mhop/ha-bridge
1
0
Fork 0
mirror of https://github.com/bwssytems/ha-bridge.git synced 2025-12-19 00:20:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

continue security update

Browse Source
This commit is contained in:
Admin
2017-03-28 16:39:30 -05:00
parent 895a9ec99b
commit c275926117
9 changed files with 252 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/com/bwssystems/HABridge/AuthFramework.java
View File

@@ -9,17 +9,17 @@ public abstract class AuthFramework {
// TODO Auto-generated constructor stub
}
private void addAuthenticatedUser(Request request, User u) {
protected void addAuthenticatedUser(Request request, User u) {
request.session().attribute(USER_SESSION_ID, u);
}
private void removeAuthenticatedUser(Request request) {
protected void removeAuthenticatedUser(Request request) {
request.session().removeAttribute(USER_SESSION_ID);
}
private User getAuthenticatedUser(Request request) {
protected User getAuthenticatedUser(Request request) {
return request.session().attribute(USER_SESSION_ID);
}
}

32
src/main/java/com/bwssystems/HABridge/BridgeSecurity.java
View File

@@ -133,21 +133,29 @@ public class BridgeSecurity {
theInfo.setSecure(isSecure());
return theInfo;
}
public boolean validatePassword(User targetUser) throws IOException {
if(targetUser != null) {
User theUser = securityDescriptor.getUsers().get(targetUser.getUsername());
if(theUser.getPassword() != null) {
theUser.setPassword2(targetUser.getPassword());
if(theUser.validatePassword()) {
theUser.setPassword2(null);
return true;
public LoginResult validatePassword(User targetUser) throws IOException {
LoginResult result = new LoginResult();
if(targetUser != null && targetUser.getUsername() != null) {
if(securityDescriptor.getUsers() != null && securityDescriptor.getUsers().get(targetUser.getUsername()) != null) {
User theUser = securityDescriptor.getUsers().get(targetUser.getUsername());
if(theUser.getPassword() != null) {
theUser.setPassword2(targetUser.getPassword());
if(theUser.validatePassword()) {
theUser.setPassword2(null);
result.setUser(targetUser);
}
else
result.setError("user or password not correct");
} else {
result.setError("input password is not set....");
}
} else {
log.warn("validating password when password is not set....");
return true;
}
else
result.setError("user or password not correct");
}
return false;
else
result.setError("input user not given");
return result;
}
public boolean isSecure() {

16
src/main/java/com/bwssystems/HABridge/HABridge.java
View File

@@ -45,6 +45,8 @@ public class HABridge {
log.info("HA Bridge (v" + theVersion.getVersion() + ") starting....");
bridgeSettings = new BridgeSettings();
// sparkjava config directive to set html static file location for Jetty
staticFileLocation("/public");
while(!bridgeSettings.getBridgeControl().isStop()) {
bridgeSettings.buildSettings();
log.info("HA Bridge initializing....");
@@ -52,8 +54,9 @@ public class HABridge {
ipAddress(bridgeSettings.getBridgeSettingsDescriptor().getWebaddress());
// sparkjava config directive to set port for the web server to listen on
port(bridgeSettings.getBridgeSettingsDescriptor().getServerPort());
// sparkjava config directive to set html static file location for Jetty
staticFileLocation("/public");
if(!bridgeSettings.getBridgeControl().isReinit())
init();
bridgeSettings.getBridgeControl().setReinit(false);
// setup system control api first
theSystem = new SystemControl(bridgeSettings, theVersion);
theSystem.setupServer();
@@ -89,8 +92,15 @@ public class HABridge {
udpSender.closeResponseSocket();
udpSender = null;
}
bridgeSettings.getBridgeControl().setReinit(false);
stop();
if(!bridgeSettings.getBridgeControl().isStop()) {
try {
Thread.sleep(5000);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
log.info("HA Bridge (v" + theVersion.getVersion() + ") exiting....");
System.exit(0);

