ModularSensors icon indicating copy to clipboard operation
ModularSensors copied to clipboard

Published 20 hours ago verified publisher icon EnviroDIY

Create `dataPublisher` for Azure Event Hub REST API

Open aufdenkampe opened this issue 2 years ago • 4 comments

Add support for streaming data to a Microsoft Azure EventHub service REST API endpoint with authentication via a Shared Access Signature (SAS) token.

Documentation for Event Hubs service REST:

  • Overview: https://docs.microsoft.com/en-us/rest/api/eventhub/event-hubs-runtime-rest
  • Send event Request: https://docs.microsoft.com/en-us/rest/api/eventhub/send-event

A example POST request looks like this:

POST https://your-namespace.servicebus.windows.net/your-event-hub/messages?timeout=60&api-version=2014-01 HTTP/1.1  
Authorization: SharedAccessSignature sr=your-namespace.servicebus.windows.net&sig=tYu8qdH563Pc96Lky0SFs5PhbGnljF7mLYQwCZmk9M0%3d&se=1403736877&skn=RootManageSharedAccessKey  
Content-Type: application/atom+xml;type=entry;charset=utf-8  
Host: your-namespace.servicebus.windows.net  

{ "DeviceId":"dev-01", "Temperature":"37.0" }

The key innovation here is to write a SAS signature, for which we first need to complete:

  • #410

Generate a Shared Access Signature (SAS) for Azure Event Hub

  • Overview: https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas#generate-a-shared-access-signature-token

SAS Format:

SharedAccessSignature sig=<signature-string>&se=<expiry>&skn=<keyName>&sr=<URL-encoded-resourceURI>

Where:

  • sig - URL-encoded HMACSHA256 signature.
    • The hash computation looks similar to the following pseudo code and returns base64 of raw binary output.
    • urlencode(base64(hmacsha256(urlencode('https://<yournamespace>.servicebus.windows.net/') + "\n" + '<expiry instant>', '<signing key>')))
  • se - Token expiry instant. Integer reflecting seconds since the epoch 00:00:00 UTC on 1 January 1970 (UNIX epoch) when the token expires.
  • skn - Name of the authorization rule.
  • sr - URL-encoded URI of the resource being accessed.

aufdenkampe avatar Apr 14 '22 20:04 aufdenkampe

@SRGDamia1, I'm having a bunch of trouble getting this to work with the new EnviroDIY LTEBee (SIM7080), and I need your help.

The short story is that although I'm able to connect to the server and send a properly formatted POST Request (that works in Postman), on the Mayfly + SIM7080 modem, the data aren't going through and I'm not getting any response from the server.

Note that this uses HTTPS via port 443, which this modem seems to support. By specifying that port, I was able to get a connection to the endpoint server (but no connection with Port 80), so I think I'm OK on that.

To troubleshoot and solve this, I think I need to dive in to deeper use of the TinyGSM library functions, but I'm really new to that library and it's functions.

Can you offer suggestions?

aufdenkampe avatar Apr 18 '22 21:04 aufdenkampe

@GArrigotti-cws, @GArrigotti, with the last commit 4b624c7, I also tested on a Digi radio and got the same result: no response from the server, even when the entire request is identical to the raw request that works in Postman.

In that last commit I included platformio.ini files that would allow you to test my two sketches (one for each radio) yourself.

aufdenkampe avatar Apr 19 '22 14:04 aufdenkampe

In commit 8bc473c7b423dcb56a9c7582300efb511b435479 from work done on 4/20/22, I figured out the main issue here.

The key was to use TinyGsmClientSecure rather than TinyGsmClient in src/modems/SIMComSIM7080.h.

This fully enabled HTTPS. It turns out that specifying Port 443 in src/publishers/EventHubPublisher.cpp (rather than Port 80 which is used for HTTP) was not sufficient.

@SRGDamia1, let's connect to discuss ideas on how to best implement HTTPS across all modems and publishers in ModularSensors.

For example, it would be ideal to start migrating to HTTPS for new EnviroDIY stations posting to MonitorMyWatershed.org

aufdenkampe avatar May 03 '22 19:05 aufdenkampe

@SRGDamia1, I would like to pick up this conversation about how to best architect the modems and publishers code to for a user to easily switch between HTTP and HTTPS.

As I mentioned above in https://github.com/EnviroDIY/ModularSensors/issues/411#issuecomment-1116524869, depending on the Publisher's endpoint, we need to instantiate the gsmClient within the Modem either using TinyGsmClient (as currently done for HTTP) or using TinyGsmClientSecure (for HTTPS).

I got this working, but only for src/publishers/EventHubPublisher.cpp.

That work is presently all in the hmac_auth branch.

I'll look at it more closely in the coming week or two and set up a time to discuss options with you.

aufdenkampe avatar Sep 19 '23 17:09 aufdenkampe