TEXT", "For some reason, the passwords entered do not match or they do not comply with"
" accepted password creation restrictions. Please consult our on-line help"
" to look at the our password policy. If you would like to contact us, please mention"
" id(" + Id + ")"}};
SendHTMLFileBack(FormFile,FormVars);
return;
}
SecurityObjects::UserInfo UInfo;
if(!Storage()->GetUserById(Id,UInfo)) {
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset_error.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"ERROR_TEXT", "This request does not contain a valid user ID. Please contact your system administrator."}};
SendHTMLFileBack(FormFile,FormVars);
return;
}
if(UInfo.blackListed || UInfo.suspended) {
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset_error.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"ERROR_TEXT", "Please contact our system administrators. We have identified an error in your account that must be resolved first."}};
SendHTMLFileBack(FormFile,FormVars);
return;
}
if(!AuthService()->SetPassword(Password1,UInfo)) {
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset_error.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"ERROR_TEXT", "You cannot reuse one of your recent passwords."}};
SendHTMLFileBack(FormFile,FormVars);
return;
}
Storage()->UpdateUserInfo(UInfo.email,Id,UInfo);
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset_success.html"};
if(Request.getMethod()==Poco::Net::HTTPServerRequest::HTTP_GET) {
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"USERNAME", UInfo.email},
{"ACTION_LINK",Daemon()->GetUIURI()}};
SendHTMLFileBack(FormFile,FormVars);
{"PASSWORD_VALIDATION", AuthService()->PasswordValidationExpression()}};
SendHTMLFileBack(FormFile,Request, Response, FormVars);
} else if(Request.getMethod()==Poco::Net::HTTPServerRequest::HTTP_POST) {
// form has been posted...
RESTAPI_PartHandler PartHandler;
Poco::Net::HTMLForm Form(Request, Request.stream(), PartHandler);
if (!Form.empty()) {
auto Password1 = Form.get("password1","bla");
auto Password2 = Form.get("password1","blu");
Id = Form.get("id","");
if(Password1!=Password2 || !AuthService()->ValidatePassword(Password2) || !AuthService()->ValidatePassword(Password1)) {
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset_error.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"ERROR_TEXT", "For some reason, the passwords entered do not match or they do not comply with"
" accepted password creation restrictions. Please consult our on-line help"
" to look at the our password policy. If you would like to contact us, please mention"
" id(" + Id + ")"}};
SendHTMLFileBack(FormFile,Request, Response, FormVars);
return;
}
SecurityObjects::UserInfo UInfo;
if(!Storage()->GetUserById(Id,UInfo)) {
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset_error.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"ERROR_TEXT", "This request does not contain a valid user ID. Please contact your system administrator."}};
SendHTMLFileBack(FormFile,Request, Response, FormVars);
return;
}
if(UInfo.blackListed || UInfo.suspended) {
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset_error.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"ERROR_TEXT", "Please contact our system administrators. We have identified an error in your account that must be resolved first."}};
SendHTMLFileBack(FormFile,Request, Response, FormVars);
return;
}
if(!AuthService()->SetPassword(Password1,UInfo)) {
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset_error.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"ERROR_TEXT", "You cannot reuse one of your recent passwords."}};
SendHTMLFileBack(FormFile,Request, Response, FormVars);
return;
}
Storage()->UpdateUserInfo(UInfo.email,Id,UInfo);
Poco::File FormFile{ RESTAPI_Server()->AssetDir() + "/password_reset_success.html"};
Types::StringPairVec FormVars{ {"UUID", Id},
{"USERNAME", UInfo.email},
{"ACTION_LINK",Daemon()->GetUIURI()}};
SendHTMLFileBack(FormFile,Request, Response, FormVars);
}
} else {
DoReturnA404();
DoReturnA404(Request, Response);
}
}
void RESTAPI_action_links::DoEmailVerification(std::string &Id) {
SecurityObjects::UserInfo UInfo;
void RESTAPI_action_links::DoEmailVerification(std::string &Id,Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
if(Request.getMethod()==Poco::Net::HTTPServerRequest::HTTP_GET) {
SecurityObjects::UserInfo UInfo;
Logger_.information(Poco::format("EMAIL-VERIFICATION(%s): For ID=%s", Request->clientAddress().toString(), Id));
if (!Storage()->GetUserById(Id, UInfo)) {
Types::StringPairVec FormVars{{"UUID", Id},
{"ERROR_TEXT", "This does not appear to be a valid email verification link.."}};
Poco::File FormFile{RESTAPI_Server()->AssetDir() + "/email_verification_error.html"};
SendHTMLFileBack(FormFile, FormVars);
if (!Storage()->GetUserById(Id, UInfo)) {
Types::StringPairVec FormVars{{"UUID", Id},
{"ERROR_TEXT", "This does not appear to be a valid email verification link.."}};
Poco::File FormFile{RESTAPI_Server()->AssetDir() + "/email_verification_error.html"};
SendHTMLFileBack(FormFile, Request, Response, FormVars);
return;
}
UInfo.waitingForEmailCheck = false;
UInfo.validated = true;
UInfo.lastEmailCheck = std::time(nullptr);
UInfo.validationDate = std::time(nullptr);
Storage()->UpdateUserInfo(UInfo.email, Id, UInfo);
Types::StringPairVec FormVars{{"UUID", Id},
{"USERNAME", UInfo.email},
{"ACTION_LINK",Daemon()->GetUIURI()}};
Poco::File FormFile{RESTAPI_Server()->AssetDir() + "/email_verification_success.html"};
SendHTMLFileBack(FormFile, Request, Response, FormVars);
return;
} else {
DoReturnA404(Request, Response);
}
UInfo.waitingForEmailCheck = false;
UInfo.validated = true;
UInfo.lastEmailCheck = std::time(nullptr);
UInfo.validationDate = std::time(nullptr);
Storage()->UpdateUserInfo(UInfo.email, Id, UInfo);
Types::StringPairVec FormVars{{"UUID", Id},
{"USERNAME", UInfo.email},
{"ACTION_LINK",Daemon()->GetUIURI()}};
Poco::File FormFile{RESTAPI_Server()->AssetDir() + "/email_verification_success.html"};
SendHTMLFileBack(FormFile, FormVars);
}
void RESTAPI_action_links::DoReturnA404() {
void RESTAPI_action_links::DoReturnA404(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
Types::StringPairVec FormVars;
Poco::File FormFile{RESTAPI_Server()->AssetDir() + "/404_error.html"};
SendHTMLFileBack(FormFile, FormVars);
SendHTMLFileBack(FormFile, Request, Response, FormVars);
}
}

31
src/RESTAPI_action_links.h
View File

@@ -18,25 +18,22 @@
namespace OpenWifi {
class RESTAPI_action_links : public RESTAPIHandler {
public:
RESTAPI_action_links(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, bool Internal)
RESTAPI_action_links(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, bool Internal)
: RESTAPIHandler(bindings, L,
std::vector<std::string>{
Poco::Net::HTTPRequest::HTTP_GET,
Poco::Net::HTTPRequest::HTTP_POST,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Server,
Internal,
false) {}
std::vector<std::string>{
Poco::Net::HTTPRequest::HTTP_GET,
Poco::Net::HTTPRequest::HTTP_POST,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Internal) {}
void handleRequest(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) override;
static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/actionLink"}; };
void RequestResetPassword(std::string &Id);
void CompleteResetPassword(std::string &Id);
void DoEmailVerification(std::string &Id);
void DoReturnA404();
void DoGet() final;
void DoPost() final;
void DoDelete() final {};
void DoPut() final {};
void DoResetPassword(std::string &Id,Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response);
void DoEmailVerification(std::string &Id,Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response);
void DoReturnA404(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response);
};
}

126
src/RESTAPI_avatarHandler.cpp
View File

@@ -28,62 +28,98 @@ namespace OpenWifi {
Length_ = InputStream.chars();
};
void RESTAPI_avatarHandler::DoPost() {
std::string Id = GetBinding(RESTAPI::Protocol::ID, "");
SecurityObjects::UserInfo UInfo;
if (Id.empty() || !Storage()->GetUserById(Id, UInfo)) {
NotFound();
void RESTAPI_avatarHandler::handleRequest(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
if (!ContinueProcessing(Request, Response))
return;
}
// if there is an avatar, just remove it...
Storage()->DeleteAvatar(UserInfo_.userinfo.email,Id);
if (!IsAuthorized(Request, Response))
return;
Poco::TemporaryFile TmpFile;
AvatarPartHandler partHandler(Id, Logger_, TmpFile);
Poco::Net::HTMLForm form(*Request, Request->stream(), partHandler);
Poco::JSON::Object Answer;
if (!partHandler.Name().empty() && partHandler.Length()<Daemon()->ConfigGetInt("openwifi.avatar.maxsize",2000000)) {
Answer.set(RESTAPI::Protocol::AVATARID, Id);
Answer.set(RESTAPI::Protocol::ERRORCODE, 0);
Logger_.information(Poco::format("Uploaded avatar: %s Type: %s", partHandler.Name(), partHandler.ContentType()));
Storage()->SetAvatar(UserInfo_.userinfo.email,
Id, TmpFile, partHandler.ContentType(), partHandler.Name());
} else {
Answer.set(RESTAPI::Protocol::AVATARID, Id);
Answer.set(RESTAPI::Protocol::ERRORCODE, 13);
Answer.set(RESTAPI::Protocol::ERRORTEXT, "Avatar upload could not complete.");
}
ReturnObject(Answer);
ParseParameters(Request);
if (Request.getMethod() == Poco::Net::HTTPRequest::HTTP_GET)
DoGet(Request, Response);
else if (Request.getMethod() == Poco::Net::HTTPRequest::HTTP_POST)
DoPost(Request, Response);
else if (Request.getMethod() == Poco::Net::HTTPRequest::HTTP_DELETE)
DoDelete(Request, Response);
else
BadRequest(Request, Response);
}
void RESTAPI_avatarHandler::DoGet() {
std::string Id = GetBinding(RESTAPI::Protocol::ID, "");
if (Id.empty()) {
NotFound();
return;
void RESTAPI_avatarHandler::DoPost(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
try {
std::string Id = GetBinding(RESTAPI::Protocol::ID, "");
SecurityObjects::UserInfo UInfo;
if (Id.empty() || !Storage()->GetUserById(Id, UInfo)) {
NotFound(Request, Response);
return;
}
// if there is an avatar, just remove it...
Storage()->DeleteAvatar(UserInfo_.userinfo.email,Id);
Poco::TemporaryFile TmpFile;
AvatarPartHandler partHandler(Id, Logger_, TmpFile);
Poco::Net::HTMLForm form(Request, Request.stream(), partHandler);
Poco::JSON::Object Answer;
if (!partHandler.Name().empty() && partHandler.Length()<Daemon()->ConfigGetInt("ucentral.avatar.maxsize",2000000)) {
Answer.set(RESTAPI::Protocol::AVATARID, Id);
Answer.set(RESTAPI::Protocol::ERRORCODE, 0);
Logger_.information(Poco::format("Uploaded avatar: %s Type: %s", partHandler.Name(), partHandler.ContentType()));
Storage()->SetAvatar(UserInfo_.userinfo.email,
Id, TmpFile, partHandler.ContentType(), partHandler.Name());
} else {
Answer.set(RESTAPI::Protocol::AVATARID, Id);
Answer.set(RESTAPI::Protocol::ERRORCODE, 13);
Answer.set(RESTAPI::Protocol::ERRORTEXT, "Avatar upload could not complete.");
}
ReturnObject(Request, Answer, Response);
} catch (const Poco::Exception &E) {
Logger_.log(E);
}
Poco::TemporaryFile TempAvatar;
std::string Type, Name;
if (!Storage()->GetAvatar(UserInfo_.userinfo.email, Id, TempAvatar, Type, Name)) {
NotFound();
return;
}
SendFile(TempAvatar, Type, Name);
BadRequest(Request, Response);
}
void RESTAPI_avatarHandler::DoDelete() {
std::string Id = GetBinding(RESTAPI::Protocol::ID, "");
if (Id.empty()) {
NotFound();
void RESTAPI_avatarHandler::DoGet(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
try {
std::string Id = GetBinding(RESTAPI::Protocol::ID, "");
if (Id.empty()) {
NotFound(Request, Response);
return;
}
Poco::TemporaryFile TempAvatar;
std::string Type, Name;
if (!Storage()->GetAvatar(UserInfo_.userinfo.email, Id, TempAvatar, Type, Name)) {
NotFound(Request, Response);
return;
}
SendFile(TempAvatar, Type, Name, Request, Response);
return;
} catch (const Poco::Exception&E) {
Logger_.log(E);
}
if (!Storage()->DeleteAvatar(UserInfo_.userinfo.email, Id)) {
NotFound();
BadRequest(Request, Response);
}
void RESTAPI_avatarHandler::DoDelete(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
try {
std::string Id = GetBinding(RESTAPI::Protocol::ID, "");
if (Id.empty()) {
NotFound(Request, Response);
return;
}
if (!Storage()->DeleteAvatar(UserInfo_.userinfo.email, Id)) {
NotFound(Request, Response);
return;
}
OK(Request, Response);
return;
} catch (const Poco::Exception &E) {
Logger_.log(E);
}
OK();
BadRequest(Request, Response);
}
}

18
src/RESTAPI_avatarHandler.h
View File

@@ -33,22 +33,26 @@ namespace OpenWifi {
class RESTAPI_avatarHandler : public RESTAPIHandler {
public:
RESTAPI_avatarHandler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, bool Internal)
RESTAPI_avatarHandler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, bool Internal)
: RESTAPIHandler(bindings, L,
std::vector<std::string>{
Poco::Net::HTTPRequest::HTTP_GET,
Poco::Net::HTTPRequest::HTTP_POST,
Poco::Net::HTTPRequest::HTTP_DELETE,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Server,
Internal) {}
void handleRequest(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) override;
static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/avatar/{id}"}; };
void DoGet() final;
void DoPost() final;
void DoDelete() final;
void DoPut() final {};
void DoGet( Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response);
void DoPost( Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response);
void DoDelete( Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response);
};
}
#endif //UCENTRALSEC_RESTAPI_AVATARHANDLER_H

36
src/RESTAPI_email_handler.cpp
View File

@@ -1,36 +0,0 @@
//
// Created by stephane bourque on 2021-09-02.
//
#include "RESTAPI_email_handler.h"
#include "Poco/Exception.h"
#include "Poco/JSON/Parser.h"
#include "Daemon.h"
#include "SMTPMailerService.h"
#include "RESTAPI_errors.h"
namespace OpenWifi {
void RESTAPI_email_handler::DoPost() {
auto Obj = ParseStream();
if (Obj->has("subject") &&
Obj->has("from") &&
Obj->has("text") &&
Obj->has("recipients")) {
auto Recipients = Obj->getArray("recipients");
MessageAttributes Attrs;
Attrs[RECIPIENT_EMAIL] = Recipients->get(0).toString();
Attrs[SUBJECT] = Obj->get("subject").toString();
Attrs[TEXT] = Obj->get("text").toString();
if(SMTPMailerService()->SendMessage(Recipients->get(0).toString(), "password_reset.txt", Attrs)) {
OK();
return;
}
ReturnStatus(Poco::Net::HTTPResponse::HTTP_SERVICE_UNAVAILABLE);
return;
}
BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
}
}

28
src/RESTAPI_email_handler.h
View File

@@ -1,28 +0,0 @@
//
// Created by stephane bourque on 2021-09-02.
//
#ifndef OWSEC_RESTAPI_EMAIL_HANDLER_H
#define OWSEC_RESTAPI_EMAIL_HANDLER_H
#include "RESTAPI_handler.h"
namespace OpenWifi {
class RESTAPI_email_handler : public RESTAPIHandler {
public:
RESTAPI_email_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, bool Internal)
: RESTAPIHandler(bindings, L,
std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_POST,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Server,
Internal) {}
static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/email"};}
void DoGet() final {};
void DoPost() final;
void DoDelete() final {};
void DoPut() final {};
};
}
#endif //OWSEC_RESTAPI_EMAIL_HANDLER_H

