Merge pull request #16 from tomer-w/master

Add basic authorization support.

Author: QuickSander

examples/HelloHttp/HelloHttp.ino

@@ -72,6 +72,7 @@ void loop()
 
          httpReply.send( errorStr );
       }
+      client.stop();
    }
 
 }

library.properties

@@ -8,3 +8,4 @@ category=Communication
 url=https://github.com/QuickSander/ArduinoHttpServer
 architectures=*
 repository=https://github.com/QuickSander/ArduinoHttpServer.git
+depends=Base64

src/internals/HttpField.cpp

@@ -14,6 +14,7 @@ const char* ArduinoHttpServer::HttpField::SEPERATOR = ": ";
 const char* ArduinoHttpServer::HttpField::CONTENT_TYPE_STR = "Content-Type";
 const char* ArduinoHttpServer::HttpField::CONTENT_LENGTH_TYPE_STR = "Content-Length";
 const char* ArduinoHttpServer::HttpField::USER_AGENT_TYPE_STR = "User-Agent";
+const char* ArduinoHttpServer::HttpField::AUTHORIZATION_TYPE_STR = "Authorization";
 
 
 ArduinoHttpServer::HttpField::HttpField(const char* fieldLine) :
@@ -66,6 +67,10 @@ void ArduinoHttpServer::HttpField::determineType(const String& typeStr)
    {
       m_type = Type::USER_AGENT;
    }
+   else if (typeStr.equalsIgnoreCase(AUTHORIZATION_TYPE_STR))
+   {
+      m_type = Type::AUTHORIZATION;
+   }
 }
 
 

src/internals/HttpField.hpp

@@ -26,7 +26,8 @@ class HttpField
       NOT_SUPPORTED,
       CONTENT_TYPE,
       CONTENT_LENGTH,
-      USER_AGENT
+      USER_AGENT,
+      AUTHORIZATION
    };
 
    HttpField(const char* fieldLine);
@@ -49,6 +50,7 @@ class HttpField
    static const char* CONTENT_TYPE_STR;
    static const char* CONTENT_LENGTH_TYPE_STR;
    static const char* USER_AGENT_TYPE_STR;
+   static const char* AUTHORIZATION_TYPE_STR;
 
    Type m_type;
    String m_value;

src/internals/StreamHttpReply.cpp

@@ -32,8 +32,11 @@ void ArduinoHttpServer::AbstractStreamHttpReply::send(const String& data, const
    httpErrorReply += title + "\r\n";
    httpErrorReply += AHS_F("Connection: close\r\n");
    httpErrorReply += AHS_F("Content-Length: ");
-   httpErrorReply += data.length(); httpErrorReply += AHS_F("\r\n");
-   httpErrorReply += AHS_F("Content-Type: "); httpErrorReply += m_contentType; httpErrorReply+= AHS_F("\r\n");
+   httpErrorReply += data.length();
+   httpErrorReply += AHS_F("\r\n");
+   httpErrorReply += AHS_F("Content-Type: ");
+   httpErrorReply += m_contentType;
+   httpErrorReply += AHS_F("\r\n");
    httpErrorReply += AHS_F("\r\n");
    httpErrorReply += data;
    httpErrorReply += AHS_F("\r\n");
@@ -132,3 +135,29 @@ String ArduinoHttpServer::StreamHttpErrorReply::getJsonBody(const String& data)
 
    return body;
 }
+
+//------------------------------------------------------------------------------
+//                             Class Definition
+//------------------------------------------------------------------------------
+
+ArduinoHttpServer::StreamHttpAuthenticateReply::StreamHttpAuthenticateReply(Stream& stream, const String& contentType) :
+   AbstractStreamHttpReply(stream, contentType, "401")
+{
+
+}
+
+void ArduinoHttpServer::StreamHttpAuthenticateReply::send()
+{
+   // Read away remaining bytes.
+   while(getStream().read()>=0);
+
+   DEBUG_ARDUINO_HTTP_SERVER_PRINT("Printing Reply ... ");
+   getStream().println(AHS_F("HTTP/1.1 401 Unauthorized"));
+   getStream().println(AHS_F("WWW-Authenticate: Basic realm=\"Login Required\""));
+   getStream().println(AHS_F("Connection: close"));
+   getStream().println(AHS_F(""));
+   getStream().println(AHS_F("<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY BGCOLOR=\"#cc9999\"><H4>401 Unauthorized</H4>Authorization required.</BODY></HTML>"));
+   getStream().println(AHS_F(""));
+   getStream().println(AHS_F(""));
+   DEBUG_ARDUINO_HTTP_SERVER_PRINTLN("done.");
+}

