Chg: update image tag in helm values to v2.7.0-RC5

Fixes for WIFI-10942

CMakeLists.txt

@@ -47,6 +47,7 @@ add_definitions(-DAWS_CUSTOM_MEMORY_MANAGEMENT)
 set(BUILD_SHARED_LIBS 1)
 
 add_definitions(-DTIP_SECURITY_SERVICE="1")
+add_definitions(-DPOCO_LOG_DEBUG="1")
 
 add_compile_options(-Wall -Wextra)
 if(ASAN)
@@ -77,6 +78,7 @@ add_executable( owsec
         src/framework/orm.h
         src/framework/StorageClass.h
         src/framework/ow_constants.h
+        src/framework/MicroServiceErrorHandler.h
         src/framework/WebSocketClientNotifications.h
         src/seclibs/qrcode/qrcodegen.hpp src/seclibs/qrcode/qrcodegen.cpp
         src/seclibs/cpptotp/bytes.cpp src/seclibs/cpptotp/bytes.h

Dockerfile

@@ -1,18 +1,17 @@
-ARG ALPINE_VERSION=3.16.2
+ARG DEBIAN_VERSION=11.4-slim
 ARG POCO_VERSION=poco-tip-v1
 ARG FMTLIB_VERSION=9.0.0
 ARG CPPKAFKA_VERSION=tip-v1
 ARG JSON_VALIDATOR_VERSION=2.1.0
 ARG AWS_SDK_VERSION=1.9.315
 
-FROM alpine:$ALPINE_VERSION AS build-base
+FROM debian:$DEBIAN_VERSION AS build-base
 
-RUN apk add --update --no-cache \
+RUN apt-get update && apt-get install --no-install-recommends -y \
     make cmake g++ git \
-    unixodbc-dev postgresql-dev mariadb-dev \
+    libpq-dev libmariadb-dev libmariadbclient-dev-compat \
-    librdkafka-dev boost-dev openssl-dev \
+    librdkafka-dev libboost-all-dev libssl-dev \
-    zlib-dev nlohmann-json \
+    zlib1g-dev nlohmann-json3-dev ca-certificates libcurl4-openssl-dev
-    curl-dev
 
 FROM build-base AS poco-build
 
@@ -82,6 +81,9 @@ RUN mkdir cmake-build
 WORKDIR cmake-build
 RUN cmake .. -DBUILD_ONLY="sns;s3" \
              -DCMAKE_BUILD_TYPE=Release \
+             -DUSE_OPENSSL=ON \
+             -DCPP_STANDARD=17 \
+             -DBUILD_SHARED_LIBS=ON \
              -DCMAKE_CXX_FLAGS="-Wno-error=stringop-overflow -Wno-error=uninitialized" \
              -DAUTORUN_UNIT_TESTS=OFF
 RUN cmake --build . --config Release -j8
@@ -109,26 +111,24 @@ COPY --from=fmtlib-build /usr/local/lib /usr/local/lib
 WORKDIR /owsec
 RUN mkdir cmake-build
 WORKDIR /owsec/cmake-build
-RUN cmake .. \
+RUN cmake ..
-          -Dcrypto_LIBRARY=/usr/lib/libcrypto.so \
-          -DBUILD_SHARED_LIBS=ON
 RUN cmake --build . --config Release -j8
 
-FROM alpine:$ALPINE_VERSION
+FROM debian:$DEBIAN_VERSION
 
 ENV OWSEC_USER=owsec \
     OWSEC_ROOT=/owsec-data \
     OWSEC_CONFIG=/owsec-data
 
-RUN addgroup -S "$OWSEC_USER" && \
+RUN useradd "$OWSEC_USER"
-    adduser -S -G "$OWSEC_USER" "$OWSEC_USER"
 
 RUN mkdir /openwifi
 RUN mkdir -p "$OWSEC_ROOT" "$OWSEC_CONFIG" && \
     chown "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG"
 
-RUN apk add --update --no-cache librdkafka su-exec gettext ca-certificates bash jq curl \
+RUN apt-get update && apt-get install --no-install-recommends -y \
-    mariadb-connector-c libpq unixodbc postgresql-client
+    librdkafka++1 gosu gettext ca-certificates bash jq curl wget \
+    libmariadb-dev-compat libpq5 unixodbc postgresql-client
 
 COPY readiness_check /readiness_check
 COPY test_scripts/curl/cli /cli
@@ -139,7 +139,7 @@ COPY templates /dist/templates
 COPY docker-entrypoint.sh /
 COPY wait-for-postgres.sh /
 RUN wget https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentral-deploy/main/docker-compose/certs/restapi-ca.pem \
-    -O /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+    -O /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
 
 COPY --from=owsec-build /owsec/cmake-build/owsec /openwifi/owsec
 COPY --from=cppkafka-build /cppkafka/cmake-build/src/lib/* /usr/local/lib
@@ -148,6 +148,8 @@ COPY --from=aws-sdk-cpp-build /aws-sdk-cpp/cmake-build/aws-cpp-sdk-core/libaws-c
 COPY --from=aws-sdk-cpp-build /aws-sdk-cpp/cmake-build/aws-cpp-sdk-s3/libaws-cpp-sdk-s3.so /usr/local/lib
 COPY --from=aws-sdk-cpp-build /aws-sdk-cpp/cmake-build/aws-cpp-sdk-sns/libaws-cpp-sdk-sns.so /usr/local/lib
 
+RUN ldconfig
+
 EXPOSE 16001 17001 16101
 
 ENTRYPOINT ["/docker-entrypoint.sh"]

build

@@ -1 +1 @@
-10
+23

docker-entrypoint.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -e
 
 if [ "$SELFSIGNED_CERTS" = 'true' ]; then
@@ -23,6 +23,7 @@ if [[ "$TEMPLATE_CONFIG" = 'true' ]]; then
   SYSTEM_URI_PRIVATE=${SYSTEM_URI_PRIVATE:-"https://localhost:17001"} \
   SYSTEM_URI_PUBLIC=${SYSTEM_URI_PUBLIC:-"https://localhost:16001"} \
   SYSTEM_URI_UI=${SYSTEM_URI_UI:-"http://localhost"} \
+  SECURITY_RESTAPI_DISABLE=${SECURITY_RESTAPI_DISABLE:-"false"} \
   SERVICE_KEY=${SERVICE_KEY:-"\$OWSEC_ROOT/certs/restapi-key.pem"} \
   SERVICE_KEY_PASSWORD=${SERVICE_KEY_PASSWORD:-"mypassword"} \
   SMSSENDER_ENABLED=${SMSSENDER_ENABLED:-"false"} \
@@ -84,7 +85,7 @@ if [ "$1" = '/openwifi/owsec' -a "$(id -u)" = '0' ]; then
     if [ "$RUN_CHOWN" = 'true' ]; then
       chown -R "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG"
     fi
-    exec su-exec "$OWSEC_USER" "$@"
+    exec gosu "$OWSEC_USER" "$@"
 fi
 
 exec "$@"

helm/README.md

@@ -70,8 +70,8 @@ The following table lists the configurable parameters of the chart and their def
 | persistence.size | string | Defines PV size | `'10Gi'` |
 | public_env_variables | hash | Defines list of environment variables to be passed to the Security | |
 | configProperties | hash | Configuration properties that should be passed to the application in `owsec.properties`. May be passed by key in set (i.e. `configProperties."rtty\.token"`) | |
-| certs | hash | Defines files (keys and certificates) that should be passed to the Security (PEM format is adviced to be used) (see `volumes.owsec` on where it is mounted) |  |
+| existingCertsSecret | string | Existing Kubernetes secret containing all required certificates and private keys for microservice operation. If set, certificates from `certs` key are ignored | `""` |
-
+| certs | hash | Defines files (keys and certificates) that should be passed to the Gateway (PEM format is adviced to be used) (see `volumes.owsec` on where it is mounted). If `existingCertsSecret` is set, certificates passed this way will not be used. |  |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 

helm/values.yaml

@@ -9,7 +9,7 @@ fullnameOverride: ""
 images:
   owsec:
     repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owsec
-    tag: v2.7.0-RC1
+    tag: v2.7.0-RC5
     pullPolicy: Always
 #    regcred:
 #      registry: tip-tip-wlan-cloud-ucentral.jfrog.io
@@ -71,7 +71,7 @@ volumes:
       mountPath: /owsec-data/certs
       volumeDefinition: |
         secret:
-          secretName: {{ include "owsec.fullname" . }}-certs
+          secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsec.fullname" . }}-certs{{ end }}
     # Change this if you want to use another volume type
     - name: persist
       mountPath: /owsec-data/persist
@@ -92,7 +92,7 @@ resources: {}
   #  memory: 128Mi
 
 securityContext:
-  fsGroup: 101
+  fsGroup: 1000
 
 nodeSelector: {}
 
@@ -228,6 +228,9 @@ configProperties:
   storage.type.mysql.username: stephb
   storage.type.mysql.password: snoopy99
 
+# NOTE: List of required certificates may be found in "certs" key. Alternative way to pass required certificates is to create external secret with all required certificates and set secret name in "existingCertsSecret" key. Details may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart#tldr
+existingCertsSecret: ""
+
 certs:
   # restapi-ca.pem: ""
   # restapi-cert.pem: ""

owsec.properties

@@ -36,6 +36,7 @@ openwifi.system.data = $OWSEC_ROOT/data
 openwifi.system.uri.private = https://localhost:17001
 openwifi.system.uri.public = https://local.dpaas.arilia.com:16001
 openwifi.system.uri.ui = https://ucentral-ui.arilia.com
+openwifi.security.restapi.disable = false
 openwifi.system.commandchannel = /tmp/app.ucentralsec
 openwifi.service.key = $OWSEC_ROOT/certs/restapi-key.pem
 openwifi.service.key.password = mypassword
@@ -132,4 +133,4 @@ storage.type.mysql.connectiontimeout = 60
 ########################################################################
 logging.type = file
 logging.path = $OWSEC_ROOT/logs
-logging.level = debug
+logging.level = debug

owsec.properties.tmpl

@@ -36,6 +36,7 @@ openwifi.system.data = ${SYSTEM_DATA}
 openwifi.system.uri.private = ${SYSTEM_URI_PRIVATE}
 openwifi.system.uri.public = ${SYSTEM_URI_PUBLIC}
 openwifi.system.uri.ui = ${SYSTEM_URI_UI}
+openwifi.security.restapi.disable = ${SECURITY_RESTAPI_DISABLE}
 openwifi.system.commandchannel = /tmp/app.ucentralsec
 openwifi.service.key = ${SERVICE_KEY}
 openwifi.service.key.password = ${SERVICE_KEY_PASSWORD}

src/ActionLinkManager.cpp

@@ -10,17 +10,20 @@
 namespace OpenWifi {
 
     int ActionLinkManager::Start() {
+        poco_information(Logger(),"Starting...");
         if(!Running_)
             Thr_.start(*this);
         return 0;
     }
 
     void ActionLinkManager::Stop() {
+        poco_information(Logger(),"Stopping...");
         if(Running_) {
             Running_ = false;
             Thr_.wakeUp();
             Thr_.join();
         }
+        poco_information(Logger(),"Stopped...");
     }
 
     void ActionLinkManager::run() {
@@ -63,7 +66,7 @@ namespace OpenWifi {
                 switch(i.action) {
                     case OpenWifi::SecurityObjects::LinkActions::FORGOT_PASSWORD: {
                             if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::FORGOT_PASSWORD)) {
-                                Logger().information(fmt::format("Send password reset link to {}",UInfo.email));
+                                poco_information(Logger(),fmt::format("Send password reset link to {}",UInfo.email));
                             }
                             StorageService()->ActionLinksDB().SentAction(i.id);
                         }
@@ -71,7 +74,7 @@ namespace OpenWifi {
 
                     case OpenWifi::SecurityObjects::LinkActions::VERIFY_EMAIL: {
                             if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::EMAIL_VERIFICATION)) {
-                                Logger().information(fmt::format("Send email verification link to {}",UInfo.email));
+                                poco_information(Logger(),fmt::format("Send email verification link to {}",UInfo.email));
                             }
                             StorageService()->ActionLinksDB().SentAction(i.id);
                         }
@@ -79,7 +82,7 @@ namespace OpenWifi {
 
