Close #1044: Add HTTP authentication method "API key" that does not p…

…refix the key with the word "Token" (#1046) * Close #1044: Add HTTP authentication method "API key" that does not prefix the key with the word "Token" * [#1044] Update ruuvi.gwui.html to the master branch
ruuvi · May 8, 2024 · 87520b6 · 87520b6
1 parent 4583897
commit 87520b6
Show file tree

Hide file tree

Showing 13 changed files with 355 additions and 9 deletions.
diff --git a/main/gw_cfg.c b/main/gw_cfg.c
@@ -667,6 +667,8 @@ gw_cfg_get_http_password_copy_unsafe(const gw_cfg_t* const p_gw_cfg)
             return str_buf_printf_with_alloc("%s", p_gw_cfg->ruuvi_cfg.http.auth.auth_bearer.token.buf);
         case GW_CFG_HTTP_AUTH_TYPE_TOKEN:
             return str_buf_printf_with_alloc("%s", p_gw_cfg->ruuvi_cfg.http.auth.auth_token.token.buf);
+        case GW_CFG_HTTP_AUTH_TYPE_APIKEY:
+            return str_buf_printf_with_alloc("%s", p_gw_cfg->ruuvi_cfg.http.auth.auth_apikey.api_key.buf);
     }
     assert(0);
     return str_buf_init_null();

diff --git a/main/gw_cfg.h b/main/gw_cfg.h
@@ -34,6 +34,7 @@ extern "C" {
 
 #define GW_CFG_MAX_HTTP_BEARER_TOKEN_LEN 256
 #define GW_CFG_MAX_HTTP_TOKEN_LEN        256
+#define GW_CFG_MAX_HTTP_APIKEY_LEN       256
 #define GW_CFG_MAX_HTTP_URL_LEN          256
 #define GW_CFG_MAX_HTTP_USER_LEN         51
 #define GW_CFG_MAX_HTTP_PASS_LEN         51
@@ -167,20 +168,27 @@ typedef struct ruuvi_gw_cfg_http_token_t
     char buf[GW_CFG_MAX_HTTP_TOKEN_LEN];
 } ruuvi_gw_cfg_http_token_t;
 
+typedef struct ruuvi_gw_cfg_http_apikey_t
+{
+    char buf[GW_CFG_MAX_HTTP_APIKEY_LEN];
+} ruuvi_gw_cfg_http_apikey_t;
+
 #define GW_CFG_HTTP_AUTH_TYPE_STR_SIZE 8
 
 #define GW_CFG_HTTP_AUTH_TYPE_STR_NO     "no" /* deprecated */
 #define GW_CFG_HTTP_AUTH_TYPE_STR_NONE   "none"
 #define GW_CFG_HTTP_AUTH_TYPE_STR_BASIC  "basic"
 #define GW_CFG_HTTP_AUTH_TYPE_STR_BEARER "bearer"
 #define GW_CFG_HTTP_AUTH_TYPE_STR_TOKEN  "token"
+#define GW_CFG_HTTP_AUTH_TYPE_STR_APIKEY "api_key"
 
 typedef enum gw_cfg_http_auth_type_e
 {
     GW_CFG_HTTP_AUTH_TYPE_NONE   = 0,
     GW_CFG_HTTP_AUTH_TYPE_BASIC  = 1,
     GW_CFG_HTTP_AUTH_TYPE_BEARER = 2,
     GW_CFG_HTTP_AUTH_TYPE_TOKEN  = 3,
+    GW_CFG_HTTP_AUTH_TYPE_APIKEY = 4,
 } gw_cfg_http_auth_type_e;
 
 typedef struct ruuvi_gw_cfg_http_auth_basic_t
@@ -200,6 +208,10 @@ typedef union ruuvi_gw_cfg_http_auth_t
     {
         ruuvi_gw_cfg_http_token_t token;
     } auth_token;
+    struct
+    {
+        ruuvi_gw_cfg_http_apikey_t api_key;
+    } auth_apikey;
 } ruuvi_gw_cfg_http_auth_t;
 
