Added basic support for Middleware/Proxy functions and Basic Auth. Close fhessel#10

Author: fhessel

https/HTTPConnection.cpp

@@ -425,7 +425,7 @@ void HTTPConnection::loop() {
 					}
 
 					// Create request context
-					HTTPRequest req  = HTTPRequest(this, _httpHeaders, resolvedResource.getParams());
+					HTTPRequest req  = HTTPRequest(this, _httpHeaders, resolvedResource.getParams(), _httpResource, _httpMethod);
 					HTTPResponse res = HTTPResponse(this);
 
 					// Add default headers to the response
@@ -434,9 +434,23 @@ void HTTPConnection::loop() {
 						res.setHeader((*header)->_name, (*header)->_value);
 					}
 
-					// Call the callback
-					HTTPS_DLOG("[   ] Calling handler function");
-					resolvedResource.getMatchingNode()->_callback(&req, &res);
+					// Callback for the actual resource
+					HTTPSCallbackFunction * resourceCallback = resolvedResource.getMatchingNode()->_callback;
+
+ 					// Get the current middleware chain
+					auto vecMw = _resResolver->getMiddleware();
+
+ 					// Anchor of the chain is the actual resource. The call to the handler is bound here
+					std::function<void()> next = std::function<void()>(std::bind(resourceCallback, &req, &res));
+
+ 					// Go back in the middleware chain and glue everything together
+					auto itMw = vecMw.rbegin();
+					while(itMw != vecMw.rend()) {
+						next = std::function<void()>(std::bind((*itMw), &req, &res, next));
+						itMw++;
+					}
+ 					// Call the whole chain
+					next();
 
 					// The callback-function should have read all of the request body.
 					// However, if it does not, we need to clear the request body now,

https/HTTPConnection.hpp

@@ -4,6 +4,7 @@
 #include <Arduino.h>
 
 #include <string>
+#include <functional>
 
 // Required for sockets
 #include "lwip/netdb.h"

https/HTTPMiddlewareFunction.hpp

@@ -0,0 +1,25 @@
+#ifndef HTTPS_HTTPMIDDLEWAREFUNCTION_HPP_
+#define HTTPS_HTTPMIDDLEWAREFUNCTION_HPP_
+
+#include <functional>
+
+#include "HTTPRequest.hpp"
+#include "HTTPResponse.hpp"
+#include "HTTPSCallbackFunction.hpp"
+
+namespace httpsserver {
+	/**
+	 * A middleware function that can be registered at the server.
+	 *
+	 * It will be called before an incoming request is passed to any HTTPSCallbackFunction and may perform
+	 * operations like redirects or authentication.
+	 *
+	 * It receives the request and response object as well as a function pointer ("next") to pass on processing.
+	 * This allows chaining those functions. If next() is not called, the HTTPSCallbackFunction that
+	 * would match the request url will not be invoked. This might become handy if you want to intercept request
+	 * handling in case of missing authentication. Don't forget to call next in case you want to access your
+	 * resources, though.
+	 */
+	typedef void (HTTPSMiddlewareFunction)(HTTPRequest * req, HTTPResponse * res, std::function<void()> next);
+}
+ #endif /* HTTPS_HTTPMIDDLEWAREFUNCTION_HPP_ */

https/HTTPRequest.cpp

@@ -9,10 +9,12 @@
 
 namespace httpsserver {
 
-HTTPRequest::HTTPRequest(ConnectionContext * con, HTTPHeaders * headers, ResourceParameters * params):
+HTTPRequest::HTTPRequest(ConnectionContext * con, HTTPHeaders * headers, ResourceParameters * params, std::string requestString, std::string method):
 	_con(con),
 	_headers(headers),
-	_params(params) {
+	_params(params),
+	_requestString(requestString),
+	_method(method) {
 
 	HTTPHeader * contentLength = headers->get("Content-Length");
 	if (contentLength == NULL) {
@@ -43,6 +45,10 @@ std::string HTTPRequest::getHeader(std::string name) {
 	}
 }
 
+void HTTPRequest::setHeader(std::string name, std::string value) {
+	_headers->set(new HTTPHeader(name, value));
+}
+
 size_t HTTPRequest::readBytes(byte * buffer, size_t length) {
 
 	// Limit reading to content length
@@ -67,6 +73,14 @@ size_t HTTPRequest::getContentLength() {
 	return _remainingContent;
 }
 
+std::string HTTPRequest::getRequestString() {
+	return _requestString;
+}
+
+std::string HTTPRequest::getMethod() {
+	return _method;
+}
+
 bool HTTPRequest::requestComplete() {
 	if (_contentLengthSet) {
 		// If we have a content size, rely on it.
@@ -87,6 +101,59 @@ void HTTPRequest::discardRequestBody() {
 	}
 }
 