                     case OpenWifi::SecurityObjects::LinkActions::EMAIL_INVITATION: {
                             if(AuthService::SendEmailToUser(i.id, UInfo.email, MessagingTemplates::EMAIL_INVITATION)) {
-                                Logger().information(fmt::format("Send new subscriber email invitation link to {}",UInfo.email));
+                                poco_information(Logger(),fmt::format("Send new subscriber email invitation link to {}",UInfo.email));
                             }
                             StorageService()->ActionLinksDB().SentAction(i.id);
                         }
@@ -88,7 +91,7 @@ namespace OpenWifi {
                     case OpenWifi::SecurityObjects::LinkActions::SUB_FORGOT_PASSWORD: {
                             auto Signup = Poco::StringTokenizer(UInfo.signingUp,":");
                             if(AuthService::SendEmailToSubUser(i.id, UInfo.email,MessagingTemplates::SUB_FORGOT_PASSWORD, Signup.count()==1 ? "" : Signup[0])) {
-                                Logger().information(fmt::format("Send subscriber password reset link to {}",UInfo.email));
+                                poco_information(Logger(),fmt::format("Send subscriber password reset link to {}",UInfo.email));
                             }
                             StorageService()->ActionLinksDB().SentAction(i.id);
                         }
@@ -97,7 +100,7 @@ namespace OpenWifi {
                     case OpenWifi::SecurityObjects::LinkActions::SUB_VERIFY_EMAIL: {
                             auto Signup = Poco::StringTokenizer(UInfo.signingUp,":");
                             if(AuthService::SendEmailToSubUser(i.id, UInfo.email, MessagingTemplates::SUB_EMAIL_VERIFICATION, Signup.count()==1 ? "" : Signup[0])) {
-                                Logger().information(fmt::format("Send subscriber email verification link to {}",UInfo.email));
+                                poco_information(Logger(),fmt::format("Send subscriber email verification link to {}",UInfo.email));
                             }
                             StorageService()->ActionLinksDB().SentAction(i.id);
                         }
@@ -106,7 +109,7 @@ namespace OpenWifi {
                     case OpenWifi::SecurityObjects::LinkActions::SUB_SIGNUP: {
                         auto Signup = Poco::StringTokenizer(UInfo.signingUp,":");
                         if(AuthService::SendEmailToSubUser(i.id, UInfo.email, MessagingTemplates::SIGNUP_VERIFICATION, Signup.count()==1 ? "" : Signup[0])) {
-                            Logger().information(fmt::format("Send new subscriber email verification link to {}",UInfo.email));
+                            poco_information(Logger(),fmt::format("Send new subscriber email verification link to {}",UInfo.email));
                         }
                         StorageService()->ActionLinksDB().SentAction(i.id);
                         }

src/AuthService.cpp

@@ -8,15 +8,17 @@
 
 #include <ctime>
 
+#include "framework/MicroService.h"
+#include "framework/KafkaTopics.h"
+
 #include "Poco/Net/OAuth20Credentials.h"
 #include "Poco/JWT/Token.h"
 #include "Poco/JWT/Signer.h"
 #include "Poco/StringTokenizer.h"
 
-#include "framework/MicroService.h"
 #include "StorageService.h"
 #include "AuthService.h"
-#include "framework/KafkaTopics.h"
+
 
 #include "SMTPMailerService.h"
 #include "MFAServer.h"
@@ -46,7 +48,7 @@ namespace OpenWifi {
     static const std::string DefaultPassword_8_u_l_n_1{"^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[\\{\\}\\(\\)~_\\+\\|\\\\\\[\\]\\;\\:\\<\\>\\.\\,\\/\\?\\\"\\'\\`\\=#?!@$%^&*-]).{8,}$"};
 
     int AuthService::Start() {
-		Logger().notice("Starting...");
+        poco_information(Logger(),"Starting...");
         TokenAging_ = (uint64_t) MicroService::instance().ConfigGetInt("authentication.token.ageing", 30 * 24 * 60 * 60);
         RefreshTokenLifeSpan_ = (uint64_t) MicroService::instance().ConfigGetInt("authentication.refresh_token.lifespan", 90 * 24 * 60 * 600);
         HowManyOldPassword_ = MicroService::instance().ConfigGetInt("authentication.oldpasswords", 5);
@@ -63,7 +65,8 @@ namespace OpenWifi {
     }
 
     void AuthService::Stop() {
-		Logger().notice("Stopping...");
+        poco_information(Logger(),"Stopping...");
+        poco_information(Logger(),"Stopped...");
     }
 
     bool AuthService::RefreshUserToken(Poco::Net::HTTPServerRequest & Request, const std::string & RefreshToken, SecurityObjects::UserInfoAndPolicy & UI) {
@@ -142,18 +145,20 @@ namespace OpenWifi {
         return false;
     }
 
-    bool AuthService::IsAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired )
+    bool AuthService::IsAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired )
     {
-        std::lock_guard	Guard(Mutex_);
+        // std::lock_guard	Guard(Mutex_);
+        std::string CallToken;
         Expired = false;
+
 		try {
-		    std::string CallToken;
 		    Poco::Net::OAuth20Credentials Auth(Request);
 		    if (Auth.getScheme() == "Bearer") {
 		        CallToken = Auth.getBearerToken();
 		    }
 
             if(CallToken.empty()) {
+                poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken));
                 return false;
             }
 
@@ -161,35 +166,40 @@ namespace OpenWifi {
             uint64_t                    RevocationDate=0;
             std::string                 UserId;
             if(StorageService()->UserTokenDB().GetToken(CallToken, WT, UserId, RevocationDate)) {
-                if(RevocationDate!=0)
+                if(RevocationDate!=0) {
+                    poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken));
                     return false;
+                }
                 auto now=OpenWifi::Now();
                 Expired = (WT.created_ + WT.expires_in_) < now;
                 if(StorageService()->UserDB().GetUserById(UserId,UInfo.userinfo)) {
                     UInfo.webtoken = WT;
                     SessionToken = CallToken;
+                    poco_debug(Logger(), fmt::format("TokenValidation success for TID={} Token={}", TID, CallToken));
                     return true;
                 }
             }
-            return false;
 		} catch(const Poco::Exception &E) {
 		    Logger().log(E);
 		}
+        poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken));
 		return false;
     }
 
-    bool AuthService::IsSubAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired )
+    bool AuthService::IsSubAuthorized(Poco::Net::HTTPServerRequest & Request, std::string & SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired )
     {
-        std::lock_guard	Guard(Mutex_);
+        // std::lock_guard	Guard(Mutex_);
+
+        std::string CallToken;
         Expired = false;
         try {
-            std::string CallToken;
             Poco::Net::OAuth20Credentials Auth(Request);
             if (Auth.getScheme() == "Bearer") {
                 CallToken = Auth.getBearerToken();
             }
 
             if(CallToken.empty()) {
+                poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken));
                 return false;
             }
 
@@ -197,20 +207,23 @@ namespace OpenWifi {
             uint64_t                    RevocationDate=0;
             std::string                 UserId;
             if(StorageService()->SubTokenDB().GetToken(CallToken, WT, UserId, RevocationDate)) {
-                if(RevocationDate!=0)
+                if(RevocationDate!=0) {
+                    poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken));
                     return false;
+                }
                 auto now=OpenWifi::Now();
                 Expired = (WT.created_ + WT.expires_in_) < now;
                 if(StorageService()->SubDB().GetUserById(UserId,UInfo.userinfo)) {
                     UInfo.webtoken = WT;
                     SessionToken = CallToken;
+                    poco_debug(Logger(), fmt::format("TokenValidation success for TID={} Token={}", TID, CallToken));
                     return true;
                 }
             }
-            return false;
         } catch(const Poco::Exception &E) {
             Logger().log(E);
         }
+        poco_debug(Logger(), fmt::format("TokenValidation failed for TID={} Token={}", TID, CallToken));
         return false;
     }
 
@@ -728,7 +741,8 @@ namespace OpenWifi {
             }
             return false;
         }
-        return IsValidSubToken(Token, WebToken, UserInfo, Expired);
+        // return IsValidSubToken(Token, WebToken, UserInfo, Expired);
+        return false;
     }
 
     bool AuthService::IsValidSubToken(const std::string &Token, SecurityObjects::WebToken &WebToken, SecurityObjects::UserInfo &UserInfo, bool & Expired) {

src/AuthService.h

@@ -11,6 +11,8 @@
 
 #include <regex>
 
+#include "framework/MicroService.h"
+
 #include "Poco/JSON/Object.h"
 #include "Poco/Net/HTTPServerRequest.h"
 #include "Poco/Net/HTTPServerResponse.h"
@@ -20,7 +22,6 @@
 #include "Poco/HMACEngine.h"
 #include "Poco/ExpireLRUCache.h"
 
-#include "framework/MicroService.h"
 #include "RESTObjects/RESTAPI_SecurityObjects.h"
 #include "MessagingTemplates.h"
 
@@ -48,14 +49,14 @@ namespace OpenWifi{
         int Start() override;
         void Stop() override;
 
-        [[nodiscard]] bool IsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired);
+        [[nodiscard]] bool IsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired);
         [[nodiscard]] UNAUTHORIZED_REASON Authorize( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired );
         void CreateToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo);
         [[nodiscard]] bool SetPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo);
         [[nodiscard]] const std:: string & PasswordValidationExpression() const { return PasswordValidationStr_;};
         void Logout(const std::string &token, bool EraseFromCache=true);
 
-        [[nodiscard]] bool IsSubAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired);
+        [[nodiscard]] bool IsSubAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired);
         [[nodiscard]] UNAUTHORIZED_REASON AuthorizeSub( std::string & UserName, const std::string & Password, const std::string & NewPassword, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired );
         void CreateSubToken(const std::string & UserName, SecurityObjects::UserInfoAndPolicy &UInfo);
         [[nodiscard]] bool SetSubPassword(const std::string &Password, SecurityObjects::UserInfo & UInfo);
@@ -155,11 +156,11 @@ namespace OpenWifi{
 
     inline auto AuthService() { return AuthService::instance(); }
 
-    [[nodiscard]] inline bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo , bool & Expired, bool Sub ) {
+    [[nodiscard]] inline bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo , std::uint64_t TID, bool & Expired, bool Sub ) {
         if(Sub)
-            return AuthService()->IsSubAuthorized(Request, SessionToken, UInfo, Expired );
+            return AuthService()->IsSubAuthorized(Request, SessionToken, UInfo, TID, Expired );
         else
-            return AuthService()->IsAuthorized(Request, SessionToken, UInfo, Expired );
+            return AuthService()->IsAuthorized(Request, SessionToken, UInfo, TID, Expired );
     }
 
 } // end of namespace

src/Daemon.h

@@ -10,6 +10,8 @@
 #include <vector>
 #include <set>
 
+#include "framework/MicroService.h"
+
 #include "Poco/Util/Application.h"
 #include "Poco/Util/ServerApplication.h"
 #include "Poco/Util/Option.h"
@@ -20,7 +22,6 @@
 #include "Poco/Crypto/CipherFactory.h"
 #include "Poco/Crypto/Cipher.h"
 
-#include "framework/MicroService.h"
 
 namespace OpenWifi {
 

src/MFAServer.cpp

@@ -2,10 +2,11 @@
 // Created by stephane bourque on 2021-10-11.
 //
 
+#include "framework/MicroService.h"
+
 #include "MFAServer.h"
 #include "SMSSender.h"
 #include "SMTPMailerService.h"
-#include "framework/MicroService.h"
 #include "AuthService.h"
 #include "TotpCache.h"
 

src/RESTObjects/RESTAPI_GWobjects.cpp

@@ -203,6 +203,10 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj,"kafkaClients", kafkaClients);
 		field_to_json(Obj,"kafkaPackets", kafkaPackets);
 		field_to_json(Obj,"locale", locale);
+		field_to_json(Obj,"started", started);
+		field_to_json(Obj,"sessionId", sessionId);
+		field_to_json(Obj,"connectionCompletionTime", connectionCompletionTime);
+		field_to_json(Obj,"totalConnectionTime", OpenWifi::Now() - started);
 
 		switch(VerifiedCertificate) {
 			case NO_CERTIFICATE:
@@ -218,6 +222,21 @@ namespace OpenWifi::GWObjects {
 		}
 	}
 