 typedef uint16_t gw_cfg_remote_refresh_interval_minutes_t;

diff --git a/main/gw_cfg_cmp.c b/main/gw_cfg_cmp.c
@@ -61,6 +61,12 @@ ruuvi_gw_cfg_remote_cmp(const ruuvi_gw_cfg_remote_t* const p_remote1, const ruuv
                 return false;
             }
             break;
+        case GW_CFG_HTTP_AUTH_TYPE_APIKEY:
+            if (0 != strcmp(p_remote1->auth.auth_apikey.api_key.buf, p_remote2->auth.auth_apikey.api_key.buf))
+            {
+                return false;
+            }
+            break;
     }
     if (p_remote1->refresh_interval_minutes != p_remote2->refresh_interval_minutes)
     {
@@ -150,6 +156,12 @@ ruuvi_gw_cfg_http_cmp(const ruuvi_gw_cfg_http_t* const p_http1, const ruuvi_gw_c
                 return false;
             }
             break;
+        case GW_CFG_HTTP_AUTH_TYPE_APIKEY:
+            if (0 != strcmp(p_http1->auth.auth_apikey.api_key.buf, p_http2->auth.auth_apikey.api_key.buf))
+            {
+                return false;
+            }
+            break;
     }
     return true;
 }

diff --git a/main/gw_cfg_json_generate.c b/main/gw_cfg_json_generate.c
@@ -257,6 +257,24 @@ gw_cfg_json_add_items_remote_auth_token(
     return true;
 }
 
+static bool
+gw_cfg_json_add_items_remote_auth_apikey(
+    cJSON* const                       p_json_root,
+    const ruuvi_gw_cfg_remote_t* const p_cfg_remote,
+    const bool                         flag_hide_passwords)
+{
+    if (!gw_cfg_json_add_string(p_json_root, "remote_cfg_auth_type", GW_CFG_HTTP_AUTH_TYPE_STR_APIKEY))
+    {
+        return false;
+    }
+    if ((!flag_hide_passwords)
+        && (!gw_cfg_json_add_string(p_json_root, "remote_cfg_auth_apikey", p_cfg_remote->auth.auth_apikey.api_key.buf)))
+    {
+        return false;
+    }
+    return true;
+}
+
 static bool
 gw_cfg_json_add_items_remote(
     cJSON* const                       p_json_root,
@@ -297,6 +315,12 @@ gw_cfg_json_add_items_remote(
                 return false;
             }
             break;
+        case GW_CFG_HTTP_AUTH_TYPE_APIKEY:
+            if (!gw_cfg_json_add_items_remote_auth_apikey(p_json_root, p_cfg_remote, flag_hide_passwords))
+            {
+                return false;
+            }
+            break;
     }
     if (!gw_cfg_json_add_bool(p_json_root, "remote_cfg_use_ssl_client_cert", p_cfg_remote->use_ssl_client_cert))
     {
@@ -400,6 +424,24 @@ gw_cfg_json_add_items_http_custom_auth_token(
     return true;
 }
 
+static bool
+gw_cfg_json_add_items_http_custom_auth_apikey(
+    cJSON* const                     p_json_root,
+    const ruuvi_gw_cfg_http_t* const p_cfg_http,
+    const bool                       flag_hide_passwords)
+{
+    if (!gw_cfg_json_add_string(p_json_root, "http_auth", GW_CFG_HTTP_AUTH_TYPE_STR_APIKEY))
+    {
+        return false;
+    }
+    if ((!flag_hide_passwords)
+        && (!gw_cfg_json_add_string(p_json_root, "http_api_key", p_cfg_http->auth.auth_apikey.api_key.buf)))
+    {
+        return false;
+    }
+    return true;
+}
+
 static bool
 gw_cfg_json_add_items_http_custom_params(
     cJSON* const                     p_json_root,
@@ -469,6 +511,12 @@ gw_cfg_json_add_items_http_custom_params(
                 return false;
             }
             break;
+        case GW_CFG_HTTP_AUTH_TYPE_APIKEY:
+            if (!gw_cfg_json_add_items_http_custom_auth_apikey(p_json_root, p_cfg_http, flag_hide_passwords))
+            {
+                return false;
+            }
+            break;
     }
     return true;
 }

