Merge branch 'main' into zs/web-ui-improvements

1 files changed, 46 insertions, 4 deletions

diff --git a/src/zenserver/zenserver.cpp b/src/zenserver/zenserver.cpp
index d54357368..7f9bf56a9 100644
--- a/src/zenserver/zenserver.cpp
+++ b/src/zenserver/zenserver.cpp
@@ -23,6 +23,7 @@
 #include <zencore/trace.h>
 #include <zencore/workthreadpool.h>
 #include <zenhttp/httpserver.h>
+#include <zenhttp/security/passwordsecurityfilter.h>
 #include <zentelemetry/otlptrace.h>
 #include <zenutil/service.h>
 #include <zenutil/workerpools.h>
@@ -142,6 +143,8 @@ ZenServerBase::Initialize(const ZenServerConfig& ServerOptions, ZenServerState::
 
 	ZEN_INFO("Effective concurrency: {} (hw: {})", GetHardwareConcurrency(), std::thread::hardware_concurrency());
 
+	InitializeSecuritySettings(ServerOptions);
+
 	m_StatusService.RegisterHandler("status", *this);
 	m_Http->RegisterService(m_StatusService);
 
@@ -386,10 +389,10 @@ ZenServerBase::LogSettingsSummary(const ZenServerConfig& ServerConfig)
 {
 	// clang-format off
 	std::list<std::pair<std::string_view, std::string>> Settings = {
-		{"DataDir"sv, 				ServerConfig.DataDir.string()},
-		{"AbsLogFile"sv,			ServerConfig.LoggingConfig.AbsLogFile.string()},
-		{"SystemRootDir"sv, 		ServerConfig.SystemRootDir.string()},
-		{"ContentDir"sv, 			ServerConfig.ContentDir.string()},
+		{"DataDir"sv, 				fmt::format("{}", ServerConfig.DataDir)},
+		{"AbsLogFile"sv,			fmt::format("{}", ServerConfig.LoggingConfig.AbsLogFile)},
+		{"SystemRootDir"sv, 		fmt::format("{}", ServerConfig.SystemRootDir)},
+		{"ContentDir"sv, 			fmt::format("{}", ServerConfig.ContentDir)},
 		{"BasePort"sv, 				fmt::to_string(ServerConfig.BasePort)},
 		{"IsDebug"sv, 				fmt::to_string(ServerConfig.IsDebug)},
 		{"IsCleanStart"sv, 			fmt::to_string(ServerConfig.IsCleanStart)},
@@ -406,6 +409,7 @@ ZenServerBase::LogSettingsSummary(const ZenServerConfig& ServerConfig)
 		{"Sentry DSN"sv,			ServerConfig.SentryConfig.Dsn.empty() ? "not set" : ServerConfig.SentryConfig.Dsn},
 		{"Sentry Environment"sv,	ServerConfig.SentryConfig.Environment},
 		{"Statsd Enabled"sv,		fmt::to_string(ServerConfig.StatsConfig.Enabled)},
+		{"SecurityConfigPath"sv,	fmt::format("{}", ServerConfig.SecurityConfigPath)},
 	};
 	// clang-format on
 
@@ -432,6 +436,44 @@ ZenServerBase::LogSettingsSummary(const ZenServerConfig& ServerConfig)
 	}
 }
 
+void
+ZenServerBase::InitializeSecuritySettings(const ZenServerConfig& ServerOptions)
+{
+	ZEN_ASSERT(m_Http);
+
+	if (!ServerOptions.SecurityConfigPath.empty())
+	{
+		IoBuffer		 SecurityJson = ReadFile(ServerOptions.SecurityConfigPath).Flatten();
+		std::string_view Json(reinterpret_cast<const char*>(SecurityJson.GetData()), SecurityJson.GetSize());
+		std::string		 JsonError;
+		CbObject		 SecurityConfig = LoadCompactBinaryFromJson(Json, JsonError).AsObject();
+		if (!JsonError.empty())
+		{
+			throw std::runtime_error(
+				fmt::format("Invalid security configuration file at {}. '{}'", ServerOptions.SecurityConfigPath, JsonError));
+		}
+
+		CbObjectView HttpRootFilterConfig = SecurityConfig["http"sv].AsObjectView()["root"sv].AsObjectView()["filter"sv].AsObjectView();
+		if (HttpRootFilterConfig)
+		{
+			std::string_view FilterType = HttpRootFilterConfig["type"sv].AsString();
+			if (FilterType == PasswordHttpFilter::TypeName)
+			{
+				PasswordHttpFilter::Configuration Config =
+					PasswordHttpFilter::ReadConfiguration(HttpRootFilterConfig["config"].AsObjectView());
+				m_HttpRequestFilter = std::make_unique<PasswordHttpFilter>(Config);
+				m_Http->SetHttpRequestFilter(m_HttpRequestFilter.get());
+			}
+			else
+			{
+				throw std::runtime_error(fmt::format("Security configuration file at {} references unknown http root filter type '{}'",
+													 ServerOptions.SecurityConfigPath,
+													 FilterType));
+			}
+		}
+	}
+}
+
 //////////////////////////////////////////////////////////////////////////
 
 ZenServerMain::ZenServerMain(ZenServerConfig& ServerOptions) : m_ServerOptions(ServerOptions)