+	void DeviceConnectionStatistics::to_json(Poco::JSON::Object &Obj) const {
+		field_to_json(Obj,"averageConnectionTime", averageConnectionTime);
+		field_to_json(Obj,"connectedDevices", connectedDevices );
+	}
+
+	bool DeviceConnectionStatistics::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj,"averageConnectionTime", averageConnectionTime);
+			field_from_json(Obj,"connectedDevices", connectedDevices );
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
 	void RttySessionDetails::to_json(Poco::JSON::Object &Obj) const {
 		field_to_json(Obj,"serialNumber", SerialNumber);
 		field_to_json(Obj,"server", Server);
@@ -293,7 +312,6 @@ namespace OpenWifi::GWObjects {
 		} catch (const Poco::Exception &E) {
 		}
 		return false;
-
 	}
 
 	void RadiusProxyPoolList::to_json(Poco::JSON::Object &Obj) const {
@@ -314,6 +332,8 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj,"description",description);
 		field_to_json(Obj,"authConfig",authConfig);
 		field_to_json(Obj,"acctConfig",acctConfig);
+		field_to_json(Obj,"coaConfig",coaConfig);
+		field_to_json(Obj,"useByDefault",useByDefault);
 	}
 
 	bool RadiusProxyPool::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -322,6 +342,8 @@ namespace OpenWifi::GWObjects {
 			field_from_json(Obj,"description",description);
 			field_from_json(Obj,"authConfig",authConfig);
 			field_from_json(Obj,"acctConfig",acctConfig);
+			field_from_json(Obj,"coaConfig",coaConfig);
+			field_from_json(Obj,"useByDefault",useByDefault);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}
@@ -329,7 +351,7 @@ namespace OpenWifi::GWObjects {
 	}
 
 	void RadiusProxyServerConfig::to_json(Poco::JSON::Object &Obj) const {
-		field_to_json(Obj,"policy",strategy);
+		field_to_json(Obj,"strategy",strategy);
 		field_to_json(Obj,"monitor",monitor);
 		field_to_json(Obj,"monitorMethod",monitorMethod);
 		field_to_json(Obj,"methodParameters",methodParameters);
@@ -338,7 +360,7 @@ namespace OpenWifi::GWObjects {
 
 	bool RadiusProxyServerConfig::from_json(const Poco::JSON::Object::Ptr &Obj) {
 		try {
-			field_from_json(Obj,"policy",strategy);
+			field_from_json(Obj,"strategy",strategy);
 			field_from_json(Obj,"monitor",monitor);
 			field_from_json(Obj,"monitorMethod",monitorMethod);
 			field_from_json(Obj,"methodParameters",methodParameters);
@@ -354,6 +376,16 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj,"ip",ip);
 		field_to_json(Obj,"port",port);
 		field_to_json(Obj,"weight",weight);
+		field_to_json(Obj,"secret",secret);
+		field_to_json(Obj,"certificate",certificate);
+		field_to_json(Obj,"radsec",radsec);
+		field_to_json(Obj,"radsecPort",radsecPort);
+		field_to_json(Obj,"radsecSecret",radsecSecret);
+		field_to_json(Obj,"radsecCacerts",radsecCacerts);
+		field_to_json(Obj,"radsecCert",radsecCert);
+		field_to_json(Obj,"radsecKey",radsecKey);
+		field_to_json(Obj,"radsecRealms",radsecRealms);
+		field_to_json(Obj,"ignore",ignore);
 	}
 
 	bool RadiusProxyServerEntry::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -362,6 +394,16 @@ namespace OpenWifi::GWObjects {
 			field_from_json(Obj,"ip",ip);
 			field_from_json(Obj,"port",port);
 			field_from_json(Obj,"weight",weight);
+			field_from_json(Obj,"secret",secret);
+			field_from_json(Obj,"certificate",certificate);
+			field_from_json(Obj,"radsec",radsec);
+			field_from_json(Obj,"radsecSecret",radsecSecret);
+			field_from_json(Obj,"radsecPort",radsecPort);
+			field_from_json(Obj,"radsecCacerts",radsecCacerts);
+			field_from_json(Obj,"radsecCert",radsecCert);
+			field_from_json(Obj,"radsecKey",radsecKey);
+			field_from_json(Obj,"radsecRealms",radsecRealms);
+			field_from_json(Obj,"ignore",ignore);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}

src/RESTObjects/RESTAPI_GWobjects.h

@@ -38,6 +38,10 @@ namespace OpenWifi::GWObjects {
 		uint64_t 	kafkaPackets=0;
 		uint64_t 	websocketPackets=0;
 		std::string locale;
+		uint64_t 	started=0;
+		uint64_t 	sessionId=0;
+		double      connectionCompletionTime=0.0;
+
 		void to_json(Poco::JSON::Object &Obj) const;
 	};
 
@@ -71,6 +75,13 @@ namespace OpenWifi::GWObjects {
 		void Print() const;
 	};
 
+	struct DeviceConnectionStatistics {
+		std::uint64_t connectedDevices = 0;
+		std::uint64_t averageConnectionTime = 0;
+		void to_json(Poco::JSON::Object &Obj) const;
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+
 	struct Statistics {
 		std::string SerialNumber;
 		uint64_t 	UUID = 0 ;
@@ -216,6 +227,16 @@ namespace OpenWifi::GWObjects {
 		std::string ip;
 		uint16_t 	port=0;
 		uint64_t 	weight=0;
+		std::string secret;
+		std::string certificate;
+		bool 		radsec=false;
+		uint16_t 	radsecPort=2083;
+		std::string radsecSecret;
+		std::string radsecKey;
+		std::string radsecCert;
+		std::vector<std::string> 	radsecCacerts;
+		std::vector<std::string>	radsecRealms;
+		bool 		ignore=false;
 
 		void to_json(Poco::JSON::Object &Obj) const;
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
@@ -237,6 +258,8 @@ namespace OpenWifi::GWObjects {
 		std::string description;
 		RadiusProxyServerConfig	authConfig;
 		RadiusProxyServerConfig	acctConfig;
+		RadiusProxyServerConfig	coaConfig;
+		bool 		useByDefault=false;
 
 		void to_json(Poco::JSON::Object &Obj) const;
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);

src/SMSSender.cpp

@@ -2,16 +2,14 @@
 // Created by stephane bourque on 2021-10-09.
 //
 
-#include <aws/sns/SNSClient.h>
-#include <aws/sns/model/PublishRequest.h>
 #include <aws/sns/model/PublishResult.h>
-#include <aws/sns/model/GetSMSAttributesRequest.h>
+
+#include "framework/MicroService.h"
 
 #include "MFAServer.h"
 #include "SMS_provider_aws.h"
 #include "SMS_provider_twilio.h"
 #include "SMSSender.h"
-#include "framework/MicroService.h"
 
 namespace OpenWifi {
 
@@ -85,7 +83,7 @@ namespace OpenWifi {
 
     bool SMSSender::Send(const std::string &PhoneNumber, const std::string &Message) {
         if(!Enabled_) {
-            Logger().information("SMS has not been enabled. Messages cannot be sent.");
+            poco_information(Logger(),"SMS has not been enabled. Messages cannot be sent.");
             return false;
         }
         return ProviderImpl_->Send(PhoneNumber,Message);

src/SMS_provider_aws.cpp

@@ -17,7 +17,7 @@ namespace OpenWifi {
         Region_ = MicroService::instance().ConfigGetString("smssender.aws.region","");
 
         if(SecretKey_.empty() || AccessKey_.empty() || Region_.empty()) {
-            Logger().debug("SMSSender is disabled. Please provide key, secret, and region.");
+            poco_debug(Logger(),"SMSSender is disabled. Please provide key, secret, and region.");
             return false;
         }
         Running_=true;
@@ -51,16 +51,16 @@ namespace OpenWifi {
 
             auto psms_out = sns.Publish(psms_req);
             if (psms_out.IsSuccess()) {
-                Logger().debug(fmt::format("SMS sent to {}",PhoneNumber));
+                poco_debug(Logger(),fmt::format("SMS sent to {}",PhoneNumber));
                 return true;
             }
             std::string ErrMsg{psms_out.GetError().GetMessage()};
-            Logger().debug(fmt::format("SMS NOT sent to {}: {}",PhoneNumber, ErrMsg));
+            poco_debug(Logger(),fmt::format("SMS NOT sent to {}: {}",PhoneNumber, ErrMsg));
             return false;
         } catch (...) {
 
         }
-        Logger().debug(fmt::format("SMS NOT sent to {}: failure in SMS service",PhoneNumber));
+        poco_debug(Logger(),fmt::format("SMS NOT sent to {}: failure in SMS service",PhoneNumber));
         return false;
     }
 

src/SMS_provider_twilio.cpp

@@ -4,12 +4,13 @@
 
 #include "SMS_provider_twilio.h"
 
+#include "framework/MicroService.h"
+
 #include "Poco/Net/HTTPBasicCredentials.h"
 #include "Poco/URI.h"
 #include "Poco/Net/HTMLForm.h"
 #include "Poco/Net/HTTPSClientSession.h"
 #include "Poco/Net/HTTPResponse.h"
-#include "framework/MicroService.h"
 
 namespace OpenWifi {
     bool SMS_provider_twilio::Initialize() {
@@ -18,7 +19,7 @@ namespace OpenWifi {
         PhoneNumber_ = MicroService::instance().ConfigGetString("smssender.twilio.phonenumber","");
 
         if(Sid_.empty() || Token_.empty() || PhoneNumber_.empty()) {
-            Logger().debug("SMSSender is disabled. Please provide SID, TOKEN, and PHONE NUMBER.");
+            poco_debug(Logger(),"SMSSender is disabled. Please provide SID, TOKEN, and PHONE NUMBER.");
             return false;
         }
         Running_=true;
@@ -64,12 +65,12 @@ namespace OpenWifi {
         std::istream& rs = session.receiveResponse(res);
 
         if(res.getStatus()==Poco::Net::HTTPResponse::HTTP_OK) {
-            Logger().information(fmt::format("Message sent to {}", PhoneNumber));
+            poco_information(Logger(),fmt::format("Message sent to {}", PhoneNumber));
             return true;
         } else {
             std::ostringstream os;
             Poco::StreamCopier::copyStream(rs,os);
-            Logger().information(fmt::format("Message was not to {}: Error:{}", PhoneNumber, os.str()));
+            poco_information(Logger(),fmt::format("Message was not to {}: Error:{}", PhoneNumber, os.str()));
             return false;
         }
     }

src/SMTPMailerService.cpp

@@ -2,7 +2,8 @@
 // Created by stephane bourque on 2021-06-17.
 //
 #include <iostream>
-#include <fstream>
+
+#include "framework/MicroService.h"
 
 #include "Poco/Net/MailMessage.h"
 #include "Poco/Net/MailRecipient.h"
@@ -15,7 +16,6 @@
 #include "Poco/Net/NetException.h"
 
 #include "SMTPMailerService.h"
-#include "framework/MicroService.h"
 #include "AuthService.h"
 
 namespace OpenWifi {
@@ -52,7 +52,7 @@ namespace OpenWifi {
 
     void SMTPMailerService::reinitialize([[maybe_unused]] Poco::Util::Application &self) {
         MicroService::instance().LoadConfigurationFile();
-        Logger().information("Reinitializing.");
+        poco_information(Logger(),"Reinitializing.");
         LoadMyConfig();
     }
 