diff --git a/main/gw_cfg_json_parse_http.c b/main/gw_cfg_json_parse_http.c
@@ -81,6 +81,10 @@ gw_cfg_json_parse_http_auth_type(const cJSON* const p_json_root)
     {
         return GW_CFG_HTTP_AUTH_TYPE_TOKEN;
     }
+    if (0 == strcmp(GW_CFG_HTTP_AUTH_TYPE_STR_APIKEY, auth_type_str))
+    {
+        return GW_CFG_HTTP_AUTH_TYPE_APIKEY;
+    }
     LOG_WARN("Unknown http_auth='%s', use 'ruuvi'", auth_type_str);
     return GW_CFG_HTTP_AUTH_TYPE_NONE;
 }
@@ -132,6 +136,19 @@ gw_cfg_json_parse_http_auth_token(const cJSON* const p_json_root, ruuvi_gw_cfg_h
     }
 }
 
+static void
+gw_cfg_json_parse_http_auth_apikey(const cJSON* const p_json_root, ruuvi_gw_cfg_http_t* const p_gw_cfg_http)
+{
+    if (!gw_cfg_json_copy_string_val(
+            p_json_root,
+            "http_api_key",
+            &p_gw_cfg_http->auth.auth_apikey.api_key.buf[0],
+            sizeof(p_gw_cfg_http->auth.auth_apikey.api_key.buf)))
+    {
+        LOG_WARN("Can't find key '%s' in config-json", "http_api_key");
+    }
+}
+
 static void
 gw_cfg_json_parse_http_ssl_certs(const cJSON* const p_json_root, ruuvi_gw_cfg_http_t* const p_gw_cfg_http)
 {
@@ -183,6 +200,9 @@ gw_cfg_json_parse_http(const cJSON* const p_json_root, ruuvi_gw_cfg_http_t* cons
             case GW_CFG_HTTP_AUTH_TYPE_TOKEN:
                 gw_cfg_json_parse_http_auth_token(p_json_root, p_gw_cfg_http);
                 break;
+            case GW_CFG_HTTP_AUTH_TYPE_APIKEY:
+                gw_cfg_json_parse_http_auth_apikey(p_json_root, p_gw_cfg_http);
+                break;
         }
         if ((GW_CFG_HTTP_DATA_FORMAT_RUUVI == p_gw_cfg_http->data_format)
             && (GW_CFG_HTTP_AUTH_TYPE_NONE == p_gw_cfg_http->auth_type)

diff --git a/main/gw_cfg_json_parse_remote.c b/main/gw_cfg_json_parse_remote.c
@@ -135,6 +135,10 @@ gw_cfg_json_parse_remote(const cJSON* const p_json_root, ruuvi_gw_cfg_remote_t*
             case GW_CFG_HTTP_AUTH_TYPE_TOKEN:
                 LOG_ERR("Unsupported auth_type=token for remote_cfg");
                 break;
+
+            case GW_CFG_HTTP_AUTH_TYPE_APIKEY:
+                LOG_ERR("Unsupported auth_type=api_key for remote_cfg");
+                break;
         }
     }
     if (!gw_cfg_json_get_bool_val(p_json_root, "remote_cfg_use_ssl_client_cert", &p_gw_cfg_remote->use_ssl_client_cert))

