leosac / access-control Goto Github PK
View Code? Open in Web Editor NEWLeosac Access Control - Open Source Physical Access Control System
Home Page: https://leosac.com
License: GNU Affero General Public License v3.0
Leosac Access Control - Open Source Physical Access Control System
Home Page: https://leosac.com
License: GNU Affero General Public License v3.0
Current implementation only supports one control mode: it opens few seconds a door if the AuthRequest is authorized. Abstraction level should be added and end-user should be able to configure a list of control mode according to days / hours / . For instance:
Current Leosac units are autonomous. We should be able to chains units as slaves and manage them only on a master unit. Communication should use web services #13.
Current LED / Buzzer behavior only works as #4. Generally speaking, we should manage LED1 (green), LED2 (red) and Buzzer if these devices defined on the door configuration. There is currently no support for LED2 if defined, and we should improve user feedback (unauthorized access should blink leds and buzz error, ...)
Implements base code to handle "Access Profile". A profile
holds the base configuration information about whether or not a user
will be granted access.
The profile control which days / hours the user has access. It also
controls what door the user has access to.
A user can have multiple access card, but only one access profile.
An access card maps to a user. The user's profile is then used to
grant or deny access.
Temporary access card also exists. Those maps directly to access profile.
A group can map to an access profile.
A user can be part of a group. If the user has a specific access
profile, his group profile shall be ignored.
This looks like this:
Profile <------ user <------ cards
<------ temporary cards.
<------ group <----- user
This is related to authentications modules: mapping will vary (LDAP
backend to map user to group, SQL backend that holds acess profile
info, group membership, etc).
The control code should be reusable once the proper access profile,
group, user, and cards are correctly mapped.
Wiegand module support high
and low
GPIO pin.
led
and buzzer
device too as part of a wiegand device.This requires #38 to be completed.
Leosac system should be accessible through a REST web service for all features and configurations. Need a proper ws authentication system and https communication support (certificates must be configurable).
The ON
command with a timer is not implemented in sysfsgpio
and will simply ignore the timer silently.
reasons:
Some wiegand reader support PIN code. The way the code is sent (using
wiegand protocol) may vary. We need to support this.
PIN Code handling may also vary. It can be coupled to the card ID, be
"installation specific" (for a raspi),
We need to support @Liryna changes to rpleth:
Use case: this is to manage students's absence / presence.
Related to #13, a remote configuration infrastructure must be in
place. One shall be able to edit the configuration of any device from
a single place. In case the configuration change has impact over
multiple devices, propagation shall take place automatically.
In other words, we need device discovery and a way to replicate /
dispatch configuration.
Asserting triggered in /home/pi/leosac/leosac/src/modules/rpleth/RplethModule.cpp:316
. This happens if the wiegand reader read garbage (only 2 bits for example).
This is due to card number conversion that fails because the input is invalid.
Add proper buzzer module with predefined "song".
It'll be very similar to LED module.
Change current hex content in xml format.
Ex:
de:ad:be:ef
should become something like
<card type="hex" length="32">de:ad:be:ef</card>
replace:
typedef std::map<int, std::string> GpioAliases;
by
using GpioAliases = std::map<int, std::string>;
for example
Current zmq branch has a lot of code duplication inside modules.
Need to define an abstract base class for modules that would work as a "implemementation helper".
Leosac should be configurable through a web interface. This interface is ideally independent from Leosac itself (but can run embedded into a Leaosac unit, ideally the master) and should only consume web services #13. That means a full HTML5 / JavaScript frontend without any server-side module should be good enough and much more flexible.
Rpleth protocol has network reconfiguration commands.
We should support these commands (GetDhcpState / SetDhcpState / SetReaderIp / SetReaderMac / SetReaderSubnet / SetReaderGateway / SetReaderPort / ResetReader) to avoid ssh connection for network reconfiguration.
We need to re-introduce the activity monitor in order to provide
general "health check" or "status report" in a visual way to the end
user.
For example, led could be controlled to tell if there is any network
activity, or to tell whether or not we are properly connected with
some devices.