55
src/RESTAPI_errors.h
View File

@@ -1,55 +0,0 @@
//
// Created by stephane bourque on 2021-09-12.
//
#ifndef OWPROV_RESTAPI_ERRORS_H
#define OWPROV_RESTAPI_ERRORS_H
namespace OpenWifi::RESTAPI::Errors {
static const std::string MissingUUID{"Missing UUID."};
static const std::string MissingSerialNumber{"Missing Serial Number."};
static const std::string InternalError{"Internal error. Please try later."};
static const std::string InvalidJSONDocument{"Invalid JSON document."};
static const std::string UnsupportedHTTPMethod{"Unsupported HTTP Method"};
static const std::string StillInUse{"Element still in use."};
static const std::string CouldNotBeDeleted{"Element could not be deleted."};
static const std::string NameMustBeSet{"The name property must be set."};
static const std::string ConfigBlockInvalid{"Configuration block type invalid."};
static const std::string UnknownId{"Unknown management policy."};
static const std::string InvalidDeviceTypes{"Unknown or invalid device type(s)."};
static const std::string RecordNotCreated{"Record could not be created."};
static const std::string RecordNotUpdated{"Record could not be updated."};
static const std::string UnknownManagementPolicyUUID{"Unknown management policy UUID."};
static const std::string CannotDeleteRoot{"Root Entity cannot be removed, only modified."};
static const std::string MustCreateRootFirst{"Root entity must be created first."};
static const std::string ParentUUIDMustExist{"Parent UUID must exist."};
static const std::string ConfigurationMustExist{"Configuration must exist."};
static const std::string MissingOrInvalidParameters{"Invalid or missing parameters."};
static const std::string UnknownSerialNumber{"Unknown Serial Number."};
static const std::string InvalidSerialNumber{"Invalid Serial Number."};
static const std::string SerialNumberExists{"Serial Number already exists."};
static const std::string ValidNonRootUUID{"Must be a non-root, and valid UUID."};
static const std::string VenueMustExist{"Venue does not exist."};
static const std::string NotBoth{"You cannot specify both Entity and Venue"};
static const std::string EntityMustExist{"Entity must exist."};
static const std::string ParentOrEntityMustBeSet{"Parent or Entity must be set."};
static const std::string ContactMustExist{"Contact must exist."};
static const std::string LocationMustExist{"Location must exist."};
static const std::string OnlyWSSupported{"This endpoint only supports WebSocket."};
static const std::string SerialNumberMismatch{"Serial Number mismatch."};
static const std::string InvalidCommand{"Invalid command."};
static const std::string NoRecordsDeleted{"No records deleted."};
static const std::string DeviceNotConnected{"Device is not currently connected."};
static const std::string CannotCreateWS{"Telemetry system could not create WS endpoint. Please try again."};
static const std::string BothDeviceTypeRevision{"Both deviceType and revision must be set."};
static const std::string IdOrSerialEmpty{"SerialNumber and Id must not be empty."};
static const std::string MissingUserID{"Missing user ID."};
static const std::string IdMustBe0{"To create a user, you must set the ID to 0"};
static const std::string InvalidUserRole{"Invalid userRole."};
static const std::string InvalidEmailAddress{"Invalid email address."};
static const std::string InvalidPassword{"Invalid password."};
static const std::string PasswordRejected{"Password was rejected. This maybe an old password."};
static const std::string InvalidIPRanges{"Invalid IP range specifications."};
}
#endif //OWPROV_RESTAPI_ERRORS_H

418
src/RESTAPI_handler.cpp
View File

@@ -8,7 +8,6 @@
#include <cctype>
#include <algorithm>
#include <functional>
#include <iostream>
#include <iterator>
#include <future>
@@ -17,8 +16,6 @@
#include "Poco/URI.h"
#include "Poco/Net/OAuth20Credentials.h"
#include "RESTAPI_errors.h"
#ifdef TIP_SECURITY_SERVICE
#include "AuthService.h"
#else
@@ -32,41 +29,9 @@
namespace OpenWifi {
void RESTAPIHandler::handleRequest(Poco::Net::HTTPServerRequest &RequestIn,
Poco::Net::HTTPServerResponse &ResponseIn) {
try {
Request = &RequestIn;
Response = &ResponseIn;
if (!ContinueProcessing())
return;
if (AlwaysAuthorize_ && !IsAuthorized())
return;
ParseParameters();
if (Request->getMethod() == Poco::Net::HTTPRequest::HTTP_GET)
DoGet();
else if (Request->getMethod() == Poco::Net::HTTPRequest::HTTP_POST)
DoPost();
else if (Request->getMethod() == Poco::Net::HTTPRequest::HTTP_DELETE)
DoDelete();
else if (Request->getMethod() == Poco::Net::HTTPRequest::HTTP_PUT)
DoPut();
else
BadRequest(RESTAPI::Errors::UnsupportedHTTPMethod);
return;
} catch (const Poco::Exception &E) {
Logger_.log(E);
BadRequest(RESTAPI::Errors::InternalError);
}
}
const Poco::JSON::Object::Ptr &RESTAPIHandler::ParseStream() {
return IncomingParser_.parse(Request->stream()).extract<Poco::JSON::Object::Ptr>();
}
bool RESTAPIHandler::ParseBindings(const std::string & Request, const std::list<const char *> & EndPoints, BindingMap &bindings) {
std::string Param, Value;
bindings.clear();
std::vector<std::string> PathItems = Utils::Split(Request, '/');
@@ -77,6 +42,7 @@ namespace OpenWifi {
bool Matched = true;
for (auto i = 0; i != PathItems.size() && Matched; i++) {
// std::cout << "PATH:" << PathItems[i] << " ENDPOINT:" << ParamItems[i] << std::endl;
if (PathItems[i] != ParamItems[i]) {
if (ParamItems[i][0] == '{') {
auto ParamName = ParamItems[i].substr(1, ParamItems[i].size() - 2);
@@ -93,14 +59,14 @@ namespace OpenWifi {
}
void RESTAPIHandler::PrintBindings() {
for (const auto &[key, value] : Bindings_)
for (auto &[key, value] : Bindings_)
std::cout << "Key = " << key << " Value= " << value << std::endl;
}
void RESTAPIHandler::ParseParameters() {
Poco::URI uri(Request->getURI());
void RESTAPIHandler::ParseParameters(Poco::Net::HTTPServerRequest &request) {
Poco::URI uri(request.getURI());
Parameters_ = uri.getQueryParameters();
InitQueryBlock();
}
static bool is_number(const std::string &s) {
@@ -114,40 +80,35 @@ namespace OpenWifi {
}
uint64_t RESTAPIHandler::GetParameter(const std::string &Name, const uint64_t Default) {
auto Hint = std::find_if(Parameters_.begin(),Parameters_.end(),[Name](const std::pair<std::string,std::string> &S){ return S.first==Name; });
if(Hint==Parameters_.end() || !is_number(Hint->second))
return Default;
return std::stoull(Hint->second);
for (const auto &i : Parameters_) {
if (i.first == Name) {
if (!is_number(i.second))
return Default;
return std::stoi(i.second);
}
}
return Default;
}
bool RESTAPIHandler::GetBoolParameter(const std::string &Name, bool Default) {
auto Hint = std::find_if(begin(Parameters_),end(Parameters_),[Name](const std::pair<std::string,std::string> &S){ return S.first==Name; });
if(Hint==end(Parameters_) || !is_bool(Hint->second))
return Default;
return Hint->second=="true";
for (const auto &i : Parameters_) {
if (i.first == Name) {
if (!is_bool(i.second))
return Default;
return i.second == "true";
}
}
return Default;
}
std::string RESTAPIHandler::GetParameter(const std::string &Name, const std::string &Default) {
auto Hint = std::find_if(begin(Parameters_),end(Parameters_),[Name](const std::pair<std::string,std::string> &S){ return S.first==Name; });
if(Hint==end(Parameters_))
return Default;
return Hint->second;
}
bool RESTAPIHandler::HasParameter(const std::string &Name, std::string &Value) {
auto Hint = std::find_if(begin(Parameters_),end(Parameters_),[Name](const std::pair<std::string,std::string> &S){ return S.first==Name; });
if(Hint==end(Parameters_))
return false;
Value = Hint->second;
return true;
}
bool RESTAPIHandler::HasParameter(const std::string &Name, uint64_t & Value) {
auto Hint = std::find_if(begin(Parameters_),end(Parameters_),[Name](const std::pair<std::string,std::string> &S){ return S.first==Name; });
if(Hint==end(Parameters_))
return false;
Value = std::stoull(Hint->second);
return true;
for (const auto &i : Parameters_) {
if (i.first == Name)
return i.second;
}
return Default;
}
const std::string &RESTAPIHandler::GetBinding(const std::string &Name, const std::string &Default) {
@@ -169,225 +130,202 @@ namespace OpenWifi {
return Return;
}
bool RESTAPIHandler::AssignIfPresent(const Poco::JSON::Object::Ptr &O, const std::string &Field, std::string &Value) {
if(O->has(Field)) {
Value = O->get(Field).toString();
return true;
}
return false;
}
bool RESTAPIHandler::AssignIfPresent(const Poco::JSON::Object::Ptr &O, const std::string &Field, uint64_t &Value) {
if(O->has(Field)) {
Value = O->get(Field);
return true;
}
return false;
}
void RESTAPIHandler::AddCORS() {
auto Origin = Request->find("Origin");
if (Origin != Request->end()) {
Response->set("Access-Control-Allow-Origin", Origin->second);
Response->set("Vary", "Origin");
void RESTAPIHandler::AddCORS(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
auto Origin = Request.find("Origin");
if (Origin != Request.end()) {
Response.set("Access-Control-Allow-Origin", Origin->second);
Response.set("Vary", "Origin");
} else {
Response->set("Access-Control-Allow-Origin", "*");
Response.set("Access-Control-Allow-Origin", "*");
}
Response->set("Access-Control-Allow-Headers", "*");
Response->set("Access-Control-Allow-Methods", MakeList(Methods_));
Response->set("Access-Control-Max-Age", "86400");
Response.set("Access-Control-Allow-Headers", "*");
Response.set("Access-Control-Allow-Methods", MakeList(Methods_));
Response.set("Access-Control-Max-Age", "86400");
}
void RESTAPIHandler::SetCommonHeaders(bool CloseConnection) {
Response->setVersion(Poco::Net::HTTPMessage::HTTP_1_1);
Response->setChunkedTransferEncoding(true);
Response->setContentType("application/json");
void RESTAPIHandler::SetCommonHeaders(Poco::Net::HTTPServerResponse &Response, bool CloseConnection) {
Response.setVersion(Poco::Net::HTTPMessage::HTTP_1_1);
Response.setChunkedTransferEncoding(true);
Response.setContentType("application/json");
if(CloseConnection) {
Response->set("Connection", "close");
Response->setKeepAlive(false);
Response.set("Connection", "close");
Response.setKeepAlive(false);
} else {
Response->setKeepAlive(true);
Response->set("Connection", "Keep-Alive");
Response->set("Keep-Alive", "timeout=5, max=1000");
Response.setKeepAlive(true);
Response.set("Connection", "Keep-Alive");
Response.set("Keep-Alive", "timeout=5, max=1000");
}
}
void RESTAPIHandler::ProcessOptions() {
AddCORS();
SetCommonHeaders();
Response->setContentLength(0);
Response->set("Access-Control-Allow-Credentials", "true");
Response->setStatus(Poco::Net::HTTPResponse::HTTP_OK);
Response->set("Vary", "Origin, Access-Control-Request-Headers, Access-Control-Request-Method");
Response->send();
void RESTAPIHandler::ProcessOptions(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
AddCORS(Request, Response);
SetCommonHeaders(Response);
Response.setContentLength(0);
Response.set("Access-Control-Allow-Credentials", "true");
Response.setStatus(Poco::Net::HTTPResponse::HTTP_OK);
Response.set("Vary", "Origin, Access-Control-Request-Headers, Access-Control-Request-Method");
/* std::cout << "RESPONSE:" << std::endl;
for(const auto &[f,s]:Response)
std::cout << "First: " << f << " second:" << s << std::endl;
*/
Response.send();
}
void RESTAPIHandler::PrepareResponse( Poco::Net::HTTPResponse::HTTPStatus Status,
void RESTAPIHandler::PrepareResponse(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response,
Poco::Net::HTTPResponse::HTTPStatus Status,
bool CloseConnection) {
Response->setStatus(Status);
AddCORS();
SetCommonHeaders(CloseConnection);
Response.setStatus(Status);
AddCORS(Request, Response);
SetCommonHeaders(Response, CloseConnection);
}
void RESTAPIHandler::BadRequest(const std::string & Reason) {
PrepareResponse(Poco::Net::HTTPResponse::HTTP_BAD_REQUEST);
void RESTAPIHandler::BadRequest(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response,
const std::string & Reason) {
PrepareResponse(Request, Response, Poco::Net::HTTPResponse::HTTP_BAD_REQUEST);
Poco::JSON::Object ErrorObject;
ErrorObject.set("ErrorCode",400);
ErrorObject.set("ErrorDetails",Request->getMethod());
ErrorObject.set("ErrorCode",500);
ErrorObject.set("ErrorDetails",Request.getMethod());
ErrorObject.set("ErrorDescription",Reason.empty() ? "Command is missing parameters or wrong values." : Reason) ;
std::ostream &Answer = Response->send();
std::ostream &Answer = Response.send();
Poco::JSON::Stringifier::stringify(ErrorObject, Answer);
}
void RESTAPIHandler::InternalError(const std::string & Reason) {
PrepareResponse(Poco::Net::HTTPResponse::HTTP_INTERNAL_SERVER_ERROR);
Poco::JSON::Object ErrorObject;
ErrorObject.set("ErrorCode",500);
ErrorObject.set("ErrorDetails",Request->getMethod());
ErrorObject.set("ErrorDescription",Reason.empty() ? "Please try later or review the data submitted." : Reason) ;
std::ostream &Answer = Response->send();
Poco::JSON::Stringifier::stringify(ErrorObject, Answer);
}
void RESTAPIHandler::UnAuthorized(const std::string & Reason) {
PrepareResponse(Poco::Net::HTTPResponse::HTTP_FORBIDDEN);
void RESTAPIHandler::UnAuthorized(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response,
const std::string & Reason) {
PrepareResponse(Request, Response, Poco::Net::HTTPResponse::HTTP_FORBIDDEN);
Poco::JSON::Object ErrorObject;
ErrorObject.set("ErrorCode",403);
ErrorObject.set("ErrorDetails",Request->getMethod());
ErrorObject.set("ErrorDetails",Request.getMethod());
ErrorObject.set("ErrorDescription",Reason.empty() ? "No access allowed." : Reason) ;
std::ostream &Answer = Response->send();
std::ostream &Answer = Response.send();
Poco::JSON::Stringifier::stringify(ErrorObject, Answer);
}
void RESTAPIHandler::NotFound() {
PrepareResponse(Poco::Net::HTTPResponse::HTTP_NOT_FOUND);
void RESTAPIHandler::NotFound(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
PrepareResponse(Request, Response, Poco::Net::HTTPResponse::HTTP_NOT_FOUND);
Poco::JSON::Object ErrorObject;
ErrorObject.set("ErrorCode",404);
ErrorObject.set("ErrorDetails",Request->getMethod());
ErrorObject.set("ErrorDetails",Request.getMethod());
ErrorObject.set("ErrorDescription","This resource does not exist.");
std::ostream &Answer = Response->send();
std::ostream &Answer = Response.send();
Poco::JSON::Stringifier::stringify(ErrorObject, Answer);
Logger_.debug(Poco::format("RES-NOTFOUND: User='%s' Method='%s' Path='%s",
Utils::FormatIPv6(Request->clientAddress().toString()),
Request->getMethod(),
Request->getURI()));
}
void RESTAPIHandler::OK() {
PrepareResponse();
if( Request->getMethod()==Poco::Net::HTTPRequest::HTTP_DELETE ||
Request->getMethod()==Poco::Net::HTTPRequest::HTTP_OPTIONS) {
Response->send();
void RESTAPIHandler::OK(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
PrepareResponse(Request, Response);
if( Request.getMethod()==Poco::Net::HTTPRequest::HTTP_DELETE ||
Request.getMethod()==Poco::Net::HTTPRequest::HTTP_OPTIONS) {
Response.send();
} else {
Poco::JSON::Object ErrorObject;
ErrorObject.set("Code", 0);
ErrorObject.set("Operation", Request->getMethod());
ErrorObject.set("Operation", Request.getMethod());
ErrorObject.set("Details", "Command completed.");
std::ostream &Answer = Response->send();
std::ostream &Answer = Response.send();
Poco::JSON::Stringifier::stringify(ErrorObject, Answer);
}
}
void RESTAPIHandler::SendFile(Poco::File & File, const std::string & UUID) {
Response->set("Content-Type","application/octet-stream");
Response->set("Content-Disposition", "attachment; filename=" + UUID );
Response->set("Content-Transfer-Encoding","binary");
Response->set("Accept-Ranges", "bytes");
Response->set("Cache-Control", "private");
Response->set("Pragma", "private");
Response->set("Expires", "Mon, 26 Jul 2027 05:00:00 GMT");
Response->set("Content-Length", std::to_string(File.getSize()));
AddCORS();
Response->sendFile(File.path(),"application/octet-stream");
void RESTAPIHandler::SendFile(Poco::File & File, const std::string & UUID, Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
Response.set("Content-Type","application/octet-stream");
Response.set("Content-Disposition", "attachment; filename=" + UUID );
Response.set("Content-Transfer-Encoding","binary");
Response.set("Accept-Ranges", "bytes");
Response.set("Cache-Control", "private");
Response.set("Pragma", "private");
Response.set("Expires", "Mon, 26 Jul 2027 05:00:00 GMT");
Response.set("Content-Length", std::to_string(File.getSize()));
AddCORS(Request, Response);
Response.sendFile(File.path(),"application/octet-stream");
}
void RESTAPIHandler::SendFile(Poco::File & File) {
void RESTAPIHandler::SendFile(Poco::File & File, Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
Poco::Path P(File.path());
auto MT = Utils::FindMediaType(File);
if(MT.Encoding==Utils::BINARY) {
Response->set("Content-Transfer-Encoding","binary");
Response->set("Accept-Ranges", "bytes");
Response.set("Content-Transfer-Encoding","binary");
Response.set("Accept-Ranges", "bytes");
}
Response->set("Cache-Control", "private");
Response->set("Pragma", "private");
Response->set("Expires", "Mon, 26 Jul 2027 05:00:00 GMT");
AddCORS();
Response->sendFile(File.path(),MT.ContentType);
Response.set("Cache-Control", "private");
Response.set("Pragma", "private");
Response.set("Expires", "Mon, 26 Jul 2027 05:00:00 GMT");
AddCORS(Request, Response);
Response.sendFile(File.path(),MT.ContentType);
}
void RESTAPIHandler::SendFile(Poco::TemporaryFile &TempAvatar, const std::string &Type, const std::string & Name) {
void RESTAPIHandler::SendFile(Poco::TemporaryFile &TempAvatar, const std::string &Type, const std::string & Name, Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
auto MT = Utils::FindMediaType(Name);
if(MT.Encoding==Utils::BINARY) {
Response->set("Content-Transfer-Encoding","binary");
Response->set("Accept-Ranges", "bytes");
Response.set("Content-Transfer-Encoding","binary");
Response.set("Accept-Ranges", "bytes");
}
Response->set("Content-Disposition", "attachment; filename=" + Name );
Response->set("Accept-Ranges", "bytes");
Response->set("Cache-Control", "private");
Response->set("Pragma", "private");
Response->set("Expires", "Mon, 26 Jul 2027 05:00:00 GMT");
AddCORS();
Response->sendFile(TempAvatar.path(),MT.ContentType);
Response.set("Content-Disposition", "attachment; filename=" + Name );
Response.set("Accept-Ranges", "bytes");
Response.set("Cache-Control", "private");
Response.set("Pragma", "private");
Response.set("Expires", "Mon, 26 Jul 2027 05:00:00 GMT");
AddCORS(Request, Response);
Response.sendFile(TempAvatar.path(),MT.ContentType);
}
void RESTAPIHandler::SendHTMLFileBack(Poco::File & File,
Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response ,
const Types::StringPairVec & FormVars) {
Response->set("Pragma", "private");
Response->set("Expires", "Mon, 26 Jul 2027 05:00:00 GMT");
Response->set("Content-Length", std::to_string(File.getSize()));
AddCORS();
Response.set("Pragma", "private");
Response.set("Expires", "Mon, 26 Jul 2027 05:00:00 GMT");
Response.set("Content-Length", std::to_string(File.getSize()));
AddCORS(Request, Response);
auto FormContent = Utils::LoadFile(File.path());
Utils::ReplaceVariables(FormContent, FormVars);
Response->setChunkedTransferEncoding(true);
Response->setContentType("text/html");
std::ostream& ostr = Response->send();
Response.setChunkedTransferEncoding(true);
Response.setContentType("text/html");
std::ostream& ostr = Response.send();
ostr << FormContent;
}
void RESTAPIHandler::ReturnStatus(Poco::Net::HTTPResponse::HTTPStatus Status, bool CloseConnection) {
PrepareResponse(Status, CloseConnection);
void RESTAPIHandler::ReturnStatus(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response,
Poco::Net::HTTPResponse::HTTPStatus Status,
bool CloseConnection) {
PrepareResponse(Request, Response, Status, CloseConnection);
if(Status == Poco::Net::HTTPResponse::HTTP_NO_CONTENT) {
Response->setContentLength(0);
Response->erase("Content-Type");
Response->setChunkedTransferEncoding(false);
Response.setContentLength(0);
Response.erase("Content-Type");
Response.setChunkedTransferEncoding(false);
}
Response->send();
Response.send();
}
bool RESTAPIHandler::ContinueProcessing() {
if (Request->getMethod() == Poco::Net::HTTPRequest::HTTP_OPTIONS) {
ProcessOptions();
bool RESTAPIHandler::ContinueProcessing(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
if (Request.getMethod() == Poco::Net::HTTPRequest::HTTP_OPTIONS) {
ProcessOptions(Request, Response);
return false;
} else if (std::find(Methods_.begin(), Methods_.end(), Request->getMethod()) == Methods_.end()) {
BadRequest(RESTAPI::Errors::UnsupportedHTTPMethod);
} else if (std::find(Methods_.begin(), Methods_.end(), Request.getMethod()) == Methods_.end()) {
BadRequest(Request, Response);
return false;
}
return true;
}
bool RESTAPIHandler::IsAuthorized() {
bool RESTAPIHandler::IsAuthorized(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
if(Internal_) {
auto Allowed = Daemon()->IsValidAPIKEY(*Request);
if(!Allowed) {
if(Server_.LogBadTokens(false)) {
Logger_.debug(Poco::format("I-REQ-DENIED(%s): Method='%s' Path='%s",
Utils::FormatIPv6(Request->clientAddress().toString()),
Request->getMethod(), Request->getURI()));
}
} else {
auto Id = Request->get("X-INTERNAL-NAME", "unknown");
if(Server_.LogIt(Request->getMethod(),true)) {
Logger_.debug(Poco::format("I-REQ-ALLOWED(%s): User='%s' Method='%s' Path='%s",
Utils::FormatIPv6(Request->clientAddress().toString()), Id,
Request->getMethod(), Request->getURI()));
}
}
return Allowed;
return Daemon()->IsValidAPIKEY(Request);
} else {
if (SessionToken_.empty()) {
try {
Poco::Net::OAuth20Credentials Auth(*Request);
Poco::Net::OAuth20Credentials Auth(Request);
if (Auth.getScheme() == "Bearer") {
SessionToken_ = Auth.getBearerToken();
}
@@ -396,47 +334,37 @@ namespace OpenWifi {
}
}
#ifdef TIP_SECURITY_SERVICE
if (AuthService()->IsAuthorized(*Request, SessionToken_, UserInfo_)) {
if (AuthService()->IsAuthorized(Request, SessionToken_, UserInfo_)) {
#else
if (AuthClient()->IsAuthorized(*Request, SessionToken_, UserInfo_)) {
if (AuthClient()->IsAuthorized(Request, SessionToken_, UserInfo_)) {
#endif
if(Server_.LogIt(Request->getMethod(),true)) {
Logger_.debug(Poco::format("X-REQ-ALLOWED(%s): User='%s@%s' Method='%s' Path='%s",
Utils::FormatIPv6(Request->clientAddress().toString()),
UserInfo_.userinfo.email,
Request->clientAddress().toString(),
Request->getMethod(),
Request->getURI()));
}
return true;
} else {
if(Server_.LogBadTokens(true)) {
Logger_.debug(Poco::format("X-REQ-DENIED(%s): Method='%s' Path='%s",
Utils::FormatIPv6(Request->clientAddress().toString()),
Request->getMethod(), Request->getURI()));
}
UnAuthorized();
UnAuthorized(Request, Response);
}
return false;
}
}
void RESTAPIHandler::ReturnObject(Poco::JSON::Object &Object) {
PrepareResponse();
std::ostream &Answer = Response->send();
/*
bool RESTAPIHandler::ValidateAPIKey(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
auto Key = Request.get("X-API-KEY", "");
if (Key.empty())
return false;
return true;
}
*/
void RESTAPIHandler::ReturnObject(Poco::Net::HTTPServerRequest &Request, Poco::JSON::Object &Object,
Poco::Net::HTTPServerResponse &Response) {
PrepareResponse(Request, Response);
std::ostream &Answer = Response.send();
Poco::JSON::Stringifier::stringify(Object, Answer);
}
void RESTAPIHandler::ReturnCountOnly(uint64_t Count) {
Poco::JSON::Object Answer;
Answer.set("count", Count);
ReturnObject(Answer);
}
bool RESTAPIHandler::InitQueryBlock() {
if(QueryBlockInitialized_)
return true;
QueryBlockInitialized_=true;
QB_.SerialNumber = GetParameter(RESTAPI::Protocol::SERIALNUMBER, "");
QB_.StartDate = GetParameter(RESTAPI::Protocol::STARTDATE, 0);
QB_.EndDate = GetParameter(RESTAPI::Protocol::ENDDATE, 0);
@@ -448,10 +376,8 @@ namespace OpenWifi {
QB_.LogType = GetParameter(RESTAPI::Protocol::LOGTYPE,0);
QB_.LastOnly = GetBoolParameter(RESTAPI::Protocol::LASTONLY,false);
QB_.Newest = GetBoolParameter(RESTAPI::Protocol::NEWEST,false);
QB_.CountOnly = GetBoolParameter(RESTAPI::Protocol::COUNTONLY,false);
if(QB_.Offset<1)
QB_.Offset=1;
if(QB_.Offset<1) return false;
return true;
}
@@ -476,4 +402,6 @@ namespace OpenWifi {
[[nodiscard]] uint64_t RESTAPIHandler::GetWhen(const Poco::JSON::Object::Ptr &Obj) {
return RESTAPIHandler::Get(RESTAPI::Protocol::WHEN, Obj);
}
}

