similarweb · daniebrill · May 28, 2021 · May 29, 2021 · May 31, 2021 · Jun 4, 2021
diff --git a/api/config/config.go b/api/config/config.go
@@ -22,10 +22,26 @@ type StorageConfig struct {
 	ElasticSearch ElasticsearchConfig `yaml:"elasticsearch"`
 }
 
+type AccountConfig struct {
+	Name     string `yaml:"name"`
+	Password string `yaml:"password"`
+}
+
+type AuthenticationConfig struct {
+	Enabled  bool            `yaml:"enabled"`
+	Accounts []AccountConfig `yaml:"accounts"`
+}
+
+type UIServerConfig struct {
+	Address string `yaml:"address"`
+}
+
 // APIConfig present the application config
 type APIConfig struct {
-	LogLevel string        `yaml:"log_level"`
-	Storage  StorageConfig `yaml:"storage"`
+	LogLevel       string               `yaml:"log_level"`
+	UIServer       UIServerConfig       `yaml:"ui_server"`
+	Storage        StorageConfig        `yaml:"storage"`
+	Authentication AuthenticationConfig `yaml:"authentication"`
 }
 
 // LoadAPI will load yaml file go struct
@@ -49,6 +65,5 @@ func LoadAPI(location string) (APIConfig, error) {
 		}).Info("override storage endpoint")
 		config.Storage.ElasticSearch.Endpoints = strings.Split(overrideStorageEndpoint, ",")
 	}
-
 	return config, nil
 }
diff --git a/api/config/testutil/mock/config.yaml b/api/config/testutil/mock/config.yaml
@@ -1,10 +1,16 @@
 ---
 log_level: info
-
+ui_server:
+  address: http://127.0.0.1:8080
 storage:
   elasticsearch:
     index: general
     username: ""
     password: ""
     endpoints: 
-      - http://127.0.0.1:9200
+      - http://127.0.0.1:9200
+authentication:
+  enabled: true
+  accounts:
+    - name: User
+      password: Password
diff --git a/api/route.go b/api/route.go
@@ -4,6 +4,8 @@ import (
 	"encoding/json"
 	"finala/api/httpparameters"
 	"finala/api/storage"
+	"fmt"
+	"github.com/golang-jwt/jwt"
 	"io/ioutil"
 	"net/http"
 	"net/url"
@@ -55,6 +57,20 @@ func (server *Server) GetExecutions(resp http.ResponseWriter, req *http.Request)
 	server.JSONWrite(resp, http.StatusOK, results)
 }
 
+func (server *Server) GetAccounts(resp http.ResponseWriter, req *http.Request) {
+	queryLimit, _ := strconv.Atoi(httpparameters.QueryParamWithDefault(req, "querylimit", storage.GetExecutionsQueryLimit))
+	params := mux.Vars(req)
+	executionID := params["executionID"]
+	accounts, err := server.storage.GetAccounts(executionID, queryLimit)
+
+	if err != nil {
+		server.JSONWrite(resp, http.StatusInternalServerError, HttpErrorResponse{Error: err.Error()})
+		return
+
+	}
+	server.JSONWrite(resp, http.StatusOK, accounts)
+}
+
 // GetResourceData return resuts details by resource type
 func (server *Server) GetResourceData(resp http.ResponseWriter, req *http.Request) {
 	queryParams := req.URL.Query()
@@ -167,6 +183,79 @@ func (server *Server) DetectEvents(resp http.ResponseWriter, req *http.Request)
 