@@ -88,21 +88,21 @@ namespace OpenWifi {
                 if((i->LastTry==0 || (now-i->LastTry)>MailRetry_)) {
                     switch(SendIt(*i)) {
                         case MessageSendStatus::msg_sent: {
-                            Logger().information(fmt::format("Attempting to deliver for mail '{}'.", Recipient));
+                            poco_information(Logger(),fmt::format("Attempting to deliver for mail '{}'.", Recipient));
                             i = Messages_.erase(i);
                         } break;
                         case MessageSendStatus::msg_not_sent_but_resend: {
-                            Logger().information(fmt::format("Mail for '{}' was not. We will retry later.", Recipient));
+                            poco_information(Logger(),fmt::format("Mail for '{}' was not. We will retry later.", Recipient));
                             i->LastTry = now;
                             ++i;
                         } break;
                         case MessageSendStatus::msg_not_sent_but_do_not_resend: {
-                            Logger().information(fmt::format("Mail for '{}' will not be sent. Check email address", Recipient));
+                            poco_information(Logger(),fmt::format("Mail for '{}' will not be sent. Check email address", Recipient));
                             i = Messages_.erase(i);
                         } break;
                     }
                 } else if ((now-i->Posted)>MailAbandon_) {
-                    Logger().information(fmt::format("Mail for '{}' has timed out and will not be sent.", Recipient));
+                    poco_information(Logger(),fmt::format("Mail for '{}' has timed out and will not be sent.", Recipient));
                     i = Messages_.erase(i);
                 } else {
                     ++i;
@@ -138,7 +138,7 @@ namespace OpenWifi {
             Message->addRecipient(Poco::Net::MailRecipient(Poco::Net::MailRecipient::PRIMARY_RECIPIENT, Recipient));
             Message->setSubject(Msg.Attrs.find(SUBJECT)->second);
 
-            Logger().information(fmt::format("Sending message to:{} from {}",Recipient,TheSender));
+            poco_information(Logger(),fmt::format("Sending message to:{} from {}",Recipient,TheSender));
 
             if(Msg.Attrs.find(TEXT) != Msg.Attrs.end()) {
                 std::string Content = Msg.Attrs.find(TEXT)->second;
@@ -163,7 +163,7 @@ namespace OpenWifi {
                     Poco::StreamCopier::copyStream(IF, OS);
                     Message->addAttachment("logo", new Poco::Net::StringPartSource(OS.str(), "image/png"));
                 } catch (...) {
-                    Logger().warning(fmt::format("Cannot add '{}' logo in email",AuthService::GetLogoAssetFileName()));
+                    poco_warning(Logger(),fmt::format("Cannot add '{}' logo in email",AuthService::GetLogoAssetFileName()));
                 }
             }
 
@@ -198,7 +198,7 @@ namespace OpenWifi {
             return MessageSendStatus::msg_not_sent_but_resend;
         }
         catch (const std::exception &E) {
-            Logger().warning(fmt::format("Cannot send message to:{}, error: {}",Recipient, E.what()));
+            poco_warning(Logger(),fmt::format("Cannot send message to:{}, error: {}",Recipient, E.what()));
             return MessageSendStatus::msg_not_sent_but_do_not_resend;
         }
     }

src/StorageService.cpp

@@ -13,6 +13,7 @@ namespace OpenWifi {
 
     int StorageService::Start() {
 		std::lock_guard		Guard(Mutex_);
+        poco_information(Logger(),"Starting...");
 
 		StorageClass::Start();
 
@@ -57,9 +58,10 @@ namespace OpenWifi {
     }
 
     void StorageService::Stop() {
-        Logger().notice("Stopping.");
+        poco_information(Logger(),"Stopping...");
         Timer_.stop();
         StorageClass::Stop();
+        poco_information(Logger(),"Stopped...");
     }
 
     void Archiver::onTimer([[maybe_unused]] Poco::Timer &timer) {

src/TotpCache.h

@@ -6,6 +6,7 @@
 #define OWSEC_TOTPCACHE_H
 
 #include "framework/MicroService.h"
+
 #include "seclibs/cpptotp/bytes.h"
 #include "seclibs/qrcode/qrcodegen.hpp"
 #include "seclibs/cpptotp/otp.h"

src/framework/ConfigurationValidator.cpp

@@ -44,7 +44,7 @@ static json DefaultUCentralSchema = R"(
 		"switch": {
 			"$ref": "#/$defs/switch"
 		},
-		"radios": {
+		"radiosgrep": {
 			"type": "array",
 			"items": {
 				"$ref": "#/$defs/radio"

src/framework/MicroService.h

@@ -23,6 +23,13 @@
 #include <queue>
 #include <variant>
 
+
+// This must be defined for poco_debug and poco_trace macros to function.
+
+#ifndef POCO_LOG_DEBUG
+#define POCO_LOG_DEBUG true
+#endif
+
 namespace OpenWifi {
     inline uint64_t Now() { return std::time(nullptr); };
 }
@@ -89,8 +96,10 @@ using namespace std::chrono_literals;
 #include "Poco/NObserver.h"
 #include "Poco/Net/SocketNotification.h"
 #include "Poco/Base64Decoder.h"
+#include "Poco/ThreadLocal.h"
 #include "cppkafka/cppkafka.h"
 
+#include "framework/MicroServiceErrorHandler.h"
 #include "framework/OpenWifiTypes.h"
 #include "framework/KafkaTopics.h"
 #include "framework/ow_constants.h"
@@ -660,6 +669,19 @@ namespace OpenWifi::RESTAPI_utils {
 
 namespace OpenWifi::Utils {
 
+	inline bool NormalizeMac(std::string & Mac) {
+		Poco::replaceInPlace(Mac,":","");
+		Poco::replaceInPlace(Mac,"-","");
+		if(Mac.size()!=12)
+			return false;
+		for(const auto &i:Mac) {
+			if(!std::isxdigit(i))
+				return false;
+		}
+		Poco::toLowerInPlace(Mac);
+		return true;
+	}
+
 	inline void SetThreadName(const char *name) {
 #ifdef __linux__
 		Poco::Thread::current()->setName(name);
@@ -1339,36 +1361,19 @@ namespace OpenWifi {
         Poco::ExpireLRUCache<KeyType,Record>  Cache_{Size,Expiry};
     };
 
-    class MyErrorHandler : public Poco::ErrorHandler {
-	  public:
-		explicit MyErrorHandler(Poco::Util::Application &App) : App_(App) {}
-		inline void exception(const Poco::Exception & E) {
-		    Poco::Thread * CurrentThread = Poco::Thread::current();
-		    App_.logger().log(E);
-		    App_.logger().error(fmt::format("Exception occurred in {}",CurrentThread->getName()));
-		}
-
-		inline void exception(const std::exception & E) {
-		    Poco::Thread * CurrentThread = Poco::Thread::current();
-		    App_.logger().warning(fmt::format("std::exception in {}: {}",CurrentThread->getName(),E.what()));
-		}
-
-		inline void exception() {
-		    Poco::Thread * CurrentThread = Poco::Thread::current();
-		    App_.logger().warning(fmt::format("exception in {}",CurrentThread->getName()));
-		}
-	  private:
-		Poco::Util::Application	&App_;
-	};
-
 	class BusEventManager : public Poco::Runnable {
 	  public:
+		explicit BusEventManager(Poco::Logger &L) : Logger_(L) {
+
+		}
 		inline void run() final;
 		inline void Start();
 		inline void Stop();
+		inline Poco::Logger & Logger() { return Logger_; }
 	  private:
 		mutable std::atomic_bool 	Running_ = false;
 		Poco::Thread		Thread_;
+		Poco::Logger		&Logger_;
 	};
 
 	class MyPrivateKeyPassphraseHandler : public Poco::Net::PrivateKeyPassphraseHandler {
@@ -1382,6 +1387,7 @@ namespace OpenWifi {
 	        Logger_.information("Returning key passphrase.");
 	        privateKey = Password_;
 	    };
+		inline Poco::Logger & Logger() { return Logger_; }
 	private:
 	    std::string Password_;
 	    Poco::Logger & Logger_;
@@ -1650,14 +1656,14 @@ namespace OpenWifi {
 
 	class SubSystemServer : public Poco::Util::Application::Subsystem {
 	public:
-	    SubSystemServer(std::string Name, const std::string &LoggingPrefix,
+	    SubSystemServer(const std::string & Name, const std::string &LoggingPrefix,
-                        std::string SubSystemConfigPrefix);
+                        const std::string & SubSystemConfigPrefix);
 
 	    inline void initialize(Poco::Util::Application &self) override;
 	    inline void uninitialize() override {
 	    }
 	    inline void reinitialize([[maybe_unused]] Poco::Util::Application &self) override {
-	        Logger().information("Reloading of this subsystem is not supported.");
+	        Logger_->L_.information("Reloading of this subsystem is not supported.");
 	    }
 	    inline void defineOptions([[maybe_unused]] Poco::Util::OptionSet &options) override {
 	    }
@@ -1666,30 +1672,30 @@ namespace OpenWifi {
 
 	    inline const PropertiesFileServerEntry & Host(uint64_t index) { return ConfigServersList_[index]; };
 	    inline uint64_t HostSize() const { return ConfigServersList_.size(); }
-	    inline Poco::Logger &Logger() { if(Log_)
+		inline Poco::Logger & Logger() const { return Logger_->L_; }
-                                            return Log_->L;
+	    inline void SetLoggingLevel(const std::string & levelName) {
-                                        return Poco::Logger::get("tmp");
+			Logger_->L_.setLevel(Poco::Logger::parseLevel(levelName));
-                                        };
+		}
-	    inline void SetLoggingLevel(Poco::Message::Priority NewPriority) { Logger().setLevel(NewPriority); }
+	    inline int GetLoggingLevel() { return Logger_->L_.getLevel(); }
-	    inline int GetLoggingLevel() { return Logger().getLevel(); }
 
 	    virtual int Start() = 0;
 	    virtual void Stop() = 0;
 
-        struct LoggerWrapper {
+		struct LoggerWrapper {
-            Poco::Logger &L;
+			Poco::Logger & L_;
-            explicit inline LoggerWrapper(Poco::Logger &Logger) : L(Logger) {}
+			LoggerWrapper(Poco::Logger &L) :
-        };
+				L_(L) {}
+		};
 
 	protected:
 	    std::recursive_mutex Mutex_;
         std::vector<PropertiesFileServerEntry> ConfigServersList_;
+
     private:
-        std::unique_ptr<LoggerWrapper>  Log_;
+        std::unique_ptr<LoggerWrapper>  Logger_;
-	    // Poco::Logger 		&Logger_;
+	    std::string 					Name_;
-	    std::string 		Name_;
+        std::string         			LoggerPrefix_;
-        std::string         LoggerPrefix_;
+	    std::string 					SubSystemConfigPrefix_;
-	    std::string 		SubSystemConfigPrefix_;
 	};
 
 	class RESTAPI_GenericServer {
@@ -1823,7 +1829,7 @@ namespace OpenWifi {
 	            E->Count++;
 	            Cache_.update(H,E);
 	            if(E->Count > MaxCalls) {
-	                Logger().warning(fmt::format("RATE-LIMIT-EXCEEDED: from '{}'", R.clientAddress().toString()));
+	                poco_warning(Logger(),fmt::format("RATE-LIMIT-EXCEEDED: from '{}'", R.clientAddress().toString()));
 	                return true;
 	            }
 	            return false;
@@ -2165,12 +2171,16 @@ namespace OpenWifi {
 	        SetCommonHeaders(CloseConnection);
 	    }
 
-	    inline void BadRequest(const OpenWifi::RESTAPI::Errors::msg &E) {
+	    inline void BadRequest(const OpenWifi::RESTAPI::Errors::msg &E, const std::string & Extra="") {
 	        PrepareResponse(Poco::Net::HTTPResponse::HTTP_BAD_REQUEST);
 	        Poco::JSON::Object	ErrorObject;
 	        ErrorObject.set("ErrorCode",400);
 	        ErrorObject.set("ErrorDetails",Request->getMethod());
-	        ErrorObject.set("ErrorDescription",fmt::format("{}: {}",E.err_num,E.err_txt)) ;
+			if(Extra.empty())
+	        	ErrorObject.set("ErrorDescription",fmt::format("{}: {}",E.err_num,E.err_txt)) ;
+			else
+				ErrorObject.set("ErrorDescription",fmt::format("{}: {} ({})",E.err_num,E.err_txt, Extra)) ;
+
 	        std::ostream &Answer = Response->send();
 	        Poco::JSON::Stringifier::stringify(ErrorObject, Answer);
 	    }
@@ -2214,7 +2224,7 @@ namespace OpenWifi {
             ErrorObject.set("ErrorDescription",fmt::format("{}: {}",E.err_num,E.err_txt)) ;
 	        std::ostream &Answer = Response->send();
 	        Poco::JSON::Stringifier::stringify(ErrorObject, Answer);
-	        Logger_.debug(fmt::format("RES-NOTFOUND: User='{}@{}' Method='{}' Path='{}",
+			poco_debug(Logger_,fmt::format("RES-NOTFOUND: User='{}@{}' Method='{}' Path='{}",
                                        UserInfo_.userinfo.email,
                                        Utils::FormatIPv6(Request->clientAddress().toString()),
                                        Request->getMethod(),
@@ -2783,9 +2793,11 @@ namespace OpenWifi {
 
 	    inline void Stop() override {
 	        if(KafkaEnabled_) {
+				poco_information(Logger(),"Stopping...");
 				Dispatcher_.Stop();
 	            ProducerThr_.Stop();
 	            ConsumerThr_.Stop();
+				poco_information(Logger(),"Stopped...");
 	            return;
 	        }
 	    }
@@ -2863,12 +2875,13 @@ namespace OpenWifi {
 	    }
 
 	    inline void Stop() override {
+			poco_information(Logger(),"Stopping...");
             std::lock_guard	G(Mutex_);
 	        Cache_.clear();
+			poco_information(Logger(),"Stopped...");
 	    }
 
 	    inline void RemovedCachedToken(const std::string &Token) {
-	        std::lock_guard	G(Mutex_);
 	        Cache_.remove(Token);
 	    }
 