118
src/RESTAPI_handler.h
View File

@@ -25,8 +25,6 @@
#include "Poco/NullStream.h"
#include "RESTAPI_SecurityObjects.h"
#include "RESTAPI_utils.h"
#include "RESTAPI_GenericServer.h"
namespace OpenWifi {
@@ -88,78 +86,66 @@ namespace OpenWifi {
struct QueryBlock {
uint64_t StartDate = 0 , EndDate = 0 , Offset = 0 , Limit = 0, LogType = 0 ;
std::string SerialNumber, Filter, Select;
bool Lifetime=false, LastOnly=false, Newest=false, CountOnly=false;
bool Lifetime=false, LastOnly=false, Newest=false;
};
typedef std::map<std::string, std::string> BindingMap;
RESTAPIHandler(BindingMap map, Poco::Logger &l, std::vector<std::string> Methods, RESTAPI_GenericServer & Server, bool Internal=false, bool AlwaysAuthorize=true)
: Bindings_(std::move(map)), Logger_(l), Methods_(std::move(Methods)), Server_(Server), Internal_(Internal), AlwaysAuthorize_(AlwaysAuthorize) {}
RESTAPIHandler(BindingMap map, Poco::Logger &l, std::vector<std::string> Methods, bool Internal=false)
: Bindings_(std::move(map)), Logger_(l), Methods_(std::move(Methods)), Internal_(Internal) {}
static bool ParseBindings(const std::string & Request, const std::list<const char *> & EndPoints, BindingMap &Keys);
void PrintBindings();
void ParseParameters();
void ParseParameters(Poco::Net::HTTPServerRequest &request);
void AddCORS();
void SetCommonHeaders(bool CloseConnection=false);
void ProcessOptions();
void AddCORS(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &response);
void SetCommonHeaders(Poco::Net::HTTPServerResponse &response, bool CloseConnection=false);
void ProcessOptions(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &response);
void
PrepareResponse(Poco::Net::HTTPResponse::HTTPStatus Status = Poco::Net::HTTPResponse::HTTP_OK,
PrepareResponse(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &response,
Poco::Net::HTTPResponse::HTTPStatus Status = Poco::Net::HTTPResponse::HTTP_OK,
bool CloseConnection = false);
bool ContinueProcessing();
bool IsAuthorized();
bool ContinueProcessing(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response);
bool IsAuthorized(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response);
/* bool ValidateAPIKey(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response); */
uint64_t GetParameter(const std::string &Name, uint64_t Default);
std::string GetParameter(const std::string &Name, const std::string &Default);
bool GetBoolParameter(const std::string &Name, bool Default);
void BadRequest(const std::string &Reason );
void InternalError(const std::string &Reason = "");
void UnAuthorized(const std::string &Reason = "");
void ReturnObject(Poco::JSON::Object &Object);
void NotFound();
void OK();
void ReturnStatus(Poco::Net::HTTPResponse::HTTPStatus Status,
void BadRequest(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response, const std::string &Reason = "");
void UnAuthorized(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response, const std::string &Reason = "");
void ReturnObject(Poco::Net::HTTPServerRequest &Request, Poco::JSON::Object &Object,
Poco::Net::HTTPServerResponse &Response);
void NotFound(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
void OK(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
void ReturnStatus(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response,
Poco::Net::HTTPResponse::HTTPStatus Status,
bool CloseConnection=false);
void SendFile(Poco::File & File, const std::string & UUID);
void SendFile(Poco::File & File, const std::string & UUID,
Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
void SendHTMLFileBack(Poco::File & File,
Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response ,
const Types::StringPairVec & FormVars);
void SendFile(Poco::TemporaryFile &TempAvatar, const std::string &Type, const std::string & Name);
void SendFile(Poco::TemporaryFile &TempAvatar, const std::string &Type, const std::string & Name, Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
void SendFile(Poco::File & File);
void SendFile(Poco::File & File, Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
const std::string &GetBinding(const std::string &Name, const std::string &Default);
bool InitQueryBlock();
void ReturnCountOnly(uint64_t Count);
[[nodiscard]] static uint64_t Get(const char *Parameter,const Poco::JSON::Object::Ptr &Obj, uint64_t Default=0);
[[nodiscard]] static std::string GetS(const char *Parameter,const Poco::JSON::Object::Ptr &Obj, const std::string & Default="");
[[nodiscard]] static bool GetB(const char *Parameter,const Poco::JSON::Object::Ptr &Obj, bool Default=false);
[[nodiscard]] static uint64_t GetWhen(const Poco::JSON::Object::Ptr &Obj);
bool HasParameter(const std::string &QueryParameter, std::string &Value);
bool HasParameter(const std::string &QueryParameter, uint64_t & Value);
static bool AssignIfPresent(const Poco::JSON::Object::Ptr &O, const std::string &Field, std::string &Value);
static bool AssignIfPresent(const Poco::JSON::Object::Ptr &O, const std::string &Field, uint64_t &Value);
template<typename T> void ReturnObject(const char *Name, const std::vector<T> & Objects) {
Poco::JSON::Object Answer;
RESTAPI_utils::field_to_json(Answer,Name,Objects);
ReturnObject(Answer);
}
Poco::Logger & Logger() { return Logger_; }
void handleRequest(Poco::Net::HTTPServerRequest &request,
Poco::Net::HTTPServerResponse &response) final;
virtual void DoGet() = 0 ;
virtual void DoDelete() = 0 ;
virtual void DoPost() = 0 ;
virtual void DoPut() = 0 ;
const Poco::JSON::Object::Ptr & ParseStream();
protected:
BindingMap Bindings_;
@@ -170,23 +156,19 @@ namespace OpenWifi {
std::vector<std::string> Methods_;
QueryBlock QB_;
bool Internal_=false;
bool QueryBlockInitialized_=false;
Poco::Net::HTTPServerRequest *Request= nullptr;
Poco::Net::HTTPServerResponse *Response= nullptr;
bool AlwaysAuthorize_=true;
Poco::JSON::Parser IncomingParser_;
RESTAPI_GenericServer & Server_;
};
class RESTAPI_UnknownRequestHandler : public RESTAPIHandler {
public:
RESTAPI_UnknownRequestHandler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer & Server)
: RESTAPIHandler(bindings, L, std::vector<std::string>{}, Server) {}
inline void DoGet() override {};
inline void DoPost() override {};
inline void DoPut() override {};
inline void DoDelete() override {};
};
RESTAPI_UnknownRequestHandler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L)
: RESTAPIHandler(bindings, L, std::vector<std::string>{}) {}
void handleRequest(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) override {
if (!IsAuthorized(Request, Response))
return;
BadRequest(Request, Response, "Unknown API endpoint");
}
};
template<class T>
constexpr auto test_has_PathName_method(T*)
@@ -200,30 +182,30 @@ namespace OpenWifi {
}
template<typename T, typename... Args>
RESTAPIHandler * RESTAPI_Router(const std::string & RequestedPath, RESTAPIHandler::BindingMap &Bindings, Poco::Logger & Logger, RESTAPI_GenericServer & Server) {
RESTAPIHandler * RESTAPI_Router(const std::string & RequestedPath, RESTAPIHandler::BindingMap &Bindings, Poco::Logger & Logger ) {
static_assert(test_has_PathName_method((T*)nullptr), "Class must have a static PathName() method.");
if(RESTAPIHandler::ParseBindings(RequestedPath,T::PathName(),Bindings)) {
return new T(Bindings, Logger, Server, false);
return new T(Bindings, Logger, false);
}
if constexpr (sizeof...(Args) == 0) {
return new RESTAPI_UnknownRequestHandler(Bindings,Logger, Server);
return new RESTAPI_UnknownRequestHandler(Bindings,Logger);
} else {
return RESTAPI_Router<Args...>(RequestedPath, Bindings, Logger, Server);
return RESTAPI_Router<Args...>(RequestedPath, Bindings, Logger);
}
}
template<typename T, typename... Args>
RESTAPIHandler * RESTAPI_Router_I(const std::string & RequestedPath, RESTAPIHandler::BindingMap &Bindings, Poco::Logger & Logger, RESTAPI_GenericServer & Server) {
RESTAPIHandler * RESTAPI_Router_I(const std::string & RequestedPath, RESTAPIHandler::BindingMap &Bindings, Poco::Logger & Logger) {
static_assert(test_has_PathName_method((T*)nullptr), "Class must have a static PathName() method.");
if(RESTAPIHandler::ParseBindings(RequestedPath,T::PathName(),Bindings)) {
return new T(Bindings, Logger, Server, true);
return new T(Bindings, Logger, true);
}
if constexpr (sizeof...(Args) == 0) {
return new RESTAPI_UnknownRequestHandler(Bindings,Logger, Server);
return new RESTAPI_UnknownRequestHandler(Bindings,Logger);
} else {
return RESTAPI_Router_I<Args...>(RequestedPath, Bindings, Logger, Server);
return RESTAPI_Router_I<Args...>(RequestedPath, Bindings, Logger);
}
}

