Add login function

TODO ws request auth

Signed-off-by: YoungSoo Shin <shinys000114@gmail.com>

main/service/auth.c

@@ -0,0 +1,222 @@
+#include "auth.h"
+
+#include <esp_http_server.h>
+#include <esp_random.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "esp_log.h"
+#include "freertos/FreeRTOS.h"
+#include "freertos/semphr.h"
+
+static const char* TAG = "AUTH";
+
+typedef struct
+{
+    char token[TOKEN_LENGTH];
+    bool active;
+    time_t creation_time;
+} auth_token_t;
+
+static auth_token_t s_tokens[MAX_TOKENS];
+static SemaphoreHandle_t s_token_mutex;
+
+void auth_init(void)
+{
+    s_token_mutex = xSemaphoreCreateMutex();
+    if (s_token_mutex == NULL)
+    {
+        ESP_LOGE(TAG, "Failed to create token mutex");
+        return;
+    }
+    for (int i = 0; i < MAX_TOKENS; i++)
+    {
+        s_tokens[i].active = false;
+        s_tokens[i].token[0] = '\0';
+    }
+    ESP_LOGI(TAG, "Auth module initialized.");
+}
+
+char* auth_generate_token(void)
+{
+    if (xSemaphoreTake(s_token_mutex, portMAX_DELAY) != pdTRUE)
+    {
+        ESP_LOGE(TAG, "Failed to take token mutex");
+        return NULL;
+    }
+
+    int free_slot = -1;
+    for (int i = 0; i < MAX_TOKENS; i++)
+    {
+        if (!s_tokens[i].active)
+        {
+            free_slot = i;
+            break;
+        }
+    }
+
+    if (free_slot == -1)
+    {
+        ESP_LOGW(TAG, "No free token slots available. Invalidating oldest token.");
+        time_t oldest_time = time(NULL);
+        int oldest_idx = -1;
+        for (int i = 0; i < MAX_TOKENS; i++)
+        {
+            if (s_tokens[i].active && s_tokens[i].creation_time < oldest_time)
+            {
+                oldest_time = s_tokens[i].creation_time;
+                oldest_idx = i;
+            }
+        }
+        if (oldest_idx != -1)
+        {
+            s_tokens[oldest_idx].active = false;
+            free_slot = oldest_idx;
+            ESP_LOGI(TAG, "Oldest token at index %d invalidated.", oldest_idx);
+        }
+        else
+        {
+            ESP_LOGE(TAG, "Could not find an oldest token to invalidate. This should not happen if all are active.");
+            xSemaphoreGive(s_token_mutex);
+            return NULL;
+        }
+    }
+
+    const char charset[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+    char* new_token = (char*)malloc(TOKEN_LENGTH);
+    if (new_token == NULL)
+    {
+        ESP_LOGE(TAG, "Failed to allocate memory for new token");
+        xSemaphoreGive(s_token_mutex);
+        return NULL;
+    }
+
+    for (int i = 0; i < TOKEN_LENGTH - 1; i++)
+    {
+        new_token[i] = charset[esp_random() % (sizeof(charset) - 1)];
+    }
+    new_token[TOKEN_LENGTH - 1] = '\0';
+
+    strncpy(s_tokens[free_slot].token, new_token, TOKEN_LENGTH);
+    s_tokens[free_slot].active = true;
+    s_tokens[free_slot].creation_time = time(NULL);
+
+    ESP_LOGI(TAG, "Generated new token at slot %d: %s", free_slot, new_token);
+
+    xSemaphoreGive(s_token_mutex);
+    return new_token;
+}
+
+bool auth_validate_token(const char* token)
+{
+    if (token == NULL)
+    {
+        return false;
+    }
+
+    if (xSemaphoreTake(s_token_mutex, portMAX_DELAY) != pdTRUE)
+    {
+        ESP_LOGE(TAG, "Failed to take token mutex");
+        return false;
+    }
+
+    bool valid = false;
+    for (int i = 0; i < MAX_TOKENS; i++)
+    {
+        if (s_tokens[i].active && strcmp(s_tokens[i].token, token) == 0)
+        {
+            valid = true;
+            break;
+        }
+    }
+
+    xSemaphoreGive(s_token_mutex);
+    return valid;
+}
+
+void auth_invalidate_token(const char* token)
+{
+    if (token == NULL)
+    {
+        return;
+    }
+
+    if (xSemaphoreTake(s_token_mutex, portMAX_DELAY) != pdTRUE)
+    {
+        ESP_LOGE(TAG, "Failed to take token mutex");
+        return;
+    }
+
+    for (int i = 0; i < MAX_TOKENS; i++)
+    {
+        if (s_tokens[i].active && strcmp(s_tokens[i].token, token) == 0)
+        {
+            s_tokens[i].active = false;
+            s_tokens[i].token[0] = '\0'; // Clear token string
+            ESP_LOGI(TAG, "Token at slot %d invalidated.", i);
+            break;
+        }
+    }
+
+    xSemaphoreGive(s_token_mutex);
+}
+
+void auth_cleanup_expired_tokens(void) { ESP_LOGD(TAG, "auth_cleanup_expired_tokens called (no-op for now)."); }
+
+static const char* get_token_from_header(httpd_req_t* req)
+{
+    char* auth_header = NULL;
+    size_t buf_len;
+
+    if (httpd_req_get_hdr_value_len(req, "Authorization") == 0)
+    {
+        return NULL;
+    }
+
+    buf_len = httpd_req_get_hdr_value_len(req, "Authorization") + 1;
+    auth_header = (char*)malloc(buf_len);
+    if (auth_header == NULL)
+    {
+        ESP_LOGE(TAG, "Failed to allocate memory for auth header");
+        return NULL;
+    }
+
+    if (httpd_req_get_hdr_value_str(req, "Authorization", auth_header, buf_len) != ESP_OK)
+    {
+        free(auth_header);
+        return NULL;
+    }
+
+    if (strncmp(auth_header, "Bearer ", 7) == 0)
+    {
+        const char* token = auth_header + 7;
+        return token;
+    }
+
+    free(auth_header);
+    return NULL;
+}
+
+esp_err_t api_auth_check(httpd_req_t* req)
+{
+    const char* token = get_token_from_header(req);
+
+    if (token == NULL)
+    {
+        ESP_LOGW(TAG, "API access attempt without token for URI: %s", req->uri);
+        httpd_resp_send_err(req, HTTPD_401_UNAUTHORIZED, "Authorization token required");
+        return ESP_FAIL;
+    }
+
+    if (!auth_validate_token(token))
+    {
+        ESP_LOGW(TAG, "API access attempt with invalid token for URI: %s", req->uri);
+        httpd_resp_send_err(req, HTTPD_401_UNAUTHORIZED, "Invalid or expired token");
+        free((void*)token - 7);
+        return ESP_FAIL;
+    }
+
+    ESP_LOGD(TAG, "Token validated for URI: %s", req->uri);
+    free((void*)token - 7);
+    return ESP_OK;
+}