Current Authentication module is too simple. A new auth module should be created with support of the following features:
We should also support holidays and 3*8 organization.
New logging library seems very good (spdlog). Current logging macros use spdlog's std::cout
sink.
Rpleth either stream all read card or bulk send via special command
first draft in commit b34e834
Need to specc message passing between "auth source module" (such as Module::Wiegand) and other parts of the system.
Need formal a well defined spec, that will be implementable by other "auth source" module.
This should probably be documented in a special doxygen page. Not "inline" documentation.
Some exceptions are not caught when thrown in worker threads
It now always blink/beep on stable-fix branch.
Make this configurable for branch develop.
[ 19%] Building CXX object src/CMakeFiles/leosac_lib.dir/core/moduleprotocol/moduleprotocol.cpp.o
In file included from /home/linaro/leosac/src/core/moduleprotocol/imoduleprotocol.hpp:12:0,
from /home/linaro/leosac/src/core/icore.hpp:13,
from /home/linaro/leosac/src/modules/imodule.hpp:11,
from /home/linaro/leosac/src/core/moduleprotocol/moduleprotocol.hpp:19,
from /home/linaro/leosac/src/core/moduleprotocol/moduleprotocol.cpp:7:
/home/linaro/leosac/src/core/moduleprotocol/authrequest.hpp: In instantiation of 'constexpr std::pair<_T1, _T2>::pair(_U1&&, _U2&&) [with _U1 = long unsigned int&; _U2 = AuthRequest&; <template-parameter-2-3> = void; _T1 = const long unsigned int; _T2 = AuthRequest]':
/usr/include/c++/4.8/bits/stl_tree.h:140:49: required from 'std::_Rb_tree_node<_Val>::_Rb_tree_node(_Args&& ...) [with _Args = {long unsigned int&, AuthRequest&}; _Val = std::pair<const long unsigned int, AuthRequest>]'
/usr/include/c++/4.8/ext/new_allocator.h:120:4: required from 'void __gnu_cxx::new_allocator<_Tp>::construct(_Up*, _Args&& ...) [with _Up = std::_Rb_tree_node<std::pair<const long unsigned int, AuthRequest> >; _Args = {long unsigned int&, AuthRequest&}; _Tp = std::_Rb_tree_node<std::pair<const long unsigned int, AuthRequest> >]'
/usr/include/c++/4.8/bits/alloc_traits.h:254:4: required from 'static typename std::enable_if<std::allocator_traits<_Alloc>::__construct_helper<_Tp, _Args>::value, void>::type std::allocator_traits<_Alloc>::_S_construct(_Alloc&, _Tp*, _Args&& ...) [with _Tp = std::_Rb_tree_node<std::pair<const long unsigned int, AuthRequest> >; _Args = {long unsigned int&, AuthRequest&}; _Alloc = std::allocator<std::_Rb_tree_node<std::pair<const long unsigned int, AuthRequest> > >; typename std::enable_if<std::allocator_traits<_Alloc>::__construct_helper<_Tp, _Args>::value, void>::type = void]'
/usr/include/c++/4.8/bits/alloc_traits.h:393:57: required from 'static decltype (_S_construct(__a, __p, (forward<_Args>)(std::allocator_traits::construct::__args)...)) std::allocator_traits<_Alloc>::construct(_Alloc&, _Tp*, _Args&& ...) [with _Tp = std::_Rb_tree_node<std::pair<const long unsigned int, AuthRequest> >; _Args = {long unsigned int&, AuthRequest&}; _Alloc = std::allocator<std::_Rb_tree_node<std::pair<const long unsigned int, AuthRequest> > >; decltype (_S_construct(__a, __p, (forward<_Args>)(std::allocator_traits::construct::__args)...)) = <type error>]'
/usr/include/c++/4.8/bits/stl_tree.h:408:36: required from 'std::_Rb_tree_node<_Val>* std::_Rb_tree<_Key, _Val, _KeyOfValue, _Compare, _Alloc>::_M_create_node(_Args&& ...) [with _Args = {long unsigned int&, AuthRequest&}; _Key = long unsigned int; _Val = std::pair<const long unsigned int, AuthRequest>; _KeyOfValue = std::_Select1st<std::pair<const long unsigned int, AuthRequest> >; _Compare = std::less<long unsigned int>; _Alloc = std::allocator<std::pair<const long unsigned int, AuthRequest> >; std::_Rb_tree<_Key, _Val, _KeyOfValue, _Compare, _Alloc>::_Link_type = std::_Rb_tree_node<std::pair<const long unsigned int, AuthRequest> >*]'
