ResourceBasicAuth.h
Go to the documentation of this file.
1 /****
2  * Sming Framework Project - Open Source framework for high efficiency native ESP8266 development.
3  * Created 2015 by Skurydin Alexey
4  * http://github.com/SmingHub/Sming
5  * All files of the Sming Core are provided under the LGPL v3 license.
6  *
7  *
8  * @author: 2021 - Slavey Karadzhov <slaff@attachix.com>
9  *
10  ****/
11 
12 #pragma once
13 
14 #include "../HttpResourcePlugin.h"
15 #include <Data/WebHelpers/base64.h>
16 
18 {
19 public:
20  ResourceBasicAuth(const String& realm, const String& username, const String& password)
21  : realm(realm), username(username), password(password)
22  {
23  }
24 
25  bool headersComplete(HttpServerConnection& connection, HttpRequest& request, HttpResponse& response) override
26  {
27  auto& headers = request.headers;
28  auto authorization = headers[HTTP_HEADER_AUTHORIZATION];
29  if(authorization) {
30  // check the authorization
31  authorization.trim();
32  auto pos = authorization.indexOf(' ');
33  if(pos < 0) {
34  debug_w("Invalid authorization header");
35  return true;
36  }
37 
38  auto type = authorization.substring(0, pos);
39  auto token = authorization.substring(pos + 1, authorization.length());
40  if(!type.equalsIgnoreCase(F("Basic"))) {
41  return true;
42  }
43 
44  String text = base64_decode(token.c_str(), token.length());
45  pos = text.indexOf(':');
46  if(pos > 0) {
47  auto providedUsername = text.substring(0, pos);
48  auto providedPassword = text.substring(pos + 1, text.length());
49  if(providedUsername == username && providedPassword == password) {
50  return true;
51  }
52  }
53  }
54 
55  // specify that the resource is protected...
56  response.code = HTTP_STATUS_UNAUTHORIZED;
57  response.headers[HTTP_HEADER_WWW_AUTHENTICATE] = F("Basic realm=\"") + realm + "\"";
58 
59  return false;
60  }
61 
62 private:
63  String realm;
64  String username;
65  String password;
66 };
int base64_decode(size_t in_len, const char *in, size_t out_len, unsigned char *out)
decode base64 digits with MIME style === pads into binary data
#define F(string_literal)
Wrap a string literal stored in flash and access it using a String object.
Definition: WString.h:113
Filter plugins run before the resource is invoked.
Definition: HttpResourcePlugin.h:63
Encapsulates an incoming or outgoing request.
Definition: HttpRequest.h:37
HttpHeaders headers
Request headers.
Definition: HttpRequest.h:286
Represents either an incoming or outgoing response to a HTTP request.
Definition: HttpResponse.h:26
HttpHeaders headers
Response headers.
Definition: HttpResponse.h:150
HttpStatus code
The HTTP status response code.
Definition: HttpResponse.h:149
Definition: HttpServerConnection.h:34
Definition: ResourceBasicAuth.h:18
ResourceBasicAuth(const String &realm, const String &username, const String &password)
Definition: ResourceBasicAuth.h:20
bool headersComplete(HttpServerConnection &connection, HttpRequest &request, HttpResponse &response) override
Definition: ResourceBasicAuth.h:25
The String class.
Definition: WString.h:137
int indexOf(char ch, size_t fromIndex=0) const
String substring(size_t from, size_t to) const
size_t length(void) const
Obtain the String length in characters, excluding NUL terminator.
Definition: WString.h:243
#define debug_w
Definition: debug_progmem.h:98