160
src/RESTAPI_oauth2Handler.cpp
View File

@@ -16,85 +16,97 @@
#include "Utils.h"
namespace OpenWifi {
void RESTAPI_oauth2Handler::DoGet() {
if (!IsAuthorized()) {
UnAuthorized("Not authorized.");
return;
}
bool GetMe = GetBoolParameter(RESTAPI::Protocol::ME, false);
if(GetMe) {
Logger_.information(Poco::format("REQUEST-ME(%s): Request for %s", Request->clientAddress().toString(), UserInfo_.userinfo.email));
Poco::JSON::Object Me;
UserInfo_.userinfo.to_json(Me);
ReturnObject(Me);
return;
}
BadRequest("Ill-formed request. Please consult documentation.");
}
void RESTAPI_oauth2Handler::handleRequest(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
void RESTAPI_oauth2Handler::DoDelete() {
if (!IsAuthorized()) {
UnAuthorized("Not authorized.");
return;
}
auto Token = GetBinding(RESTAPI::Protocol::TOKEN, "...");
if (Token == SessionToken_) {
AuthService()->Logout(Token);
ReturnStatus(Poco::Net::HTTPResponse::HTTP_NO_CONTENT, true);
} else {
Logger_.information(Poco::format("BAD-LOGOUT(%s): Request for %s", Request->clientAddress().toString(), UserInfo_.userinfo.email));
NotFound();
}
}
if (!ContinueProcessing(Request, Response))
return;
void RESTAPI_oauth2Handler::DoPost() {
auto Obj = ParseStream();
auto userId = GetS(RESTAPI::Protocol::USERID, Obj);
auto password = GetS(RESTAPI::Protocol::PASSWORD, Obj);
auto newPassword = GetS(RESTAPI::Protocol::NEWPASSWORD, Obj);
Poco::toLowerInPlace(userId);
try {
ParseParameters(Request);
if (Request.getMethod() == Poco::Net::HTTPServerRequest::HTTP_POST) {
// Extract the info for login...
Poco::JSON::Parser parser;
Poco::JSON::Object::Ptr Obj = parser.parse(Request.stream()).extract<Poco::JSON::Object::Ptr>();
if(GetBoolParameter(RESTAPI::Protocol::REQUIREMENTS, false)) {
Logger_.information(Poco::format("POLICY-REQUEST(%s): Request.", Request->clientAddress().toString()));
Poco::JSON::Object Answer;
Answer.set(RESTAPI::Protocol::PASSWORDPATTERN, AuthService()->PasswordValidationExpression());
Answer.set(RESTAPI::Protocol::ACCESSPOLICY, RESTAPI_Server()->GetAccessPolicy());
Answer.set(RESTAPI::Protocol::PASSWORDPOLICY, RESTAPI_Server()->GetPasswordPolicy());
ReturnObject(Answer);
return;
}
auto userId = GetS(RESTAPI::Protocol::USERID, Obj);
auto password = GetS(RESTAPI::Protocol::PASSWORD, Obj);
auto newPassword = GetS(RESTAPI::Protocol::NEWPASSWORD, Obj);
if(GetBoolParameter(RESTAPI::Protocol::FORGOTPASSWORD,false)) {
// Send an email to the userId
Logger_.information(Poco::format("FORGOTTEN-PASSWORD(%s): Request for %s", Request->clientAddress().toString(), userId));
SecurityObjects::UserInfoAndPolicy UInfo;
if(AuthService::SendEmailToUser(userId,AuthService::FORGOT_PASSWORD))
Logger_.information(Poco::format("Send password reset link to %s",userId));
UInfo.webtoken.userMustChangePassword=true;
Poco::JSON::Object ReturnObj;
UInfo.webtoken.to_json(ReturnObj);
ReturnObject(ReturnObj);
return;
}
if(GetBoolParameter(RESTAPI::Protocol::REQUIREMENTS, false)) {
Poco::JSON::Object Answer;
Answer.set(RESTAPI::Protocol::PASSWORDPATTERN, AuthService()->PasswordValidationExpression());
Answer.set(RESTAPI::Protocol::ACCESSPOLICY, RESTAPI_Server()->GetAccessPolicy());
Answer.set(RESTAPI::Protocol::PASSWORDPOLICY, RESTAPI_Server()->GetPasswordPolicy());
ReturnObject(Request, Answer, Response);
return;
}
SecurityObjects::UserInfoAndPolicy UInfo;
if(GetBoolParameter(RESTAPI::Protocol::FORGOTPASSWORD,false)) {
// Send an email to the userId
SecurityObjects::UserInfoAndPolicy UInfo;
if(AuthService::SendEmailToUser(userId,AuthService::FORGOT_PASSWORD))
Logger_.information(Poco::format("Send password reset link to %s",userId));
UInfo.webtoken.userMustChangePassword=true;
Poco::JSON::Object ReturnObj;
UInfo.webtoken.to_json(ReturnObj);
ReturnObject(Request, ReturnObj, Response);
return;
}
auto Code=AuthService()->Authorize(userId, password, newPassword, UInfo);
if (Code==AuthService::SUCCESS) {
Poco::JSON::Object ReturnObj;
UInfo.webtoken.to_json(ReturnObj);
ReturnObject(ReturnObj);
return;
} else {
switch(Code) {
case AuthService::INVALID_CREDENTIALS: UnAuthorized("Unrecognized credentials (username/password)."); break;
case AuthService::PASSWORD_INVALID: UnAuthorized("Invalid password."); break;
case AuthService::PASSWORD_ALREADY_USED: UnAuthorized("Password already used previously."); break;
case AuthService::USERNAME_PENDING_VERIFICATION: UnAuthorized("User access pending email verification."); break;
case AuthService::PASSWORD_CHANGE_REQUIRED: UnAuthorized("Password change expected."); break;
default: UnAuthorized("Unrecognized credentials (username/password)."); break;
}
return;
}
Poco::toLowerInPlace(userId);
SecurityObjects::UserInfoAndPolicy UInfo;
auto Code=AuthService()->Authorize(userId, password, newPassword, UInfo);
if (Code==AuthService::SUCCESS) {
Poco::JSON::Object ReturnObj;
UInfo.webtoken.to_json(ReturnObj);
ReturnObject(Request, ReturnObj, Response);
return;
} else {
switch(Code) {
case AuthService::INVALID_CREDENTIALS: UnAuthorized(Request, Response, "Unrecognized credentials (username/password)."); break;
case AuthService::PASSWORD_INVALID: UnAuthorized(Request, Response, "Invalid password."); break;
case AuthService::PASSWORD_ALREADY_USED: UnAuthorized(Request, Response, "Password already used previously."); break;
case AuthService::USERNAME_PENDING_VERIFICATION: UnAuthorized(Request, Response, "User access pending email verification."); break;
case AuthService::PASSWORD_CHANGE_REQUIRED: UnAuthorized(Request, Response, "Password change expected."); break;
default: UnAuthorized(Request, Response, "Unrecognized credentials (username/password)."); break;
}
return;
}
} else if (Request.getMethod() == Poco::Net::HTTPServerRequest::HTTP_DELETE) {
if (!IsAuthorized(Request, Response)) {
UnAuthorized(Request, Response, "Not authorized.");
return;
}
auto Token = GetBinding(RESTAPI::Protocol::TOKEN, "...");
if (Token == SessionToken_) {
AuthService()->Logout(Token);
ReturnStatus(Request, Response, Poco::Net::HTTPResponse::HTTP_NO_CONTENT, true);
} else {
NotFound(Request, Response);
}
} else if (Request.getMethod() == Poco::Net::HTTPServerRequest::HTTP_GET) {
if (!IsAuthorized(Request, Response)) {
UnAuthorized(Request, Response, "Not authorized.");
return;
}
bool GetMe = GetBoolParameter(RESTAPI::Protocol::ME, false);
if(GetMe) {
Poco::JSON::Object Me;
UserInfo_.userinfo.to_json(Me);
ReturnObject(Request, Me, Response);
return;
}
BadRequest(Request, Response);
} else {
BadRequest(Request, Response, "Unsupported HTTP method.");
}
return;
} catch (const Poco::Exception &E) {
Logger_.warning(
Poco::format("%s: Failed with: %s", std::string(__func__), E.displayText()));
}
BadRequest(Request, Response);
}
}

11
src/RESTAPI_oauth2Handler.h
View File

@@ -14,19 +14,16 @@
namespace OpenWifi {
class RESTAPI_oauth2Handler : public RESTAPIHandler {
public:
RESTAPI_oauth2Handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, bool Internal)
RESTAPI_oauth2Handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, bool Internal)
: RESTAPIHandler(bindings, L,
std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_POST,
Poco::Net::HTTPRequest::HTTP_DELETE,
Poco::Net::HTTPRequest::HTTP_GET,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Server,
Internal, false) {}
Internal) {}
void handleRequest(Poco::Net::HTTPServerRequest &request,
Poco::Net::HTTPServerResponse &response) override;
static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/oauth2/{token}","/api/v1/oauth2"}; };
void DoGet() final;
void DoPost() final;
void DoDelete() final;
void DoPut() final {};
};
}
#endif //UCENTRAL_RESTAPI_OAUTH2HANDLER_H

8
src/RESTAPI_protocol.h
View File

@@ -69,13 +69,7 @@ namespace OpenWifi::RESTAPI::Protocol {
static const char * COMMANDUUID = "commandUUID";
static const char * FIRMWARES = "firmwares";
static const char * TOPIC = "topic";
static const char * HOST = "host";
static const char * OS = "os";
static const char * HOSTNAME = "hostname";
static const char * PROCESSORS = "processors";
static const char * REASON = "reason";
static const char * RELOAD = "reload";
static const char * SUBSYSTEMS = "subsystems";
static const char * FILEUUID = "uuid";
static const char * USERID = "userId";
static const char * PASSWORD = "password";
@@ -128,8 +122,6 @@ namespace OpenWifi::RESTAPI::Protocol {
static const char * PASSWORDPOLICY = "passwordPolicy";
static const char * FORGOTPASSWORD = "forgotPassword";
static const char * ME = "me";
static const char * TELEMETRY = "telemetry";
static const char * INTERVAL = "interval";
}

27
src/RESTAPI_server.cpp
View File

@@ -19,7 +19,6 @@
#include "RESTAPI_systemEndpoints_handler.h"
#include "RESTAPI_AssetServer.h"
#include "RESTAPI_avatarHandler.h"
#include "RESTAPI_email_handler.h"
#include "Daemon.h"
#include "Utils.h"
@@ -30,11 +29,10 @@ namespace OpenWifi {
int RESTAPI_Server::Start() {
Logger_.information("Starting.");
Server_.InitLogging();
AsserDir_ = Daemon()->ConfigPath("openwifi.restapi.wwwassets");
AccessPolicy_ = Daemon()->ConfigGetString("openwifi.document.policy.access", "/wwwassets/access_policy.html");
PasswordPolicy_ = Daemon()->ConfigGetString("openwifi.document.policy.password", "/wwwassets/possword_policy.html");
AsserDir_ = Daemon()->ConfigPath("ucentral.restapi.wwwassets");
AccessPolicy_ = Daemon()->ConfigGetString("ucentral.document.policy.access", "/wwwassets/access_policy.html");
PasswordPolicy_ = Daemon()->ConfigGetString("ucentral.document.policy.password", "/wwwassets/possword_policy.html");
for(const auto & Svr: ConfigServersList_) {
Logger_.information(Poco::format("Starting: %s:%s Keyfile:%s CertFile: %s", Svr.Address(), std::to_string(Svr.Port()),
@@ -51,14 +49,18 @@ namespace OpenWifi {
Params->setMaxQueued(200);
Params->setKeepAlive(true);
auto NewServer = std::make_unique<Poco::Net::HTTPServer>(new RequestHandlerFactory(Server_), Pool_, Sock, Params);
auto NewServer = std::make_unique<Poco::Net::HTTPServer>(new RequestHandlerFactory, Pool_, Sock, Params);
NewServer->start();
RESTServers_.push_back(std::move(NewServer));
}
return 0;
}
Poco::Net::HTTPRequestHandler *RequestHandlerFactory::createRequestHandler(const Poco::Net::HTTPServerRequest & Request) {
Logger_.debug(Poco::format("REQUEST(%s): %s %s", Utils::FormatIPv6(Request.clientAddress().toString()), Request.getMethod(), Request.getURI()));
Poco::URI uri(Request.getURI());
const auto & Path = uri.getPath();
RESTAPIHandler::BindingMap Bindings;
@@ -70,23 +72,14 @@ namespace OpenWifi {
RESTAPI_AssetServer,
RESTAPI_systemEndpoints_handler,
RESTAPI_action_links,
RESTAPI_avatarHandler,
RESTAPI_email_handler
>(Path,Bindings,Logger_,Server_);
RESTAPI_avatarHandler
>(Path,Bindings,Logger_);
}
void RESTAPI_Server::Stop() {
Logger_.information("Stopping ");
for( const auto & svr : RESTServers_ )
svr->stop();
RESTServers_.clear();
}
void RESTAPI_Server::reinitialize(Poco::Util::Application &self) {
Daemon()->LoadConfigurationFile();
Logger_.information("Reinitializing.");
Stop();
Start();
}
} // namespace

12
src/RESTAPI_server.h
View File

@@ -15,7 +15,6 @@
#include "Poco/Net/HTTPRequestHandlerFactory.h"
#include "Poco/Net/HTTPServerRequest.h"
#include "Poco/Net/NetException.h"
#include "RESTAPI_GenericServer.h"
namespace OpenWifi {
@@ -31,8 +30,6 @@ namespace OpenWifi {
int Start() override;
void Stop() override;
void reinitialize(Poco::Util::Application &self) override;
inline const std::string & AssetDir() { return AsserDir_; }
inline const std::string & GetPasswordPolicy() const { return PasswordPolicy_; }
inline const std::string & GetAccessPolicy() const { return AccessPolicy_; }
@@ -43,10 +40,9 @@ namespace OpenWifi {
std::string AsserDir_;
std::string PasswordPolicy_;
std::string AccessPolicy_;
RESTAPI_GenericServer Server_;
RESTAPI_Server() noexcept:
SubSystemServer("RESTAPIServer", "REST-SRV", "openwifi.restapi")
SubSystemServer("RESTAPIServer", "REST-SRV", "ucentral.restapi")
{
}
};
@@ -55,14 +51,12 @@ namespace OpenWifi {
class RequestHandlerFactory : public Poco::Net::HTTPRequestHandlerFactory {
public:
RequestHandlerFactory(RESTAPI_GenericServer &Server) :
Logger_(RESTAPI_Server()->Logger()),
Server_(Server){}
RequestHandlerFactory() :
Logger_(RESTAPI_Server()->Logger()){}
Poco::Net::HTTPRequestHandler *createRequestHandler(const Poco::Net::HTTPServerRequest &request) override;
private:
Poco::Logger & Logger_;
RESTAPI_GenericServer &Server_;
};

43
src/RESTAPI_systemEndpoints_handler.cpp
View File

@@ -7,19 +7,38 @@
#include "RESTAPI_SecurityObjects.h"
namespace OpenWifi {
void RESTAPI_systemEndpoints_handler::handleRequest(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
void RESTAPI_systemEndpoints_handler::DoGet() {
auto Services = Daemon()->GetServices();
SecurityObjects::SystemEndpointList L;
for(const auto &i:Services) {
SecurityObjects::SystemEndpoint S{
.type = i.Type,
.id = i.Id,
.uri = i.PublicEndPoint};
L.endpoints.push_back(S);
if (!ContinueProcessing(Request, Response))
return;
if (!IsAuthorized(Request, Response))
return;
try {
if (Request.getMethod() == Poco::Net::HTTPRequest::HTTP_GET) {
auto Services = Daemon()->GetServices();
SecurityObjects::SystemEndpointList L;
for(const auto &i:Services) {
SecurityObjects::SystemEndpoint S{
.type = i.Type,
.id = i.Id,
.uri = i.PublicEndPoint};
L.endpoints.push_back(S);
}
Poco::JSON::Object Obj;
L.to_json(Obj);
ReturnObject(Request, Obj, Response);
return;
}
} catch (const Poco::Exception &E) {
Logger_.log(E);
}
Poco::JSON::Object Obj;
L.to_json(Obj);
ReturnObject(Obj);
BadRequest(Request, Response);
}
}

9
src/RESTAPI_systemEndpoints_handler.h
View File

@@ -9,17 +9,14 @@
namespace OpenWifi {
class RESTAPI_systemEndpoints_handler : public RESTAPIHandler {
public:
RESTAPI_systemEndpoints_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, bool Internal)
RESTAPI_systemEndpoints_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, bool Internal)
: RESTAPIHandler(bindings, L,
std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Server,
Internal) {}
void handleRequest(Poco::Net::HTTPServerRequest &request,
Poco::Net::HTTPServerResponse &response) override;
static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/systemEndpoints"}; };
void DoGet() final;
void DoPost() final {};
void DoDelete() final {};
void DoPut() final {};
};
}