@@ -2878,6 +2891,7 @@ namespace OpenWifi {
 
 	    inline bool RetrieveTokenInformation(const std::string & SessionToken,
 											 SecurityObjects::UserInfoAndPolicy & UInfo,
+											 std::uint64_t TID,
 											 bool & Expired, bool & Contacted, bool Sub=false) {
 	        try {
 	            Types::StringPairVec QueryData;
@@ -2903,7 +2917,6 @@ namespace OpenWifi {
 	                        return false;
 	                    }
 	                    Expired = false;
-                        std::lock_guard	G(Mutex_);
 	                    Cache_.update(SessionToken, UInfo);
 	                    return true;
 	                } else {
@@ -2911,14 +2924,15 @@ namespace OpenWifi {
                     }
 	            }
 	        } catch (...) {
+				poco_error(Logger(),fmt::format("Failed to retrieve token={} for TID={}", SessionToken, TID));
 	        }
 	        Expired = false;
 	        return false;
 	    }
 
         inline bool IsAuthorized(const std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo,
+								 std::uint64_t TID,
 								 bool & Expired, bool & Contacted, bool Sub = false) {
-            std::lock_guard	G(Mutex_);
 	        auto User = Cache_.get(SessionToken);
 	        if(!User.isNull()) {
 	            if(IsTokenExpired(User->webtoken)) {
@@ -2929,7 +2943,7 @@ namespace OpenWifi {
                 UInfo = *User;
                 return true;
 	        }
-	        return RetrieveTokenInformation(SessionToken, UInfo, Expired, Contacted, Sub);
+	        return RetrieveTokenInformation(SessionToken, UInfo, TID, Expired, Contacted, Sub);
 	    }
 
 	private:
@@ -2947,12 +2961,12 @@ namespace OpenWifi {
 	            {
 	            }
 
-	            void handleRequest(Poco::Net::HTTPServerRequest& Request, Poco::Net::HTTPServerResponse& Response) override
+	            void handleRequest([[maybe_unused]] Poco::Net::HTTPServerRequest& Request, Poco::Net::HTTPServerResponse& Response) override
 	            {
 					Utils::SetThreadName("alb-request");
 					try {
 						if((id_ % 100) == 0) {
-							Logger_.debug(fmt::format("ALB-REQUEST({}): ALB Request {}.",
+							poco_debug(Logger_,fmt::format("ALB-REQUEST({}): ALB Request {}.",
 															Request.clientAddress().toString(), id_));
 						}
 						Response.setChunkedTransferEncoding(true);
@@ -3010,8 +3024,10 @@ namespace OpenWifi {
 	    inline int Start() override;
 
 	    inline void Stop() override {
+			poco_information(Logger(),"Stopping...");
 	        if(Running_)
-	            Server_->stop();
+	            Server_->stopAll(true);
+			poco_information(Logger(),"Stopped...");
 	    }
 
 	private:
@@ -3040,10 +3056,11 @@ namespace OpenWifi {
 	    inline void Stop() override {
 	        Logger().information("Stopping...");
 	        for( const auto & svr : RESTServers_ )
-	            svr->stop();
+	            svr->stopAll(true);
 			Pool_.stopAll();
 	        Pool_.joinAll();
 	        RESTServers_.clear();
+			Logger().information("Stopped...");
 	    }
 
 
@@ -3058,7 +3075,7 @@ namespace OpenWifi {
 
 	private:
 	    std::vector<std::unique_ptr<Poco::Net::HTTPServer>>   RESTServers_;
-	    Poco::ThreadPool	    Pool_{"x-rest",2,32};
+	    Poco::ThreadPool	    Pool_{"x-rest",8,128};
 	    RESTAPI_GenericServer   Server_;
 
         RESTAPI_ExtServer() noexcept:
@@ -3075,15 +3092,16 @@ namespace OpenWifi {
 	    inline Poco::Net::HTTPRequestHandler *createRequestHandler(const Poco::Net::HTTPServerRequest &Request) override {
 			try {
 				Poco::URI uri(Request.getURI());
-				Utils::SetThreadName(fmt::format("x-rest:{}",TransactionId_).c_str());
+				auto TID = NextTransactionId_++;
-				return RESTAPI_ExtServer()->CallServer(uri.getPath(), TransactionId_++);
+				Utils::SetThreadName(fmt::format("x-rest:{}",TID).c_str());
+				return RESTAPI_ExtServer()->CallServer(uri.getPath(), TID);
 			} catch (...) {
 
 			}
 			return nullptr;
 	    }
 	private:
-        static inline std::atomic_uint64_t  TransactionId_ = 1;
+        static inline std::atomic_uint64_t  NextTransactionId_ = 1;
 	};
 
 	class LogMuxer : public Poco::Channel {
@@ -3175,9 +3193,10 @@ namespace OpenWifi {
 	    inline void Stop() override {
 	        Logger().information("Stopping...");
 	        for( const auto & svr : RESTServers_ )
-	            svr->stop();
+	            svr->stopAll(true);
 			Pool_.stopAll();
 			Pool_.joinAll();
+			Logger().information("Stopped...");
 	    }
 
 	    inline void reinitialize(Poco::Util::Application &self) override;
@@ -3187,11 +3206,10 @@ namespace OpenWifi {
 			Utils::SetThreadName(fmt::format("i-rest:{}",Id).c_str());
 	        return RESTAPI_IntRouter(Path, Bindings, Logger(), Server_, Id);
 	    }
-
         const Poco::ThreadPool & Pool() { return Pool_; }
 	private:
 	    std::vector<std::unique_ptr<Poco::Net::HTTPServer>>   RESTServers_;
-	    Poco::ThreadPool	    Pool_{"i-rest",2,16};
+	    Poco::ThreadPool	    Pool_{"i-rest",4,64};
 	    RESTAPI_GenericServer   Server_;
 
         RESTAPI_IntServer() noexcept:
@@ -3206,12 +3224,13 @@ namespace OpenWifi {
 	public:
         inline IntRequestHandlerFactory() = default;
 	    inline Poco::Net::HTTPRequestHandler *createRequestHandler(const Poco::Net::HTTPServerRequest &Request) override {
-			Utils::SetThreadName(fmt::format("i-rest:{}",TransactionId_).c_str());
+			auto TID=NextTransactionId_++;
+			Utils::SetThreadName(fmt::format("i-rest:{}",TID).c_str());
 	        Poco::URI uri(Request.getURI());
-	        return RESTAPI_IntServer()->CallServer(uri.getPath(), TransactionId_);
+	        return RESTAPI_IntServer()->CallServer(uri.getPath(), TID);
 	    }
 	private:
-        static inline std::atomic_uint64_t  TransactionId_ = 1;
+        static inline std::atomic_uint64_t  NextTransactionId_ = 1;
 	};
 
 	struct MicroServiceMeta {
@@ -3272,7 +3291,7 @@ namespace OpenWifi {
 		    return ((RandomEngine_() % (max-min)) + min);
 		}
 
-        inline Poco::Logger & GetLogger(const std::string &Name) {
+/*        inline Poco::Logger & GetLogger(const std::string &Name) {
             static auto initialized = false;
 
             if(!initialized) {
@@ -3281,7 +3300,7 @@ namespace OpenWifi {
             }
             return Poco::Logger::get(Name);
         }
-
+*/
         virtual void GetExtraConfiguration(Poco::JSON::Object & Cfg) {
             Cfg.set("additionalConfiguration",false);
         }
@@ -3374,7 +3393,6 @@ namespace OpenWifi {
 		std::string 				MyPublicEndPoint_;
 		std::string                 UIURI_;
 		std::string 				Version_{ OW_VERSION::VERSION + "("+ OW_VERSION::BUILD + ")" + " - " + OW_VERSION::HASH };
-		BusEventManager				BusEventManager_;
 		std::recursive_mutex		InfraMutex_;
 		std::default_random_engine  RandomEngine_;
         Poco::Util::PropertyFileConfiguration   * PropConfigurationFile_ = nullptr;
@@ -3388,7 +3406,8 @@ namespace OpenWifi {
         bool                        NoBuiltInCrypto_=false;
         Poco::JWT::Signer	        Signer_;
 		Poco::Logger				&Logger_;
-		Poco::ThreadPool			TimerPool_{"timer:pool",2,16};
+		Poco::ThreadPool				TimerPool_{"timer:pool",2,32};
+		std::unique_ptr<BusEventManager>	BusEventManager_;
     };
 
 	inline void MicroService::Exit(int Reason) {
@@ -3469,7 +3488,7 @@ namespace OpenWifi {
 	        }
 
 	    } catch (const Poco::Exception &E) {
-	        Logger_.log(E);
+	        logger().log(E);
 	    }
 	}
 
@@ -3552,7 +3571,7 @@ namespace OpenWifi {
 
             auto LoggingDestination = MicroService::instance().ConfigGetString("logging.type", "file");
             auto LoggingFormat = MicroService::instance().ConfigGetString("logging.format",
-                                                                          "%Y-%m-%d %H:%M:%S %s: [%p] %t");
+                                                                          "%Y-%m-%d %H:%M:%S.%i %s: [%p][thr:%I] %t");
             if (LoggingDestination == "console") {
                 Poco::AutoPtr<Poco::ConsoleChannel> Console(new Poco::ConsoleChannel);
                 Poco::AutoPtr<Poco::AsyncChannel> Async(new Poco::AsyncChannel(Console));
@@ -3583,14 +3602,14 @@ namespace OpenWifi {
                 FileChannel->setProperty("archive", "timestamp");
                 FileChannel->setProperty("path", LoggingLocation);
                 Poco::AutoPtr<Poco::AsyncChannel> Async_File(new Poco::AsyncChannel(FileChannel));
-				Poco::AutoPtr<Poco::AsyncChannel> Async_Muxer(new Poco::AsyncChannel(LogMuxer()));
+				// Poco::AutoPtr<Poco::AsyncChannel> Async_Muxer(new Poco::AsyncChannel(LogMuxer()));
-                Poco::AutoPtr<Poco::SplitterChannel> Splitter(new Poco::SplitterChannel);
+                // Poco::AutoPtr<Poco::SplitterChannel> Splitter(new Poco::SplitterChannel);
-				Splitter->addChannel(Async_File);
+				// Splitter->addChannel(Async_File);
-				Splitter->addChannel(Async_Muxer);
+				// Splitter->addChannel(Async_Muxer);
 				Poco::AutoPtr<Poco::PatternFormatter> Formatter(new Poco::PatternFormatter);
                 Formatter->setProperty("pattern", LoggingFormat);
                 Poco::AutoPtr<Poco::FormattingChannel> FormattingChannel(
-                        new Poco::FormattingChannel(Formatter, Splitter));
+                        new Poco::FormattingChannel(Formatter, Async_File));
                 Poco::Logger::root().setChannel(FormattingChannel);
             }
             auto Level = Poco::Logger::parseLevel(MicroService::instance().ConfigGetString("logging.level", "debug"));
@@ -3609,7 +3628,9 @@ namespace OpenWifi {
 	    SubSystems_.push_back(ALBHealthCheckServer());
 	    SubSystems_.push_back(RESTAPI_ExtServer());
 	    SubSystems_.push_back(RESTAPI_IntServer());
-
+#ifndef TIP_SECURITY_SERVICE
+		SubSystems_.push_back(AuthClient());
+#endif
 	    Poco::Net::initializeSSL();
 	    Poco::Net::HTTPStreamFactory::registerFactory();
 	    Poco::Net::HTTPSStreamFactory::registerFactory();
@@ -3720,8 +3741,9 @@ namespace OpenWifi {
 	}
 
 	inline void MicroService::InitializeSubSystemServers() {
-	    for(auto i:SubSystems_)
+	    for(auto i:SubSystems_) {
-	        addSubsystem(i);
+			addSubsystem(i);
+		}
 	}
 
 	inline void MicroService::StartSubSystemServers() {
@@ -3729,12 +3751,13 @@ namespace OpenWifi {
 	    for(auto i:SubSystems_) {
 	        i->Start();
 	    }
-	    BusEventManager_.Start();
+		BusEventManager_ = std::make_unique<BusEventManager>(Poco::Logger::create("BusEventManager",Poco::Logger::root().getChannel(),Poco::Logger::root().getLevel()));
+	    BusEventManager_->Start();
 	}
 
 	inline void MicroService::StopSubSystemServers() {
         AddActivity("Stopping");
-	    BusEventManager_.Stop();
+	    BusEventManager_->Stop();
 	    for(auto i=SubSystems_.rbegin(); i!=SubSystems_.rend(); ++i) {
 			(*i)->Stop();
 		}
@@ -3911,14 +3934,15 @@ namespace OpenWifi {
 	    }
 	}
 