diff --git a/main/gw_cfg_log.c b/main/gw_cfg_log.c
@@ -322,6 +322,14 @@ gw_cfg_log_ruuvi_cfg_remote(const ruuvi_gw_cfg_remote_t* const p_remote)
             LOG_DBG("config: remote cfg: auth token: %s", p_remote->auth.auth_token.token.buf);
 #else
             LOG_INFO("config: remote cfg: auth token: %s", "********");
+#endif
+            break;
+        case GW_CFG_HTTP_AUTH_TYPE_APIKEY:
+            LOG_INFO("config: remote cfg: auth_type: %s", GW_CFG_HTTP_AUTH_TYPE_STR_APIKEY);
+#if LOG_LOCAL_LEVEL >= LOG_LEVEL_DEBUG
+            LOG_DBG("config: remote cfg: auth api_key: %s", p_remote->auth.auth_apikey.api_key.buf);
+#else
+            LOG_INFO("config: remote cfg: auth api_key: %s", "********");
 #endif
             break;
     }
@@ -354,10 +362,10 @@ gw_cfg_log_ruuvi_cfg_http(const ruuvi_gw_cfg_http_t* const p_http)
         switch (p_http->auth_type)
         {
             case GW_CFG_HTTP_AUTH_TYPE_NONE:
-                LOG_INFO("config: http auth_type: %s", "none");
+                LOG_INFO("config: http auth_type: %s", GW_CFG_HTTP_AUTH_TYPE_STR_NONE);
                 break;
             case GW_CFG_HTTP_AUTH_TYPE_BASIC:
-                LOG_INFO("config: http auth_type: %s", "basic");
+                LOG_INFO("config: http auth_type: %s", GW_CFG_HTTP_AUTH_TYPE_STR_BASIC);
                 LOG_INFO("config: http user: %s", p_http->auth.auth_basic.user.buf);
 #if LOG_LOCAL_LEVEL >= LOG_LEVEL_DEBUG
                 LOG_DBG("config: http pass: %s", p_http->auth.auth_basic.password.buf);
@@ -366,19 +374,27 @@ gw_cfg_log_ruuvi_cfg_http(const ruuvi_gw_cfg_http_t* const p_http)
 #endif
                 break;
             case GW_CFG_HTTP_AUTH_TYPE_BEARER:
-                LOG_INFO("config: http auth_type: %s", "bearer");
+                LOG_INFO("config: http auth_type: %s", GW_CFG_HTTP_AUTH_TYPE_STR_BEARER);
 #if LOG_LOCAL_LEVEL >= LOG_LEVEL_DEBUG
                 LOG_DBG("config: http bearer token: %s", p_http->auth.auth_bearer.token.buf);
 #else
                 LOG_INFO("config: http bearer token: %s", "********");
 #endif
                 break;
             case GW_CFG_HTTP_AUTH_TYPE_TOKEN:
-                LOG_INFO("config: http auth_type: %s", "token");
+                LOG_INFO("config: http auth_type: %s", GW_CFG_HTTP_AUTH_TYPE_STR_TOKEN);
 #if LOG_LOCAL_LEVEL >= LOG_LEVEL_DEBUG
                 LOG_DBG("config: http token: %s", p_http->auth.auth_token.token.buf);
 #else
                 LOG_INFO("config: http token: %s", "********");
+#endif
+                break;
+            case GW_CFG_HTTP_AUTH_TYPE_APIKEY:
+                LOG_INFO("config: http auth_type: %s", GW_CFG_HTTP_AUTH_TYPE_STR_APIKEY);
+#if LOG_LOCAL_LEVEL >= LOG_LEVEL_DEBUG
+                LOG_DBG("config: http api_key: %s", p_http->auth.auth_apikey.api_key.buf);
+#else
+                LOG_INFO("config: http api_key: %s", "********");
 #endif
                 break;
         }

diff --git a/main/http.c b/main/http.c
@@ -518,6 +518,14 @@ http_handle_add_authorization_if_needed(
             return false;
         }
     }
+    else if (GW_CFG_HTTP_AUTH_TYPE_APIKEY == auth_type)
+    {
+        str_buf = str_buf_printf_with_alloc("%s", p_http_auth->auth_apikey.api_key.buf);
+        if (NULL == str_buf.buf)
+        {
+            return false;
+        }
+    }
     else
     {
         // MISRA C:2012, 15.7 - All if...else if constructs shall be terminated with an else statement