empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-07 01:15:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
368b9d774c
fleet/server/service/handler.go

564 lines
32 KiB
Go
Raw Normal View History

Organizing go code (#241)
2016-09-26 18:48:55 +00:00
package service
go-kit server layout
2016-08-28 03:59:17 +00:00
import (
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411.
2017-03-15 15:55:30 +00:00
"context"
go-kit server layout
2016-08-28 03:59:17 +00:00
"net/http"
allow osqueryd endpoints to enroll before app setup is complete (#931) Closes #929
2017-01-12 00:40:58 +00:00
"strings"
go-kit server layout
2016-08-28 03:59:17 +00:00
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
"github.com/go-kit/kit/endpoint"
go-kit server layout
2016-08-28 03:59:17 +00:00
kitlog "github.com/go-kit/kit/log"
kithttp "github.com/go-kit/kit/transport/http"
"github.com/gorilla/mux"
renaming kolide-ose to kolide (#1143)
2017-02-01 17:20:50 +00:00
"github.com/kolide/kolide/server/kolide"
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
"github.com/prometheus/client_golang/prometheus"
go-kit server layout
2016-08-28 03:59:17 +00:00
)
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
// KolideEndpoints is a collection of RPC endpoints implemented by the Kolide API.
type KolideEndpoints struct {
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
Login endpoint.Endpoint
Logout endpoint.Endpoint
ForgotPassword endpoint.Endpoint
ResetPassword endpoint.Endpoint
Me endpoint.Endpoint
Add change password endpoint (#628)
2016-12-14 18:11:43 +00:00
ChangePassword endpoint.Endpoint
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
CreateUser endpoint.Endpoint
GetUser endpoint.Endpoint
ListUsers endpoint.Endpoint
ModifyUser endpoint.Endpoint
Modify User (as a regular user) fails #891 (#959)
2017-01-17 16:43:59 +00:00
AdminUser endpoint.Endpoint
EnableUser endpoint.Endpoint
Refactor require password reset into separate endpoint (#725) - Remove require password reset from ModifyUser and RequestPasswordReset methods, and UserPayload struct - Add new RequirePasswordReset method - Refactor JS for new separate method
2017-01-06 22:38:39 +00:00
RequirePasswordReset endpoint.Endpoint
Fix required password reset flow (#833) Permissions errors were preventing users from completing this flow - Add separate endpoint for performing required password reset - Rewrite frontend reset to use this endpoint Fixes #792
2017-01-10 04:42:50 +00:00
PerformRequiredPasswordReset endpoint.Endpoint
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
GetSessionsForUserInfo endpoint.Endpoint
DeleteSessionsForUser endpoint.Endpoint
GetSessionInfo endpoint.Endpoint
DeleteSession endpoint.Endpoint
GetAppConfig endpoint.Endpoint
ModifyAppConfig endpoint.Endpoint
CreateInvite endpoint.Endpoint
ListInvites endpoint.Endpoint
DeleteInvite endpoint.Endpoint
Add endpoint to retrieve an invite with the invite token. (#719) Closes #579
2016-12-30 01:58:12 +00:00
VerifyInvite endpoint.Endpoint
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
GetQuery endpoint.Endpoint
ListQueries endpoint.Endpoint
CreateQuery endpoint.Endpoint
ModifyQuery endpoint.Endpoint
DeleteQuery endpoint.Endpoint
Add service method for bulk deleting queries (#600) - New datastore method for bulk deletion - New service method calling this datastore method - Endpoint, transport and handler connections for service method Closes #389
2016-12-09 17:12:45 +00:00
DeleteQueries endpoint.Endpoint
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
CreateDistributedQueryCampaign endpoint.Endpoint
GetPack endpoint.Endpoint
ListPacks endpoint.Endpoint
CreatePack endpoint.Endpoint
ModifyPack endpoint.Endpoint
DeletePack endpoint.Endpoint
Remove existing bulk functionality (#641)
2016-12-15 01:22:17 +00:00
ScheduleQuery endpoint.Endpoint
Moving query attributes from the query object to the pack-query relationship (#559) * Moving query attributes from the query object to the pack-query relationship * some additional tests * http request parsing test * QueryOptions in new test_util code * initial scaffolding of new request structures * service and datastore * test outline * l2 merge conflict scrub * service tests for scheduled query service * service and datastore tests * most endpoints and transports * order of values are not deterministic with inmem * transport tests * rename PackQuery to ScheduledQuery * removing existing implementation of adding queries to packs * accounting for the new argument to NewQuery * fix alignment in sql query * removing underscore * add removed to the datastore * removed differential from the schema
2016-12-13 22:22:05 +00:00
GetScheduledQueriesInPack endpoint.Endpoint
GetScheduledQuery endpoint.Endpoint
ModifyScheduledQuery endpoint.Endpoint
DeleteScheduledQuery endpoint.Endpoint
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
EnrollAgent endpoint.Endpoint
GetClientConfig endpoint.Endpoint
GetDistributedQueries endpoint.Endpoint
SubmitDistributedQueryResults endpoint.Endpoint
SubmitLogs endpoint.Endpoint
GetLabel endpoint.Endpoint
ListLabels endpoint.Endpoint
CreateLabel endpoint.Endpoint
DeleteLabel endpoint.Endpoint
Add ability to modify labels (#1202)
2017-02-12 04:27:43 +00:00
ModifyLabel endpoint.Endpoint
Decorator support (#1430) * Added migrations * Added handler for decorators * Added logging and metrics for decorators * WIP decorators * Wip added decorator service * Added service implementation * Added mock decorator * Added modify decorator * Added testing * Addressed code review issues raised by @zwass * Added logging for missing type per @zwass
2017-03-28 21:45:18 +00:00
ListDecorators endpoint.Endpoint
NewDecorator endpoint.Endpoint
ModifyDecorator endpoint.Endpoint
DeleteDecorator endpoint.Endpoint
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
GetHost endpoint.Endpoint
DeleteHost endpoint.Endpoint
ListHosts endpoint.Endpoint
Host summary endpoint (#742) * Initial scaffolding of the host summary endpoint * inmem datastore implementation of GenerateHostStatusStatistics * HostSummary docstring * changing the url of the host summary endpoint * datastore tests for GenerateHostStatusStatistics * MySQL datastore implementation of GenerateHostStatusStatistics * <= and >= to catch exact time edge case * removing clock interface method * lowercase error wraps * removin superfluous whitespace * use updated_at * adding a seen_at column to the hosts table * moving the update of seen_time to the caller * using db.Get instead of db.Select
2017-01-04 21:16:17 +00:00
GetHostSummary endpoint.Endpoint
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
SearchTargets endpoint.Endpoint
Osquery options 365 (#657)
2016-12-29 18:32:28 +00:00
GetOptions endpoint.Endpoint
ModifyOptions endpoint.Endpoint
Addresses Issue where the reset button doesn't work on options page (#1447) Closes issue #1388. The problem here is that previously, the reset button loaded a hard coded list of default options into the component state, instead of the proper behavior which is to reset the options to default values on the back end, and then load them back into the redux store. This PR adds a ResetOptions endpoint on the server, and wires up the UI so that it triggers the endpoint, then loads the default options from the backend server.