 }
 
+func (server *Server) Login(resp http.ResponseWriter, req *http.Request) {
+	if req.Method == http.MethodOptions {
+		server.JSONWrite(resp, http.StatusOK, nil)
+		return
+	}
+	if server.authentication.Enabled {
+		buf, bodyErr := ioutil.ReadAll(req.Body)
+
+		if bodyErr != nil {
+			server.JSONWrite(resp, http.StatusBadRequest, HttpErrorResponse{Error: bodyErr.Error()})
+			return
+		}
+
+		var detectUser map[string]string
+		err := json.Unmarshal(buf, &detectUser)
+		if err != nil {
+			server.JSONWrite(resp, http.StatusBadRequest, HttpErrorResponse{Error: err.Error()})
+			return
+		}
+
+		for _, user := range server.authentication.Accounts {
+			if detectUser["Username"] == user.Name && detectUser["Password"] == user.Password {
+
+				expTime := time.Now().Add(time.Hour * 1)
+
+				atClaims := jwt.MapClaims{}
+				atClaims["authorized"] = true
+				atClaims["user_id"] = user.Name
+				atClaims["exp"] = expTime.Unix()
+				at := jwt.NewWithClaims(jwt.SigningMethodHS256, atClaims)
+				token, err := at.SignedString([]byte("secret"))
+				if err != nil {
+					server.JSONWrite(resp, http.StatusInternalServerError, HttpErrorResponse{Error: err.Error()})
+					return
+				}
+
+				cookie := http.Cookie{
+					Name:     "jwt",
+					Value:    token,
+					Expires:  expTime,
+					SameSite: http.SameSiteLaxMode,
+				}
+
+				http.SetCookie(resp, &cookie)
+				return
+			}
+		}
+		server.JSONWrite(resp, http.StatusUnauthorized, "{\"message\":\"Login data not authorized\"}")
+	} else {
+		expTime := time.Now().Add(time.Hour * 1)
+
+		atClaims := jwt.MapClaims{}
+		atClaims["authorized"] = true
+		atClaims["user_id"] = "user"
+		atClaims["exp"] = expTime.Unix()
+		at := jwt.NewWithClaims(jwt.SigningMethodHS256, atClaims)
+		token, err := at.SignedString([]byte("secret"))
+		if err != nil {
+			server.JSONWrite(resp, http.StatusInternalServerError, HttpErrorResponse{Error: err.Error()})
+			return
+		}
+
+		cookie := http.Cookie{
+			Name:     "jwt",
+			Value:    token,
+			Expires:  expTime,
+			SameSite: http.SameSiteLaxMode,
+		}
+
+		http.SetCookie(resp, &cookie)
+	}
+}
+
 //NotFoundRoute return when route not found
 func (server *Server) NotFoundRoute(resp http.ResponseWriter, req *http.Request) {
 	server.JSONWrite(resp, http.StatusNotFound, HttpErrorResponse{Error: "Path not found"})
@@ -186,3 +275,126 @@ func (server *Server) VersionHandler(resp http.ResponseWriter, req *http.Request
 	}
 	server.JSONWrite(resp, http.StatusOK, version)
 }
+
+func (server *Server) middleware(next http.Handler) http.HandlerFunc {
+	return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+		cookie, err := req.Cookie("jwt")
+
+		if err != nil {
+			server.JSONWrite(resp, http.StatusUnauthorized, HttpErrorResponse{Error: "Authorize cookie not found"})
+			return
+		}
+		claims := jwt.MapClaims{}
+		_, err = jwt.ParseWithClaims(cookie.Value, claims, func(token *jwt.Token) (interface{}, error) {
+			return []byte("secret"), nil
+		})
+
+		if err != nil {
+			server.JSONWrite(resp, http.StatusUnauthorized, HttpErrorResponse{Error: err.Error()})
+			return
+		}
+
+		next.ServeHTTP(resp, req)
+	})
+}
+
+//Returns json thingy wingy dingy i dont know how
+func (server *Server) GetReport(resp http.ResponseWriter, req *http.Request) {
+	queryParams := req.URL.Query()
+	params := mux.Vars(req)
+	executionID := params["executionID"]
+	filters := httpparameters.GetFilterQueryParamWithOutPrefix(queryParamFilterPrefix, queryParams)
+
+	log.WithFields(log.Fields{
+		"filter": filters,
+	}).Info("filter")
+
+	filterForSummary := make(map[string]string)
+	for filterKey, filterValue := range filters {
+		filterForSummary[filterKey] = filterValue
+	}
+
+	response, err := server.storage.GetSummary(executionID, filterForSummary)
+	if err != nil {
+		server.JSONWrite(resp, http.StatusInternalServerError, HttpErrorResponse{Error: err.Error()})
+		return
+
+	}
+
+	var result []map[string]interface{}
+	var attributeList []string
+
+	for resourceName, resourceSummary := range response {
+		fmt.Println(resourceName, resourceSummary) //sanity test
+		if resourceSummary.ResourceCount > 0 {
+			resourcesList, err := server.storage.GetResources(resourceName, executionID, filters)
+			if err != nil {
+				server.JSONWrite(resp, http.StatusInternalServerError, HttpErrorResponse{Error: err.Error()})
+				continue
+			}
+
+			log.WithFields(log.Fields{
+				"name":        resourceName,
+				"executionID": executionID,
+				"filter":      filters,
+			}).Info(resourcesList)
+
+			//can still fail for some odd reason so we check if the resource is actually there
+			if resourcesList[0] == nil {
+				server.JSONWrite(resp, http.StatusInternalServerError, HttpErrorResponse{Error: err.Error()})
+				return
+			}
+			data, ok := resourcesList[0]["Data"].(map[string]interface{})
+			if !ok {
+				//screw your log
+				continue
+			}
+			for key := range data {
+				if key == "Tag" {
+					continue
+				}
+				exists := false
+				for index := range attributeList {
+					if attributeList[index] == key {
+						exists = true
+					}
+				}
+				if !exists {
+					attributeList = append(attributeList, key)
+				}
+			}
+
+		}
+	}
+
+	for resourceName, resourceSummary := range response {
+		fmt.Println(resourceName, resourceSummary) //sanity test
+		if resourceSummary.ResourceCount > 0 {
+			resourcesList, err := server.storage.GetResources(resourceName, executionID, filters)
+			if err != nil {
+				server.JSONWrite(resp, http.StatusInternalServerError, HttpErrorResponse{Error: err.Error()})
+				continue
+			}
+			for _, element := range resourcesList {
+				data, ok := element["Data"].(map[string]interface{})
+				if !ok {
+					//screw your log
+					continue
+				}
+
+				delete(data, "Tag")
+
+				for _, attrName := range attributeList {
+					_, ok := data[attrName]
+					if !ok {
+						data[attrName] = nil
+					}
+				}
+				result = append(result, data)
+			}
+
+		}
+	}
+
+	server.JSONWrite(resp, http.StatusOK, result)
+}
diff --git a/api/server.go b/api/server.go
@@ -3,6 +3,7 @@ package api
 import (
 	"context"
 	"encoding/json"
+	"finala/api/config"
 	"fmt"
 	"net/http"
 	"time"
@@ -24,23 +25,29 @@ const (
 