-    inline SubSystemServer::SubSystemServer(std::string Name, const std::string &LoggingPrefix,
+    inline SubSystemServer::SubSystemServer(const std::string &Name, const std::string &LoggingPrefix,
-            std::string SubSystemConfigPrefix):
+            const std::string &SubSystemConfigPrefix):
-        Name_(std::move(Name)),
+		Name_(Name),
-        LoggerPrefix_(LoggingPrefix),
+		LoggerPrefix_(LoggingPrefix),
-        SubSystemConfigPrefix_(std::move(SubSystemConfigPrefix)) {
+		SubSystemConfigPrefix_(SubSystemConfigPrefix) {
     }
 
     inline int RESTAPI_ExtServer::Start() {
+		Logger().information("Starting.");
         Server_.InitLogging();
 
         for(const auto & Svr: ConfigServersList_) {
@@ -3934,8 +3958,6 @@ namespace OpenWifi {
             }
 
             Poco::Net::HTTPServerParams::Ptr Params = new Poco::Net::HTTPServerParams;
-            Params->setMaxThreads(50);
-            Params->setMaxQueued(200);
             Params->setKeepAlive(true);
 			Params->setName("ws:xrest");
 
@@ -3950,7 +3972,6 @@ namespace OpenWifi {
             NewServer->start();
             RESTServers_.push_back(std::move(NewServer));
         }
-
         return 0;
     }
 
@@ -3971,8 +3992,6 @@ namespace OpenWifi {
             }
 
             auto Params = new Poco::Net::HTTPServerParams;
-            Params->setMaxThreads(50);
-            Params->setMaxQueued(200);
             Params->setKeepAlive(true);
 			Params->setName("ws:irest");
 
@@ -3992,7 +4011,7 @@ namespace OpenWifi {
     }
 
     inline int MicroService::main([[maybe_unused]] const ArgVec &args) {
-	    MyErrorHandler	ErrorHandler(*this);
+	    MicroServiceErrorHandler	ErrorHandler(*this);
 	    Poco::ErrorHandler::set(&ErrorHandler);
 
 	    if (!HelpRequested_) {
@@ -4040,7 +4059,11 @@ namespace OpenWifi {
 	    auto i = 0;
 	    bool good = true;
 
-        Log_ = std::make_unique<LoggerWrapper>(Poco::Logger::get(LoggerPrefix_));
+		auto NewLevel = MicroService::instance().ConfigGetString("logging.level." + Name_, "");
+		if(NewLevel.empty())
+        	Logger_ = std::make_unique<LoggerWrapper>(Poco::Logger::create(LoggerPrefix_, Poco::Logger::root().getChannel(), Poco::Logger::root().getLevel()));
+		else
+			Logger_ = std::make_unique<LoggerWrapper>(Poco::Logger::create(LoggerPrefix_, Poco::Logger::root().getChannel(), Poco::Logger::parseLevel(NewLevel)));
 
 	    ConfigServersList_.clear();
 	    while (good) {
@@ -4130,9 +4153,11 @@ namespace OpenWifi {
 
     inline void BusEventManager::Stop() {
         if(KafkaManager()->Enabled()) {
+			poco_information(Logger(),"Stopping...");
             Running_ = false;
             Thread_.wakeUp();
             Thread_.join();
+			poco_information(Logger(),"Stopped...");
         }
     }
 
@@ -4144,37 +4169,37 @@ namespace OpenWifi {
 	inline void KafkaLoggerFun([[maybe_unused]] cppkafka::KafkaHandleBase & handle, int level, const std::string & facility, const std::string &message) {
 		switch ((cppkafka::LogLevel) level) {
 			case cppkafka::LogLevel::LogNotice: {
-					KafkaManager()->Logger().notice(fmt::format("kafka-log: facility: {} message: {}",facility, message));
+					poco_notice(KafkaManager()->Logger(),fmt::format("kafka-log: facility: {} message: {}",facility, message));
 				}
 				break;
 			case cppkafka::LogLevel::LogDebug: {
-					KafkaManager()->Logger().debug(fmt::format("kafka-log: facility: {} message: {}",facility, message));
+					poco_debug(KafkaManager()->Logger(),fmt::format("kafka-log: facility: {} message: {}",facility, message));
 				}
 				break;
 			case cppkafka::LogLevel::LogInfo: {
-					KafkaManager()->Logger().information(fmt::format("kafka-log: facility: {} message: {}",facility, message));
+					poco_information(KafkaManager()->Logger(),fmt::format("kafka-log: facility: {} message: {}",facility, message));
 				}
 				break;
-				case cppkafka::LogLevel::LogWarning: {
+			case cppkafka::LogLevel::LogWarning: {
-					KafkaManager()->Logger().warning(fmt::format("kafka-log: facility: {} message: {}",facility, message));
+					poco_warning(KafkaManager()->Logger(), fmt::format("kafka-log: facility: {} message: {}",facility, message));
 				}
 				break;
 			case cppkafka::LogLevel::LogAlert:
 			case cppkafka::LogLevel::LogCrit: {
-					KafkaManager()->Logger().critical(fmt::format("kafka-log: facility: {} message: {}",facility, message));
+					poco_critical(KafkaManager()->Logger(),fmt::format("kafka-log: facility: {} message: {}",facility, message));
 				}
 				break;
 			case cppkafka::LogLevel::LogErr:
 			case cppkafka::LogLevel::LogEmerg:
 			default: {
-				KafkaManager()->Logger().error(fmt::format("kafka-log: facility: {} message: {}",facility, message));
+					poco_error(KafkaManager()->Logger(),fmt::format("kafka-log: facility: {} message: {}",facility, message));
 				}
 				break;
 		}
 	}
 
 	inline void KafkaErrorFun([[maybe_unused]] cppkafka::KafkaHandleBase & handle, int error, const std::string &reason) {
-		KafkaManager()->Logger().error(fmt::format("kafka-error: {}, reason: {}", error, reason));
+		poco_error(KafkaManager()->Logger(),fmt::format("kafka-error: {}, reason: {}", error, reason));
 	}
 
 	inline void AddKafkaSecurity(cppkafka::Configuration & Config) {
@@ -4223,11 +4248,11 @@ namespace OpenWifi {
                             cppkafka::MessageBuilder(Msg->Topic()).key(Msg->Key()).payload(Msg->Payload()));
                 }
             } catch (const cppkafka::HandleException &E) {
-                KafkaManager()->Logger().warning(fmt::format("Caught a Kafka exception (producer): {}", E.what()));
+				poco_warning(KafkaManager()->Logger(),fmt::format("Caught a Kafka exception (producer): {}", E.what()));
             } catch( const Poco::Exception &E) {
                 KafkaManager()->Logger().log(E);
             } catch (...) {
-                KafkaManager()->Logger().error("std::exception");
+				poco_error(KafkaManager()->Logger(),"std::exception");
             }
 			Note = Queue_.waitDequeueNotification();
 		}
@@ -4287,7 +4312,7 @@ namespace OpenWifi {
 	                    continue;
 	                if (Msg.get_error()) {
 	                    if (!Msg.is_eof()) {
-	                        KafkaManager()->Logger().error(fmt::format("Error: {}", Msg.get_error().to_string()));
+							poco_error(KafkaManager()->Logger(),fmt::format("Error: {}", Msg.get_error().to_string()));
 	                    }
                         if(!AutoCommit)
 	                        Consumer.async_commit(Msg);
@@ -4298,11 +4323,11 @@ namespace OpenWifi {
 	                    Consumer.async_commit(Msg);
 	            }
 	        } catch (const cppkafka::HandleException &E) {
-	            KafkaManager()->Logger().warning(fmt::format("Caught a Kafka exception (consumer): {}", E.what()));
+				poco_warning(KafkaManager()->Logger(),fmt::format("Caught a Kafka exception (consumer): {}", E.what()));
 	        } catch (const Poco::Exception &E) {
 	            KafkaManager()->Logger().log(E);
             } catch (...) {
-                KafkaManager()->Logger().error("std::exception");
+				poco_error(KafkaManager()->Logger(),"std::exception");
             }
 	    }
 	    Consumer.unsubscribe();
@@ -4746,7 +4771,7 @@ namespace OpenWifi {
     }
 
 #ifdef    TIP_SECURITY_SERVICE
-    [[nodiscard]] bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, bool & Expired , bool Sub );
+    [[nodiscard]] bool AuthServiceIsAuthorized(Poco::Net::HTTPServerRequest & Request,std::string &SessionToken, SecurityObjects::UserInfoAndPolicy & UInfo, std::uint64_t TID, bool & Expired , bool Sub );
 #endif
     inline bool RESTAPIHandler::IsAuthorized( bool & Expired , [[maybe_unused]] bool & Contacted , bool Sub ) {
         if(Internal_ && Request->has("X-INTERNAL-NAME")) {
@@ -4754,17 +4779,20 @@ namespace OpenWifi {
 			Contacted = true;
             if(!Allowed) {
                 if(Server_.LogBadTokens(false)) {
-                    Logger_.debug(fmt::format("I-REQ-DENIED({}): Method={} Path={}",
+                    poco_debug(Logger_,fmt::format("I-REQ-DENIED({}): TID={} Method={} Path={}",
-                                               Utils::FormatIPv6(Request->clientAddress().toString()),
+						Utils::FormatIPv6(Request->clientAddress().toString()),
-                                               Request->getMethod(), Request->getURI()));
+						TransactionId_,
+						Request->getMethod(), Request->getURI()));
                 }
             } else {
                 auto Id = Request->get("X-INTERNAL-NAME", "unknown");
 				REST_Requester_ = Id;
                 if(Server_.LogIt(Request->getMethod(),true)) {
-                    Logger_.debug(fmt::format("I-REQ-ALLOWED({}): User='{}' Method={} Path={}",
+					poco_debug(Logger_,fmt::format("I-REQ-ALLOWED({}): TID={} User='{}' Method={} Path={}",
-                                               Utils::FormatIPv6(Request->clientAddress().toString()), Id,
+						Utils::FormatIPv6(Request->clientAddress().toString()),
-                                               Request->getMethod(), Request->getURI()));
+						TransactionId_,
+						Id,
+						Request->getMethod(), Request->getURI()));
                 }
             }
             return Allowed;
@@ -4780,25 +4808,28 @@ namespace OpenWifi {
                 }
             }
 #ifdef    TIP_SECURITY_SERVICE
-            if (AuthServiceIsAuthorized(*Request, SessionToken_, UserInfo_, Expired, Sub)) {
+            if (AuthServiceIsAuthorized(*Request, SessionToken_, UserInfo_, TransactionId_, Expired, Sub)) {
 #else
-            if (AuthClient()->IsAuthorized( SessionToken_, UserInfo_, Expired, Contacted, Sub)) {
+            if (AuthClient()->IsAuthorized( SessionToken_, UserInfo_, TransactionId_, Expired, Contacted, Sub)) {
 #endif
 				REST_Requester_ = UserInfo_.userinfo.email;
                 if(Server_.LogIt(Request->getMethod(),true)) {
-                    Logger_.debug(fmt::format("X-REQ-ALLOWED({}): User='{}@{}' Method={} Path={}",
+					poco_debug(Logger_,fmt::format("X-REQ-ALLOWED({}): TID={} User='{}@{}' Method={} Path={}",
-                                               UserInfo_.userinfo.email,
+						UserInfo_.userinfo.email,
-                                               Utils::FormatIPv6(Request->clientAddress().toString()),
+						TransactionId_,
-                                               Request->clientAddress().toString(),
+						Utils::FormatIPv6(Request->clientAddress().toString()),
-                                               Request->getMethod(),
+						Request->clientAddress().toString(),
-                                               Request->getURI()));
+						Request->getMethod(),
+						Request->getURI()));
                 }
                 return true;
             } else {
                 if(Server_.LogBadTokens(true)) {
-                    Logger_.debug(fmt::format("X-REQ-DENIED({}): Method={} Path={}",
+					poco_debug(Logger_,fmt::format("X-REQ-DENIED({}): TID={} Method={} Path={}",
-                                               Utils::FormatIPv6(Request->clientAddress().toString()),
+						Utils::FormatIPv6(Request->clientAddress().toString()),
-                                               Request->getMethod(), Request->getURI()));
+						TransactionId_,
+						Request->getMethod(),
+						Request->getURI()));
                 }
             }
             return false;
@@ -4867,7 +4898,7 @@ namespace OpenWifi {
         void run() override;
         // MyParallelSocketReactor &ReactorPool();
 		Poco::Net::SocketReactor & Reactor() { return Reactor_; }
-        void NewClient(Poco::Net::WebSocket &WS, const std::string &Id);
+        void NewClient(Poco::Net::WebSocket &WS, const std::string &Id, const std::string &UserName);
         bool Register(WebSocketClient *Client, const std::string &Id);
         void SetProcessor(WebSocketClientProcessor *F);
         void UnRegister(const std::string &Id);
@@ -4918,18 +4949,22 @@ namespace OpenWifi {
 