2017-03-30 23:56:11 +00:00
ResetOptions endpoint.Endpoint
Import Config - /config/import #366 (#764)
2017-01-13 18:35:25 +00:00
ImportConfig endpoint.Endpoint
add endpoint to serve the kolide certificate back to the user (#1025) add endpoint to serve the kolide certificate back to the user The API will attempt to establish a TLS connection and fetch the certificate from the TLS ConnectionState. The PEM encoded certificate will be served to the client in a JSON response as a base64 encoded string. Closes #1012
2017-01-20 19:32:10 +00:00
GetCertificate endpoint.Endpoint
Allow user to change email with confirmation (#1102) * Change email functionality * Code review changes for @groob * Name change per @groob * Code review changes per @marpaia Also added addition non-happy path tests to satisfy concerns by @groob
2017-01-27 13:35:58 +00:00
ChangeEmail endpoint.Endpoint
Licensing (#1123)
2017-02-02 20:30:59 +00:00
UpdateLicense endpoint.Endpoint
GetLicense endpoint.Endpoint
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
InitiateSSO endpoint.Endpoint
CallbackSSO endpoint.Endpoint
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml
2016-09-04 05:13:42 +00:00
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
// MakeKolideServerEndpoints creates the Kolide API endpoints.
func MakeKolideServerEndpoints(svc kolide.Service, jwtKey string) KolideEndpoints {
return KolideEndpoints{
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
Login: makeLoginEndpoint(svc),
Logout: makeLogoutEndpoint(svc),
ForgotPassword: makeForgotPasswordEndpoint(svc),
ResetPassword: makeResetPasswordEndpoint(svc),
CreateUser: makeCreateUserEndpoint(svc),
Add endpoint to retrieve an invite with the invite token. (#719) Closes #579
2016-12-30 01:58:12 +00:00
VerifyInvite: makeVerifyInviteEndpoint(svc),
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
InitiateSSO: makeInitiateSSOEndpoint(svc),
CallbackSSO: makeCallbackSSOEndpoint(svc),
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
// Authenticated user endpoints
Use canPerformActions authZ check appropriately in handlers (#625) Fixes #282
2016-12-13 16:57:49 +00:00
// Each of these endpoints should have exactly one
// authorization check around the make.*Endpoint method. At a
// minimum, canPerformActions. Some endpoints use
// stricter/different checks and should NOT also use
// canPerformActions (these other checks should also call
// canPerformActions if that is appropriate).
Fix required password reset flow (#833) Permissions errors were preventing users from completing this flow - Add separate endpoint for performing required password reset - Rewrite frontend reset to use this endpoint Fixes #792
2017-01-10 04:42:50 +00:00
Me: authenticatedUser(jwtKey, svc, canPerformActions(makeGetSessionUserEndpoint(svc))),
ChangePassword: authenticatedUser(jwtKey, svc, canPerformActions(makeChangePasswordEndpoint(svc))),
GetUser: authenticatedUser(jwtKey, svc, canReadUser(makeGetUserEndpoint(svc))),
ListUsers: authenticatedUser(jwtKey, svc, canPerformActions(makeListUsersEndpoint(svc))),
Modify User (as a regular user) fails #891 (#959)
2017-01-17 16:43:59 +00:00
ModifyUser: authenticatedUser(jwtKey, svc, canPerformActions(makeModifyUserEndpoint(svc))),
AdminUser: authenticatedUser(jwtKey, svc, mustBeAdmin(makeAdminUserEndpoint(svc))),
EnableUser: authenticatedUser(jwtKey, svc, mustBeAdmin(makeEnableUserEndpoint(svc))),
Fix required password reset flow (#833) Permissions errors were preventing users from completing this flow - Add separate endpoint for performing required password reset - Rewrite frontend reset to use this endpoint Fixes #792
2017-01-10 04:42:50 +00:00
RequirePasswordReset: authenticatedUser(jwtKey, svc, mustBeAdmin(makeRequirePasswordResetEndpoint(svc))),
// PerformRequiredPasswordReset needs only to authenticate the
// logged in user
PerformRequiredPasswordReset: authenticatedUser(jwtKey, svc, makePerformRequiredPasswordResetEndpoint(svc)),
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
GetSessionsForUserInfo: authenticatedUser(jwtKey, svc, canReadUser(makeGetInfoAboutSessionsForUserEndpoint(svc))),
DeleteSessionsForUser: authenticatedUser(jwtKey, svc, canModifyUser(makeDeleteSessionsForUserEndpoint(svc))),
GetSessionInfo: authenticatedUser(jwtKey, svc, mustBeAdmin(makeGetInfoAboutSessionEndpoint(svc))),
DeleteSession: authenticatedUser(jwtKey, svc, mustBeAdmin(makeDeleteSessionEndpoint(svc))),
Use canPerformActions authZ check appropriately in handlers (#625) Fixes #282
2016-12-13 16:57:49 +00:00
GetAppConfig: authenticatedUser(jwtKey, svc, canPerformActions(makeGetAppConfigEndpoint(svc))),
fix various issues with SMTP configuration (#1001) * fix various issues with SMTP configuration * handle SplitHostPort error
2017-01-18 15:05:09 +00:00
ModifyAppConfig: authenticatedUser(jwtKey, svc, mustBeAdmin(makeModifyAppConfigEndpoint(svc))),
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
CreateInvite: authenticatedUser(jwtKey, svc, mustBeAdmin(makeCreateInviteEndpoint(svc))),
ListInvites: authenticatedUser(jwtKey, svc, mustBeAdmin(makeListInvitesEndpoint(svc))),
DeleteInvite: authenticatedUser(jwtKey, svc, mustBeAdmin(makeDeleteInviteEndpoint(svc))),