 // Server is the API server struct
 type Server struct {
-	router     *mux.Router
-	httpserver *http.Server
-	storage    storage.StorageDescriber
-	version    version.VersionManagerDescriptor
+	router         *mux.Router
+	httpserver     *http.Server
+	storage        storage.StorageDescriber
+	authentication config.AuthenticationConfig
+	version        version.VersionManagerDescriptor
 }
 
 // NewServer returns a new Server
-func NewServer(port int, storage storage.StorageDescriber, version version.VersionManagerDescriptor) *Server {
+func NewServer(port int, storage storage.StorageDescriber, version version.VersionManagerDescriptor, auth config.AuthenticationConfig, allowedOrigin string) *Server {
 
 	router := mux.NewRouter()
-	corsObj := handlers.AllowedOrigins([]string{"*"})
+	corsObjects := []handlers.CORSOption{}
+	corsObjects = append(corsObjects, handlers.AllowedOrigins([]string{allowedOrigin}))
+	corsObjects = append(corsObjects, handlers.AllowedMethods([]string{"GET", "POST", "OPTIONS"}))
+	corsObjects = append(corsObjects, handlers.AllowedHeaders([]string{"Content-Type"}))
+	corsObjects = append(corsObjects, handlers.AllowCredentials())
 	return &Server{
-		router:  router,
-		storage: storage,
-		version: version,
+		router:         router,
+		storage:        storage,
+		version:        version,
+		authentication: auth,
 		httpserver: &http.Server{
-			Handler: handlers.CORS(corsObj)(router),
+			Handler: handlers.CORS(corsObjects...)(router),
 			Addr:    fmt.Sprintf("0.0.0.0:%d", port),
 		},
 	}
@@ -79,12 +86,15 @@ func (server *Server) Serve() serverutil.StopFunc {
 // BindEndpoints sets up the router to handle API endpoints
 func (server *Server) BindEndpoints() {
 
-	server.router.HandleFunc("/api/v1/summary/{executionID}", server.GetSummary).Methods("GET")
-	server.router.HandleFunc("/api/v1/executions", server.GetExecutions).Methods("GET")
-	server.router.HandleFunc("/api/v1/resources/{type}", server.GetResourceData).Methods("GET")
-	server.router.HandleFunc("/api/v1/trends/{type}", server.GetResourceTrends).Methods("GET")
-	server.router.HandleFunc("/api/v1/tags/{executionID}", server.GetExecutionTags).Methods("GET")
+	server.router.HandleFunc("/api/v1/summary/{executionID}", server.middleware(http.HandlerFunc(server.GetSummary))).Methods("GET")
+	server.router.HandleFunc("/api/v1/executions", server.middleware(http.HandlerFunc(server.GetExecutions))).Methods("GET")
+	server.router.HandleFunc("/api/v1/accounts/{executionID}", server.middleware(http.HandlerFunc(server.GetAccounts))).Methods(("GET"))
+	server.router.HandleFunc("/api/v1/resources/{type}", server.middleware(http.HandlerFunc(server.GetResourceData))).Methods("GET")
+	server.router.HandleFunc("/api/v1/trends/{type}", server.middleware(http.HandlerFunc(server.GetResourceTrends))).Methods("GET")
+	server.router.HandleFunc("/api/v1/tags/{executionID}", server.middleware(http.HandlerFunc(server.GetExecutionTags))).Methods("GET")
+	server.router.HandleFunc("/api/v1/report/{executionID}", server.middleware(http.HandlerFunc(server.GetReport))).Methods("GET")
 	server.router.HandleFunc("/api/v1/detect-events/{executionID}", server.DetectEvents).Methods("POST")
+	server.router.HandleFunc("/api/v1/login", server.Login).Methods("POST", "OPTIONS")
 	server.router.HandleFunc("/api/v1/version", server.VersionHandler).Methods("GET")
 	server.router.HandleFunc("/api/v1/health", server.HealthCheckHandler).Methods("GET")
 	server.router.NotFoundHandler = http.HandlerFunc(server.NotFoundRoute)