223 lines
5.4 KiB
C
223 lines
5.4 KiB
C
#include "auth.h"
|
|
|
|
#include <esp_http_server.h>
|
|
#include <esp_random.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <time.h>
|
|
#include "esp_log.h"
|
|
#include "freertos/FreeRTOS.h"
|
|
#include "freertos/semphr.h"
|
|
|
|
static const char* TAG = "AUTH";
|
|
|
|
typedef struct
|
|
{
|
|
char token[TOKEN_LENGTH];
|
|
bool active;
|
|
time_t creation_time;
|
|
} auth_token_t;
|
|
|
|
static auth_token_t s_tokens[MAX_TOKENS];
|
|
static SemaphoreHandle_t s_token_mutex;
|
|
|
|
void auth_init(void)
|
|
{
|
|
s_token_mutex = xSemaphoreCreateMutex();
|
|
if (s_token_mutex == NULL)
|
|
{
|
|
ESP_LOGE(TAG, "Failed to create token mutex");
|
|
return;
|
|
}
|
|
for (int i = 0; i < MAX_TOKENS; i++)
|
|
{
|
|
s_tokens[i].active = false;
|
|
s_tokens[i].token[0] = '\0';
|
|
}
|
|
ESP_LOGI(TAG, "Auth module initialized.");
|
|
}
|
|
|
|
char* auth_generate_token(void)
|
|
{
|
|
if (xSemaphoreTake(s_token_mutex, portMAX_DELAY) != pdTRUE)
|
|
{
|
|
ESP_LOGE(TAG, "Failed to take token mutex");
|
|
return NULL;
|
|
}
|
|
|
|
int free_slot = -1;
|
|
for (int i = 0; i < MAX_TOKENS; i++)
|
|
{
|
|
if (!s_tokens[i].active)
|
|
{
|
|
free_slot = i;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (free_slot == -1)
|
|
{
|
|
ESP_LOGW(TAG, "No free token slots available. Invalidating oldest token.");
|
|
time_t oldest_time = time(NULL);
|
|
int oldest_idx = -1;
|
|
for (int i = 0; i < MAX_TOKENS; i++)
|
|
{
|
|
if (s_tokens[i].active && s_tokens[i].creation_time < oldest_time)
|
|
{
|
|
oldest_time = s_tokens[i].creation_time;
|
|
oldest_idx = i;
|
|
}
|
|
}
|
|
if (oldest_idx != -1)
|
|
{
|
|
s_tokens[oldest_idx].active = false;
|
|
free_slot = oldest_idx;
|
|
ESP_LOGI(TAG, "Oldest token at index %d invalidated.", oldest_idx);
|
|
}
|
|
else
|
|
{
|
|
ESP_LOGE(TAG, "Could not find an oldest token to invalidate. This should not happen if all are active.");
|
|
xSemaphoreGive(s_token_mutex);
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
const char charset[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
|
char* new_token = (char*)malloc(TOKEN_LENGTH);
|
|
if (new_token == NULL)
|
|
{
|
|
ESP_LOGE(TAG, "Failed to allocate memory for new token");
|
|
xSemaphoreGive(s_token_mutex);
|
|
return NULL;
|
|
}
|
|
|
|
for (int i = 0; i < TOKEN_LENGTH - 1; i++)
|
|
{
|
|
new_token[i] = charset[esp_random() % (sizeof(charset) - 1)];
|
|
}
|
|
new_token[TOKEN_LENGTH - 1] = '\0';
|
|
|
|
strncpy(s_tokens[free_slot].token, new_token, TOKEN_LENGTH);
|
|
s_tokens[free_slot].active = true;
|
|
s_tokens[free_slot].creation_time = time(NULL);
|
|
|
|
ESP_LOGI(TAG, "Generated new token at slot %d: %s", free_slot, new_token);
|
|
|
|
xSemaphoreGive(s_token_mutex);
|
|
return new_token;