Moving query attributes from the query object to the pack-query relationship (#559) * Moving query attributes from the query object to the pack-query relationship * some additional tests * http request parsing test * QueryOptions in new test_util code * initial scaffolding of new request structures * service and datastore * test outline * l2 merge conflict scrub * service tests for scheduled query service * service and datastore tests * most endpoints and transports * order of values are not deterministic with inmem * transport tests * rename PackQuery to ScheduledQuery * removing existing implementation of adding queries to packs * accounting for the new argument to NewQuery * fix alignment in sql query * removing underscore * add removed to the datastore * removed differential from the schema
2016-12-13 22:22:05 +00:00
GetQuery: authenticatedUser(jwtKey, svc, makeGetQueryEndpoint(svc)),
ListQueries: authenticatedUser(jwtKey, svc, makeListQueriesEndpoint(svc)),
CreateQuery: authenticatedUser(jwtKey, svc, makeCreateQueryEndpoint(svc)),
ModifyQuery: authenticatedUser(jwtKey, svc, makeModifyQueryEndpoint(svc)),
DeleteQuery: authenticatedUser(jwtKey, svc, makeDeleteQueryEndpoint(svc)),
DeleteQueries: authenticatedUser(jwtKey, svc, makeDeleteQueriesEndpoint(svc)),
CreateDistributedQueryCampaign: authenticatedUser(jwtKey, svc, makeCreateDistributedQueryCampaignEndpoint(svc)),
GetPack: authenticatedUser(jwtKey, svc, makeGetPackEndpoint(svc)),
ListPacks: authenticatedUser(jwtKey, svc, makeListPacksEndpoint(svc)),
CreatePack: authenticatedUser(jwtKey, svc, makeCreatePackEndpoint(svc)),
ModifyPack: authenticatedUser(jwtKey, svc, makeModifyPackEndpoint(svc)),
DeletePack: authenticatedUser(jwtKey, svc, makeDeletePackEndpoint(svc)),
Remove existing bulk functionality (#641)
2016-12-15 01:22:17 +00:00
ScheduleQuery: authenticatedUser(jwtKey, svc, makeScheduleQueryEndpoint(svc)),
Moving query attributes from the query object to the pack-query relationship (#559) * Moving query attributes from the query object to the pack-query relationship * some additional tests * http request parsing test * QueryOptions in new test_util code * initial scaffolding of new request structures * service and datastore * test outline * l2 merge conflict scrub * service tests for scheduled query service * service and datastore tests * most endpoints and transports * order of values are not deterministic with inmem * transport tests * rename PackQuery to ScheduledQuery * removing existing implementation of adding queries to packs * accounting for the new argument to NewQuery * fix alignment in sql query * removing underscore * add removed to the datastore * removed differential from the schema
2016-12-13 22:22:05 +00:00
GetScheduledQueriesInPack: authenticatedUser(jwtKey, svc, makeGetScheduledQueriesInPackEndpoint(svc)),
GetScheduledQuery: authenticatedUser(jwtKey, svc, makeGetScheduledQueryEndpoint(svc)),
ModifyScheduledQuery: authenticatedUser(jwtKey, svc, makeModifyScheduledQueryEndpoint(svc)),
DeleteScheduledQuery: authenticatedUser(jwtKey, svc, makeDeleteScheduledQueryEndpoint(svc)),
GetHost: authenticatedUser(jwtKey, svc, makeGetHostEndpoint(svc)),
ListHosts: authenticatedUser(jwtKey, svc, makeListHostsEndpoint(svc)),
Host summary endpoint (#742) * Initial scaffolding of the host summary endpoint * inmem datastore implementation of GenerateHostStatusStatistics * HostSummary docstring * changing the url of the host summary endpoint * datastore tests for GenerateHostStatusStatistics * MySQL datastore implementation of GenerateHostStatusStatistics * <= and >= to catch exact time edge case * removing clock interface method * lowercase error wraps * removin superfluous whitespace * use updated_at * adding a seen_at column to the hosts table * moving the update of seen_time to the caller * using db.Get instead of db.Select
2017-01-04 21:16:17 +00:00
GetHostSummary: authenticatedUser(jwtKey, svc, makeGetHostSummaryEndpoint(svc)),
Moving query attributes from the query object to the pack-query relationship (#559) * Moving query attributes from the query object to the pack-query relationship * some additional tests * http request parsing test * QueryOptions in new test_util code * initial scaffolding of new request structures * service and datastore * test outline * l2 merge conflict scrub * service tests for scheduled query service * service and datastore tests * most endpoints and transports * order of values are not deterministic with inmem * transport tests * rename PackQuery to ScheduledQuery * removing existing implementation of adding queries to packs * accounting for the new argument to NewQuery * fix alignment in sql query * removing underscore * add removed to the datastore * removed differential from the schema
2016-12-13 22:22:05 +00:00
DeleteHost: authenticatedUser(jwtKey, svc, makeDeleteHostEndpoint(svc)),
GetLabel: authenticatedUser(jwtKey, svc, makeGetLabelEndpoint(svc)),
ListLabels: authenticatedUser(jwtKey, svc, makeListLabelsEndpoint(svc)),
CreateLabel: authenticatedUser(jwtKey, svc, makeCreateLabelEndpoint(svc)),
DeleteLabel: authenticatedUser(jwtKey, svc, makeDeleteLabelEndpoint(svc)),
Add ability to modify labels (#1202)
2017-02-12 04:27:43 +00:00
ModifyLabel: authenticatedUser(jwtKey, svc, makeModifyLabelEndpoint(svc)),
