diff --git a/examples/protocols/http_server/simple/main/Kconfig.projbuild b/examples/protocols/http_server/simple/main/Kconfig.projbuild new file mode 100644 index 0000000000..2611ab44ac --- /dev/null +++ b/examples/protocols/http_server/simple/main/Kconfig.projbuild @@ -0,0 +1,29 @@ +menu "Example Configuration" + + config EXAMPLE_BASIC_AUTH + bool "Basic Authentication" + default n + help + Basic Authentication is a method for an HTTP user agent (e.g. a web browser) + to provide a user name and password when making a request. It is the simplest + technique for enforcing access controls to web resources. because it doesn't + require cookies, session identifiers, or login pages; rather, it uses standard + fields in the HTTP header. + Note that, Basic Authentication is not encrypted channel and also easy to retrieve + credentials as they are sent in plain text format. + + config EXAMPLE_BASIC_AUTH_USERNAME + string "Basic Authenticate User Name" + depends on EXAMPLE_BASIC_AUTH + default "ESP32" + help + The client's user name which used for basic authenticate. + + config EXAMPLE_BASIC_AUTH_PASSWORD + string "Basic Authenticate Password" + depends on EXAMPLE_BASIC_AUTH + default "ESP32Webserver" + help + The client's password which used for basic authenticate. + +endmenu diff --git a/examples/protocols/http_server/simple/main/main.c b/examples/protocols/http_server/simple/main/main.c index 3aea3e3da0..bad9628fa8 100644 --- a/examples/protocols/http_server/simple/main/main.c +++ b/examples/protocols/http_server/simple/main/main.c @@ -17,7 +17,7 @@ #include "esp_netif.h" #include "esp_eth.h" #include "protocol_examples_common.h" - +#include "esp_tls_crypto.h" #include /* A simple example that demonstrates how to create GET and POST @@ -26,6 +26,125 @@ static const char *TAG = "example"; +#if CONFIG_EXAMPLE_BASIC_AUTH + +typedef struct { + char *username; + char *password; +} basic_auth_info_t; + +#define HTTPD_401 "401 UNAUTHORIZED" /*!< HTTP Response 401 */ + +static char *http_auth_basic(const char *username, const char *password) +{ + int out; + char *user_info = NULL; + char *digest = NULL; + size_t n = 0; + asprintf(&user_info, "%s:%s", username, password); + if (!user_info) { + ESP_LOGE(TAG, "No enough memory for user information"); + return NULL; + } + esp_crypto_base64_encode(NULL, 0, &n, (const unsigned char *)user_info, strlen(user_info)); + + /* 6: The length of the "Basic " string + * n: Number of bytes for a base64 encode format + * 1: Number of bytes for a reserved which be used to fill zero + */ + digest = calloc(1, 6 + n + 1); + if (digest) { + strcpy(digest, "Basic "); + esp_crypto_base64_encode((unsigned char *)digest + 6, n, (size_t *)&out, (const unsigned char *)user_info, strlen(user_info)); + } + free(user_info); + return digest; +} + +/* An HTTP GET handler */ +static esp_err_t basic_auth_get_handler(httpd_req_t *req) +{ + char *buf = NULL; + size_t buf_len = 0; + basic_auth_info_t *basic_auth_info = req->user_ctx; + + buf_len = httpd_req_get_hdr_value_len(req, "Authorization") + 1; + if (buf_len > 1) { + buf = calloc(1, buf_len); + if (!buf) { + ESP_LOGE(TAG, "No enough memory for basic authorization"); + return ESP_ERR_NO_MEM; + } + + if (httpd_req_get_hdr_value_str(req, "Authorization", buf, buf_len) == ESP_OK) { + ESP_LOGI(TAG, "Found header => Authorization: %s", buf); + } else { + ESP_LOGE(TAG, "No auth value received"); + } + + char *auth_credentials = http_auth_basic(basic_auth_info->username, basic_auth_info->password); + if (!auth_credentials) { + ESP_LOGE(TAG, "No enough memory for basic authorization credentials"); + free(buf); + return ESP_ERR_NO_MEM; + } + + if (strncmp(auth_credentials, buf, buf_len)) { + ESP_LOGE(TAG, "Not authenticated"); + httpd_resp_set_status(req, HTTPD_401); + httpd_resp_set_type(req, "application/json"); + httpd_resp_set_hdr(req, "Connection", "keep-alive"); + httpd_resp_set_hdr(req, "WWW-Authenticate", "Basic realm=\"Hello\""); + httpd_resp_send(req, NULL, 0); + } else { + ESP_LOGI(TAG, "Authenticated!"); + char *basic_auth_resp = NULL; + httpd_resp_set_status(req, HTTPD_200); + httpd_resp_set_type(req, "application/json"); + httpd_resp_set_hdr(req, "Connection", "keep-alive"); + asprintf(&basic_auth_resp, "{\"authenticated\": true,\"user\": \"%s\"}", basic_auth_info->username); + if (!basic_auth_resp) { + ESP_LOGE(TAG, "No enough memory for basic authorization response"); + free(auth_credentials); + free(buf); + return ESP_ERR_NO_MEM; + } + httpd_resp_send(req, basic_auth_resp, strlen(basic_auth_resp)); + free(basic_auth_resp); + } + free(auth_credentials); + free(buf); + } else { + ESP_LOGE(TAG, "No auth header received"); + httpd_resp_set_status(req, HTTPD_401); + httpd_resp_set_type(req, "application/json"); + httpd_resp_set_hdr(req, "Connection", "keep-alive"); + httpd_resp_set_hdr(req, "WWW-Authenticate", "Basic realm=\"Hello\""); + httpd_resp_send(req, NULL, 0); + } + + return ESP_OK; +} + +static httpd_uri_t basic_auth = { + .uri = "/basic_auth", + .method = HTTP_GET, + .handler = basic_auth_get_handler, +}; + +static void httpd_register_basic_auth(httpd_handle_t server) +{ + basic_auth_info_t *basic_auth_info = calloc(1, sizeof(basic_auth_info_t)); + if (basic_auth_info) { + basic_auth_info->username = CONFIG_EXAMPLE_BASIC_AUTH_USERNAME; + basic_auth_info->password = CONFIG_EXAMPLE_BASIC_AUTH_PASSWORD; + + basic_auth.user_ctx = basic_auth_info; + httpd_register_uri_handler(server, &basic_auth); + } +} +#endif + /* An HTTP GET handler */ static esp_err_t hello_get_handler(httpd_req_t *req) { @@ -233,6 +352,9 @@ static httpd_handle_t start_webserver(void) httpd_register_uri_handler(server, &hello); httpd_register_uri_handler(server, &echo); httpd_register_uri_handler(server, &ctrl); + #if CONFIG_EXAMPLE_BASIC_AUTH + httpd_register_basic_auth(server); + #endif return server; } diff --git a/examples/protocols/http_server/simple/sdkconfig.ci.basic_auth b/examples/protocols/http_server/simple/sdkconfig.ci.basic_auth new file mode 100644 index 0000000000..d022d0a55d --- /dev/null +++ b/examples/protocols/http_server/simple/sdkconfig.ci.basic_auth @@ -0,0 +1 @@ +CONFIG_EXAMPLE_BASIC_AUTH=y