Add jwt support for thing-url-adapter (#96)

* Add ability to provide jwts for adapter urls and wss
If url -- set auth to bearer with jwt
If wss -- Add to query string
Load jwt_auth object at start
from jwt_auth.json file. In the same dir as addon
hostname.local:port : token

* refactor code -- use a function to get a configured header.
move jwt_auth.json to .mozilla-iot/config

* Update readme.

* Update readme.

* Update readme.

* Update readme.

* modified mainfest to add config option for adding jwts on the adapter config page.

added secureThings property
add to db as:

<hostname>:<port> <jwt>
with a space between

* update read me

* add check to see if secureThings is in config

* #96 (comment)

Renamed getHeaders to getHeaders().

* #96 (comment)

Change query param for websocket to ?jwt=<token>

* #96 (comment)

remove unneeded ws==null check

* #96 (comment)

Modify manifest.json to collect parameters for jwt, basic and digest auth. Store in config.
Update load thing to pull data for auth from config url data.
Massaged functions as needed to accomodate the auth stuff.
Only JWT is implemented in the adapter code. Stubs are in place to add basic and digest.

Will have to add code at lines 52, 297, and 856

* #96 (comment)

#96 (comment)

#96 (comment)

Proper naming, remove unneeded comments, remove console.log of AUTH_DATA

* #96 (comment)

Add config file update to loadThingURLAdapter.

* #96 (comment)

Add 'none' to auth mehtods. On upgrade of config and authenticaton object is added with a method property of 'none'

* #96 (comment)

move getHeaders function and authData to ThingURLAdapter.
Added adapter property to ThingURLDevice and set it in the constructor.
Changed all the getHeader() call accordingly.

* #96 (comment)

Update read me with instructions for secure thing usage.
Change rev to 5.0 in manifest and package.jsnon

* #96 (comment)

Types and grammar.

* #96 (comment)

Types and grammar.

* Latest polishing of code
Remove redundant this.adapter
Use part of authentication object for authData
Typos and capitolization

* Remove unneeded console.log statement

* Remove un-needed comments.
Correct getHeaders for eventsUrl and perfromAction
Rename variable url_stub

* Refactor for loops

* correct incorrect spelling

Author: Marc Graham

README.md

@@ -3,7 +3,29 @@
 This is an adapter add-on for the [Mozilla WebThings Gateway](https://github.com/mozilla-iot/gateway) that allows a user to discover native web things on their network.
 
 ## Adding Web Things to Gateway
-
 * Usually, your custom web things should be auto-detected on the network via mDNS, so they should appear in the usual "Add Devices" screen.
 * If they're not auto-detected, you can click "Add by URL..." at the bottom of the page and use the URL of your web thing.
     * If you're trying to add a server that contains multiple web things, i.e. the "multiple-things" examples from the [webthing-python](https://github.com/mozilla-iot/webthing-python), [webthing-node](https://github.com/mozilla-iot/webthing-node), or [webthing-java](https://github.com/mozilla-iot/webthing-java) libraries, you'll have to add them individually. You can do so by addressing them numerically, i.e. `http://myserver.local:8888/0` and `http://myserver.local:8888/1`.
+
+## Secure Web Things
+* Web Things that require jwt, basic or digest authentication can be supported by adding configuration options on the adapter page.
+* To add a secure Web Thing:
+
+    * Use the hamburger to open the side menu and select "Settings".
+
+    ![select_settings.png](images/select_settings.png)
+
+    * Select "Add-ons".
+
+    ![select_addons.png](images/select_addons.png)
+
+    * Find the Web Thing adapter and select "Configure".
+
+    ![select_configure.png](images/select_configure.png)
+
+    * Enter data relevant to the desired authentication method.
+    * To manually enter device URLs with no authentication select 'none' for the method.
+
+    ![enter_data.png](images/enter_data.png)
+
+    * Save the entry by pressing "Apply" at the bottom of the page.