220
src/RESTAPI_system_command.cpp
View File

@@ -9,138 +9,124 @@
#include "Poco/Exception.h"
#include "Poco/JSON/Parser.h"
#include "Poco/DateTime.h"
#include "Poco/DateTimeFormat.h"
#include "Daemon.h"
#include "RESTAPI_protocol.h"
#include "RESTAPI_errors.h"
#include <thread>
#include <chrono>
using namespace std::chrono_literals;
namespace OpenWifi {
void RESTAPI_system_command::DoPost() {
auto Obj = ParseStream();
if (Obj->has(RESTAPI::Protocol::COMMAND)) {
auto Command = Poco::toLower(Obj->get(RESTAPI::Protocol::COMMAND).toString());
if (Command == RESTAPI::Protocol::SETLOGLEVEL) {
if (Obj->has(RESTAPI::Protocol::SUBSYSTEMS) &&
Obj->isArray(RESTAPI::Protocol::SUBSYSTEMS)) {
auto ParametersBlock = Obj->getArray(RESTAPI::Protocol::SUBSYSTEMS);
for (const auto &i : *ParametersBlock) {
Poco::JSON::Parser pp;
auto InnerObj = pp.parse(i).extract<Poco::JSON::Object::Ptr>();
if (InnerObj->has(RESTAPI::Protocol::TAG) &&
InnerObj->has(RESTAPI::Protocol::VALUE)) {
auto Name = GetS(RESTAPI::Protocol::TAG, InnerObj);
auto Value = GetS(RESTAPI::Protocol::VALUE, InnerObj);
Daemon()->SetSubsystemLogLevel(Name, Value);
Logger_.information(
Poco::format("Setting log level for %s at %s", Name, Value));
void RESTAPI_system_command::handleRequest(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
if (!ContinueProcessing(Request, Response))
return;
if (!IsAuthorized(Request, Response))
return;
if (Request.getMethod() == Poco::Net::HTTPRequest::HTTP_POST)
DoPost(Request, Response);
else if(Request.getMethod()==Poco::Net::HTTPRequest::HTTP_GET)
DoGet(Request, Response);
else
BadRequest(Request, Response, "Unsupported method.");
}
void RESTAPI_system_command::DoPost(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
try {
Poco::JSON::Parser parser;
auto Obj = parser.parse(Request.stream()).extract<Poco::JSON::Object::Ptr>();
if (Obj->has(RESTAPI::Protocol::COMMAND)) {
auto Command = Poco::toLower(Obj->get(RESTAPI::Protocol::COMMAND).toString());
if (Command == RESTAPI::Protocol::SETLOGLEVEL) {
if (Obj->has(RESTAPI::Protocol::PARAMETERS) &&
Obj->isArray(RESTAPI::Protocol::PARAMETERS)) {
auto ParametersBlock = Obj->getArray(RESTAPI::Protocol::PARAMETERS);
for (const auto &i:*ParametersBlock) {
Poco::JSON::Parser pp;
auto InnerObj = pp.parse(i).extract<Poco::JSON::Object::Ptr>();
if (InnerObj->has(RESTAPI::Protocol::TAG) &&
InnerObj->has(RESTAPI::Protocol::VALUE)) {
auto Name = GetS(RESTAPI::Protocol::TAG, InnerObj);
auto Value = GetS(RESTAPI::Protocol::VALUE, InnerObj);
Daemon()->SetSubsystemLogLevel(Name, Value);
Logger_.information(Poco::format("Setting log level for %s at %s", Name, Value));
}
}
OK(Request, Response);
return;
}
OK();
} else if (Command == RESTAPI::Protocol::GETLOGLEVELS) {
auto CurrentLogLevels = Daemon()->GetLogLevels();
Poco::JSON::Object Result;
Poco::JSON::Array Array;
for(auto &[Name,Level]:CurrentLogLevels) {
Poco::JSON::Object Pair;
Pair.set( RESTAPI::Protocol::TAG,Name);
Pair.set(RESTAPI::Protocol::VALUE,Level);
Array.add(Pair);
}
Result.set(RESTAPI::Protocol::TAGLIST,Array);
ReturnObject(Request,Result,Response);
return;
}
} else if (Command == RESTAPI::Protocol::GETLOGLEVELS) {
auto CurrentLogLevels = Daemon()->GetLogLevels();
Poco::JSON::Object Result;
Poco::JSON::Array Array;
for (auto &[Name, Level] : CurrentLogLevels) {
Poco::JSON::Object Pair;
Pair.set(RESTAPI::Protocol::TAG, Name);
Pair.set(RESTAPI::Protocol::VALUE, Level);
Array.add(Pair);
}
Result.set(RESTAPI::Protocol::TAGLIST, Array);
ReturnObject(Result);
return;
} else if (Command == RESTAPI::Protocol::GETLOGLEVELNAMES) {
Poco::JSON::Object Result;
Poco::JSON::Array LevelNamesArray;
const Types::StringVec &LevelNames = Daemon()->GetLogLevelNames();
for (const auto &i : LevelNames)
LevelNamesArray.add(i);
Result.set(RESTAPI::Protocol::LIST, LevelNamesArray);
ReturnObject(Result);
return;
} else if (Command == RESTAPI::Protocol::GETSUBSYSTEMNAMES) {
Poco::JSON::Object Result;
Poco::JSON::Array LevelNamesArray;
const Types::StringVec &SubSystemNames = Daemon()->GetSubSystems();
for (const auto &i : SubSystemNames)
LevelNamesArray.add(i);
Result.set(RESTAPI::Protocol::LIST, LevelNamesArray);
ReturnObject(Result);
return;
} else if (Command == RESTAPI::Protocol::STATS) {
} else if (Command == RESTAPI::Protocol::GETLOGLEVELNAMES) {
Poco::JSON::Object Result;
Poco::JSON::Array LevelNamesArray;
const Types::StringVec & LevelNames = Daemon()->GetLogLevelNames();
for(const auto &i:LevelNames)
LevelNamesArray.add(i);
Result.set(RESTAPI::Protocol::LIST,LevelNamesArray);
ReturnObject(Request,Result,Response);
return;
} else if (Command == RESTAPI::Protocol::GETSUBSYSTEMNAMES) {
Poco::JSON::Object Result;
Poco::JSON::Array LevelNamesArray;
const Types::StringVec & SubSystemNames = Daemon()->GetSubSystems();
for(const auto &i:SubSystemNames)
LevelNamesArray.add(i);
Result.set(RESTAPI::Protocol::LIST,LevelNamesArray);
ReturnObject(Request,Result,Response);
return;
} else if (Command == RESTAPI::Protocol::STATS) {
} else if (Command == RESTAPI::Protocol::RELOAD) {
if (Obj->has(RESTAPI::Protocol::SUBSYSTEMS) &&
Obj->isArray(RESTAPI::Protocol::SUBSYSTEMS)) {
auto SubSystems = Obj->getArray(RESTAPI::Protocol::SUBSYSTEMS);
std::vector<std::string> Names;
for (const auto &i : *SubSystems)
Names.push_back(i.toString());
std::thread ReloadThread([Names](){
std::this_thread::sleep_for(10000ms);
for(const auto &i:Names) {
if(i=="daemon")
Daemon()->Reload();
else
Daemon()->Reload(i);
}
});
ReloadThread.detach();
}
OK();
return;
}
} else {
BadRequest(RESTAPI::Errors::InvalidCommand);
return;
} catch(const Poco::Exception &E) {
Logger_.log(E);
}
BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
BadRequest(Request, Response, "Unsupported or missing parameters.");
}
void RESTAPI_system_command::DoGet() {
std::string Arg;
if(HasParameter("command",Arg) && Arg=="info") {
Poco::JSON::Object Answer;
Answer.set(RESTAPI::Protocol::VERSION, Daemon()->Version());
Answer.set(RESTAPI::Protocol::UPTIME, Daemon()->uptime().totalSeconds());
Answer.set(RESTAPI::Protocol::START, Daemon()->startTime().epochTime());
Answer.set(RESTAPI::Protocol::OS, Poco::Environment::osName());
Answer.set(RESTAPI::Protocol::PROCESSORS, Poco::Environment::processorCount());
Answer.set(RESTAPI::Protocol::HOSTNAME, Poco::Environment::nodeName());
Poco::JSON::Array Certificates;
auto SubSystems = Daemon()->GetFullSubSystems();
std::set<std::string> CertNames;
for(const auto &i:SubSystems) {
auto Hosts=i->HostSize();
for(uint64_t j=0;j<Hosts;++j) {
auto CertFileName = i->Host(j).CertFile();
if(!CertFileName.empty()) {
auto InsertResult = CertNames.insert(CertFileName);
if(InsertResult.second) {
Poco::JSON::Object Inner;
Inner.set("filename", CertFileName);
Poco::Crypto::X509Certificate C(CertFileName);
auto ExpiresOn = C.expiresOn();
Inner.set("expiresOn",ExpiresOn.timestamp().epochTime());
Certificates.add(Inner);
}
}
}
void RESTAPI_system_command::DoGet(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
try {
ParseParameters(Request);
auto Command = GetParameter(RESTAPI::Protocol::COMMAND, "");
if (!Poco::icompare(Command, RESTAPI::Protocol::VERSION)) {
Poco::JSON::Object Answer;
Answer.set(RESTAPI::Protocol::TAG, RESTAPI::Protocol::VERSION);
Answer.set(RESTAPI::Protocol::VALUE, Daemon()->Version());
ReturnObject(Request, Answer, Response);
return;
}
Answer.set("certificates", Certificates);
ReturnObject(Answer);
return;
if (!Poco::icompare(Command, RESTAPI::Protocol::TIMES)) {
Poco::JSON::Array Array;
Poco::JSON::Object Answer;
Poco::JSON::Object UpTimeObj;
UpTimeObj.set(RESTAPI::Protocol::TAG,RESTAPI::Protocol::UPTIME);
UpTimeObj.set(RESTAPI::Protocol::VALUE, Daemon()->uptime().totalSeconds());
Poco::JSON::Object StartObj;
StartObj.set(RESTAPI::Protocol::TAG,RESTAPI::Protocol::START);
StartObj.set(RESTAPI::Protocol::VALUE, Daemon()->startTime().epochTime());
Array.add(UpTimeObj);
Array.add(StartObj);
Answer.set(RESTAPI::Protocol::TIMES, Array);
ReturnObject(Request, Answer, Response);
return;
}
} catch (const Poco::Exception &E) {
Logger_.log(E);
}
BadRequest(RESTAPI::Errors::InvalidCommand);
BadRequest(Request, Response, "Unsupported or missing parameters.");
}
}

14
src/RESTAPI_system_command.h
View File

@@ -14,19 +14,19 @@
namespace OpenWifi {
class RESTAPI_system_command : public RESTAPIHandler {
public:
RESTAPI_system_command(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer & Server, bool Internal)
RESTAPI_system_command(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, bool Internal)
: RESTAPIHandler(bindings, L,
std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_POST,
Poco::Net::HTTPRequest::HTTP_GET,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Server,
Internal) {}
void handleRequest(Poco::Net::HTTPServerRequest &request,
Poco::Net::HTTPServerResponse &response) override;
static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/system"};}
void DoGet() final;
void DoPost() final;
void DoPut() final {};
void DoDelete() final {};
void DoGet(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response);
void DoPost(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response);
};
}
#endif // UCENTRALGW_RESTAPI_SYSTEM_COMMAND_H