Decorator support (#1430) * Added migrations * Added handler for decorators * Added logging and metrics for decorators * WIP decorators * Wip added decorator service * Added service implementation * Added mock decorator * Added modify decorator * Added testing * Addressed code review issues raised by @zwass * Added logging for missing type per @zwass
2017-03-28 21:45:18 +00:00
ListDecorators: authenticatedUser(jwtKey, svc, makeListDecoratorsEndpoint(svc)),
NewDecorator: authenticatedUser(jwtKey, svc, makeNewDecoratorEndpoint(svc)),
ModifyDecorator: authenticatedUser(jwtKey, svc, makeModifyDecoratorEndpoint(svc)),
DeleteDecorator: authenticatedUser(jwtKey, svc, makeDeleteDecoratorEndpoint(svc)),
Moving query attributes from the query object to the pack-query relationship (#559) * Moving query attributes from the query object to the pack-query relationship * some additional tests * http request parsing test * QueryOptions in new test_util code * initial scaffolding of new request structures * service and datastore * test outline * l2 merge conflict scrub * service tests for scheduled query service * service and datastore tests * most endpoints and transports * order of values are not deterministic with inmem * transport tests * rename PackQuery to ScheduledQuery * removing existing implementation of adding queries to packs * accounting for the new argument to NewQuery * fix alignment in sql query * removing underscore * add removed to the datastore * removed differential from the schema
2016-12-13 22:22:05 +00:00
SearchTargets: authenticatedUser(jwtKey, svc, makeSearchTargetsEndpoint(svc)),
Osquery options 365 (#657)
2016-12-29 18:32:28 +00:00
GetOptions: authenticatedUser(jwtKey, svc, mustBeAdmin(makeGetOptionsEndpoint(svc))),
ModifyOptions: authenticatedUser(jwtKey, svc, mustBeAdmin(makeModifyOptionsEndpoint(svc))),
Addresses Issue where the reset button doesn't work on options page (#1447) Closes issue #1388. The problem here is that previously, the reset button loaded a hard coded list of default options into the component state, instead of the proper behavior which is to reset the options to default values on the back end, and then load them back into the redux store. This PR adds a ResetOptions endpoint on the server, and wires up the UI so that it triggers the endpoint, then loads the default options from the backend server.
2017-03-30 23:56:11 +00:00
ResetOptions: authenticatedUser(jwtKey, svc, mustBeAdmin(makeResetOptionsEndpoint(svc))),
Import Config - /config/import #366 (#764)
2017-01-13 18:35:25 +00:00
ImportConfig: authenticatedUser(jwtKey, svc, makeImportConfigEndpoint(svc)),
add endpoint to serve the kolide certificate back to the user (#1025) add endpoint to serve the kolide certificate back to the user The API will attempt to establish a TLS connection and fetch the certificate from the TLS ConnectionState. The PEM encoded certificate will be served to the client in a JSON response as a base64 encoded string. Closes #1012
2017-01-20 19:32:10 +00:00
GetCertificate: authenticatedUser(jwtKey, svc, makeCertificateEndpoint(svc)),
Allow user to change email with confirmation (#1102) * Change email functionality * Code review changes for @groob * Name change per @groob * Code review changes per @marpaia Also added addition non-happy path tests to satisfy concerns by @groob
2017-01-27 13:35:58 +00:00
ChangeEmail: authenticatedUser(jwtKey, svc, makeChangeEmailEndpoint(svc)),
Licensing (#1123)
2017-02-02 20:30:59 +00:00
UpdateLicense: authenticatedUser(jwtKey, svc, mustBeAdmin(makeUpdateLicenseEndpoint(svc))),
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
GetLicense: authenticatedUser(jwtKey, svc, makeGetLicenseEndpoint(svc)),
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
// Osquery endpoints
EnrollAgent: makeEnrollAgentEndpoint(svc),
GetClientConfig: authenticatedHost(svc, makeGetClientConfigEndpoint(svc)),
GetDistributedQueries: authenticatedHost(svc, makeGetDistributedQueriesEndpoint(svc)),
SubmitDistributedQueryResults: authenticatedHost(svc, makeSubmitDistributedQueryResultsEndpoint(svc)),
SubmitLogs: authenticatedHost(svc, makeSubmitLogsEndpoint(svc)),
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
}
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml
2016-09-04 05:13:42 +00:00
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
type kolideHandlers struct {
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
Login http.Handler
Logout http.Handler
ForgotPassword http.Handler
ResetPassword http.Handler
Me http.Handler
ChangePassword http.Handler
CreateUser http.Handler
GetUser http.Handler
ListUsers http.Handler
ModifyUser http.Handler
Modify User (as a regular user) fails #891 (#959)
2017-01-17 16:43:59 +00:00
AdminUser http.Handler
EnableUser http.Handler
Refactor require password reset into separate endpoint (#725) - Remove require password reset from ModifyUser and RequestPasswordReset methods, and UserPayload struct - Add new RequirePasswordReset method - Refactor JS for new separate method
2017-01-06 22:38:39 +00:00
RequirePasswordReset http.Handler
Fix required password reset flow (#833) Permissions errors were preventing users from completing this flow - Add separate endpoint for performing required password reset - Rewrite frontend reset to use this endpoint Fixes #792
2017-01-10 04:42:50 +00:00
PerformRequiredPasswordReset http.Handler
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
GetSessionsForUserInfo http.Handler