|
|
}
|
|
|
|
bool auth_validate_token(const char* token)
|
|
{
|
|
if (token == NULL)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
if (xSemaphoreTake(s_token_mutex, portMAX_DELAY) != pdTRUE)
|
|
{
|
|
ESP_LOGE(TAG, "Failed to take token mutex");
|
|
return false;
|
|
}
|
|
|
|
bool valid = false;
|
|
for (int i = 0; i < MAX_TOKENS; i++)
|
|
{
|
|
if (s_tokens[i].active && strcmp(s_tokens[i].token, token) == 0)
|
|
{
|
|
valid = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
xSemaphoreGive(s_token_mutex);
|
|
return valid;
|
|
}
|
|
|
|
void auth_invalidate_token(const char* token)
|
|
{
|
|
if (token == NULL)
|
|
{
|
|
return;
|
|
}
|
|
|
|
if (xSemaphoreTake(s_token_mutex, portMAX_DELAY) != pdTRUE)
|
|
{
|
|
ESP_LOGE(TAG, "Failed to take token mutex");
|
|
return;
|
|
}
|
|
|
|
for (int i = 0; i < MAX_TOKENS; i++)
|
|
{
|
|
if (s_tokens[i].active && strcmp(s_tokens[i].token, token) == 0)
|
|
{
|
|
s_tokens[i].active = false;
|
|
s_tokens[i].token[0] = '\0'; // Clear token string
|
|
ESP_LOGI(TAG, "Token at slot %d invalidated.", i);
|
|
break;
|
|
}
|
|
}
|
|
|
|
xSemaphoreGive(s_token_mutex);
|
|
}
|
|
|
|
void auth_cleanup_expired_tokens(void) { ESP_LOGD(TAG, "auth_cleanup_expired_tokens called (no-op for now)."); }
|
|
|
|
static const char* get_token_from_header(httpd_req_t* req)
|
|
{
|
|
char* auth_header = NULL;
|
|
size_t buf_len;
|
|
|
|
if (httpd_req_get_hdr_value_len(req, "Authorization") == 0)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
buf_len = httpd_req_get_hdr_value_len(req, "Authorization") + 1;
|
|
auth_header = (char*)malloc(buf_len);
|
|
if (auth_header == NULL)
|
|
{
|
|
ESP_LOGE(TAG, "Failed to allocate memory for auth header");
|
|
return NULL;
|
|
}
|
|
|
|
if (httpd_req_get_hdr_value_str(req, "Authorization", auth_header, buf_len) != ESP_OK)
|
|
{
|
|
free(auth_header);
|
|
return NULL;
|
|
}
|
|
|
|
if (strncmp(auth_header, "Bearer ", 7) == 0)
|
|
{
|
|
const char* token = auth_header + 7;
|
|
return token;
|
|
}
|
|
|
|
free(auth_header);
|
|
return NULL;
|
|
}
|
|
|
|
esp_err_t api_auth_check(httpd_req_t* req)
|
|
{
|
|
const char* token = get_token_from_header(req);
|
|
|
|
if (token == NULL)
|
|
{
|
|
ESP_LOGW(TAG, "API access attempt without token for URI: %s", req->uri);
|
|
httpd_resp_send_err(req, HTTPD_401_UNAUTHORIZED, "Authorization token required");
|
|
return ESP_FAIL;
|
|
}
|
|
|
|
if (!auth_validate_token(token))
|
|
{
|
|
ESP_LOGW(TAG, "API access attempt with invalid token for URI: %s", req->uri);
|
|
httpd_resp_send_err(req, HTTPD_401_UNAUTHORIZED, "Invalid or expired token");
|
|
free((void*)token - 7);
|
|
return ESP_FAIL;
|
|
}
|
|
|
|
ESP_LOGD(TAG, "Token validated for URI: %s", req->uri);
|
|
free((void*)token - 7);
|
|
return ESP_OK;
|
|
}
|