Ed Tanous | ba9f9a6 | 2017-10-11 16:40:35 -0700 | [diff] [blame] | 1 | #pragma once |
| 2 | |
Ed Tanous | 04e438c | 2020-10-03 08:06:26 -0700 | [diff] [blame] | 3 | #include <app.hpp> |
Ed Tanous | ba9f9a6 | 2017-10-11 16:40:35 -0700 | [diff] [blame] | 4 | #include <boost/container/flat_map.hpp> |
| 5 | #include <boost/uuid/uuid.hpp> |
| 6 | #include <boost/uuid/uuid_generators.hpp> |
| 7 | #include <boost/uuid/uuid_io.hpp> |
Ed Tanous | 04e438c | 2020-10-03 08:06:26 -0700 | [diff] [blame] | 8 | #include <http_request.hpp> |
| 9 | #include <http_response.hpp> |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 10 | #include <nlohmann/json.hpp> |
| 11 | #include <pam_authenticate.hpp> |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 12 | #include <sessions.hpp> |
Ed Tanous | ba9f9a6 | 2017-10-11 16:40:35 -0700 | [diff] [blame] | 13 | |
Gunnar Mills | 1214b7e | 2020-06-04 10:11:30 -0500 | [diff] [blame] | 14 | #include <filesystem> |
James Feist | 3909dc8 | 2020-04-03 10:58:55 -0700 | [diff] [blame] | 15 | #include <fstream> |
Gunnar Mills | 1214b7e | 2020-06-04 10:11:30 -0500 | [diff] [blame] | 16 | #include <random> |
| 17 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 18 | namespace persistent_data |
| 19 | { |
Borawski.Lukasz | 9d8fd30 | 2018-01-05 14:56:09 +0100 | [diff] [blame] | 20 | |
Ed Tanous | 52cc112 | 2020-07-18 13:51:21 -0700 | [diff] [blame] | 21 | class ConfigFile |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 22 | { |
Ed Tanous | 271584a | 2019-07-09 16:24:22 -0700 | [diff] [blame] | 23 | uint64_t jsonRevision = 1; |
Ed Tanous | c963aa4 | 2017-10-27 16:00:19 -0700 | [diff] [blame] | 24 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 25 | public: |
Ratan Gupta | 845cb7d | 2019-07-12 00:32:25 +0530 | [diff] [blame] | 26 | // todo(ed) should read this from a fixed location somewhere, not CWD |
| 27 | static constexpr const char* filename = "bmcweb_persistent_data.json"; |
| 28 | |
Ed Tanous | 52cc112 | 2020-07-18 13:51:21 -0700 | [diff] [blame] | 29 | ConfigFile() |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 30 | { |
| 31 | readData(); |
Ed Tanous | c963aa4 | 2017-10-27 16:00:19 -0700 | [diff] [blame] | 32 | } |
Ed Tanous | c963aa4 | 2017-10-27 16:00:19 -0700 | [diff] [blame] | 33 | |
Ed Tanous | 52cc112 | 2020-07-18 13:51:21 -0700 | [diff] [blame] | 34 | ~ConfigFile() |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 35 | { |
Gunnar Mills | 83cf818 | 2020-11-11 15:37:34 -0600 | [diff] [blame^] | 36 | // Make sure we aren't writing stale sessions |
| 37 | persistent_data::SessionStore::getInstance().applySessionTimeouts(); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 38 | if (persistent_data::SessionStore::getInstance().needsWrite()) |
| 39 | { |
| 40 | writeData(); |
Kowalski, Kamil | 5cef0f7 | 2018-02-15 15:26:51 +0100 | [diff] [blame] | 41 | } |
Ed Tanous | c963aa4 | 2017-10-27 16:00:19 -0700 | [diff] [blame] | 42 | } |
Ed Tanous | c963aa4 | 2017-10-27 16:00:19 -0700 | [diff] [blame] | 43 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 44 | // TODO(ed) this should really use protobuf, or some other serialization |
| 45 | // library, but adding another dependency is somewhat outside the scope of |
| 46 | // this application for the moment |