DeleteSessionsForUser http.Handler
GetSessionInfo http.Handler
DeleteSession http.Handler
GetAppConfig http.Handler
ModifyAppConfig http.Handler
CreateInvite http.Handler
ListInvites http.Handler
DeleteInvite http.Handler
Add endpoint to retrieve an invite with the invite token. (#719) Closes #579
2016-12-30 01:58:12 +00:00
VerifyInvite http.Handler
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
GetQuery http.Handler
ListQueries http.Handler
CreateQuery http.Handler
ModifyQuery http.Handler
DeleteQuery http.Handler
DeleteQueries http.Handler
CreateDistributedQueryCampaign http.Handler
GetPack http.Handler
ListPacks http.Handler
CreatePack http.Handler
ModifyPack http.Handler
DeletePack http.Handler
ScheduleQuery http.Handler
GetScheduledQueriesInPack http.Handler
GetScheduledQuery http.Handler
ModifyScheduledQuery http.Handler
DeleteScheduledQuery http.Handler
EnrollAgent http.Handler
GetClientConfig http.Handler
GetDistributedQueries http.Handler
SubmitDistributedQueryResults http.Handler
SubmitLogs http.Handler
GetLabel http.Handler
ListLabels http.Handler
CreateLabel http.Handler
DeleteLabel http.Handler
Add ability to modify labels (#1202)
2017-02-12 04:27:43 +00:00
ModifyLabel http.Handler
Decorator support (#1430) * Added migrations * Added handler for decorators * Added logging and metrics for decorators * WIP decorators * Wip added decorator service * Added service implementation * Added mock decorator * Added modify decorator * Added testing * Addressed code review issues raised by @zwass * Added logging for missing type per @zwass
2017-03-28 21:45:18 +00:00
ListDecorators http.Handler
NewDecorator http.Handler
ModifyDecorator http.Handler
DeleteDecorator http.Handler
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
GetHost http.Handler
DeleteHost http.Handler
ListHosts http.Handler
Host summary endpoint (#742) * Initial scaffolding of the host summary endpoint * inmem datastore implementation of GenerateHostStatusStatistics * HostSummary docstring * changing the url of the host summary endpoint * datastore tests for GenerateHostStatusStatistics * MySQL datastore implementation of GenerateHostStatusStatistics * <= and >= to catch exact time edge case * removing clock interface method * lowercase error wraps * removin superfluous whitespace * use updated_at * adding a seen_at column to the hosts table * moving the update of seen_time to the caller * using db.Get instead of db.Select
2017-01-04 21:16:17 +00:00
GetHostSummary http.Handler
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
SearchTargets http.Handler
Osquery options 365 (#657)
2016-12-29 18:32:28 +00:00
GetOptions http.Handler
ModifyOptions http.Handler
Addresses Issue where the reset button doesn't work on options page (#1447) Closes issue #1388. The problem here is that previously, the reset button loaded a hard coded list of default options into the component state, instead of the proper behavior which is to reset the options to default values on the back end, and then load them back into the redux store. This PR adds a ResetOptions endpoint on the server, and wires up the UI so that it triggers the endpoint, then loads the default options from the backend server.
2017-03-30 23:56:11 +00:00
ResetOptions http.Handler
Import Config - /config/import #366 (#764)
2017-01-13 18:35:25 +00:00
ImportConfig http.Handler
add endpoint to serve the kolide certificate back to the user (#1025) add endpoint to serve the kolide certificate back to the user The API will attempt to establish a TLS connection and fetch the certificate from the TLS ConnectionState. The PEM encoded certificate will be served to the client in a JSON response as a base64 encoded string. Closes #1012
2017-01-20 19:32:10 +00:00
GetCertificate http.Handler
Allow user to change email with confirmation (#1102) * Change email functionality * Code review changes for @groob * Name change per @groob * Code review changes per @marpaia Also added addition non-happy path tests to satisfy concerns by @groob
2017-01-27 13:35:58 +00:00
ChangeEmail http.Handler
Licensing (#1123)
2017-02-02 20:30:59 +00:00
UpdateLicense http.Handler
GetLicense http.Handler
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
InitiateSSO http.Handler
CallbackSSO http.Handler
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
queries and packs services via go-kit (#102) * osquery services via go-kit * Visual Studio Code configurations * create query and pack endpoints * organizing files more scalably * modify query and pack endpoints * delete query and pack endpoints * get query and pack endpoints * get all queries and packs endpoints * add and remove queries from packs * test stubs * removing some indirection * query service tests * service pack tests * transport tests * adding config file flag back * organizing package kolide * get queries in pack endpoint * run tests on 1.7? * no 1.7 image :( * typo in circle.yml
2016-09-04 05:13:42 +00:00
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411.
2017-03-15 15:55:30 +00:00
func makeKolideKitHandlers(e KolideEndpoints, opts []kithttp.ServerOption) *kolideHandlers {
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
newServer := func(e endpoint.Endpoint, decodeFn kithttp.DecodeRequestFunc) http.Handler {
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411.