334
src/RESTAPI_user_handler.cpp
View File

@@ -7,180 +7,214 @@
#include "Poco/JSON/Parser.h"
#include "Utils.h"
#include "RESTAPI_utils.h"
#include "RESTAPI_errors.h"
namespace OpenWifi {
void RESTAPI_user_handler::DoGet() {
std::string Id = GetBinding("id", "");
if(Id.empty()) {
BadRequest(RESTAPI::Errors::MissingUserID);
return;
}
void RESTAPI_user_handler::handleRequest(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
SecurityObjects::UserInfo UInfo;
if(!Storage()->GetUserById(Id,UInfo)) {
NotFound();
if (!ContinueProcessing(Request, Response))
return;
}
Poco::JSON::Object UserInfoObject;
UInfo.to_json(UserInfoObject);
ReturnObject(UserInfoObject);
if (!IsAuthorized(Request, Response))
return;
ParseParameters(Request);
if(Request.getMethod()==Poco::Net::HTTPRequest::HTTP_GET)
DoGet(Request, Response);
else if(Request.getMethod()==Poco::Net::HTTPRequest::HTTP_POST)
DoPost(Request, Response);
else if(Request.getMethod()==Poco::Net::HTTPRequest::HTTP_DELETE)
DoDelete(Request, Response);
else if(Request.getMethod()==Poco::Net::HTTPRequest::HTTP_PUT)
DoPut(Request, Response);
else
BadRequest(Request, Response, "Unimplemented HTTP Operation.");
}
void RESTAPI_user_handler::DoDelete() {
std::string Id = GetBinding("id", "");
if(Id.empty()) {
BadRequest(RESTAPI::Errors::MissingUserID);
return;
}
void RESTAPI_user_handler::DoGet(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
try {
std::string Id = GetBinding("id", "");
if(Id.empty()) {
BadRequest(Request, Response, "You must supply the ID of the user.");
return;
}
SecurityObjects::UserInfo UInfo;
if(!Storage()->GetUserById(Id,UInfo)) {
NotFound();
return;
}
SecurityObjects::UserInfo UInfo;
if(!Storage()->GetUserById(Id,UInfo)) {
NotFound(Request, Response);
return;
}
if(!Storage()->DeleteUser(UserInfo_.userinfo.email,Id)) {
NotFound();
return;
}
Poco::JSON::Object UserInfoObject;
UInfo.to_json(UserInfoObject);
if(AuthService()->DeleteUserFromCache(UInfo.email))
;
Logger_.information(Poco::format("Remove all tokens for '%s'", UserInfo_.userinfo.email));
Storage()->RevokeAllTokens(UInfo.email);
Logger_.information(Poco::format("User '%s' deleted by '%s'.",Id,UserInfo_.userinfo.email));
OK();
ReturnObject(Request, UserInfoObject, Response);
return;
} catch (const Poco::Exception &E ) {
Logger_.log(E);
}
BadRequest(Request, Response);
}
void RESTAPI_user_handler::DoPost() {
std::string Id = GetBinding("id", "");
if(Id!="0") {
BadRequest(RESTAPI::Errors::IdMustBe0);
return;
}
SecurityObjects::UserInfo UInfo;
RESTAPI_utils::from_request(UInfo,*Request);
if(UInfo.userRole == SecurityObjects::UNKNOWN) {
BadRequest(RESTAPI::Errors::InvalidUserRole);
return;
}
Poco::toLowerInPlace(UInfo.email);
if(!Utils::ValidEMailAddress(UInfo.email)) {
BadRequest(RESTAPI::Errors::InvalidEmailAddress);
return;
}
if(!UInfo.currentPassword.empty()) {
if(!AuthService()->ValidatePassword(UInfo.currentPassword)) {
BadRequest(RESTAPI::Errors::InvalidPassword);
void RESTAPI_user_handler::DoDelete(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
try {
std::string Id = GetBinding("id", "");
if(Id.empty()) {
BadRequest(Request, Response, "You must supply the ID of the user.");
return;
}
}
if(UInfo.name.empty())
UInfo.name = UInfo.email;
if(!Storage()->CreateUser(UInfo.email,UInfo)) {
Logger_.information(Poco::format("Could not add user '%s'.",UInfo.email));
BadRequest(RESTAPI::Errors::RecordNotCreated);
if(!Storage()->DeleteUser(UserInfo_.userinfo.name,Id)) {
NotFound(Request, Response);
return;
}
Logger_.information(Poco::format("User '%s' deleted by '%s'.",Id,UserInfo_.userinfo.email));
OK(Request, Response);
return;
} catch (const Poco::Exception &E ) {
Logger_.log(E);
}
if(GetParameter("email_verification","false")=="true") {
if(AuthService::VerifyEmail(UInfo))
Logger_.information(Poco::format("Verification e-mail requested for %s",UInfo.email));
Storage()->UpdateUserInfo(UserInfo_.userinfo.email,UInfo.Id,UInfo);
}
if(!Storage()->GetUserByEmail(UInfo.email, UInfo)) {
Logger_.information(Poco::format("User '%s' but not retrieved.",UInfo.email));
NotFound();
return;
}
Poco::JSON::Object UserInfoObject;
UInfo.to_json(UserInfoObject);
ReturnObject(UserInfoObject);
Logger_.information(Poco::format("User '%s' has been added by '%s')",UInfo.email, UserInfo_.userinfo.email));
BadRequest(Request, Response);
}
void RESTAPI_user_handler::DoPut() {
std::string Id = GetBinding("id", "");
if(Id.empty()) {
BadRequest(RESTAPI::Errors::MissingUserID);
return;
}
SecurityObjects::UserInfo LocalObject;
if(!Storage()->GetUserById(Id,LocalObject)) {
NotFound();
return;
}
// some basic validations
auto RawObject = ParseStream();
if(RawObject->has("userRole") && SecurityObjects::UserTypeFromString(RawObject->get("userRole").toString())==SecurityObjects::UNKNOWN) {
BadRequest(RESTAPI::Errors::InvalidUserRole);
return;
}
// The only valid things to change are: changePassword, name,
if(RawObject->has("name"))
LocalObject.name = RawObject->get("name").toString();
if(RawObject->has("description"))
LocalObject.description = RawObject->get("description").toString();
if(RawObject->has("avatar"))
LocalObject.avatar = RawObject->get("avatar").toString();
if(RawObject->has("changePassword"))
LocalObject.changePassword = RawObject->get("changePassword").toString()=="true";
if(RawObject->has("owner"))
LocalObject.owner = RawObject->get("owner").toString();
if(RawObject->has("location"))
LocalObject.location = RawObject->get("location").toString();
if(RawObject->has("locale"))
LocalObject.locale = RawObject->get("locale").toString();
if(RawObject->has("userRole"))
LocalObject.userRole = SecurityObjects::UserTypeFromString(RawObject->get("userRole").toString());
if(RawObject->has("suspended"))
LocalObject.suspended = RawObject->get("suspended").toString()=="true";
if(RawObject->has("blackListed"))
LocalObject.blackListed = RawObject->get("blackListed").toString()=="true";
if(RawObject->has("notes")) {
SecurityObjects::NoteInfoVec NIV;
NIV = RESTAPI_utils::to_object_array<SecurityObjects::NoteInfo>(RawObject->get("notes").toString());
for(auto const &i:NIV) {
SecurityObjects::NoteInfo ii{.created=(uint64_t)std::time(nullptr), .createdBy=UserInfo_.userinfo.email, .note=i.note};
LocalObject.notes.push_back(ii);
}
}
if(RawObject->has("currentPassword")) {
if(!AuthService()->ValidatePassword(RawObject->get("currentPassword").toString())) {
BadRequest(RESTAPI::Errors::InvalidPassword);
void RESTAPI_user_handler::DoPost(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
try {
std::string Id = GetBinding("id", "");
if(Id!="0") {
BadRequest(Request, Response, "To create a user, you must set the ID to 0");
return;
}
if(!AuthService()->SetPassword(RawObject->get("currentPassword").toString(),LocalObject)) {
BadRequest(RESTAPI::Errors::PasswordRejected);
SecurityObjects::UserInfo UInfo;
RESTAPI_utils::from_request(UInfo,Request);
if(UInfo.userRole == SecurityObjects::UNKNOWN) {
BadRequest(Request, Response, "Invalid userRole.");
return;
}
}
if(GetParameter("email_verification","false")=="true") {
if(AuthService::VerifyEmail(LocalObject))
Logger_.information(Poco::format("Verification e-mail requested for %s",LocalObject.email));
}
Poco::toLowerInPlace(UInfo.email);
if(!Utils::ValidEMailAddress(UInfo.email)) {
BadRequest(Request, Response, "Invalid email address.");
return;
}
if(Storage()->UpdateUserInfo(UserInfo_.userinfo.email,Id,LocalObject)) {
Poco::JSON::Object ModifiedObject;
LocalObject.to_json(ModifiedObject);
ReturnObject(ModifiedObject);
if(!UInfo.currentPassword.empty()) {
if(!AuthService()->ValidatePassword(UInfo.currentPassword)) {
BadRequest(Request, Response, "Invalid password.");
return;
}
}
if(UInfo.name.empty())
UInfo.name = UInfo.email;
if(!Storage()->CreateUser(UserInfo_.userinfo.name,UInfo)) {
Logger_.information(Poco::format("Could not add user '%s'.",UInfo.email));
BadRequest(Request, Response);
return;
}
if(GetParameter("email_verification","false")=="true") {
if(AuthService::VerifyEmail(UInfo))
Logger_.information(Poco::format("Verification e-mail requested for %s",UInfo.email));
Storage()->UpdateUserInfo(UserInfo_.userinfo.email,UInfo.Id,UInfo);
}
if(!Storage()->GetUserByEmail(UInfo.email, UInfo)) {
Logger_.information(Poco::format("User '%s' but not retrieved.",UInfo.email));
BadRequest(Request, Response);
return;
}
Poco::JSON::Object UserInfoObject;
UInfo.to_json(UserInfoObject);
ReturnObject(Request, UserInfoObject, Response);
Logger_.information(Poco::format("User '%s' has been added by '%s')",UInfo.email, UserInfo_.userinfo.email));
return;
} catch (const Poco::Exception &E ) {
Logger_.log(E);
}
BadRequest(RESTAPI::Errors::RecordNotUpdated);
BadRequest(Request, Response);
}
void RESTAPI_user_handler::DoPut(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
try {
std::string Id = GetBinding("id", "");
if(Id.empty()) {
BadRequest(Request, Response, "You must supply the ID of the user.");
return;
}
SecurityObjects::UserInfo LocalObject;
if(!Storage()->GetUserById(Id,LocalObject)) {
NotFound(Request, Response);
return;
}
// some basic validations
Poco::JSON::Parser IncomingParser;
auto RawObject = IncomingParser.parse(Request.stream()).extract<Poco::JSON::Object::Ptr>();
if(RawObject->has("userRole") && SecurityObjects::UserTypeFromString(RawObject->get("userRole").toString())==SecurityObjects::UNKNOWN) {
BadRequest(Request, Response, "Bad userRole value.");
return;
}
// The only valid things to change are: changePassword, name,
if(RawObject->has("name"))
LocalObject.name = RawObject->get("name").toString();
if(RawObject->has("description"))
LocalObject.description = RawObject->get("description").toString();
if(RawObject->has("avatar"))
LocalObject.avatar = RawObject->get("avatar").toString();
if(RawObject->has("changePassword"))
LocalObject.changePassword = RawObject->get("changePassword").toString()=="true";
if(RawObject->has("owner"))
LocalObject.owner = RawObject->get("owner").toString();
if(RawObject->has("location"))
LocalObject.location = RawObject->get("location").toString();
if(RawObject->has("locale"))
LocalObject.locale = RawObject->get("locale").toString();
if(RawObject->has("userRole"))
LocalObject.userRole = SecurityObjects::UserTypeFromString(RawObject->get("userRole").toString());
if(RawObject->has("suspended"))
LocalObject.suspended = RawObject->get("suspended").toString()=="true";
if(RawObject->has("blackListed"))
LocalObject.blackListed = RawObject->get("blackListed").toString()=="true";
if(RawObject->has("notes")) {
SecurityObjects::NoteInfoVec NIV;
NIV = RESTAPI_utils::to_object_array<SecurityObjects::NoteInfo>(RawObject->get("notes").toString());
for(auto const &i:NIV) {
SecurityObjects::NoteInfo ii{.created=(uint64_t)std::time(nullptr), .createdBy=UserInfo_.userinfo.email, .note=i.note};
LocalObject.notes.push_back(ii);
}
}
if(RawObject->has("currentPassword")) {
if(!AuthService()->ValidatePassword(RawObject->get("currentPassword").toString())) {
BadRequest(Request, Response, "Invalid password.");
return;
}
if(!AuthService()->SetPassword(RawObject->get("currentPassword").toString(),LocalObject)) {
BadRequest(Request, Response, "Password was rejected. This maybe an old password.");
return;
}
}
if(GetParameter("email_verification","false")=="true") {
if(AuthService::VerifyEmail(LocalObject))
Logger_.information(Poco::format("Verification e-mail requested for %s",LocalObject.email));
}
if(Storage()->UpdateUserInfo(UserInfo_.userinfo.email,Id,LocalObject)) {
Poco::JSON::Object ModifiedObject;
LocalObject.to_json(ModifiedObject);
ReturnObject(Request, ModifiedObject, Response);
return;
}
} catch( const Poco::Exception &E) {
Logger_.log(E);
}
BadRequest(Request, Response, "Request rejected.");
}
}

12
src/RESTAPI_user_handler.h
View File

@@ -10,7 +10,7 @@
namespace OpenWifi {
class RESTAPI_user_handler : public RESTAPIHandler {
public:
RESTAPI_user_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, bool Internal)
RESTAPI_user_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, bool Internal)
: RESTAPIHandler(bindings, L,
std::vector<std::string>
{Poco::Net::HTTPRequest::HTTP_POST,
@@ -18,13 +18,13 @@ namespace OpenWifi {
Poco::Net::HTTPRequest::HTTP_PUT,
Poco::Net::HTTPRequest::HTTP_DELETE,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Server,
Internal) {}
void handleRequest(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) override;
static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/user/{id}"}; };
void DoGet() final;
void DoPost() final;
void DoDelete() final;
void DoPut() final;
void DoGet(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
void DoDelete(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
void DoPost(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
void DoPut(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
private:
};

92
src/RESTAPI_users_handler.cpp
View File

@@ -8,46 +8,66 @@
#include "Utils.h"
namespace OpenWifi {
void RESTAPI_users_handler::DoGet() {
std::vector<SecurityObjects::UserInfo> Users;
bool IdOnly = (GetParameter("idOnly","false")=="true");
void RESTAPI_users_handler::handleRequest(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
if (!ContinueProcessing(Request, Response))
return;
if(QB_.Select.empty()) {
Poco::JSON::Array ArrayObj;
Poco::JSON::Object Answer;
if (Storage()->GetUsers(QB_.Offset, QB_.Limit, Users)) {
for (const auto &i : Users) {
Poco::JSON::Object Obj;
if (IdOnly) {
ArrayObj.add(i.Id);
} else {
i.to_json(Obj);
ArrayObj.add(Obj);
if (!IsAuthorized(Request, Response))
return;
ParseParameters(Request);
if(Request.getMethod()==Poco::Net::HTTPRequest::HTTP_GET)
DoGet(Request, Response);
else
BadRequest(Request, Response);
}
void RESTAPI_users_handler::DoGet(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) {
try {
std::vector<SecurityObjects::UserInfo> Users;
InitQueryBlock();
bool IdOnly = (GetParameter("idOnly","false")=="true");
if(QB_.Select.empty()) {
if (Storage()->GetUsers(QB_.Offset, QB_.Limit, Users)) {
Poco::JSON::Array ArrayObj;
for (const auto &i : Users) {
Poco::JSON::Object Obj;
if (IdOnly) {
ArrayObj.add(i.Id);
} else {
i.to_json(Obj);
ArrayObj.add(Obj);
}
}
Poco::JSON::Object RetObj;
RetObj.set(RESTAPI::Protocol::USERS, ArrayObj);
ReturnObject(Request, RetObj, Response);
return;
}
} else {
Types::StringVec IDs = Utils::Split(QB_.Select);
Poco::JSON::Array ArrayObj;
for(auto &i:IDs) {
SecurityObjects::UserInfo UInfo;
if(Storage()->GetUserById(i,UInfo)) {
Poco::JSON::Object Obj;
if (IdOnly) {
ArrayObj.add(UInfo.Id);
} else {
UInfo.to_json(Obj);
ArrayObj.add(Obj);
}
}
}
Answer.set(RESTAPI::Protocol::USERS, ArrayObj);
Poco::JSON::Object RetObj;
RetObj.set(RESTAPI::Protocol::USERS, ArrayObj);
ReturnObject(Request, RetObj, Response);
return;
}
ReturnObject(Answer);
return;
} else {
Types::StringVec IDs = Utils::Split(QB_.Select);
Poco::JSON::Array ArrayObj;
for(auto &i:IDs) {
SecurityObjects::UserInfo UInfo;
if(Storage()->GetUserById(i,UInfo)) {
Poco::JSON::Object Obj;
if (IdOnly) {
ArrayObj.add(UInfo.Id);
} else {
UInfo.to_json(Obj);
ArrayObj.add(Obj);
}
}
}
Poco::JSON::Object RetObj;
RetObj.set(RESTAPI::Protocol::USERS, ArrayObj);
ReturnObject(RetObj);
return;
} catch ( const Poco::Exception &E ) {
Logger_.log(E);
}
BadRequest(Request, Response);
}
}

9
src/RESTAPI_users_handler.h
View File

@@ -10,18 +10,15 @@
namespace OpenWifi {
class RESTAPI_users_handler : public RESTAPIHandler {
public:
RESTAPI_users_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, bool Internal)
RESTAPI_users_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, bool Internal)
: RESTAPIHandler(bindings, L,
std::vector<std::string>
{Poco::Net::HTTPRequest::HTTP_GET,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Server,
Internal) {}
void handleRequest(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) override;
static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/users"}; };
void DoGet() final;
void DoPost() final {};
void DoDelete() final {};
void DoPut() final {};
void DoGet(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response);
};
};

42
src/RESTAPI_validateToken_handler.cpp
View File

@@ -8,21 +8,35 @@
#include "Utils.h"
namespace OpenWifi {
void RESTAPI_validateToken_handler::DoGet() {
Poco::URI URI(Request->getURI());
auto Parameters = URI.getQueryParameters();
for(auto const &i:Parameters) {
if (i.first == "token") {
// can we find this token?
SecurityObjects::UserInfoAndPolicy SecObj;
if (AuthService()->IsValidToken(i.second, SecObj.webtoken, SecObj.userinfo)) {
Poco::JSON::Object Obj;
SecObj.to_json(Obj);
ReturnObject(Obj);
return;
void RESTAPI_validateToken_handler::handleRequest(Poco::Net::HTTPServerRequest &Request,
Poco::Net::HTTPServerResponse &Response) {
if (!ContinueProcessing(Request, Response))
return;
if (!IsAuthorized(Request, Response))
return;
try {
Poco::URI URI(Request.getURI());
auto Parameters = URI.getQueryParameters();
for(auto const &i:Parameters) {
if (i.first == "token") {
// can we find this token?
SecurityObjects::UserInfoAndPolicy SecObj;
if (AuthService()->IsValidToken(i.first, SecObj.webtoken, SecObj.userinfo)) {
Poco::JSON::Object Obj;
SecObj.to_json(Obj);
ReturnObject(Request, Obj, Response);
return;
}
}
}
NotFound(Request, Response);
return;
} catch (const Poco::Exception &E) {
Logger_.log(E);
}
NotFound();
}
BadRequest(Request, Response);
};
}

9
src/RESTAPI_validateToken_handler.h
View File

@@ -10,18 +10,15 @@
namespace OpenWifi {
class RESTAPI_validateToken_handler : public RESTAPIHandler {
public:
RESTAPI_validateToken_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, RESTAPI_GenericServer &Server, bool Internal)
RESTAPI_validateToken_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L, bool Internal)
: RESTAPIHandler(bindings, L,
std::vector<std::string>
{Poco::Net::HTTPRequest::HTTP_GET,
Poco::Net::HTTPRequest::HTTP_OPTIONS},
Server,
Internal) {};
void handleRequest(Poco::Net::HTTPServerRequest &Request, Poco::Net::HTTPServerResponse &Response) override;
static const std::list<const char *> PathName() { return std::list<const char *>{"/api/v1/validateToken"}; };
void DoGet() final;
void DoPost() final {};
void DoDelete() final {};
void DoPut() final {};
};
}

41
src/SMTPMailerService.cpp
View File

@@ -24,18 +24,13 @@ namespace OpenWifi {
class SMTPMailerService * SMTPMailerService::instance_ = nullptr;
void SMTPMailerService::LoadMyConfig() {
int SMTPMailerService::Start() {
MailHost_ = Daemon()->ConfigGetString("mailer.hostname");
SenderLoginUserName_ = Daemon()->ConfigGetString("mailer.username");
SenderLoginPassword_ = Daemon()->ConfigGetString("mailer.password");
Sender_ = Daemon()->ConfigGetString("mailer.sender");
LoginMethod_ = Daemon()->ConfigGetString("mailer.loginmethod");
MailHostPort_ = (int)Daemon()->ConfigGetInt("mailer.port");
TemplateDir_ = Daemon()->ConfigPath("mailer.templates", Daemon()->DataDir());
}
int SMTPMailerService::Start() {
LoadMyConfig();
SenderThr_.start(*this);
return 0;
}
@@ -46,14 +41,8 @@ namespace OpenWifi {
SenderThr_.join();
}
void SMTPMailerService::reinitialize(Poco::Util::Application &self) {
Daemon()->LoadConfigurationFile();
Logger_.information("Reinitializing.");
LoadMyConfig();
}
bool SMTPMailerService::SendMessage(const std::string &Recipient, const std::string &Name, const MessageAttributes &Attrs) {
std::lock_guard G(Mutex_);
SubMutexGuard G(Mutex_);
uint64_t Now = std::time(nullptr);
auto CE = Cache_.find(Poco::toLower(Recipient));
@@ -71,18 +60,17 @@ namespace OpenWifi {
.File=Poco::File(TemplateDir_ + "/" +Name),
.Attrs=Attrs});
return true;
return false;
}
void SMTPMailerService::run() {
Running_ = true;
while(Running_) {
Poco::Thread::trySleep(10000);
if(!Running_)
break;
Poco::Thread::trySleep(2000);
{
std::lock_guard G(Mutex_);
SubMutexGuard G(Mutex_);
uint64_t Now = std::time(nullptr);
@@ -118,16 +106,11 @@ namespace OpenWifi {
Message.addRecipient(Poco::Net::MailRecipient(Poco::Net::MailRecipient::PRIMARY_RECIPIENT, Recipient));
Message.setSubject(Msg.Attrs.find(SUBJECT)->second);
if(Msg.Attrs.find(TEXT) != Msg.Attrs.end()) {
std::string Content = Msg.Attrs.find(TEXT)->second;
Message.addContent(new Poco::Net::StringPartSource(Content));
} else {
std::string Content = Utils::LoadFile(Msg.File);
Types::StringPairVec Variables;
FillVariables(Msg.Attrs, Variables);
Utils::ReplaceVariables(Content, Variables);
Message.addContent(new Poco::Net::StringPartSource(Content));
}
std::string Content = Utils::LoadFile(Msg.File);
Types::StringPairVec Variables;
FillVariables(Msg.Attrs, Variables);
Utils::ReplaceVariables(Content, Variables);
Message.addContent(new Poco::Net::StringPartSource(Content));
auto Logo = Msg.Attrs.find(LOGO);
if(Logo!=Msg.Attrs.end()) {
@@ -165,4 +148,4 @@ namespace OpenWifi {
return false;
}
}
}