| 47 | void readData() |
| 48 | { |
| 49 | std::ifstream persistentFile(filename); |
Ed Tanous | 271584a | 2019-07-09 16:24:22 -0700 | [diff] [blame] | 50 | uint64_t fileRevision = 0; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 51 | if (persistentFile.is_open()) |
| 52 | { |
| 53 | // call with exceptions disabled |
| 54 | auto data = nlohmann::json::parse(persistentFile, nullptr, false); |
| 55 | if (data.is_discarded()) |
| 56 | { |
| 57 | BMCWEB_LOG_ERROR |
| 58 | << "Error parsing persistent data in json file."; |
| 59 | } |
| 60 | else |
| 61 | { |
| 62 | for (const auto& item : data.items()) |
| 63 | { |
| 64 | if (item.key() == "revision") |
| 65 | { |
| 66 | fileRevision = 0; |
| 67 | |
| 68 | const uint64_t* uintPtr = |
| 69 | item.value().get_ptr<const uint64_t*>(); |
| 70 | if (uintPtr == nullptr) |
| 71 | { |
| 72 | BMCWEB_LOG_ERROR << "Failed to read revision flag"; |
| 73 | } |
| 74 | else |
| 75 | { |
| 76 | fileRevision = *uintPtr; |
| 77 | } |
| 78 | } |
| 79 | else if (item.key() == "system_uuid") |
| 80 | { |
| 81 | const std::string* jSystemUuid = |
| 82 | item.value().get_ptr<const std::string*>(); |
| 83 | if (jSystemUuid != nullptr) |
| 84 | { |
| 85 | systemUuid = *jSystemUuid; |
| 86 | } |
| 87 | } |
Zbigniew Kurzynski | 7815863 | 2019-11-05 12:57:37 +0100 | [diff] [blame] | 88 | else if (item.key() == "auth_config") |
| 89 | { |
| 90 | SessionStore::getInstance() |
| 91 | .getAuthMethodsConfig() |
| 92 | .fromJson(item.value()); |
| 93 | } |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 94 | else if (item.key() == "sessions") |
| 95 | { |
| 96 | for (const auto& elem : item.value()) |
| 97 | { |
| 98 | std::shared_ptr<UserSession> newSession = |
| 99 | UserSession::fromJson(elem); |
| 100 | |
| 101 | if (newSession == nullptr) |
| 102 | { |
| 103 | BMCWEB_LOG_ERROR << "Problem reading session " |
| 104 | "from persistent store"; |
| 105 | continue; |
| 106 | } |
| 107 | |
| 108 | BMCWEB_LOG_DEBUG |
| 109 | << "Restored session: " << newSession->csrfToken |
| 110 | << " " << newSession->uniqueId << " " |
| 111 | << newSession->sessionToken; |
| 112 | SessionStore::getInstance().authTokens.emplace( |
| 113 | newSession->sessionToken, newSession); |
| 114 | } |
| 115 | } |
Manojkiran Eda | f2a4a60 | 2020-08-27 16:04:26 +0530 | [diff] [blame] | 116 | else if (item.key() == "timeout") |
| 117 | { |
| 118 | const int64_t* jTimeout = |
| 119 | item.value().get_ptr<int64_t*>(); |
| 120 | if (jTimeout == nullptr) |
| 121 | { |
| 122 | BMCWEB_LOG_DEBUG |
| 123 | << "Problem reading session timeout value"; |
| 124 | continue; |
| 125 | } |
| 126 | std::chrono::seconds sessionTimeoutInseconds(*jTimeout); |
| 127 | BMCWEB_LOG_DEBUG << "Restored Session Timeout: " |
| 128 | << sessionTimeoutInseconds.count(); |
| 129 | SessionStore::getInstance().updateSessionTimeout( |
| 130 | sessionTimeoutInseconds); |
| 131 | } |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 132 | else |
| 133 | { |
| 134 | // Do nothing in the case of extra fields. We may have |
| 135 | // cases where fields are added in the future, and we |
| 136 | // want to at least attempt to gracefully support |
| 137 | // downgrades in that case, even if we don't officially |
| 138 | // support it |