2017-03-15 15:55:30 +00:00
return kithttp.NewServer(e, decodeFn, encodeResponse, opts...)
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
return &kolideHandlers{
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
Login: newServer(e.Login, decodeLoginRequest),
Logout: newServer(e.Logout, decodeNoParamsRequest),
ForgotPassword: newServer(e.ForgotPassword, decodeForgotPasswordRequest),
ResetPassword: newServer(e.ResetPassword, decodeResetPasswordRequest),
Me: newServer(e.Me, decodeNoParamsRequest),
Add change password endpoint (#628)
2016-12-14 18:11:43 +00:00
ChangePassword: newServer(e.ChangePassword, decodeChangePasswordRequest),
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
CreateUser: newServer(e.CreateUser, decodeCreateUserRequest),
GetUser: newServer(e.GetUser, decodeGetUserRequest),
ListUsers: newServer(e.ListUsers, decodeListUsersRequest),
ModifyUser: newServer(e.ModifyUser, decodeModifyUserRequest),
Refactor require password reset into separate endpoint (#725) - Remove require password reset from ModifyUser and RequestPasswordReset methods, and UserPayload struct - Add new RequirePasswordReset method - Refactor JS for new separate method
2017-01-06 22:38:39 +00:00
RequirePasswordReset: newServer(e.RequirePasswordReset, decodeRequirePasswordResetRequest),
Fix required password reset flow (#833) Permissions errors were preventing users from completing this flow - Add separate endpoint for performing required password reset - Rewrite frontend reset to use this endpoint Fixes #792
2017-01-10 04:42:50 +00:00
PerformRequiredPasswordReset: newServer(e.PerformRequiredPasswordReset, decodePerformRequiredPasswordResetRequest),
Modify User (as a regular user) fails #891 (#959)
2017-01-17 16:43:59 +00:00
EnableUser: newServer(e.EnableUser, decodeEnableUserRequest),
AdminUser: newServer(e.AdminUser, decodeAdminUserRequest),
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
GetSessionsForUserInfo: newServer(e.GetSessionsForUserInfo, decodeGetInfoAboutSessionsForUserRequest),
DeleteSessionsForUser: newServer(e.DeleteSessionsForUser, decodeDeleteSessionsForUserRequest),
GetSessionInfo: newServer(e.GetSessionInfo, decodeGetInfoAboutSessionRequest),
DeleteSession: newServer(e.DeleteSession, decodeDeleteSessionRequest),
GetAppConfig: newServer(e.GetAppConfig, decodeNoParamsRequest),
ModifyAppConfig: newServer(e.ModifyAppConfig, decodeModifyAppConfigRequest),
CreateInvite: newServer(e.CreateInvite, decodeCreateInviteRequest),
ListInvites: newServer(e.ListInvites, decodeListInvitesRequest),
DeleteInvite: newServer(e.DeleteInvite, decodeDeleteInviteRequest),
Add endpoint to retrieve an invite with the invite token. (#719) Closes #579
2016-12-30 01:58:12 +00:00
VerifyInvite: newServer(e.VerifyInvite, decodeVerifyInviteRequest),
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
GetQuery: newServer(e.GetQuery, decodeGetQueryRequest),
ListQueries: newServer(e.ListQueries, decodeListQueriesRequest),
CreateQuery: newServer(e.CreateQuery, decodeCreateQueryRequest),
ModifyQuery: newServer(e.ModifyQuery, decodeModifyQueryRequest),
DeleteQuery: newServer(e.DeleteQuery, decodeDeleteQueryRequest),
Add service method for bulk deleting queries (#600) - New datastore method for bulk deletion - New service method calling this datastore method - Endpoint, transport and handler connections for service method Closes #389
2016-12-09 17:12:45 +00:00
DeleteQueries: newServer(e.DeleteQueries, decodeDeleteQueriesRequest),
Add service method/endpoint for creating distributed query campaign (#485)
2016-11-16 21:07:50 +00:00
CreateDistributedQueryCampaign: newServer(e.CreateDistributedQueryCampaign, decodeCreateDistributedQueryCampaignRequest),
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
GetPack: newServer(e.GetPack, decodeGetPackRequest),
Add pagination to List* endpoints (#309) - Introduce kolide.ListOptions to store pagination params (in the future it can also store ordering/filtering params) - Refactor service/datastore methods to take kolide.ListOptions - Implement pagination
2016-10-13 18:21:47 +00:00
ListPacks: newServer(e.ListPacks, decodeListPacksRequest),
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
CreatePack: newServer(e.CreatePack, decodeCreatePackRequest),
ModifyPack: newServer(e.ModifyPack, decodeModifyPackRequest),
DeletePack: newServer(e.DeletePack, decodeDeletePackRequest),
Remove existing bulk functionality (#641)
2016-12-15 01:22:17 +00:00
ScheduleQuery: newServer(e.ScheduleQuery, decodeScheduleQueryRequest),
Moving query attributes from the query object to the pack-query relationship (#559) * Moving query attributes from the query object to the pack-query relationship * some additional tests * http request parsing test * QueryOptions in new test_util code * initial scaffolding of new request structures * service and datastore * test outline * l2 merge conflict scrub * service tests for scheduled query service * service and datastore tests * most endpoints and transports * order of values are not deterministic with inmem * transport tests * rename PackQuery to ScheduledQuery * removing existing implementation of adding queries to packs * accounting for the new argument to NewQuery * fix alignment in sql query * removing underscore * add removed to the datastore * removed differential from the schema
2016-12-13 22:22:05 +00:00
GetScheduledQueriesInPack: newServer(e.GetScheduledQueriesInPack, decodeGetScheduledQueriesInPackRequest),
GetScheduledQuery: newServer(e.GetScheduledQuery, decodeGetScheduledQueryRequest),
ModifyScheduledQuery: newServer(e.ModifyScheduledQuery, decodeModifyScheduledQueryRequest),
DeleteScheduledQuery: newServer(e.DeleteScheduledQuery, decodeDeleteScheduledQueryRequest),
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
EnrollAgent: newServer(e.EnrollAgent, decodeEnrollAgentRequest),
GetClientConfig: newServer(e.GetClientConfig, decodeGetClientConfigRequest),
GetDistributedQueries: newServer(e.GetDistributedQueries, decodeGetDistributedQueriesRequest),
SubmitDistributedQueryResults: newServer(e.SubmitDistributedQueryResults, decodeSubmitDistributedQueryResultsRequest),
SubmitLogs: newServer(e.SubmitLogs, decodeSubmitLogsRequest),
Osquery Configuration Control (#244) Label management APIs and an osquery config endpoint based on active pack and label state.