10
src/SMTPMailerService.h
View File

@@ -22,8 +22,7 @@ namespace OpenWifi {
SUBJECT,
TEMPLATE_TXT,
TEMPLATE_HTML,
LOGO,
TEXT
LOGO
};
static const std::map<MESSAGE_ATTRIBUTES,const std::string>
@@ -37,9 +36,7 @@ namespace OpenWifi {
{ SUBJECT, "SUBJECT"},
{ TEMPLATE_TXT, "TEMPLATE_TXT"},
{ TEMPLATE_HTML, "TEMPLATE_HTML"},
{ LOGO, "LOGO"},
{ TEXT, "TEXT"}
};
{ LOGO, "LOGO"}};
inline const std::string & MessageAttributeToVar(MESSAGE_ATTRIBUTES Attr) {
static const std::string EmptyString{};
@@ -78,8 +75,7 @@ namespace OpenWifi {
void Stop() override;
bool SendMessage(const std::string &Recipient, const std::string &Name, const MessageAttributes &Attrs);
bool SendIt(const MessageEvent &Msg);
void LoadMyConfig();
void reinitialize(Poco::Util::Application &self) override;
private:
static SMTPMailerService * instance_;
std::string MailHost_;

7
src/StorageService.cpp
View File

@@ -15,6 +15,11 @@ namespace OpenWifi {
class Storage *Storage::instance_ = nullptr;
Storage::Storage() noexcept:
SubSystemServer("Storage", "STORAGE-SVR", "storage")
{
}
std::string Storage::ConvertParams(const std::string & S) const {
std::string R;
@@ -38,7 +43,7 @@ namespace OpenWifi {
}
int Storage::Start() {
std::lock_guard Guard(Mutex_);
SubMutexGuard Guard(Mutex_);
Logger_.setLevel(Poco::Message::PRIO_NOTICE);
Logger_.notice("Starting.");

19
src/StorageService.h
View File

@@ -154,13 +154,6 @@ namespace OpenWifi {
bool GetAvatar(const std::string & Admin, std::string &Id, Poco::TemporaryFile &FileName, std::string &Type, std::string & Name);
bool DeleteAvatar(const std::string & Admin, std::string &Id);
bool AddToken(std::string &UserName, std::string &Token, std::string &RefreshToken, std::string & TokenType, uint64_t Expires, uint64_t TimeOut);
bool RevokeToken( std::string & Token );
bool IsTokenRevoked( std::string & Token );
bool CleanRevokedTokens( uint64_t Oldest );
bool RevokeAllTokens( std::string & UserName );
bool GetToken(std::string &Token, SecurityObjects::UserInfoAndPolicy &UInfo);
/*
* All ActionLinks functions
*/
@@ -183,8 +176,8 @@ namespace OpenWifi {
int Create_Tables();
int Create_UserTable();
int Create_AvatarTable();
int Create_TokensTable();
int Setup_SQLite();
[[nodiscard]] std::string ConvertParams(const std::string &S) const;
[[nodiscard]] inline std::string ComputeRange(uint64_t From, uint64_t HowMany) {
if(dbType_==sqlite) {
@@ -197,15 +190,11 @@ namespace OpenWifi {
return " LIMIT " + std::to_string(HowMany) + " OFFSET " + std::to_string(From-1) + " ";
}
Storage() noexcept:
SubSystemServer("Storage", "STORAGE-SVR", "storage")
{
}
int Setup_SQLite();
#ifndef SMALL_BUILD
int Setup_MySQL();
int Setup_PostgreSQL();
#endif
Storage() noexcept;
};
inline Storage * Storage() { return Storage::instance(); };

6
src/SubSystemServer.cpp
View File

@@ -32,7 +32,6 @@ void SubSystemServer::initialize(Poco::Util::Application &self) {
auto i = 0;
bool good = true;
ConfigServersList_.clear();
while (good) {
std::string root{SubSystemConfigPrefix_ + ".host." + std::to_string(i) + "."};
@@ -82,11 +81,10 @@ void SubSystemServer::initialize(Poco::Util::Application &self) {
}
}
void SubSystemServer::uninitialize() {
}
void SubSystemServer::uninitialize() {}
void SubSystemServer::reinitialize(Poco::Util::Application &self) {
Logger_.information("Reloading of this subsystem is not supported.");
// add your own reinitialization code here
}
void SubSystemServer::defineOptions(Poco::Util::OptionSet &options) {}

14
src/SubSystemServer.h
View File

@@ -20,6 +20,9 @@
#include "Poco/Net/X509Certificate.h"
using SubMutex = std::recursive_mutex;
using SubMutexGuard = std::lock_guard<SubMutex>;
namespace OpenWifi {
class PropertiesFileServerEntry {
public:
@@ -76,8 +79,7 @@ class SubSystemServer : public Poco::Util::Application::Subsystem {
inline const std::string & Name() const { return Name_; };
const char * name() const override { return Name_.c_str(); }
const PropertiesFileServerEntry & Host(uint64_t index) { return ConfigServersList_[index]; };
uint64_t HostSize() const { return ConfigServersList_.size(); }
const PropertiesFileServerEntry &Host(int index) { return ConfigServersList_[index]; };
Poco::Logger &Logger() { return Logger_; };
void SetLoggingLevel(Poco::Message::Priority NewPriority) { Logger_.setLevel(NewPriority); }
int GetLoggingLevel() { return Logger_.getLevel(); }
@@ -85,11 +87,11 @@ class SubSystemServer : public Poco::Util::Application::Subsystem {
virtual void Stop() = 0;
protected:
std::recursive_mutex Mutex_;
Poco::Logger &Logger_;
std::string Name_;
SubMutex Mutex_{};
Poco::Logger &Logger_;
std::string Name_;
std::vector<PropertiesFileServerEntry> ConfigServersList_;
std::string SubSystemConfigPrefix_;
std::string SubSystemConfigPrefix_;
};
}
#endif //UCENTRAL_SUBSYSTEMSERVER_H

67
src/Utils.cpp
View File

@@ -151,7 +151,7 @@ namespace OpenWifi::Utils {
if(input.length() % 4)
throw std::runtime_error("Invalid base64 length!");
std::size_t padding=0;
std::size_t padding{};
if(input.length())
{
@@ -162,7 +162,7 @@ namespace OpenWifi::Utils {
std::vector<byte> decoded;
decoded.reserve(((input.length() / 4) * 3) - padding);
std::uint32_t temp=0;
std::uint32_t temp{};
auto it = input.begin();
while(it < input.end())
@@ -488,4 +488,67 @@ namespace OpenWifi::Utils {
return Result;
}
static bool cidr_match(const in_addr &addr, const in_addr &net, uint8_t bits) {
if (bits == 0) {
return true;
}
return !((addr.s_addr ^ net.s_addr) & htonl(0xFFFFFFFFu << (32 - bits)));
}
static bool cidr6_match(const in6_addr &address, const in6_addr &network, uint8_t bits) {
#ifdef __linux__
const uint32_t *a = address.s6_addr32;
const uint32_t *n = network.s6_addr32;
#else
const uint32_t *a = address.__u6_addr.__u6_addr32;
const uint32_t *n = network.__u6_addr.__u6_addr32;
#endif
int bits_whole, bits_incomplete;
bits_whole = bits >> 5; // number of whole u32
bits_incomplete = bits & 0x1F; // number of bits in incomplete u32
if (bits_whole) {
if (memcmp(a, n, bits_whole << 2)!=0) {
return false;
}
}
if (bits_incomplete) {
uint32_t mask = htonl((0xFFFFFFFFu) << (32 - bits_incomplete));
if ((a[bits_whole] ^ n[bits_whole]) & mask) {
return false;
}
}
return true;
}
static bool ConvertStringToLong(const char *S, unsigned long &L) {
char *end;
L = std::strtol(S,&end,10);
return end != S;
}
bool IPinRange(const std::string &Range, const Poco::Net::IPAddress &IP) {
Poco::StringTokenizer TimeTokens(Range,"/",Poco::StringTokenizer::TOK_TRIM);
Poco::Net::IPAddress RangeIP;
if(Poco::Net::IPAddress::tryParse(TimeTokens[0],RangeIP)) {
if(TimeTokens.count()==2) {
if (RangeIP.family() == Poco::Net::IPAddress::IPv4) {
unsigned long MaskLength;
if (ConvertStringToLong(TimeTokens[1].c_str(), MaskLength)) {
return cidr_match(*static_cast<const in_addr *>(RangeIP.addr()),
*static_cast<const in_addr *>(IP.addr()), MaskLength);
}
} else if (RangeIP.family() == Poco::Net::IPAddress::IPv6) {
unsigned long MaskLength;
if (ConvertStringToLong(TimeTokens[1].c_str(), MaskLength)) {
return cidr6_match(*static_cast<const in6_addr *>(RangeIP.addr()),
*static_cast<const in6_addr *>(IP.addr()), MaskLength);
}
}
}
return false;
}
return false;
}
}

3
src/Utils.h
View File

@@ -71,8 +71,11 @@ namespace OpenWifi::Utils {
[[nodiscard]] MediaTypeEncoding FindMediaType(const Poco::File &F);
[[nodiscard]] std::string BinaryFileToHexString( const Poco::File &F);
[[nodiscard]] std::string SecondsToNiceText(uint64_t Seconds);
[[nodiscard]] bool IPinRange(const std::string &Range, const Poco::Net::IPAddress &IP);
template< typename T >
std::string int_to_hex( T i )
{

45
src/storage_tables.cpp
View File

@@ -12,7 +12,6 @@ namespace OpenWifi {
int Storage::Create_Tables() {
Create_UserTable();
Create_AvatarTable();
Create_TokensTable();
return 0;
}
@@ -76,48 +75,4 @@ namespace OpenWifi {
}
return 0;
}
int Storage::Create_TokensTable() {
try {
Poco::Data::Session Sess = Pool_->get();
if(dbType_==sqlite) {
Sess << "CREATE TABLE IF NOT EXISTS Tokens ("
"Token TEXT PRIMARY KEY, "
"RefreshToken TEXT, "
"TokenType TEXT, "
"UserName TEXT, "
"Created BIGINT, "
"Expires BIGINT, "
"IdleTimeOut BIGINT, "
"RevocationDate BIGINT "
") ", Poco::Data::Keywords::now;
} else if(dbType_==mysql) {
Sess << "CREATE TABLE IF NOT EXISTS Tokens ("
"Token TEXT PRIMARY KEY, "
"RefreshToken TEXT, "
"TokenType TEXT, "
"UserName TEXT, "
"Created BIGINT, "
"Expires BIGINT, "
"IdleTimeOut BIGINT, "
"RevocationDate BIGINT "
") ", Poco::Data::Keywords::now;
} else if(dbType_==pgsql) {
Sess << "CREATE TABLE IF NOT EXISTS Tokens ("
"Token TEXT PRIMARY KEY, "
"RefreshToken TEXT, "
"TokenType TEXT, "
"UserName TEXT, "
"Created BIGINT, "
"Expires BIGINT, "
"IdleTimeOut BIGINT, "
"RevocationDate BIGINT "
") ", Poco::Data::Keywords::now;
}
return 0;
} catch(const Poco::Exception &E) {
Logger_.log(E);
}
return 0;
}
}

152
src/storage_tokens.cpp
View File

@@ -1,152 +0,0 @@
#include "StorageService.h"
namespace OpenWifi {
/*
"Token TEXT PRIMARY KEY, "
"RefreshToken TEXT, "
"TokenType TEXT, "
"UserName TEXT, "
"Created BIGINT, "
"Expires BIGINT, "
"IdleTimeOut BIGINT, "
"RevocationDate BIGINT "
*/
bool Storage::AddToken(std::string &UserName, std::string &Token, std::string &RefreshToken, std::string & TokenType, uint64_t Expires, uint64_t TimeOut) {
try {
Poco::Data::Session Sess = Pool_->get();
Poco::Data::Statement Insert(Sess);
uint64_t Now = std::time(nullptr);
uint64_t Z = 0;
std::string St2{
"INSERT INTO Tokens (Token, RefreshToken, TokenType, Username, Created, Expires, IdleTimeOut, RevocationDate) VALUES(?,?,?,?,?,?,?,?)"};
Insert << ConvertParams(St2),
Poco::Data::Keywords::use(Token),
Poco::Data::Keywords::use(RefreshToken),
Poco::Data::Keywords::use(TokenType),
Poco::Data::Keywords::use(UserName),
Poco::Data::Keywords::use(Now),
Poco::Data::Keywords::use(Expires),
Poco::Data::Keywords::use(TimeOut),
Poco::Data::Keywords::use(Z);
Insert.execute();
return true;
} catch (const Poco::Exception &E) {
Logger_.log(E);
}
return false;
}
bool Storage::GetToken(std::string &Token, SecurityObjects::UserInfoAndPolicy &UInfo) {
try {
Poco::Data::Session Sess = Pool_->get();
Poco::Data::Statement Select(Sess);
uint32_t RevocationDate = 0 ;
std::string St2{"SELECT Token, RefreshToken, TokenType, Username, Created, Expires, IdleTimeOut, RevocationDate From Tokens WHERE Token=?"};
Select << ConvertParams(St2),
Poco::Data::Keywords::into(UInfo.webtoken.access_token_),
Poco::Data::Keywords::into(UInfo.webtoken.refresh_token_),
Poco::Data::Keywords::into(UInfo.webtoken.token_type_),
Poco::Data::Keywords::into(UInfo.userinfo.email),
Poco::Data::Keywords::into(UInfo.webtoken.created_),
Poco::Data::Keywords::into(UInfo.webtoken.expires_in_),
Poco::Data::Keywords::into(UInfo.webtoken.idle_timeout_),
Poco::Data::Keywords::into(RevocationDate),
Poco::Data::Keywords::use(Token);
Select.execute();
if(RevocationDate>0)
return false;
return true;
} catch (const Poco::Exception &E) {
Logger_.log(E);
}
return false;
}
bool Storage::IsTokenRevoked(std::string &Token) {
try {
Poco::Data::Session Sess = Pool_->get();
Poco::Data::Statement Select(Sess);
uint32_t RevocationDate = 0 ;
std::string St2{"SELECT Revoked From Tokens WHERE Token=?"};
Select << ConvertParams(St2),
Poco::Data::Keywords::into(RevocationDate),
Poco::Data::Keywords::use(Token);
Select.execute();
if(Select.columnsExtracted()==0)
return false;
return RevocationDate>0 ;
} catch (const Poco::Exception &E) {
Logger_.log(E);
}
return false;
}
bool Storage::RevokeToken(std::string &Token) {
try {
Poco::Data::Session Sess = Pool_->get();
Poco::Data::Statement Update(Sess);
uint32_t Revoked = 1 ;
uint64_t Now = std::time(nullptr);
// update users set lastLogin=? where id=?
std::string St2{"UPDATE Tokens Set RevocationDate=? WHERE Token=?"};
Update << ConvertParams(St2),
Poco::Data::Keywords::use(Now),
Poco::Data::Keywords::use(Token);
Update.execute();
return true;
} catch (const Poco::Exception &E) {
Logger_.log(E);
}
return false;
}
bool Storage::CleanRevokedTokens(uint64_t Oldest) {
try {
Poco::Data::Session Sess = Pool_->get();
Poco::Data::Statement Delete(Sess);
uint64_t Now = std::time(nullptr);
std::string St2{"DELETE From Tokens WHERE Created <= ?"};
Delete << ConvertParams(St2),
Poco::Data::Keywords::use(Oldest);
Delete.execute();
return true;
} catch (const Poco::Exception &E) {
Logger_.log(E);
}
return false;
}
bool Storage::RevokeAllTokens(std::string & username) {
try {
Poco::Data::Session Sess = Pool_->get();
Poco::Data::Statement Delete(Sess);
std::string St2{"DELETE From Tokens WHERE Username=?"};
Delete << ConvertParams(St2),
Poco::Data::Keywords::use(username);
Delete.execute();
return true;
} catch(const Poco::Exception &E) {
Logger_.log(E);
}
return false;
}
}