| 139 | } |
| 140 | } |
| 141 | } |
| 142 | } |
| 143 | bool needWrite = false; |
| 144 | |
| 145 | if (systemUuid.empty()) |
| 146 | { |
| 147 | systemUuid = |
| 148 | boost::uuids::to_string(boost::uuids::random_generator()()); |
| 149 | needWrite = true; |
| 150 | } |
| 151 | if (fileRevision < jsonRevision) |
| 152 | { |
| 153 | needWrite = true; |
| 154 | } |
| 155 | // write revision changes or system uuid changes immediately |
| 156 | if (needWrite) |
| 157 | { |
| 158 | writeData(); |
| 159 | } |
| 160 | } |
| 161 | |
| 162 | void writeData() |
| 163 | { |
| 164 | std::ofstream persistentFile(filename); |
Ratan Gupta | 845cb7d | 2019-07-12 00:32:25 +0530 | [diff] [blame] | 165 | |
| 166 | // set the permission of the file to 640 |
Ed Tanous | 52cc112 | 2020-07-18 13:51:21 -0700 | [diff] [blame] | 167 | std::filesystem::perms permission = |
| 168 | std::filesystem::perms::owner_read | |
| 169 | std::filesystem::perms::owner_write | |
| 170 | std::filesystem::perms::group_read; |
| 171 | std::filesystem::permissions(filename, permission); |
Ed Tanous | 5fb91ba | 2020-09-28 15:41:28 -0700 | [diff] [blame] | 172 | const auto& c = SessionStore::getInstance().getAuthMethodsConfig(); |
Ed Tanous | dc511aa | 2020-10-21 12:33:42 -0700 | [diff] [blame] | 173 | nlohmann::json data{ |
| 174 | {"auth_config", |
| 175 | {{"XToken", c.xtoken}, |
| 176 | {"Cookie", c.cookie}, |
| 177 | {"SessionToken", c.sessionToken}, |
| 178 | {"BasicAuth", c.basic}, |
| 179 | {"TLS", c.tls}} |
Ratan Gupta | 845cb7d | 2019-07-12 00:32:25 +0530 | [diff] [blame] | 180 | |
Ed Tanous | dc511aa | 2020-10-21 12:33:42 -0700 | [diff] [blame] | 181 | }, |
| 182 | {"system_uuid", systemUuid}, |
| 183 | {"revision", jsonRevision}, |
| 184 | {"timeout", SessionStore::getInstance().getTimeoutInSeconds()}}; |
Ed Tanous | 5fb91ba | 2020-09-28 15:41:28 -0700 | [diff] [blame] | 185 | |
| 186 | nlohmann::json& sessions = data["sessions"]; |
| 187 | sessions = nlohmann::json::array(); |
| 188 | for (const auto& p : SessionStore::getInstance().authTokens) |
| 189 | { |
| 190 | if (p.second->persistence != |
| 191 | persistent_data::PersistenceType::SINGLE_REQUEST) |
| 192 | { |
| 193 | sessions.push_back({ |
| 194 | {"unique_id", p.second->uniqueId}, |
| 195 | {"session_token", p.second->sessionToken}, |
| 196 | {"username", p.second->username}, |
| 197 | {"csrf_token", p.second->csrfToken}, |
Sunitha Harish | c0ea7ae | 2020-10-30 02:37:30 -0500 | [diff] [blame] | 198 | {"client_ip", p.second->clientIp}, |
Ed Tanous | 5fb91ba | 2020-09-28 15:41:28 -0700 | [diff] [blame] | 199 | #ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE |
| 200 | {"client_id", p.second->clientId}, |
| 201 | #endif |
| 202 | }); |
| 203 | } |
| 204 | } |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 205 | persistentFile << data; |
| 206 | } |
| 207 | |
| 208 | std::string systemUuid{""}; |
Ed Tanous | ba9f9a6 | 2017-10-11 16:40:35 -0700 | [diff] [blame] | 209 | }; |
| 210 | |
Ed Tanous | 52cc112 | 2020-07-18 13:51:21 -0700 | [diff] [blame] | 211 | inline ConfigFile& getConfig() |
| 212 | { |
| 213 | static ConfigFile f; |
| 214 | return f; |
| 215 | } |
| 216 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 217 | } // namespace persistent_data |