2016-10-03 03:14:35 +00:00
GetLabel: newServer(e.GetLabel, decodeGetLabelRequest),
Add pagination to List* endpoints (#309) - Introduce kolide.ListOptions to store pagination params (in the future it can also store ordering/filtering params) - Refactor service/datastore methods to take kolide.ListOptions - Implement pagination
2016-10-13 18:21:47 +00:00
ListLabels: newServer(e.ListLabels, decodeListLabelsRequest),
Osquery Configuration Control (#244) Label management APIs and an osquery config endpoint based on active pack and label state.
2016-10-03 03:14:35 +00:00
CreateLabel: newServer(e.CreateLabel, decodeCreateLabelRequest),
DeleteLabel: newServer(e.DeleteLabel, decodeDeleteLabelRequest),
Add ability to modify labels (#1202)
2017-02-12 04:27:43 +00:00
ModifyLabel: newServer(e.ModifyLabel, decodeModifyLabelRequest),
Decorator support (#1430) * Added migrations * Added handler for decorators * Added logging and metrics for decorators * WIP decorators * Wip added decorator service * Added service implementation * Added mock decorator * Added modify decorator * Added testing * Addressed code review issues raised by @zwass * Added logging for missing type per @zwass
2017-03-28 21:45:18 +00:00
ListDecorators: newServer(e.ListDecorators, decodeNoParamsRequest),
NewDecorator: newServer(e.NewDecorator, decodeNewDecoratorRequest),
ModifyDecorator: newServer(e.ModifyDecorator, decodeModifyDecoratorRequest),
DeleteDecorator: newServer(e.DeleteDecorator, decodeDeleteDecoratorRequest),
Implement endpoints for host service methods (#280) - Remove service methods for modifying hosts
2016-10-06 00:10:44 +00:00
GetHost: newServer(e.GetHost, decodeGetHostRequest),
DeleteHost: newServer(e.DeleteHost, decodeDeleteHostRequest),
Add pagination to List* endpoints (#309) - Introduce kolide.ListOptions to store pagination params (in the future it can also store ordering/filtering params) - Refactor service/datastore methods to take kolide.ListOptions - Implement pagination
2016-10-13 18:21:47 +00:00
ListHosts: newServer(e.ListHosts, decodeListHostsRequest),
Host summary endpoint (#742) * Initial scaffolding of the host summary endpoint * inmem datastore implementation of GenerateHostStatusStatistics * HostSummary docstring * changing the url of the host summary endpoint * datastore tests for GenerateHostStatusStatistics * MySQL datastore implementation of GenerateHostStatusStatistics * <= and >= to catch exact time edge case * removing clock interface method * lowercase error wraps * removin superfluous whitespace * use updated_at * adding a seen_at column to the hosts table * moving the update of seen_time to the caller * using db.Get instead of db.Select
2017-01-04 21:16:17 +00:00
GetHostSummary: newServer(e.GetHostSummary, decodeNoParamsRequest),
Target search endpoint (#339)
2016-11-02 14:59:53 +00:00
SearchTargets: newServer(e.SearchTargets, decodeSearchTargetsRequest),
Osquery options 365 (#657)
2016-12-29 18:32:28 +00:00
GetOptions: newServer(e.GetOptions, decodeNoParamsRequest),
ModifyOptions: newServer(e.ModifyOptions, decodeModifyOptionsRequest),
Addresses Issue where the reset button doesn't work on options page (#1447) Closes issue #1388. The problem here is that previously, the reset button loaded a hard coded list of default options into the component state, instead of the proper behavior which is to reset the options to default values on the back end, and then load them back into the redux store. This PR adds a ResetOptions endpoint on the server, and wires up the UI so that it triggers the endpoint, then loads the default options from the backend server.
2017-03-30 23:56:11 +00:00
ResetOptions: newServer(e.ResetOptions, decodeNoParamsRequest),
Import Config - /config/import #366 (#764)
2017-01-13 18:35:25 +00:00
ImportConfig: newServer(e.ImportConfig, decodeImportConfigRequest),
add endpoint to serve the kolide certificate back to the user (#1025) add endpoint to serve the kolide certificate back to the user The API will attempt to establish a TLS connection and fetch the certificate from the TLS ConnectionState. The PEM encoded certificate will be served to the client in a JSON response as a base64 encoded string. Closes #1012
2017-01-20 19:32:10 +00:00
GetCertificate: newServer(e.GetCertificate, decodeNoParamsRequest),
Allow user to change email with confirmation (#1102) * Change email functionality * Code review changes for @groob * Name change per @groob * Code review changes per @marpaia Also added addition non-happy path tests to satisfy concerns by @groob
2017-01-27 13:35:58 +00:00
ChangeEmail: newServer(e.ChangeEmail, decodeChangeEmailRequest),
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
UpdateLicense: newServer(e.UpdateLicense, decodeLicenseRequest),
Licensing (#1123)
2017-02-02 20:30:59 +00:00
GetLicense: newServer(e.GetLicense, decodeNoParamsRequest),
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
InitiateSSO: newServer(e.InitiateSSO, decodeInitiateSSORequest),
CallbackSSO: newServer(e.CallbackSSO, decodeCallbackSSORequest),
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
Handler tests (#106)
2016-09-04 19:43:12 +00:00
}
update user service (#101) - Added all required methods for a UserService - Added authentication handlers `/api/login` and `/api/logout` - Added authMiddleware for authentication for `/api/v1/kolide` path - Added authorization middleware for each endoint - Added validation middleware for validating API inputs - Began work on logging middleware
2016-09-01 04:51:38 +00:00
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
// MakeHandler creates an HTTP handler for the Kolide server endpoints.