images/enter_data.png

@@ -30,7 +30,50 @@
         "urls": {
           "type": "array",
           "items": {
-            "type": "string"
+            "type": "object",
+            "required": [
+              "href"
+            ],
+            "properties": {
+              "href": {
+                "description": "Base URL of web thing",
+                "type": "string"
+              },
+              "authentication": {
+                "description": "Authentication credentials",
+                "type": "object",
+                "required": [
+                  "method"
+                ],
+                "properties": {
+                  "method": {
+                    "type": "string",
+                    "enum": [
+                      "none",
+                      "basic",
+                      "digest",
+                      "jwt"
+                    ]
+                  },
+                  "username": {
+                    "description": "Username (for basic and digest)",
+                    "type": "string"
+                  },
+                  "password": {
+                    "description": "Password (for basic and digest)",
+                    "type": "string"
+                  },
+                  "realm": {
+                    "description": "Realm (for digest)",
+                    "type": "string"
+                  },
+                  "token": {
+                    "description": "Token (for JWT)",
+                    "type": "string"
+                  }
+                }
+              }
+            }
           }
         },
         "pollInterval": {
@@ -41,5 +84,5 @@
     }
   },
   "short_name": "Web Thing",
-  "version": "0.4.8"
+  "version": "0.5.0"
 }

images/select_addons.png

@@ -1,6 +1,6 @@
 {
   "name": "thing-url-adapter",
-  "version": "0.4.8",
+  "version": "0.5.0",
   "description": "Native web thing support",
   "author": "Mozilla IoT",
   "main": "index.js",

images/select_configure.png

@@ -38,6 +38,7 @@ const POLL_INTERVAL = 5 * 1000;
 const WS_INITIAL_BACKOFF = 1000;
 const WS_MAX_BACKOFF = 30 * 1000;
 
+
 class ThingURLProperty extends Property {
   constructor(device, name, url, propertyDescription) {
     super(device, name, propertyDescription);
@@ -71,12 +72,10 @@ class ThingURLProperty extends Property {
       return Promise.resolve(value);
     }
 
+    const headers = this.device.adapter.getHeaders(this.url, true);
     return fetch(this.url, {
       method: 'PUT',
-      headers: {
-        'Content-type': 'application/json',
-        Accept: 'application/json',
-      },
+      headers: headers,
       body: JSON.stringify({
         [this.name]: value,
       }),
@@ -118,6 +117,7 @@ class ThingURLDevice extends Device {
     this.scheduledUpdate = null;
     this.closing = false;
 
+
     for (const actionName in description.actions) {
       const action = description.actions[actionName];
       if (action.hasOwnProperty('links')) {
@@ -165,11 +165,10 @@ class ThingURLDevice extends Device {
         propertyUrl = this.baseHref + propertyDescription.href;
       }
 
+      const headers = this.adapter.getHeaders(propertyUrl);
       this.propertyPromises.push(
         fetch(propertyUrl, {
-          headers: {
-            Accept: 'application/json',
-          },
+          headers: headers,
         }).then((res) => {
           return res.json();
         }).then((res) => {
@@ -265,7 +264,24 @@ class ThingURLDevice extends Device {
       return;
     }
 
-    this.ws = new WebSocket(this.wsUrl);
+    let auth = '';
+    for (const [url, authData] of Object.entries(this.adapter.authData)) {
+      if (this.wsUrl.includes(url)) {
+        switch (authData.method) {
+          case 'jwt':
+            auth = `?jwt=${authData.token}`;
+            break;
+          case 'basic':
+          case 'digest':
+          default:
+            // not implemented
+            break;
+        }
+        break;
+      }
+    }
+
+    this.ws = new WebSocket(`${this.wsUrl}${auth}`, '', {});
 
     this.ws.on('open', () => {
       this.connectedNotify(true);
@@ -363,10 +379,9 @@ class ThingURLDevice extends Device {
 
     // Update properties
     await Promise.all(Array.from(this.properties.values()).map((prop) => {
+      const headers = this.adapter.getHeaders(prop.url);
       return fetch(prop.url, {
-        headers: {
-          Accept: 'application/json',
-        },
+        headers: headers,
       }).then((res) => {
         return res.json();
       }).then((res) => {
@@ -381,10 +396,9 @@ class ThingURLDevice extends Device {
     })).then(() => {
       // Check for new actions
       if (this.actionsUrl !== null) {
+        const headers = this.adapter.getHeaders(this.actionsUrl);
         return fetch(this.actionsUrl, {
-          headers: {
-            Accept: 'application/json',
-          },
+          headers: headers,
         }).then((res) => {
           return res.json();
         }).then((actions) => {
@@ -408,10 +422,9 @@ class ThingURLDevice extends Device {
     }).then(() => {
       // Check for new events
       if (this.eventsUrl !== null) {
+        const headers = this.adapter.getHeaders(this.eventsUrl);
         return fetch(this.eventsUrl, {
-          headers: {
-            Accept: 'application/json',
-          },
+          headers: headers,
         }).then((res) => {
           return res.json();
         }).then((events) => {
@@ -464,13 +477,10 @@ class ThingURLDevice extends Device {
 