22
src/main/java/com/bwssystems/HABridge/LoginResult.java Normal file
View File

@@ -0,0 +1,22 @@
package com.bwssystems.HABridge;
public class LoginResult {
private String error;
private User user;
public String getError() {
return error;
}
public void setError(String error) {
this.error = error;
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
}

137
src/main/java/com/bwssystems/HABridge/SystemControl.java
View File

@@ -4,6 +4,8 @@ import static spark.Spark.get;
import static spark.Spark.options;
import static spark.Spark.post;
import static spark.Spark.put;
import static spark.Spark.before;
import static spark.Spark.halt;
import java.io.IOException;
import java.net.DatagramPacket;
@@ -57,24 +59,33 @@ public class SystemControl extends AuthFramework {
// This function sets up the sparkjava rest calls for the hue api
public void setupServer() {
log.info("System control service started....");
before(SYSTEM_CONTEXT + "/*", (req, res) -> {
if(bridgeSettings.getBridgeSecurity().isSecure()) {
User authUser = getAuthenticatedUser(req);
if(authUser == null) {
halt(401, "You are not logged in....");
}
}
});
// http://ip_address:port/system/habridge/version gets the version of this bridge instance
get (SYSTEM_CONTEXT + "/habridge/version", "application/json", (request, response) -> {
get (SYSTEM_CONTEXT + "/habridge/version", (request, response) -> {
log.debug("Get HA Bridge version: v" + version.getVersion());
response.status(HttpStatus.SC_OK);
response.type("application/json");
return "{\"version\":\"" + version.getVersion() + "\"}";
});
// http://ip_address:port/system/habridge/testuser gets the valid test user for calling the api
get (SYSTEM_CONTEXT + "/habridge/testuser", "application/json", (request, response) -> {
get (SYSTEM_CONTEXT + "/habridge/testuser", (request, response) -> {
log.debug("Get HA Bridge testuser: " + bridgeSettings.getBridgeSettingsDescriptor().getInternalTestUser());
response.status(HttpStatus.SC_OK);
response.type("application/json");
return "{\"user\":\"" + bridgeSettings.getBridgeSettingsDescriptor().getInternalTestUser() + "\"}";
});
// http://ip_address:port/system/logmsgs gets the log messages for the bridge
get (SYSTEM_CONTEXT + "/logmsgs", "application/json", (request, response) -> {
get (SYSTEM_CONTEXT + "/logmsgs", (request, response) -> {
log.debug("Get logmsgs.");
response.status(HttpStatus.SC_OK);
String logMsgs;
int count = -1;
if(cyclicBufferAppender == null)
@@ -95,24 +106,26 @@ public class SystemControl extends AuthFramework {
}
}
logMsgs = logMsgs + "]";
response.status(200);
response.status(HttpStatus.SC_OK);
response.type("application/json");
return logMsgs;
});
// http://ip_address:port/system/logmgmt/loggers gets the logger info for the bridge
get (SYSTEM_CONTEXT + "/logmgmt/loggers/:all", "application/json", (request, response) -> {
get (SYSTEM_CONTEXT + "/logmgmt/loggers/:all", (request, response) -> {
log.debug("Get loggers info with showAll argument: " + request.params(":all"));
Boolean showAll = false;
if(request.params(":all").equals("true"))
showAll = true;
theLogServiceMgr.setShowAll(showAll);
theLogServiceMgr.init();
response.status(200);
response.status(HttpStatus.SC_OK);
response.type("application/json");
return theLogServiceMgr.getConfiguredLoggers();
}, new JsonTransformer());
// http://ip_address:port/system/setpassword CORS request
options(SYSTEM_CONTEXT + "/setpassword", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/setpassword", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
@@ -121,7 +134,7 @@ public class SystemControl extends AuthFramework {
return "";
});
// http://ip_address:port/system/setpassword which sets a password for a given user
post(SYSTEM_CONTEXT + "/setpassword", "application/json", (request, response) -> {
post(SYSTEM_CONTEXT + "/setpassword", (request, response) -> {
log.debug("setpassword....");
String theDecodedPayload = new String(Base64.getDecoder().decode(request.body()));
User theUser = new Gson().fromJson(theDecodedPayload, User.class);