     class WebSocketClient {
     public:
-        explicit WebSocketClient(Poco::Net::WebSocket &WS, const std::string &Id, Poco::Logger &L,
+        explicit WebSocketClient(Poco::Net::WebSocket &WS,
-                                 WebSocketClientProcessor *Processor);
+							   		const std::string &Id,
+							   		const std::string &UserName,
+							   		Poco::Logger &L,
+                                 	WebSocketClientProcessor *Processor);
         virtual ~WebSocketClient();
         [[nodiscard]] inline const std::string &Id();
         [[nodiscard]] Poco::Logger &Logger();
         inline bool Send(const std::string &Payload);
     private:
         std::unique_ptr<Poco::Net::WebSocket> WS_;
-        Poco::Net::SocketReactor &Reactor_;
+        Poco::Net::SocketReactor 	&Reactor_;
-        std::string Id_;
+        std::string 				Id_;
-        Poco::Logger &Logger_;
+		std::string					UserName_;
-        bool Authenticated_ = false;
+        Poco::Logger 				&Logger_;
+        std::atomic_bool 			Authenticated_ = false;
         SecurityObjects::UserInfoAndPolicy UserInfo_;
         WebSocketClientProcessor *Processor_ = nullptr;
         void OnSocketReadable(const Poco::AutoPtr<Poco::Net::ReadableNotification> &pNf);
@@ -4937,33 +4972,9 @@ namespace OpenWifi {
         void OnSocketError(const Poco::AutoPtr<Poco::Net::ErrorNotification> &pNf);
     };
 
-/*    inline MyParallelSocketReactor::MyParallelSocketReactor(uint32_t NumReactors) :
+    inline void WebSocketClientServer::NewClient(Poco::Net::WebSocket & WS, const std::string &Id, const std::string &UserName ) {
-            NumReactors_(NumReactors)
-    {
-        Reactors_ = new Poco::Net::SocketReactor[NumReactors_];
-        for(uint32_t i=0;i<NumReactors_;i++) {
-            ReactorPool_.start(Reactors_[i]);
-        }
-    }
-
-    inline MyParallelSocketReactor::~MyParallelSocketReactor() {
-        for(uint32_t i=0;i<NumReactors_;i++) {
-            Reactors_[i].stop();
-        }
-        ReactorPool_.stopAll();
-        ReactorPool_.joinAll();
-        delete [] Reactors_;
-    }
-
-    inline Poco::Net::SocketReactor & MyParallelSocketReactor::Reactor() {
-        return Reactors_[ rand() % NumReactors_ ];
-    }
-
-    // inline MyParallelSocketReactor & WebSocketClientServer::ReactorPool() { return *ReactorPool_; }
-*/
-    inline void WebSocketClientServer::NewClient(Poco::Net::WebSocket & WS, const std::string &Id) {
         std::lock_guard G(Mutex_);
-        auto Client = new WebSocketClient(WS,Id,Logger(), Processor_);
+        auto Client = new WebSocketClient(WS,Id,UserName,Logger(), Processor_);
         Clients_[Id] = std::make_pair(Client,"");
     }
 
@@ -5080,6 +5091,7 @@ namespace OpenWifi {
 			auto Op = flags & Poco::Net::WebSocket::FRAME_OP_BITMASK;
 
 			if (n == 0) {
+				poco_debug(Logger(),fmt::format("CLOSE({}): {} UI Client is closing WS connection.", Id_, UserName_));
 				return delete this;
 			}
 
@@ -5092,7 +5104,7 @@ namespace OpenWifi {
 			case Poco::Net::WebSocket::FRAME_OP_PONG: {
 			} break;
 			case Poco::Net::WebSocket::FRAME_OP_CLOSE: {
-				Logger().warning(Poco::format("CLOSE(%s): UI Client is closing its connection.", Id_));
+				poco_debug(Logger(),fmt::format("CLOSE({}): {} UI Client is closing WS connection.", Id_, UserName_));
 				Done = true;
 			} break;
 			case Poco::Net::WebSocket::FRAME_OP_TEXT: {
@@ -5102,8 +5114,10 @@ namespace OpenWifi {
 					auto Tokens = Utils::Split(Frame, ':');
 					bool Expired = false, Contacted = false;
 					if (Tokens.size() == 2 &&
-						AuthClient()->IsAuthorized(Tokens[1], UserInfo_, Expired, Contacted)) {
+						AuthClient()->IsAuthorized(Tokens[1], UserInfo_, 0, Expired, Contacted)) {
 						Authenticated_ = true;
+						UserName_ = UserInfo_.userinfo.email;
+						poco_debug(Logger(),fmt::format("START({}): {} UI Client is starting WS connection.", Id_, UserName_));
 						std::string S{"Welcome! Bienvenue! Bienvenidos!"};
 						WS_->sendFrame(S.c_str(), S.size());
 						WebSocketClientServer()->SetUser(Id_, UserInfo_.userinfo.email);
@@ -5149,9 +5163,10 @@ namespace OpenWifi {
     }
 
 
-    inline WebSocketClient::WebSocketClient( Poco::Net::WebSocket & WS , const std::string &Id, Poco::Logger & L, WebSocketClientProcessor * Processor) :
+    inline WebSocketClient::WebSocketClient( Poco::Net::WebSocket & WS , const std::string &Id, const std::string &UserName, Poco::Logger & L, WebSocketClientProcessor * Processor) :
             Reactor_(WebSocketClientServer()->Reactor()),
             Id_(Id),
+			UserName_(UserName),
             Logger_(L),
             Processor_(Processor) {
         try {
@@ -5165,7 +5180,10 @@ namespace OpenWifi {
             Reactor_.addEventHandler(*WS_,
                                      Poco::NObserver<WebSocketClient, Poco::Net::ErrorNotification>(
                                              *this, &WebSocketClient::OnSocketError));
-            // WebSocketClientServer()->Register(this, Id_);
+			WS_->setNoDelay(true);
+			WS_->setKeepAlive(true);
+			WS_->setBlocking(false);
+
         } catch (...) {
             delete this;
         }
@@ -5185,7 +5203,6 @@ namespace OpenWifi {
                                                 Poco::Net::ErrorNotification>(*this,&WebSocketClient::OnSocketError));
             (*WS_).shutdown();
             (*WS_).close();
-            WebSocketClientServer()->UnRegister(Id_);
         } catch(...) {
 
         }
@@ -5231,9 +5248,8 @@ namespace OpenWifi {
                 try
                 {
                     Poco::Net::WebSocket WS(*Request, *Response);
-                    Logger().information("UI-WebSocket connection established.");
                     auto Id = MicroService::CreateUUID();
-                    WebSocketClientServer()->NewClient(WS,Id);
+                    WebSocketClientServer()->NewClient(WS,Id,UserInfo_.userinfo.email);
                 }
                 catch (...) {
                     std::cout << "Cannot create websocket client..." << std::endl;

src/framework/MicroServiceErrorHandler.h

@@ -0,0 +1,169 @@
+//
+// Created by stephane bourque on 2022-09-29.
+//
+
+#pragma once
+
+#include "fmt/format.h"
+#include "Poco/Util/Application.h"
+#include "Poco/ErrorHandler.h"
+#include "Poco/Net/NetException.h"
+#include "Poco/Net/SSLException.h"
+#include "Poco/JSON/Template.h"
+#include "Poco/Thread.h"
+
+namespace OpenWifi {
+
+	class MicroServiceErrorHandler : public Poco::ErrorHandler {
+	  public:
+		explicit MicroServiceErrorHandler(Poco::Util::Application &App) : App_(App) {
+		}
+
+		inline void exception(const Poco::Exception & Base) override {
+			try {
+				if(Poco::Thread::current()!= nullptr) {
+					t_name = Poco::Thread::current()->getName();
+					t_id = Poco::Thread::current()->id();
+				} else {
+					t_name = "startup_code";
+					t_id = 0;
+				}
+
+				App_.logger().log(Base);
+				Base.rethrow();
+
+			} catch (const Poco::Net::InvalidCertificateException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Net::InvalidCertificateException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::Net::InvalidSocketException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Net::InvalidSocketException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::Net::WebSocketException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Net::WebSocketException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::Net::ConnectionResetException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Net::ConnectionResetException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::Net::CertificateValidationException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Net::CertificateValidationException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::Net::SSLConnectionUnexpectedlyClosedException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Net::SSLConnectionUnexpectedlyClosedException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::Net::SSLContextException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Net::SSLContextException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::Net::SSLException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Net::SSLException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+
+			} catch (const Poco::Net::InvalidAddressException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Net::InvalidAddressException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+
+			} catch (const Poco::Net::NetException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Net::NetException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+
+			} catch (const Poco::IOException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::IOException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::RuntimeException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::RuntimeException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::JSON::JSONTemplateException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::JSON::JSONTemplateException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::JSON::JSONException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::JSON::JSONException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::ApplicationException &E) {
+				poco_error(App_.logger(), fmt::format("Poco::ApplicationException thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (const Poco::Exception &E) {
+				poco_error(App_.logger(), fmt::format("Poco::Exception thr_name={} thr_id={} code={} text={} msg={} what={}",
+													  t_name, t_id, E.code(),
+													  E.displayText(),
+													  E.message(),
+													  E.what()));
+			} catch (...) {
+				poco_error(App_.logger(), fmt::format("Poco:Generic thr_name={}",t_name, t_id));
+			}
+		}
+
+		inline void exception(const std::exception & E) override {
+			if(Poco::Thread::current()!= nullptr) {
+				t_name = Poco::Thread::current()->getName();
+				t_id = Poco::Thread::current()->id();
+			} else {
+				t_name = "startup_code";
+				t_id = 0;
+			}
+			poco_warning(App_.logger(), fmt::format("std::exception in {}: {} thr_id={}",
+													t_name,E.what(),
+													t_id));
+		}
+
+		inline void exception() override {
+			if(Poco::Thread::current()!= nullptr) {
+				t_name = Poco::Thread::current()->getName();
+				t_id = Poco::Thread::current()->id();
+			} else {
+				t_name = "startup_code";
+				t_id = 0;
+			}
+			poco_warning(App_.logger(), fmt::format("generic exception in {} thr_id={}",
+													t_name, t_id));
+		}
+	  private:
+		Poco::Util::Application	&App_;
+		std::string		t_name;
+		int 			t_id=0;
+	};
+
+}

src/framework/StorageClass.h

@@ -33,7 +33,6 @@ namespace OpenWifi {
         int Start() override {
             std::lock_guard		Guard(Mutex_);
 
