add basic_auth

mandl · mandl · commit 1fce718cf163 · 2024-11-26T12:23:48.000+01:00
diff --git a/esp32-cam-webserver.ino b/esp32-cam-webserver.ino
@@ -76,7 +76,7 @@ extern esp_err_t SendPictureHttp();
 unsigned long previousMillis;
 
 // Every 5 Minutes
-const unsigned long interval = (5 * 1000);
+const unsigned long interval = (5 * 60 * 1000);
 
 // Names for the Camera. (set these in myconfig.h)
 #if defined(CAM_NAME)
diff --git a/src/httpd_basic_auth.cpp b/src/httpd_basic_auth.cpp
@@ -0,0 +1,91 @@
+#include "src/httpd_basic_auth.h"
+#include "mbedtls/base64.h"
+ 
+#include <esp_log.h>
+
+static const char *TAG = "httpd_basic_auth";
+
+esp_err_t httpd_basic_auth_resp_send_401(httpd_req_t* req) {
+	esp_err_t ret = httpd_resp_set_status(req, HTTPD_401);
+	
+    ESP_LOGD(TAG, "httpd_basic_auth_resp_send_401");
+	if(ret == ESP_OK) {
+		ret = httpd_resp_set_hdr(req, "WWW-Authenticate", "Basic realm=\"User Visible Realm\"");
+	}
+
+	return ret;
+}
+
+esp_err_t httpd_basic_auth(httpd_req_t* req, const char* username, const char* password) {
+	size_t auth_head_len = 1 + httpd_req_get_hdr_value_len(req, "Authorization");
+	size_t n = 0;
+	size_t out;
+	
+	ESP_LOGD(TAG, "httpd_basic_auth");
+
+	if(auth_head_len <= 1 + 7) {
+
+		ESP_LOGE(TAG, "ESP_ERR_HTTPD_BASIC_AUTH_HEADER_NOT_FOUND");
+		return ESP_ERR_HTTPD_BASIC_AUTH_HEADER_NOT_FOUND;
+	}
+
+	char* auth_head = (char*)malloc(auth_head_len);
+
+	if(auth_head == NULL) {
+		return ESP_ERR_NO_MEM;
+	}
+
+	if(httpd_req_get_hdr_value_str(req, "Authorization", auth_head, auth_head_len) != ESP_OK) {
+		free(auth_head);
+		return ESP_ERR_HTTPD_BASIC_AUTH_FAIL_TO_GET_HEADER;
+	}
+
+	ESP_LOGD(TAG, "Header: '%s'", auth_head);
+
+	if(strncmp("Basic", auth_head, 5) != 0) {
+		free(auth_head);
+		return ESP_ERR_HTTPD_BASIC_AUTH_HEADER_INVALID;
+	}
+	
+	mbedtls_base64_decode(NULL, 0, &n, (const unsigned char *)(auth_head + 6), auth_head_len - 6 - 1);
+
+	unsigned char* decoded = (unsigned char*) calloc(1, 6 + n + 1);
+
+    if (decoded) {
+        strcpy((char*)decoded, "Basic ");
+		int err = mbedtls_base64_decode(decoded, n, &out, (const unsigned char *)(auth_head + 6), auth_head_len - 6 - 1);
+        if(err != 0) {
+           free(auth_head);
+		   free(decoded);
+		   ESP_LOGE(TAG, "ESP_ERR_HTTPD_BASIC_AUTH_HEADER_INVALID");
+		   return ESP_ERR_HTTPD_BASIC_AUTH_HEADER_INVALID;
+	    }
+   }
+
+	free(auth_head);
+	
+	char* colonDelimiter = strchr((const char*) decoded, ':');
+
+	if(colonDelimiter == NULL) {
+		free(decoded);
+		ESP_LOGE(TAG, "ESP_ERR_HTTPD_BASIC_AUTH_HEADER_INVALID2");
+
+		return ESP_ERR_HTTPD_BASIC_AUTH_HEADER_INVALID;
+	}
+
+	size_t head_username_len = colonDelimiter - (const char*) decoded;
+	size_t head_password_len = strlen(colonDelimiter + 1);
+
+	if(strlen(username) != head_username_len
+		|| strlen(password) != head_password_len
+		|| strncmp(username, (const char*) decoded, head_username_len) != 0 
+		|| strncmp(password, colonDelimiter + 1, head_password_len) != 0) {
+		free(decoded);
+		ESP_LOGD(TAG, "ESP_ERR_HTTPD_BASIC_AUTH_NOT_AUTHORIZED");
+		return ESP_ERR_HTTPD_BASIC_AUTH_NOT_AUTHORIZED;
+	}
+
+	free(decoded);
+	
+	return ESP_OK;
+}
diff --git a/src/httpd_basic_auth.h b/src/httpd_basic_auth.h
@@ -0,0 +1,41 @@
+/**
+ * @file httpd_basic_auth.h
+ * @brief Basic Authorization Wrapper around Htppd
+ */ 
+
+#include <esp_http_server.h>
+
+#define ESP_ERR_HTTPD_BASIC_AUTH_BASE                  (ESP_ERR_HTTPD_BASE + 200)            /*!< Starting number of HTTPD_BASIC_AUTH error codes */
+#define ESP_ERR_HTTPD_BASIC_AUTH_HEADER_NOT_FOUND      (ESP_ERR_HTTPD_BASIC_AUTH_BASE + 1)   /*!< Authorization header has not found in request */
+#define ESP_ERR_HTTPD_BASIC_AUTH_FAIL_TO_GET_HEADER    (ESP_ERR_HTTPD_BASIC_AUTH_BASE + 2)   /*!< Fail to read authorization header */
+#define ESP_ERR_HTTPD_BASIC_AUTH_HEADER_INVALID        (ESP_ERR_HTTPD_BASIC_AUTH_BASE + 3)   /*!< Invalid format of authorization header */
+#define ESP_ERR_HTTPD_BASIC_AUTH_NOT_AUTHORIZED        (ESP_ERR_HTTPD_BASIC_AUTH_BASE + 4)   /*!< Not authorized */
+
+#ifndef HTTPD_401
+	#define HTTPD_401 "401 Unauthorized"
+#endif
+
+/**
+ * @brief Send error code 401 and set "WWW-Authenticate" header
+ * @param[in] req The request being responded to
+ * 
+ * @return
+ *  - ESP_OK on success
+ */ 
+esp_err_t httpd_basic_auth_resp_send_401(httpd_req_t* req);
+
+/**
+ * @brief Read authorization token from request and compare with provided username and password
+ * @param[in] req The request being responded to
+ * @param[in] username Username
+ * @param[in] password Password
+ * 
+ * @return
+ *  - ESP_OK user is authorized
+ *  - ESP_ERR_NO_MEM no memory
+ *  - ESP_ERR_HTTPD_BASIC_AUTH_HEADER_NOT_FOUND authorization header is not provided in request
+ *  - ESP_ERR_HTTPD_BASIC_AUTH_FAIL_TO_GET_HEADER fail to read authorization header
+ *  - ESP_ERR_HTTPD_BASIC_AUTH_HEADER_INVALID invalid format of authorization header
+ *  - ESP_ERR_HTTPD_BASIC_AUTH_NOT_AUTHORIZED not authorized
+ */ 
+esp_err_t httpd_basic_auth(httpd_req_t* req, const char* username, const char* password);