@@ -129,15 +142,19 @@ public class SystemControl extends AuthFramework {
if(errorMessage != null) {
response.status(HttpStatus.SC_BAD_REQUEST);
errorMessage = "{\"message\":\"" + errorMessage + "\"}";
}
else
} else {
response.status(HttpStatus.SC_OK);
bridgeSettings.save(bridgeSettings.getBridgeSettingsDescriptor());
}
if(errorMessage == null)
errorMessage = "{}";
response.type("application/json");
return errorMessage;
});
// http://ip_address:port/system/adduser CORS request
options(SYSTEM_CONTEXT + "/adduser", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/adduser", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
@@ -146,7 +163,7 @@ public class SystemControl extends AuthFramework {
return "";
});
// http://ip_address:port/system/adduser which adds a new user
post(SYSTEM_CONTEXT + "/adduser", "application/json", (request, response) -> {
put(SYSTEM_CONTEXT + "/adduser", (request, response) -> {
log.debug("adduser....");
String theDecodedPayload = new String(Base64.getDecoder().decode(request.body()));
User theUser = new Gson().fromJson(theDecodedPayload, User.class);
@@ -156,13 +173,17 @@ public class SystemControl extends AuthFramework {
errorMessage = "{\"message\":\"" + errorMessage + "\"}";
} else {
response.status(HttpStatus.SC_OK);
bridgeSettings.save(bridgeSettings.getBridgeSettingsDescriptor());
}
if(errorMessage == null)
errorMessage = "{}";
response.type("application/json");
return errorMessage;
});
// http://ip_address:port/system/login CORS request
options(SYSTEM_CONTEXT + "/login", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/login", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
@@ -171,13 +192,20 @@ public class SystemControl extends AuthFramework {
return "";
});
// http://ip_address:port/system/login validates the login
post(SYSTEM_CONTEXT + "/login", "application/json", (request, response) -> {
post(SYSTEM_CONTEXT + "/login", (request, response) -> {
log.debug("login....");
return null;
String theDecodedPayload = new String(Base64.getDecoder().decode(request.body()));
User theUser = new Gson().fromJson(theDecodedPayload, User.class);
LoginResult result = bridgeSettings.getBridgeSecurity().validatePassword(theUser);
if(result.getUser() != null)
addAuthenticatedUser(request, theUser);
response.status(HttpStatus.SC_OK);
response.type("application/json");
return result;
}, new JsonTransformer());
// http://ip_address:port/system/presslinkbutton CORS request
options(SYSTEM_CONTEXT + "/presslinkbutton", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/presslinkbutton", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
@@ -186,23 +214,26 @@ public class SystemControl extends AuthFramework {
return "";
});
// http://ip_address:port/system/presslinkbutton which sets the link button for device registration
put(SYSTEM_CONTEXT + "/presslinkbutton", "application/json", (request, response) -> {
put(SYSTEM_CONTEXT + "/presslinkbutton", (request, response) -> {
log.info("Link button pressed....");
bridgeSettings.getBridgeControl().setLinkButton(true);
Timer theTimer = new Timer();
theTimer.schedule(new LinkButtonPressed(bridgeSettings.getBridgeControl(), theTimer), 30000);
return null;
response.status(HttpStatus.SC_OK);
response.type("application/json");
return "";
}, new JsonTransformer());
// http://ip_address:port/system/securityinfo gets the security info for the bridge
get (SYSTEM_CONTEXT + "/securityinfo", "application/json", (request, response) -> {
get (SYSTEM_CONTEXT + "/securityinfo", (request, response) -> {
log.debug("Get security info");
response.status(200);
response.status(HttpStatus.SC_OK);
response.type("application/json");
return bridgeSettings.getBridgeSecurity().getSecurityInfo();
}, new JsonTransformer());
// http://ip_address:port/system/changesecurityinfo CORS request
options(SYSTEM_CONTEXT + "/changesecurityinfo", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/changesecurityinfo", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
