add foundation for http password protection (#756)

1 files changed, 52 insertions, 0 deletions

diff --git a/src/zenhttp/include/zenhttp/security/passwordsecurity.h b/src/zenhttp/include/zenhttp/security/passwordsecurity.h
new file mode 100644
index 000000000..026c2865b
--- /dev/null
+++ b/src/zenhttp/include/zenhttp/security/passwordsecurity.h
@@ -0,0 +1,52 @@
+// Copyright Epic Games, Inc. All Rights Reserved.
+
+#pragma once
+
+#include <zencore/compactbinary.h>
+
+ZEN_THIRD_PARTY_INCLUDES_START
+#include <tsl/robin_map.h>
+ZEN_THIRD_PARTY_INCLUDES_END
+
+namespace zen {
+
+struct PasswordSecurityConfiguration
+{
+	std::string				 Password;							   // "password"
+	bool					 ProtectMachineLocalRequests = false;  // "protect-machine-local-requests"
+	std::vector<std::string> UnprotectedUris;					   // "unprotected-urls"
+};
+
+class PasswordSecurity
+{
+public:
+	PasswordSecurity(const PasswordSecurityConfiguration& Config);
+
+	[[nodiscard]] inline std::string_view Password() const { return m_Config.Password; }
+	[[nodiscard]] inline bool			  ProtectMachineLocalRequests() const { return m_Config.ProtectMachineLocalRequests; }
+	[[nodiscard]] bool					  IsUnprotectedUri(std::string_view Uri) const;
+
+	bool IsAllowed(std::string_view Password, std::string_view Uri, bool IsMachineLocalRequest);
+
+private:
+	const PasswordSecurityConfiguration m_Config;
+	tsl::robin_map<uint32_t, uint32_t>	m_UnprotectedUrlHashes;
+};
+
+/**
+ * Expected format (Json)
+ *	{
+ *		"password\": \"1234\",
+ *		"protect-machine-local-requests\": false,
+ *		"unprotected-urls\": [
+ *			"/health\",
+ *			"/health/info\",
+ *			"/health/version\"
+ *		]
+ *	}
+ */
+PasswordSecurityConfiguration ReadPasswordSecurityConfiguration(CbObjectView ConfigObject);
+
+void passwordsecurity_forcelink();	// internal
+
+}  // namespace zen