   performAction(action) {
     action.start();
-
+    const headers = this.adapter.getHeaders(this.actionsUrl, true);
     return fetch(this.actionsUrl, {
       method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        Accept: 'application/json',
-      },
+      headers: headers,
       body: JSON.stringify({[action.name]: {input: action.input}}),
     }).then((res) => {
       return res.json();
@@ -488,11 +498,11 @@ class ThingURLDevice extends Device {
 
     this.requestedActions.forEach((action, actionHref) => {
       if (action.name === actionName && action.id === actionId) {
+        const headers = this.adapter.getHeaders(actionHref);
+
         promise = fetch(actionHref, {
           method: 'DELETE',
-          headers: {
-            Accept: 'application/json',
-          },
+          headers: headers,
         }).catch((e) => {
           console.log(`Failed to cancel action: ${e}`);
         });
@@ -516,6 +526,30 @@ class ThingURLAdapter extends Adapter {
     this.knownUrls = {};
     this.savedDevices = new Set();
     this.pollInterval = POLL_INTERVAL;
+    this.authData = {};
+  }
+
+  getHeaders(_url, contentType = false) {
+    const headers = {Accept: 'application/json'};
+    if (contentType) {
+      headers['Content-Type'] = 'application/json';
+    }
+    for (const [url, authData] of Object.entries(this.authData)) {
+      if (_url.includes(url)) {
+        switch (authData.method) {
+          case 'jwt':
+            headers.Authorization = `Bearer ${authData.token}`;
+            break;
+          case 'basic':
+          case 'digest':
+          default:
+            // not implemented
+            break;
+        }
+        break;
+      }
+    }
+    return headers;
   }
 
   async loadThing(url, retryCounter) {
@@ -537,8 +571,9 @@ class ThingURLAdapter extends Adapter {
     }
 
     let res;
+    const headers = this.getHeaders(url);
     try {
-      res = await fetch(url, {headers: {Accept: 'application/json'}});
+      res = await fetch(url, {headers: headers});
     } catch (e) {
       // Retry the connection at a 2 second interval up to 5 times.
       if (retryCounter >= 5) {
@@ -799,10 +834,58 @@ function loadThingURLAdapter(addonManager) {
       adapter.pollInterval = config.pollInterval * 1000;
     }
 
-    for (const url of config.urls) {
-      adapter.loadThing(url);
+    let modified = false;
+    const urls = [];
+    for (const entry of config.urls) {
+      if (typeof entry === 'string') {
+        urls.push({
+          href: entry,
+          authentication: {
+            method: 'none',
+          },
+        });
+        modified = true;
+      } else {
+        urls.push(entry);
+      }
+    }
+
+    if (modified) {
+      config.urls = urls;
+      db.saveConfig(config);
     }
 
+    for (const url of config.urls) {
+      if ('authentication' in url) {
+        // remove http(s) from url
+        let urlStub = '';
+        if (url.href.includes('http://')) {
+          urlStub = url.href.substr(7);
+        }
+        if (url.href.includes('https://')) {
+          urlStub = url.href.substr(8);
+        }
+        switch (url.authentication.method) {
+          case 'jwt':
+            adapter.authData[urlStub] = url.authentication;
+            break;
+          case 'basic':
+            // adapter.authData[url_stub] = url.authentication;
+            // break;
+            // eslint-disable-next-line no-fallthrough
+          case 'digest':
+            // adapter.authData[url_stub] = url.authentication;
+            // break;
+            // eslint-disable-next-line no-fallthrough
+          case 'none':
+            break;
+          default:
+            console.log(`${url.authentication.method} is not implemented`);
+            break;
+        }
+      }
+      adapter.loadThing(url.href);
+    }
     startDNSDiscovery(adapter);
   }).catch(console.error);
 }