src/internals/StreamHttpReply.hpp

@@ -59,6 +59,18 @@ class StreamHttpErrorReply: public AbstractStreamHttpReply
     virtual String getJsonBody(const String& data);
 };
 
+//------------------------------------------------------------------------------
+//                             Class Declaration
+//------------------------------------------------------------------------------
+//! Authenticate reply
+class StreamHttpAuthenticateReply: public AbstractStreamHttpReply
+{
+public:
+    StreamHttpAuthenticateReply(Stream& stream, const String& contentType);
+    virtual void send();
+};
+
+
 //------------------------------------------------------------------------------
 //                             Class Declaration
 //------------------------------------------------------------------------------

src/internals/StreamHttpRequest.hpp

@@ -17,6 +17,7 @@
 #include "ArduinoHttpServerDebug.h"
 
 #include <Arduino.h>
+#include <Base64.h>
 
 #include <string.h>
 
@@ -64,6 +65,9 @@ class StreamHttpRequest
     const ErrorString getError() const;
     Stream& getStream() { return m_stream; };
 
+    // Check if authenticated request
+    bool authenticate(const char * username, const char * password) const;
+
 private:
 
    enum class Error: char {
@@ -100,6 +104,7 @@ class StreamHttpRequest
    ArduinoHttpServer::HttpVersion m_version;
    ArduinoHttpServer::HttpField m_contentTypeField;
    ArduinoHttpServer::HttpField m_contentLengthField;
+   ArduinoHttpServer::HttpField m_authorizationField;
 
    Error m_error;
    ErrorMessageString m_errorDetail;
@@ -321,6 +326,10 @@ void ArduinoHttpServer::StreamHttpRequest<MAX_BODY_SIZE>::parseField(char lineBu
    {
       m_contentLengthField = httpField;
    }
+   else if(httpField.getType() == ArduinoHttpServer::HttpField::Type::AUTHORIZATION)
+   {
+      m_authorizationField = httpField;
+   }
    else
    {
       // Ignore other fields for now.
@@ -370,6 +379,40 @@ const ArduinoHttpServer::ErrorString ArduinoHttpServer::StreamHttpRequest<MAX_BO
    return errorString;
 }
 
+template <size_t MAX_BODY_SIZE>
+bool ArduinoHttpServer::StreamHttpRequest<MAX_BODY_SIZE>::authenticate(const char * username, const char * password) const
+{
+   if (m_authorizationField.getType() == HttpField::Type::NOT_SUPPORTED)
+   {
+      return false;
+   }
+
+   if (!m_authorizationField.getValueAsString().startsWith("Basic"))
+   {
+      DEBUG_ARDUINO_HTTP_SERVER_PRINTLN("Unsupported auth header");
+      return false;
+   }
+
+   String combinedInput;
+   if (!combinedInput.reserve(strlen(username) + strlen(password) + 2))
+   {
+      DEBUG_ARDUINO_HTTP_SERVER_PRINTLN("Not enough memory");
+      return false;
+   }
+   combinedInput += username;
+   combinedInput += AHS_F(":");
+   combinedInput += password;
+
+   int encodedLength = Base64.encodedLength(combinedInput.length());
+   char encodedString[encodedLength];
+   Base64.encode(encodedString, combinedInput.c_str(), combinedInput.length());
+   
+   if (strcmp(m_authorizationField.getValueAsString().c_str()+6,encodedString) == 0)
+   {
+      return true;
+   }
 
+   return false;
+}
 
 #endif // __ArduinoHttpServer__StreamHttpRequest__