Fledge
An open source edge computing platform for industrial users
service_handler.h
1 #ifndef _SERVICE_HANDLER_H
2 #define _SERVICE_HANDLER_H
3 /*
4  * Fledge service class
5  *
6  * Copyright (c) 2017 OSisoft, LLC
7  *
8  * Released under the Apache 2.0 Licence
9  *
10  * Author: Mark Riddoch, Massimiliano Pinto
11  */
12 #include <config_category.h>
13 #include <string>
14 #include <management_client.h>
15 
21 {
22  public:
23  virtual void shutdown() = 0;
24  virtual void restart() = 0;
25  virtual void configChange(const std::string& category, const std::string& config) = 0;
26  virtual void configChildCreate(const std::string& parent_category, const std::string& category, const std::string& config) = 0;
27  virtual void configChildDelete(const std::string& parent_category, const std::string& category) = 0;
28  virtual bool isRunning() = 0;
29  virtual bool securityChange(const std::string &payload) { return payload.empty(); };
30 };
31 
36 {
37  public:
38  ServiceAuthHandler() : m_refreshThread(NULL), m_refreshRunning(true) {};
39  virtual ~ServiceAuthHandler() { if (m_refreshThread) { m_refreshRunning = false; m_refreshThread->join(); delete m_refreshThread; } };
40  std::string& getName() { return m_name; };
41  std::string& getType() { return m_type; };
42  bool createSecurityCategories(ManagementClient* mgtClient, bool dryRun);
43  bool updateSecurityCategory(const std::string& newCategory);
45  void setAuthenticatedCaller(bool enabled);
47  // ACL verification (for Dispatcher)
48  bool AuthenticationMiddlewareACL(std::shared_ptr<HttpServer::Response> response,
49  std::shared_ptr<HttpServer::Request> request,
50  const std::string& serviceName,
51  const std::string& serviceType);
52  // Hanlder for Dispatcher
53  bool AuthenticationMiddlewareCommon(std::shared_ptr<HttpServer::Response> response,
54  std::shared_ptr<HttpServer::Request> request,
55  std::string& callerName,
56  std::string& callerType);
57  // Handler for South services: token verifation and service ACL check
58  void AuthenticationMiddlewarePUT(std::shared_ptr<HttpServer::Response> response,
59  std::shared_ptr<HttpServer::Request> request,
60  std::function<void(
61  std::shared_ptr<HttpServer::Response>,
62  std::shared_ptr<HttpServer::Request>)> funcPUT);
63  void refreshBearerToken();
64  // Send a good HTTP response to the caller
65  void respond(std::shared_ptr<HttpServer::Response> response,
66  const std::string& payload)
67  {
68  *response << "HTTP/1.1 200 OK\r\n"
69  << "Content-Length: " << payload.length() << "\r\n"
70  << "Content-type: application/json\r\n\r\n"
71  << payload;
72  };
73  // Send an error messagei HTTP response to the caller with given HTTP code
74  void respond(std::shared_ptr<HttpServer::Response> response,
75  SimpleWeb::StatusCode code,
76  const std::string& payload)
77  {
78  *response << "HTTP/1.1 " << status_code(code) << "\r\n"
79  << "Content-Length: " << payload.length() << "\r\n"
80  << "Content-type: application/json\r\n\r\n"
81  << payload;
82  };
83  static ManagementClient *
84  getMgmtClient() { return m_mgtClient; };
85  bool securityChange(const std::string &payload);
86 
87  private:
88  bool verifyURL(const std::string& path,
89  const std::string& sName,
90  const std::string& sType);
91  bool verifyService(const std::string& sName,
92  const std::string &sType);
93 
94  protected:
95  std::string m_name;
96  std::string m_type;
97  // Management client pointer
98  static ManagementClient
100 
101  private:
102  // Security configuration change mutex
103  std::mutex m_mtx_config;
104  // Authentication is enabled for API endpoints
105  bool m_authentication_enabled;
106  // Security configuration
107  ConfigCategory m_security;
108  // Service ACL
109  ACL m_service_acl;
110  std::thread *m_refreshThread;
111  bool m_refreshRunning;
112 };
113 
114 #endif
ServiceAuthHandler::setInitialAuthenticatedCaller
void setInitialAuthenticatedCaller()
Set initial value of enabled authentication.
Definition: service_security.cpp:142
ServiceAuthHandler::securityChange
bool securityChange(const std::string &payload)
Request security change action:
Definition: service_security.cpp:738
ServiceAuthHandler::AuthenticationMiddlewareACL
bool AuthenticationMiddlewareACL(std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, const std::string &serviceName, const std::string &serviceType)
Authentication Middleware ACL check.
Definition: service_security.cpp:475
ServiceAuthHandler::AuthenticationMiddlewarePUT
void AuthenticationMiddlewarePUT(std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, std::function< void(std::shared_ptr< HttpServer::Response >, std::shared_ptr< HttpServer::Request >)> funcPUT)
Authentication Middleware for PUT methods.
Definition: service_security.cpp:359
ACL
This class represents the ACL (Access Control List) as JSON object fetched from Fledge Storage.
Definition: acl.h:23
ServiceAuthHandler::m_mgtClient
static ManagementClient * m_mgtClient
Initialise m_mgtClient object to NULL.
Definition: service_handler.h:99
ServiceAuthHandler::refreshBearerToken
void refreshBearerToken()
Refresh the bearer token of the runnign service This routine is run by a thread started in createSecu...
Definition: service_security.cpp:585
ServiceAuthHandler::getAuthenticatedCaller
bool getAuthenticatedCaller()
Return enabled authentication value.
Definition: service_security.cpp:175
ServiceAuthHandler::AuthenticationMiddlewareCommon
bool AuthenticationMiddlewareCommon(std::shared_ptr< HttpServer::Response > response, std::shared_ptr< HttpServer::Request > request, std::string &callerName, std::string &callerType)
Authentication Middleware for Dispatcher service.
Definition: service_security.cpp:531
ManagementClient
The management client class used by services and tasks to communicate with the management API of the ...
Definition: management_client.h:43
ConfigCategory
Definition: config_category.h:56
ServiceAuthHandler::updateSecurityCategory
bool updateSecurityCategory(const std::string &newCategory)
Update the class objects from security category content update.
Definition: service_security.cpp:111
ServiceAuthHandler::createSecurityCategories
bool createSecurityCategories(ManagementClient *mgtClient, bool dryRun)
Create "${service}Security" category with empty content.
Definition: service_security.cpp:34
ServiceAuthHandler
ServiceAuthHandler adds security to the base class ServiceHandler.
Definition: service_handler.h:35
ServiceAuthHandler::setAuthenticatedCaller
void setAuthenticatedCaller(bool enabled)
Set enabled authentication value.
Definition: service_security.cpp:164
ServiceHandler
ServiceHandler abstract class - the interface that services using the management API must provide.
Definition: service_handler.h:20