/usr/include/c++/4.8/bits/stl_tree.h:1619:64: required from 'std::pair<std::_Rb_tree_iterator<_Val>, bool> std::_Rb_tree<_Key, _Val, _KeyOfValue, _Compare, _Alloc>::_M_emplace_unique(_Args&& ...) [with _Args = {long unsigned int&, AuthRequest&}; _Key = long unsigned int; _Val = std::pair<const long unsigned int, AuthRequest>; _KeyOfValue = std::_Select1st<std::pair<const long unsigned int, AuthRequest> >; _Compare = std::less<long unsigned int>; _Alloc = std::allocator<std::pair<const long unsigned int, AuthRequest> >]'
/usr/include/c++/4.8/bits/stl_map.h:541:64: required from 'std::pair<typename std::_Rb_tree<_Key, std::pair<const _Key, _Tp>, std::_Select1st<std::pair<const _Key, _Tp> >, _Compare, typename _Alloc::rebind<std::pair<const _Key, _Tp> >::other>::iterator, bool> std::map<_Key, _Tp, _Compare, _Alloc>::emplace(_Args&& ...) [with _Args = {long unsigned int&, AuthRequest&}; _Key = long unsigned int; _Tp = AuthRequest; _Compare = std::less<long unsigned int>; _Alloc = std::allocator<std::pair<const long unsigned int, AuthRequest> >; typename std::_Rb_tree<_Key, std::pair<const _Key, _Tp>, std::_Select1st<std::pair<const _Key, _Tp> >, _Compare, typename _Alloc::rebind<std::pair<const _Key, _Tp> >::other>::iterator = std::_Rb_tree_iterator<std::pair<const long unsigned int, AuthRequest> >]'
/home/linaro/leosac/src/core/moduleprotocol/moduleprotocol.cpp:73:43: required from here
/home/linaro/leosac/src/core/moduleprotocol/authrequest.hpp:32:5: warning: unused parameter 'other' [-Wunused-parameter]
In file included from /usr/include/c++/4.8/bits/stl_algobase.h:64:0,
from /usr/include/c++/4.8/bits/stl_tree.h:61,
from /usr/include/c++/4.8/map:60,
from /home/linaro/leosac/src/core/moduleprotocol/moduleprotocol.hpp:12,
from /home/linaro/leosac/src/core/moduleprotocol/moduleprotocol.cpp:7:
/usr/include/c++/4.8/bits/stl_pair.h:145:64: note: synthesized method 'AuthRequest::AuthRequest(const AuthRequest&)' first required here
Warning coming from gcc default denerated method
Wiegand reader can read data in both bytes order.
It is currently not possible to switch between those two in the module.
An option should be added to allow this. It should be a per-reader option.
.
When using raspberry_pifacedigital
as platform's name, this triggers the use of another GPIOProvider implementation.
This implementation must use 1 thread to perform read()
/ write()
and wait()
on GPIO pins (because it uses SPI bus).
Currently, writing to a GPIO is delayed. all write are queued, and performed when the wait_for_input
function return (that wait for interrupt on Piface). So the delay is something between 0 and timeout (currently 200)ms.
UnixSocket::send
does not properly check send()
return value. It could return less that expected but still more than 0
.
Add support for storing:
in
or out
)out
Needs a better way to handle path:
Currently it doesn't work well with leosac started as a system daemon. stable-fix
has those hardcoded, develop
needs something better. See becbfd2
Add CMake variable for platform-specific builds
-DPLATFORM=Raspi
Since architecture change we mostly used PiFaceDigital and its GPIO support.
GPIO through sysfs
is partially implemented for the new architecture.
Need to finish this.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.