-            Logger().setLevel(Poco::Message::PRIO_INFORMATION);
             Logger().notice("Starting.");
             std::string DBType = MicroService::instance().ConfigGetString("storage.type");
 

src/framework/WebSocketClientNotifications.h

@@ -146,6 +146,10 @@ namespace OpenWifi {
         WebSocketClientServer()->SendUserNotification(User,N);
     }
 
+    /////
+    /////
+    /////
+
     struct WebSocketNotificationRebootList {
         std::string                 title,
                 details,
@@ -189,5 +193,58 @@ namespace OpenWifi {
         WebSocketClientServer()->SendUserNotification(User,N);
     }
 
+    /////
+    /////
+    /////
+
+    struct WebSocketNotificationUpgradeList {
+        std::string                 title,
+                details,
+                jobId;
+        std::vector<std::string>    success,
+                                    skipped,
+                                    no_firmware,
+                                    not_connected;
+        uint64_t                    timeStamp=OpenWifi::Now();
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    typedef WebSocketNotification<WebSocketNotificationUpgradeList> WebSocketClientNotificationVenueUpgradeList_t;
+
+    inline void WebSocketNotificationUpgradeList::to_json(Poco::JSON::Object &Obj) const {
+        RESTAPI_utils::field_to_json(Obj,"title",title);
+        RESTAPI_utils::field_to_json(Obj,"jobId",jobId);
+        RESTAPI_utils::field_to_json(Obj,"success",success);
+        RESTAPI_utils::field_to_json(Obj,"notConnected",not_connected);
+        RESTAPI_utils::field_to_json(Obj,"noFirmware",no_firmware);
+        RESTAPI_utils::field_to_json(Obj,"skipped",skipped);
+        RESTAPI_utils::field_to_json(Obj,"timeStamp",timeStamp);
+        RESTAPI_utils::field_to_json(Obj,"details",details);
+    }
+
+    inline bool WebSocketNotificationUpgradeList::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            RESTAPI_utils::field_from_json(Obj,"title",title);
+            RESTAPI_utils::field_from_json(Obj,"jobId",jobId);
+            RESTAPI_utils::field_from_json(Obj,"success",success);
+            RESTAPI_utils::field_from_json(Obj,"notConnected",not_connected);
+            RESTAPI_utils::field_from_json(Obj,"noFirmware",no_firmware);
+            RESTAPI_utils::field_from_json(Obj,"skipped",skipped);
+            RESTAPI_utils::field_from_json(Obj,"timeStamp",timeStamp);
+            RESTAPI_utils::field_from_json(Obj,"details",details);
+            return true;
+        } catch(...) {
+
+        }
+        return false;
+    }
+
+    inline void WebSocketClientNotificationVenueUpgradeCompletionToUser( const std::string & User, WebSocketClientNotificationVenueUpgradeList_t &N) {
+        N.type = "venue_upgrader";
+        WebSocketClientServer()->SendUserNotification(User,N);
+    }
+
 } // namespace OpenWifi
 

src/framework/ow_constants.h

@@ -196,6 +196,8 @@ namespace OpenWifi::RESTAPI::Errors {
 	static const struct msg InvalidRadiusServerEntry{1142,"RADIUS Server IP address invalid or port missing."};
 	static const struct msg InvalidRadiusServerWeigth{1143,"RADIUS Server IP weight cannot be 0."};
 
+	static const struct msg MaximumRTTYSessionsReached{1144,"Too many RTTY sessions currently active"};
+	static const struct msg DeviceIsAlreadyBusy{1145,"Device is already executing a command. Please try later."};
 }
 
 
@@ -428,6 +430,7 @@ namespace OpenWifi::uCentralProtocol {
 	static const char *RADIUSDATA = "data";
 	static const char *RADIUSACCT = "acct";
 	static const char *RADIUSAUTH = "auth";
+	static const char *RADIUSCOA = "coa";
 	static const char *RADIUSDST = "dst";
 	static const char *IES = "ies";
 	}
@@ -444,6 +447,7 @@ namespace OpenWifi::uCentralProtocol::Events {
     static const char *RECOVERY = "recovery";
     static const char *TELEMETRY = "telemetry";
     static const char *DEVICEUPDATE = "deviceupdate";
+	static const char *VENUE_BROADCAST = "venue_broadcast";
 
     enum EVENT_MSG {
 		ET_UNKNOWN,
@@ -456,7 +460,8 @@ namespace OpenWifi::uCentralProtocol::Events {
 		ET_CFGPENDING,
 		ET_RECOVERY,
 		ET_DEVICEUPDATE,
-		ET_TELEMETRY
+		ET_TELEMETRY,
+		ET_VENUEBROADCAST
 	};
 
 	inline EVENT_MSG EventFromString(const std::string & Method) {
@@ -480,6 +485,8 @@ namespace OpenWifi::uCentralProtocol::Events {
 			return ET_RECOVERY;
 		else if(strcmp(TELEMETRY,Method.c_str())==0)
 			return ET_TELEMETRY;
+		else if(strcmp(VENUE_BROADCAST,Method.c_str())==0)
+			return ET_VENUEBROADCAST;
 		return ET_UNKNOWN;
 	};
 }

test_scripts/curl/cli

@@ -179,13 +179,19 @@ getlogo() {
 }
 
 createuser() {
-    payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true}"
+case $3 in
-    curl  ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0" \
+    root|admin|subscriber|csr|system|installer|noc|accounting)
-        -H "Accept: application/json" \
+        payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true, \"userRole\" : \"$3\" }"
-        -H "Content-Type: application/json" \
+        curl  ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0" \
-        -H "Authorization: Bearer ${token}" \
+            -H "Accept: application/json" \
-        -d "$payload"  > ${result_file}
+            -H "Content-Type: application/json" \
-    jq < ${result_file}
+            -H "Authorization: Bearer ${token}" \
+            -d "$payload"  > ${result_file}
+        jq < ${result_file} ;;
+    *)
+        echo "Error: userRole has to be one of root|admin|subscriber|csr|system|installer|noc|accounting"
+	exit 1 ;;
+esac
 }
 
 createsub() {
@@ -199,13 +205,19 @@ createsub() {
 }
 
 createuser_v() {
-    payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true}"
+case $3 in
-    curl  ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0?email_verification=true" \
+    root|admin|subscriber|csr|system|installer|noc|accounting)
-        -H "Accept: application/json" \
+        payload="{ \"id\": \"0\", \"email\" : \"$1\", \"currentPassword\" : \"$2\", \"changePassword\" : true, \"userRole\" : \"$3\" }"
-        -H "Content-Type: application/json" \
+        curl  ${FLAGS} -X POST "https://${OWSEC}/api/v1/user/0?email_verification=true" \
-        -H "Authorization: Bearer ${token}" \
+            -H "Accept: application/json" \
-        -d "$payload"  > ${result_file}
+            -H "Content-Type: application/json" \
-    jq < ${result_file}
+            -H "Authorization: Bearer ${token}" \
+            -d "$payload"  > ${result_file}
+        jq < ${result_file} ;;
+    *)
+        echo "Error: userRole has to be one of root|admin|subscriber|csr|system|installer|noc|accounting"
+	exit 1 ;;
+esac
 }
 
 deleteuser() {
@@ -447,7 +459,7 @@ test_service() {
 	echo "----------------"
 	echo "Create test user"
 	echo "----------------"
-	createuser testuser@mail.telecominfraproject.com 'Test123!'
+	createuser testuser@mail.telecominfraproject.com 'Test123!' accounting
 	check_response $result_file
 	USER_ID="$(jq -r '.id' < $result_file)"
 
@@ -481,35 +493,35 @@ help() {
     echo
     echo    "Usage: cli <cmd> [args]"
     echo
-    echo    "listendpoints                          Get all the system endpoints."
+    echo    "listendpoints                              Get all the system endpoints."
-    echo    "emailtest                              Generate a forgot Password e-amil to the logged in user."
+    echo    "emailtest                                  Generate a forgot Password e-amil to the logged in user."
-    echo    "me                                     Show information about the logged user."
+    echo    "me                                         Show information about the logged user."
-    echo    "createuser <email> <password>          Create a user with an initial password and force the user to change password."
+    echo    "createuser <email> <password> <userrole>   Create a user with an initial password and force the user to change password."
-    echo    "createuser_v <email> <password>        Same as create user but also force an e-mail verification."
+    echo    "createuser_v <email> <password> <userrole> Same as create user but also force an e-mail verification."
-    echo    "deleteuser <user UUID>                 Delete the user."
+    echo    "deleteuser <user UUID>                     Delete the user."
-    echo    "getuser <user UUID>                    Get the user information."
+    echo    "getuser <user UUID>                        Get the user information."
-    echo    "listusers                              List users."
+    echo    "listusers                                  List users."
-    echo    "policies                               List the login and access policies."
+    echo    "policies                                   List the login and access policies."
-    echo    "setavatar <user UUID> <filename>       Sets the avatar for user to the image in filename."
+    echo    "setavatar <user UUID> <filename>           Sets the avatar for user to the image in filename."
-    echo    "getavatar <user UUID>                  Get the avatar for the user."
+    echo    "getavatar <user UUID>                      Get the avatar for the user."
-    echo    "deleteavatar <user UUID>               Remove the avatar for a user."
+    echo    "deleteavatar <user UUID>                   Remove the avatar for a user."
-    echo    "sendemail <recipient> <from>           Sends a test email to see if the e-mail system is working."
+    echo    "sendemail <recipient> <from>               Sends a test email to see if the e-mail system is working."
-    echo    "setloglevel <subsystem> <loglevel>     Set the log level for s specific subsystem."
+    echo    "setloglevel <subsystem> <loglevel>         Set the log level for s specific subsystem."
-    echo    "getloglevels                           Get the current log levels for all subsystems."
+    echo    "getloglevels                               Get the current log levels for all subsystems."
-    echo    "getloglevelnames                       Get the log level names available."
+    echo    "getloglevelnames                           Get the log level names available."
-    echo    "getsubsystemnames                      Get the list of subsystems."
+    echo    "getsubsystemnames                          Get the list of subsystems."
-    echo    "systeminfo                             Get basic system information."
+    echo    "systeminfo                                 Get basic system information."
-    echo    "reloadsubsystem <subsystem name>       Reload the configuration for a subsystem."
+    echo    "reloadsubsystem <subsystem name>           Reload the configuration for a subsystem."
-    echo    "test_service                           Run a set of CLI commands for testing purposes"
+    echo    "test_service                               Run a set of CLI commands for testing purposes"
     echo
 }
 
 shopt -s nocasematch
 
 case "$1" in
-    "createuser") login; createuser "$2" "$3"; logout;;
+    "createuser") login; createuser "$2" "$3" "$4"; logout;;
     "createsub") login; createsub "$2" "$3"; logout;;
-    "createuser_v") login; createuser_v "$2" "$3"; logout;;
+    "createuser_v") login; createuser_v "$2" "$3" "$4"; logout;;
     "createsub_v") login; createsub_v "$2" "$3"; logout;;
     "deleteuser") login; deleteuser "$2" ; logout;;
     "deletesub") login; deletesub "$2" ; logout;;

wait-for-postgres.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # wait-for-postgres.sh
 
 set -e
@@ -20,7 +20,7 @@ if [ "$1" = '/openwifi/owsec' -a "$(id -u)" = '0' ]; then
     if [ "$RUN_CHOWN" = 'true' ]; then
       chown -R "$OWSEC_USER": "$OWSEC_ROOT" "$OWSEC_CONFIG"
     fi
-    exec su-exec "$OWSEC_USER" "$@"
+    exec gosu "$OWSEC_USER" "$@"
 fi
 
 exec "$@"