+std::string HTTPRequest::getBasicAuthUser() {
+	std::string token = decodeBasicAuthToken();
+	size_t splitpoint = token.find(":");
+	if (splitpoint != std::string::npos && splitpoint > 0) {
+		return token.substr(0, splitpoint);
+	} else {
+		return std::string();
+	}
+}
+
+std::string HTTPRequest::getBasicAuthPassword() {
+	std::string token = decodeBasicAuthToken();
+	size_t splitpoint = token.find(":");
+	if (splitpoint != std::string::npos && splitpoint > 0) {
+		return token.substr(splitpoint+1);
+	} else {
+		return std::string();
+	}
+}
+
+std::string HTTPRequest::decodeBasicAuthToken() {
+ 	std::string basicAuthString = getHeader("Authorization");
+ 	// Get the length of the token
+	size_t sourceLength = basicAuthString.length();
+ 	// Only handle basic auth tokens
+	if (basicAuthString.substr(0, 6) != "Basic ") {
+		return std::string();
+	}
+ 	// If the token is too long, skip
+	if (sourceLength > 100) {
+		return std::string();
+ 	} else {
+		// Try to decode. As we are using mbedtls anyway, we can use that function
+		unsigned char * bufOut = new unsigned char[basicAuthString.length()];
+		size_t outputLength = 0;
+		int res = mbedtls_base64_decode(
+				bufOut,
+				sourceLength,
+				&outputLength,
+				((const unsigned char *)basicAuthString.substr(6).c_str()), // Strip "Basic "
+				sourceLength - 6 // Strip "Basic "
+		);
+ 		// Failure of decoding
+		if (res != 0) {
+			delete[] bufOut;
+			return std::string();
+		}
+ 		std::string tokenRes = std::string((char*)bufOut, outputLength);
+		delete[] bufOut;
+		return tokenRes;
+	}
+}
+
 bool HTTPRequest::isSecure() {
 	return _con->isSecure();
 }

https/HTTPRequest.hpp

@@ -11,6 +11,8 @@
 #include <Arduino.h>
 #include <string>
 
+#include <mbedtls/base64.h>
+
 #include "util.hpp"
 
 #include "ConnectionContext.hpp"
@@ -22,25 +24,35 @@ namespace httpsserver {
 
 class HTTPRequest {
 public:
-	HTTPRequest(ConnectionContext * con, HTTPHeaders * headers, ResourceParameters * resource);
+	HTTPRequest(ConnectionContext * con, HTTPHeaders * headers, ResourceParameters * resource, std::string requestString, std::string method);
 	virtual ~HTTPRequest();
 
 	std::string getHeader(std::string name);
+	void setHeader(std::string name, std::string value);
+	std::string getRequestString();
+	std::string getMethod();
 
 	size_t readChars(char * buffer, size_t length);
 	size_t readBytes(byte * buffer, size_t length);
 	size_t getContentLength();
 	bool   requestComplete();
 	void   discardRequestBody();
 	ResourceParameters * getParams();
+	std::string getBasicAuthUser();
+	std::string getBasicAuthPassword();
 	bool   isSecure();
 private:
+	std::string decodeBasicAuthToken();
+
 	ConnectionContext * _con;
 
 	HTTPHeaders * _headers;
 
 	ResourceParameters * _params;
 
+	std::string _requestString;
+	std::string _method;
+
 	bool _contentLengthSet;
 	size_t _remainingContent;
 };

https/ResourceResolver.cpp

@@ -180,6 +180,18 @@ void ResourceResolver::resolveNode(const std::string &method, const std::string
 	}
 }
 
+void ResourceResolver::addMiddleware(const HTTPSMiddlewareFunction * mwFunction) {
+	_middleware.push_back(mwFunction);
+}
+
+void ResourceResolver::removeMiddleware(const HTTPSMiddlewareFunction * mwFunction) {
+	_middleware.erase(std::remove(_middleware.begin(), _middleware.end(), mwFunction), _middleware.end());
+}
+
+const std::vector<HTTPSMiddlewareFunction*> ResourceResolver::getMiddleware() {
+	return _middleware;
+}
+
 void ResourceResolver::setDefaultNode(ResourceNode * defaultNode) {
 	_defaultNode = defaultNode;
 }

https/ResourceResolver.hpp

@@ -13,9 +13,11 @@
 #undef min
 #undef max
 #include <vector>
+#include <algorithm>
 
 #include "ResourceNode.hpp"
 #include "ResolvedResource.hpp"
+#include "HTTPMiddlewareFunction.hpp"
 
 namespace httpsserver {
 
@@ -28,11 +30,22 @@ class ResourceResolver {
 	void unregisterNode(ResourceNode *node);
 	void setDefaultNode(ResourceNode *node);
 	void resolveNode(const std::string &method, const std::string &url, ResolvedResource &resolvedResource);
+
+	/** Add a middleware function to the end of the middleware function chain. See HTTPSMiddlewareFunction.hpp for details. */
+	void addMiddleware(const HTTPSMiddlewareFunction * mwFunction);
+	/** Remove a specific function from the middleware function chain. */
+	void removeMiddleware(const HTTPSMiddlewareFunction * mwFunction);
+	/** Get the current middleware chain with a resource function at the end */
+	const std::vector<HTTPSMiddlewareFunction*> getMiddleware();
+
 private:
 
 	// This vector holds all nodes (with callbacks) that are registered
 	std::vector<ResourceNode*> * _nodes;
 	ResourceNode * _defaultNode;
+
+	// Middleware functions, if any are registered. Will be called in order of the vector.
+	std::vector<const HTTPSMiddlewareFunction*> _middleware;
 };
 
 } /* namespace httpsserver */