7
src/uCentralProtocol.h
View File

@@ -88,8 +88,6 @@ namespace OpenWifi::uCentralProtocol {
static const char * TIMESTAMP = "timestamp";
static const char * SYSTEM = "system";
static const char * HOST = "host";
static const char * CONNECTIONIP = "connectionIp";
static const char * TELEMETRY = "telemetry";
enum EVENT_MSG {
ET_UNKNOWN,
@@ -101,8 +99,7 @@ namespace OpenWifi::uCentralProtocol {
ET_PING,
ET_CFGPENDING,
ET_RECOVERY,
ET_DEVICEUPDATE,
ET_TELEMETRY
ET_DEVICEUPDATE
};
static EVENT_MSG EventFromString(const std::string & Method) {
@@ -124,8 +121,6 @@ namespace OpenWifi::uCentralProtocol {
return ET_RECOVERY;
} else if (!Poco::icompare(Method, DEVICEUPDATE)) {
return ET_DEVICEUPDATE;
} else if (!Poco::icompare(Method, TELEMETRY)) {
return ET_TELEMETRY;
} else
return ET_UNKNOWN;
};

151
test_scripts/curl/cli
View File

@@ -20,10 +20,10 @@ then
exit 1
fi
if [[ "${OWSEC}" == "" ]]
if [[ "${UCENTRALSEC}" == "" ]]
then
echo "You must set the variable OWSEC in order to use this script. Something like"
echo "OWSEC=myauthgateway.isp.com:16001"
echo "You must set the variable UCENTRALSEC in order to use this script. Something like"
echo "UCENTRALSEC=myauthgateway.isp.com:16001"
exit 1
fi
@@ -43,7 +43,7 @@ browser=""
login() {
payload="{ \"userId\" : \"$username\" , \"password\" : \"$password\" }"
token=$(curl ${FLAGS} -X POST -H "Content-Type: application/json" -d "$payload" "https://${OWSEC}/api/v1/oauth2" | jq -r '.access_token')
token=$(curl ${FLAGS} -X POST -H "Content-Type: application/json" -d "$payload" "https://${UCENTRALSEC}/api/v1/oauth2" | jq -r '.access_token')
if [[ "${token}" == "" ]]
then
@@ -55,7 +55,7 @@ login() {
testlogin() {
payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\" }"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
curl ${FLAGS} -X POST "https://${UCENTRALSEC}/api/v1/oauth2" \
-H "Content-Type: application/json" \
-d "$payload" > ${result_file}
userMustChangePassword=$(cat ${result_file} | jq -r '.userMustChangePassword')
@@ -68,14 +68,14 @@ testlogin() {
exit 1
fi
payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\", \"newPassword\" : \"$3\" }"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
curl ${FLAGS} -X POST "https://${UCENTRALSEC}/api/v1/oauth2" \
-H "Content-Type: application/json" \
-d "$payload" > ${result_file}
jq < ${result_file}
elif [[ "$3" != "" ]]
then
payload="{ \"userId\" : \"$1\" , \"password\" : \"$2\", \"newPassword\" : \"$3\" }"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
curl ${FLAGS} -X POST "https://${UCENTRALSEC}/api/v1/oauth2" \
-H "Content-Type: application/json" \
-d "$payload" > ${result_file}
jq < ${result_file}
@@ -85,7 +85,7 @@ testlogin() {
emailtest() {
payload="{ \"userId\" : \"$1\" }"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2?forgotPassword=true" \
curl ${FLAGS} -X POST "https://${UCENTRALSEC}/api/v1/oauth2?forgotPassword=true" \
-H "Content-Type: application/json" \
-d "$payload" > ${result_file}
jq < ${result_file}
@@ -114,19 +114,18 @@ findbrowser() {
logout() {
curl ${FLAGS} -X DELETE -H "Content-Type: application/json" \
-H "Authorization: Bearer ${token}" \
"https://${OWSEC}/api/v1/oauth2/${token}"
token=""
"https://${UCENTRALSEC}/api/v1/oauth2/${token}"
rm -rf token.json
}
me() {
curl ${FLAGS} -X GET -H "Content-Type: application/json" \
-H "Authorization: Bearer ${token}" \
"https://${OWSEC}/api/v1/oauth2?me=true"
"https://${UCENTRALSEC}/api/v1/oauth2?me=true"
}
listendpoints() {
curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/systemEndpoints" \
curl ${FLAGS} -X GET "https://${UCENTRALSEC}/api/v1/systemEndpoints" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" > ${result_file}
jq < ${result_file}
@@ -162,12 +161,12 @@ listendpoints() {
}
getlogo() {
curl ${FLAGS} -X GET "https://${OWSEC}/wwwassets/open-wifi.svg"
curl ${FLAGS} -X GET "https://${UCENTRALSEC}/wwwassets/open-wifi.svg"
}
createuser() {
payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true}"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0" \
curl ${FLAGS} -X POST "https://${UCENTRALSEC}/api/v1/user/0" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload" > ${result_file}
@@ -176,7 +175,7 @@ createuser() {
createuser_v() {
payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true}"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0?email_verification=true" \
curl ${FLAGS} -X POST "https://${UCENTRALSEC}/api/v1/user/0?email_verification=true" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload" > ${result_file}
@@ -184,7 +183,7 @@ createuser_v() {
}
deleteuser() {
curl ${FLAGS} -X DELETE "https://${OWSEC}/api/v1/user/$1" \
curl ${FLAGS} -X DELETE "https://${UCENTRALSEC}/api/v1/user/$1" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload" > ${result_file}
@@ -192,7 +191,7 @@ deleteuser() {
}
getuser() {
curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/user/$1" \
curl ${FLAGS} -X GET "https://${UCENTRALSEC}/api/v1/user/$1" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload" > ${result_file}
@@ -200,7 +199,7 @@ getuser() {
}
listusers() {
curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/users" \
curl ${FLAGS} -X GET "https://${UCENTRALSEC}/api/v1/users" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload" > ${result_file}
@@ -209,127 +208,53 @@ listusers() {
policies() {
payload="{}"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2?requirements=true" \
curl ${FLAGS} -X POST "https://${UCENTRALSEC}/api/v1/oauth2?requirements=true" \
-H "Content-Type: application/json" \
-d "$payload" > ${result_file}
jq < ${result_file}
}
setavatar() {
curl ${FLAGS} -F 'data=@$2' "https://${OWSEC}/api/v1/avatar/$1" \
curl ${FLAGS} -F 'data=@open-wifi.svg' "https://${UCENTRALSEC}/api/v1/avatar/$1" \
-H "Authorization: Bearer ${token}" > ${result_file};
jq < ${result_file}
}
getavatar() {
curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/avatar/$1" \
curl ${FLAGS} -X GET "https://${UCENTRALSEC}/api/v1/avatar/$1" \
-H "accept: application/octet-stream" \
-H "Authorization: Bearer ${token}" \
-o "user.svg"
}
deleteavatar() {
curl ${FLAGS} -X DELETE "https://${OWSEC}/api/v1/avatar/$1" \
curl ${FLAGS} -X DELETE "https://${UCENTRALSEC}/api/v1/avatar/$1" \
-H "Authorization: Bearer ${token}" \
-H "Content-Type: application/json" > ${result_file}
jq < ${result_file}
}
sendemail() {
payload="{ \"recipients\" : [ \"$1\" ] , \"subject\" : \"test1\" , \"from\" : \"$2\" , \"text\" : \"This is a test from SES.\" }"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/email" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload" > ${result_file}
jq < ${result_file}
}
testlogout() {
echo "Logged in..."
oldtoken=${token}
listusers
logout
echo "Logged out..."
token=${oldtoken}
echo "This should be en error"
listusers
}
setloglevel() {
payload="{ \"command\" : \"setloglevel\" , \"subsystems\" : [ { \"tag\" : \"$1\" , \"value\" : \"$2\" } ] }"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload"
}
getloglevels() {
payload="{ \"command\" : \"getloglevels\" }"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload"
}
getloglevelnames() {
payload="{ \"command\" : \"getloglevelnames\" }"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload"
}
getsubsystemnames() {
payload="{ \"command\" : \"getsubsystemnames\" }"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload"
}
systeminfo() {
curl ${FLAGS} -X GET "https://${OWSEC}/api/v1/system?command=info" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" > ${result_file}
secversion() {
curl ${FLAGS} -X GET "https://${UCENTRALSEC}/api/v1/system?command=version" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" > ${result_file}
jq < ${result_file}
}
reloadsubsystem() {
payload="{ \"command\" : \"reload\", \"subsystems\" : [ \"$1\" ] }"
curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/system" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" \
-d "$payload"
sectimes() {
curl ${FLAGS} -X GET "https://${UCENTRALSEC}/api/v1/system?command=times" \
-H "accept: application/json" \
-H "Authorization: Bearer ${token}" > ${result_file}
jq < ${result_file}
}
help() {
echo
echo "Usage: cli <cmd> [args]"
echo
echo "listendpoints Get all the system endpoints."
echo "emailtest Generate a forgot Password e-amil to the logged in user."
echo "me Show information about the logged user."
echo "createuser <email> <password> Create a user with an initial password and force the user to change password."
echo "createuser_v <email> <password> Same as create user but also force an e-mail verification."
echo "deleteuser <user UUID> Delete the user."
echo "getuser <user UUID> Get the user information."
echo "listusers List users."
echo "policies List the login and access policies."
echo "setavatar <user UUID> <filename> Sets the avatar for user to the image in filename."
echo "getavatar <user UUID> Get the avatar for the user."
echo "deleteavatar <user UUID> Remove the avatar for a user."
echo "sendemail <recipient> <from> Sends a test email to see if the e-mail system is working."
echo "setloglevel <subsystem> <loglevel> Set the log level for s specific subsystem."
echo "getloglevels Get the current log levels for all subsystems."
echo "getloglevelnames Get the log level names available."
echo "getsubsystemnames Get the list of subsystems."
echo "systeminfo Get basic system information."
echo "reloadsubsystem <subsystem name> Reload the configuration for a subsystem."
echo
echo
echo "listendpoints Get all the system endpoints."
echo
}
shopt -s nocasematch
case "$1" in
"createuser") login; createuser "$2" "$3"; logout;;
"createuser_v") login; createuser_v "$2" "$3"; logout;;
@@ -345,14 +270,8 @@ case "$1" in
"setavatar") login; setavatar "$2"; logout;;
"getavatar") login; getavatar "$2"; logout;;
"deleteavatar") login; deleteavatar "$2"; logout;;
"sendemail") login; sendemail ; logout;;
"testlogout") login; testlogout ;;
"setloglevel") login; setloglevel "$2" "$3" ; logout ;;
"getloglevels") login; getloglevels; logout ;;
"getloglevelnames") login; getloglevelnames; logout ;;
"getsubsystemnames") login; getsubsystemnames; logout ;;
"reloadsubsystem") login; reloadsubsystem "$2"; logout ;;
"systeminfo") login; systeminfo ; logout;;
"secversion") login; secversion ; logout;;
"sectimes") login; sectimes ; logout;;
"help") login; help ; logout ;;
*) help ;;
esac

72
owsec.properties → ucentralsec.properties
View File

@@ -7,24 +7,24 @@
#
# REST API access
#
openwifi.restapi.host.0.backlog = 100
openwifi.restapi.host.0.security = relaxed
openwifi.restapi.host.0.rootca = $OWSEC_ROOT/certs/restapi-ca.pem
openwifi.restapi.host.0.address = *
openwifi.restapi.host.0.port = 16001
openwifi.restapi.host.0.cert = $OWSEC_ROOT/certs/restapi-cert.pem
openwifi.restapi.host.0.key = $OWSEC_ROOT/certs/restapi-key.pem
openwifi.restapi.host.0.key.password = mypassword
openwifi.restapi.wwwassets = $OWSEC_ROOT/wwwassets
ucentral.restapi.host.0.backlog = 100
ucentral.restapi.host.0.security = relaxed
ucentral.restapi.host.0.rootca = $UCENTRALSEC_ROOT/certs/restapi-ca.pem
ucentral.restapi.host.0.address = *
ucentral.restapi.host.0.port = 16001
ucentral.restapi.host.0.cert = $UCENTRALSEC_ROOT/certs/restapi-cert.pem
ucentral.restapi.host.0.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
ucentral.restapi.host.0.key.password = mypassword
ucentral.restapi.wwwassets = $UCENTRALSEC_ROOT/wwwassets
openwifi.internal.restapi.host.0.backlog = 100
openwifi.internal.restapi.host.0.security = relaxed
openwifi.internal.restapi.host.0.rootca = $OWSEC_ROOT/certs/restapi-ca.pem
openwifi.internal.restapi.host.0.address = *
openwifi.internal.restapi.host.0.port = 17001
openwifi.internal.restapi.host.0.cert = $OWSEC_ROOT/certs/restapi-cert.pem
openwifi.internal.restapi.host.0.key = $OWSEC_ROOT/certs/restapi-key.pem
openwifi.internal.restapi.host.0.key.password = mypassword
ucentral.internal.restapi.host.0.backlog = 100
ucentral.internal.restapi.host.0.security = relaxed
ucentral.internal.restapi.host.0.rootca = $UCENTRALSEC_ROOT/certs/restapi-ca.pem
ucentral.internal.restapi.host.0.address = *
ucentral.internal.restapi.host.0.port = 17001
ucentral.internal.restapi.host.0.cert = $UCENTRALSEC_ROOT/certs/restapi-cert.pem
ucentral.internal.restapi.host.0.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
ucentral.internal.restapi.host.0.key.password = mypassword
#
# Generic section that all microservices must have
@@ -32,13 +32,13 @@ openwifi.internal.restapi.host.0.key.password = mypassword
authentication.enabled = true
authentication.default.username = tip@ucentral.com
authentication.default.password = 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
openwifi.system.data = $OWSEC_ROOT/data
openwifi.system.uri.private = https://localhost:17001
openwifi.system.uri.public = https://local.dpaas.arilia.com:16001
openwifi.system.uri.ui = https://ucentral-ui.arilia.com
openwifi.system.commandchannel = /tmp/app.ucentralsec
openwifi.service.key = $OWSEC_ROOT/certs/restapi-key.pem
openwifi.service.key.password = mypassword
ucentral.system.data = $UCENTRALSEC_ROOT/data
ucentral.system.uri.private = https://localhost:17001
ucentral.system.uri.public = https://local.dpaas.arilia.com:16001
ucentral.system.uri.ui = https://ucentral-ui.arilia.com
ucentral.system.commandchannel = /tmp/app.ucentralsec
ucentral.service.key = $UCENTRALSEC_ROOT/certs/restapi-key.pem
ucentral.service.key.password = mypassword
#
# Security Microservice Specific Section
@@ -46,10 +46,9 @@ openwifi.service.key.password = mypassword
mailer.hostname = smtp.gmail.com
mailer.username = ************************
mailer.password = ************************
mailer.sender = OpenWIFI
mailer.loginmethod = login
mailer.port = 587
mailer.templates = $OWSEC_ROOT/templates
mailer.templates = $UCENTRALSEC_ROOT/templates
#############################
@@ -64,16 +63,17 @@ alb.port = 16101
#
# Kafka
#
openwifi.kafka.group.id = security
openwifi.kafka.client.id = security1
openwifi.kafka.enable = true
openwifi.kafka.brokerlist = a1.arilia.com:9092
openwifi.kafka.auto.commit = false
openwifi.kafka.queue.buffering.max.ms = 50
openwifi.document.policy.access = /wwwassets/access_policy.html
openwifi.document.policy.password = /wwwassets/password_policy.html
openwifi.avatar.maxsize = 2000000
ucentral.kafka.group.id = security
ucentral.kafka.client.id = security1
ucentral.kafka.enable = true
# ucentral.kafka.brokerlist = a1.arilia.com:9092
ucentral.kafka.brokerlist = debfarm1-node-c.arilia.com:9092
ucentral.kafka.auto.commit = false
ucentral.kafka.queue.buffering.max.ms = 50
ucentral.document.policy.access = /wwwassets/access_policy.html
ucentral.document.policy.password = /wwwassets/password_policy.html
ucentral.avatar.maxsize = 2000000
#
# This section select which form of persistence you need
# Only one selected at a time. If you select multiple, this service will die if a horrible
@@ -121,7 +121,7 @@ logging.channels.c1.formatter = f1
# This is where the logs will be written. This path MUST exist
logging.channels.c2.class = FileChannel
logging.channels.c2.path = $OWSEC_ROOT/logs/log
logging.channels.c2.path = $UCENTRALSEC_ROOT/logs/log
logging.channels.c2.formatter.class = PatternFormatter
logging.channels.c2.formatter.pattern = %Y-%m-%d %H:%M:%S %s: [%p] %t
logging.channels.c2.rotation = 20 M

4
owsec.service → ucentralsec.service
View File

@@ -5,8 +5,8 @@ Wants=network-online.target
[Service]
Type=simple
Environment="OWSEC_ROOT=/home/admin/dev/wlan-cloud-ucentralsec"
ExecStart=/home/admin/dev/wlan-cloud-ucentralsec/cmake-build/owsec
Environment="UCENTRALSEC_ROOT=/home/admin/dev/wlan-cloud-ucentralsec"
ExecStart=/home/admin/dev/wlan-cloud-ucentralsec/cmake-build/ucentralsec
WorkingDirectory=/home/admin/dev/wlan-cloud-ucentralsec
# ExecReload=/bin/kill -s HUP $MAINPID
User=admin