Disable HTTP access to APIs that may be used to pass sensitive data

BUG:24789091
Change-Id: I364126d7ae80f606ca834b9daf05db783382842d
Reviewed-on: https://weave-review.googlesource.com/1411
Reviewed-by: Alex Vakulenko <avakulenko@google.com>

libweave/src/privet/privet_handler.cc

diff --git a/libweave/src/privet/privet_handler.cc b/libweave/src/privet/privet_handler.cc
index 2180cad..fc344ab 100644
--- a/libweave/src/privet/privet_handler.cc
+++ b/libweave/src/privet/privet_handler.cc
@@ -341,8 +341,10 @@
 }  // namespace
 
 std::vector<std::string> PrivetHandler::GetHttpPaths() const {
-  // TODO(vitalybuka): Should be subset only.
-  return GetHttpsPaths();
+  return {
+      "/privet/info", "/privet/v3/pairing/start", "/privet/v3/pairing/confirm",
+      "/privet/v3/pairing/cancel",
+  };
 }
 
 std::vector<std::string> PrivetHandler::GetHttpsPaths() const {

libweave/src/weave_unittest.cc

diff --git a/libweave/src/weave_unittest.cc b/libweave/src/weave_unittest.cc
index 0bfbe0b..eb41294 100644
--- a/libweave/src/weave_unittest.cc
+++ b/libweave/src/weave_unittest.cc
@@ -36,6 +36,8 @@
 
 namespace weave {
 
+namespace {
+
 using provider::HttpClient;
 using provider::Network;
 using provider::test::MockHttpClientResponse;
@@ -133,6 +135,16 @@
   return (arg_copy == txt_copy);
 }
 
+template <class Map>
+std::set<typename Map::key_type> GetKeys(const Map& map) {
+  std::set<typename Map::key_type> result;
+  for (const auto& pair : map)
+    result.insert(pair.first);
+  return result;
+}
+
+}  // namespace
+
 class WeaveTest : public ::testing::Test {
  protected:
   void SetUp() override {}
@@ -208,13 +220,13 @@
         .WillRepeatedly(Invoke(
             [this](const std::string& path_prefix,
                    const provider::HttpServer::RequestHandlerCallback& cb) {
-              http_server_request_cb_.push_back(cb);
+              http_handlers_[path_prefix] = cb;
             }));
     EXPECT_CALL(http_server_, AddHttpsRequestHandler(_, _))
         .WillRepeatedly(Invoke(
             [this](const std::string& path_prefix,
                    const provider::HttpServer::RequestHandlerCallback& cb) {
-              http_server_request_cb_.push_back(cb);
+              https_handlers_[path_prefix] = cb;
             }));
   }
 
@@ -232,6 +244,19 @@
                                     &http_client_, &network_, &dns_sd_,
                                     &http_server_, &wifi_, &bluetooth_);
 
+    EXPECT_EQ((std::set<std::string>{
+                  "/privet/info", "/privet/v3/pairing/cancel",
+                  "/privet/v3/pairing/confirm", "/privet/v3/pairing/start"}),
+              GetKeys(http_handlers_));
+    EXPECT_EQ((std::set<std::string>{
+                  "/privet/info", "/privet/v3/auth", "/privet/v3/commandDefs",
+                  "/privet/v3/commands/cancel", "/privet/v3/commands/execute",
+                  "/privet/v3/commands/list", "/privet/v3/commands/status",
+                  "/privet/v3/pairing/cancel", "/privet/v3/pairing/confirm",
+                  "/privet/v3/pairing/start", "/privet/v3/setup/start",
+                  "/privet/v3/setup/status", "/privet/v3/state"}),
+              GetKeys(https_handlers_));
+
     device_->AddCommandDefinitionsFromJson(kCommandDefs);
     device_->AddStateDefinitionsFromJson(kStateDefs);
     device_->SetStatePropertiesFromJson(kStateDefaults, nullptr);
@@ -247,8 +272,10 @@
     }
   }
 
-  std::vector<provider::HttpServer::RequestHandlerCallback>
-      http_server_request_cb_;
+  std::map<std::string, provider::HttpServer::RequestHandlerCallback>
+      http_handlers_;
+  std::map<std::string, provider::HttpServer::RequestHandlerCallback>
+      https_handlers_;
 
   StrictMock<provider::test::MockConfigStore> config_store_;
   StrictMock<provider::test::FakeTaskRunner> task_runner_;