@@ -211,18 +242,21 @@ public class SystemControl extends AuthFramework {
return "";
});
// http://ip_address:port/system/changesecurityinfo which sets the security settings other than passwords and users
post(SYSTEM_CONTEXT + "/changesecurityinfo", "application/json", (request, response) -> {
post(SYSTEM_CONTEXT + "/changesecurityinfo", (request, response) -> {
log.debug("changesecurityinfo....");
SecurityInfo theInfo = new Gson().fromJson(request.body(), SecurityInfo.class);
if(theInfo.getExecGarden() != null)
bridgeSettings.getBridgeSecurity().setExecGarden(theInfo.getExecGarden());
bridgeSettings.getBridgeSecurity().setUseLinkButton(theInfo.isUseLinkButton());
bridgeSettings.getBridgeSecurity().setSecureHueApi(theInfo.isSecureHueApi());
bridgeSettings.save(bridgeSettings.getBridgeSettingsDescriptor());
response.status(HttpStatus.SC_OK);
response.type("application/json");
return bridgeSettings.getBridgeSecurity().getSecurityInfo();
}, new JsonTransformer());
// http://ip_address:port/system/logmgmt/update CORS request
options(SYSTEM_CONTEXT + "/logmgmt/update", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/logmgmt/update", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
@@ -231,28 +265,28 @@ public class SystemControl extends AuthFramework {
return "";
});
// http://ip_address:port/system/logmgmt/update which changes logging parameters for the process
put(SYSTEM_CONTEXT + "/logmgmt/update", "application/json", (request, response) -> {
put(SYSTEM_CONTEXT + "/logmgmt/update", (request, response) -> {
log.debug("update loggers: " + request.body());
response.status(200);
LoggerInfo updateLoggers[];
updateLoggers = new Gson().fromJson(request.body(), LoggerInfo[].class);
LoggingForm theModel = theLogServiceMgr.getModel();
theModel.setUpdatedLoggers(Arrays.asList(updateLoggers));
theLogServiceMgr.updateLogLevels();
response.status(HttpStatus.SC_OK);
response.type("application/json");
return theLogServiceMgr.getConfiguredLoggers();
}, new JsonTransformer());
// http://ip_address:port/system/settings which returns the bridge configuration settings
get(SYSTEM_CONTEXT + "/settings", "application/json", (request, response) -> {
get(SYSTEM_CONTEXT + "/settings", (request, response) -> {
log.debug("bridge settings requested from " + request.ip());
response.status(200);
response.status(HttpStatus.SC_OK);
response.type("application/json");
return bridgeSettings.getBridgeSettingsDescriptor();
}, new JsonTransformer());
// http://ip_address:port/system/settings CORS request
options(SYSTEM_CONTEXT + "/settings", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/settings", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
@@ -261,17 +295,17 @@ public class SystemControl extends AuthFramework {
return "";
});
// http://ip_address:port/system/settings which returns the bridge configuration settings
put(SYSTEM_CONTEXT + "/settings", "application/json", (request, response) -> {
put(SYSTEM_CONTEXT + "/settings", (request, response) -> {
log.debug("save bridge settings requested from " + request.ip() + " with body: " + request.body());
BridgeSettingsDescriptor newBridgeSettings = new Gson().fromJson(request.body(), BridgeSettingsDescriptor.class);
bridgeSettings.save(newBridgeSettings);
response.status(200);
response.status(HttpStatus.SC_OK);
response.type("application/json");
return bridgeSettings.getBridgeSettingsDescriptor();
}, new JsonTransformer());
// http://ip_address:port/system/control/reinit CORS request
options(SYSTEM_CONTEXT + "/control/reinit", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/control/reinit", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
@@ -280,12 +314,14 @@ public class SystemControl extends AuthFramework {
return "";
});
// http://ip_address:port/system/control/reinit sets the parameter reinit the server
put(SYSTEM_CONTEXT + "/control/reinit", "application/json", (request, response) -> {
put(SYSTEM_CONTEXT + "/control/reinit", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.type("application/json");
return reinit();
});
// http://ip_address:port/system/control/stop CORS request
options(SYSTEM_CONTEXT + "/control/stop", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/control/stop", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
@@ -294,19 +330,22 @@ public class SystemControl extends AuthFramework {
return "";
});
// http://ip_address:port/system/control/stop sets the parameter stop the server
put(SYSTEM_CONTEXT + "/control/stop", "application/json", (request, response) -> {
put(SYSTEM_CONTEXT + "/control/stop", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.type("application/json");
return stop();
});
// http://ip_address:port/system/backup/available returns a list of config backup filenames
get (SYSTEM_CONTEXT + "/backup/available", "application/json", (request, response) -> {
get (SYSTEM_CONTEXT + "/backup/available", (request, response) -> {
log.debug("Get backup filenames");
response.status(HttpStatus.SC_OK);
response.type("application/json");
return bridgeSettings.getBackups();
}, new JsonTransformer());
// http://ip_address:port/system/backup/create CORS request
options(SYSTEM_CONTEXT + "/backup/create", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/backup/create", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "PUT");
@@ -314,16 +353,18 @@ public class SystemControl extends AuthFramework {
response.header("Content-Type", "text/html; charset=utf-8");
return "";
});
put (SYSTEM_CONTEXT + "/backup/create", "application/json", (request, response) -> {
put (SYSTEM_CONTEXT + "/backup/create", (request, response) -> {
log.debug("Create backup: " + request.body());
BackupFilename aFilename = new Gson().fromJson(request.body(), BackupFilename.class);
BackupFilename returnFilename = new BackupFilename();
returnFilename.setFilename(bridgeSettings.backup(aFilename.getFilename()));
response.status(HttpStatus.SC_OK);
response.type("application/json");
return returnFilename;
}, new JsonTransformer());
// http://ip_address:port/system/backup/delete CORS request
options(SYSTEM_CONTEXT + "/backup/delete", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/backup/delete", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "POST");
@@ -331,18 +372,20 @@ public class SystemControl extends AuthFramework {
response.header("Content-Type", "text/html; charset=utf-8");
return "";
});
post (SYSTEM_CONTEXT + "/backup/delete", "application/json", (request, response) -> {
post (SYSTEM_CONTEXT + "/backup/delete", (request, response) -> {
log.debug("Delete backup: " + request.body());
BackupFilename aFilename = new Gson().fromJson(request.body(), BackupFilename.class);
if(aFilename != null)
bridgeSettings.deleteBackup(aFilename.getFilename());
else
log.warn("No filename given for delete backup.");
return null;
response.status(HttpStatus.SC_OK);
response.type("application/json");
return "";
}, new JsonTransformer());
// http://ip_address:port/system/backup/restore CORS request
options(SYSTEM_CONTEXT + "/backup/restore", "application/json", (request, response) -> {
options(SYSTEM_CONTEXT + "/backup/restore", (request, response) -> {
response.status(HttpStatus.SC_OK);
response.header("Access-Control-Allow-Origin", request.headers("Origin"));
response.header("Access-Control-Allow-Methods", "POST");
@@ -350,7 +393,7 @@ public class SystemControl extends AuthFramework {
response.header("Content-Type", "text/html; charset=utf-8");
return "";
});
post (SYSTEM_CONTEXT + "/backup/restore", "application/json", (request, response) -> {
post (SYSTEM_CONTEXT + "/backup/restore", (request, response) -> {
log.debug("Restore backup: " + request.body());
BackupFilename aFilename = new Gson().fromJson(request.body(), BackupFilename.class);
if(aFilename != null) {
@@ -359,6 +402,8 @@ public class SystemControl extends AuthFramework {
}
else
log.warn("No filename given for restore backup.");
response.status(HttpStatus.SC_OK);
response.type("application/json");
return bridgeSettings.getBridgeSettingsDescriptor();
}, new JsonTransformer());
}