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411.
2017-03-15 15:55:30 +00:00
func MakeHandler(svc kolide.Service, jwtKey string, logger kitlog.Logger) http.Handler {
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
kolideAPIOptions := []kithttp.ServerOption{
Handler tests (#106)
2016-09-04 19:43:12 +00:00
kithttp.ServerBefore(
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
setRequestsContexts(svc, jwtKey),
Handler tests (#106)
2016-09-04 19:43:12 +00:00
),
kithttp.ServerErrorLogger(logger),
update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages
2016-09-23 02:41:58 +00:00
kithttp.ServerErrorEncoder(encodeError),
Handler tests (#106)
2016-09-04 19:43:12 +00:00
kithttp.ServerAfter(
kithttp.SetContentType("application/json; charset=utf-8"),
),
}
go-kit server layout
2016-08-28 03:59:17 +00:00
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
kolideEndpoints := MakeKolideServerEndpoints(svc, jwtKey)
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411.
2017-03-15 15:55:30 +00:00
kolideHandlers := makeKolideKitHandlers(kolideEndpoints, kolideAPIOptions)
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
Handler tests (#106)
2016-09-04 19:43:12 +00:00
r := mux.NewRouter()
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
attachKolideAPIRoutes(r, kolideHandlers)
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
addMetrics(r)
Serve frontend in kitserver (#107)
2016-09-05 14:15:58 +00:00
Use sockjs to gracefully degrade websockets (#1255) Use the [SockJS Protocol](https://github.com/sockjs/sockjs-protocol) to handle bidirectional communication instead of plain websockets. This allows distributed queries to function in situations in which they previously failed (Load balancers not supporting websockets, issues with Safari and self-signed certs, etc.). Also includes fixes to the JS message handling logic where slightly different message delivery semantics (when using XHR) were exposing bugs. Fixes #1241, #1327.
2017-03-01 21:14:26 +00:00
r.PathPrefix("/api/v1/kolide/results/").
Handler(makeStreamDistributedQueryCampaignResultsHandler(svc, jwtKey, logger)).
Name("distributed_query_results")
go-kit server layout
2016-08-28 03:59:17 +00:00
return r
}
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
// addMetrics decorates each hander with prometheus instrumentation
func addMetrics(r *mux.Router) {
walkFn := func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
route.Handler(prometheus.InstrumentHandler(route.GetName(), route.GetHandler()))
return nil
}
r.Walk(walkFn)
}
func attachKolideAPIRoutes(r *mux.Router, h *kolideHandlers) {
r.Handle("/api/v1/kolide/login", h.Login).Methods("POST").Name("login")
r.Handle("/api/v1/kolide/logout", h.Logout).Methods("POST").Name("logout")
r.Handle("/api/v1/kolide/forgot_password", h.ForgotPassword).Methods("POST").Name("forgot_password")
r.Handle("/api/v1/kolide/reset_password", h.ResetPassword).Methods("POST").Name("reset_password")
r.Handle("/api/v1/kolide/me", h.Me).Methods("GET").Name("me")
r.Handle("/api/v1/kolide/change_password", h.ChangePassword).Methods("POST").Name("change_password")
Fix required password reset flow (#833) Permissions errors were preventing users from completing this flow - Add separate endpoint for performing required password reset - Rewrite frontend reset to use this endpoint Fixes #792
2017-01-10 04:42:50 +00:00
r.Handle("/api/v1/kolide/perform_required_password_reset", h.PerformRequiredPasswordReset).Methods("POST").Name("perform_required_password_reset")
Server Side SSO Support (#1498) This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows. A Kolide user attempts to access a protected resource and is directed to log in. If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in. The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end. The IDP calls the server, invoking CallbackSSO with the auth response. We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL. I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-09 00:43:48 +00:00
r.Handle("/api/v1/kolide/sso", h.InitiateSSO).Methods("POST").Name("intiate_sso")
r.Handle("/api/v1/kolide/sso/callback", h.CallbackSSO).Methods("POST").Name("callback_sso")
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/kolide/users", h.ListUsers).Methods("GET").Name("list_users")
r.Handle("/api/v1/kolide/users", h.CreateUser).Methods("POST").Name("create_user")
r.Handle("/api/v1/kolide/users/{id}", h.GetUser).Methods("GET").Name("get_user")
r.Handle("/api/v1/kolide/users/{id}", h.ModifyUser).Methods("PATCH").Name("modify_user")
Modify User (as a regular user) fails #891 (#959)
2017-01-17 16:43:59 +00:00
r.Handle("/api/v1/kolide/users/{id}/enable", h.EnableUser).Methods("POST").Name("enable_user")
r.Handle("/api/v1/kolide/users/{id}/admin", h.AdminUser).Methods("POST").Name("admin_user")
Refactor require password reset into separate endpoint (#725) - Remove require password reset from ModifyUser and RequestPasswordReset methods, and UserPayload struct - Add new RequirePasswordReset method - Refactor JS for new separate method
2017-01-06 22:38:39 +00:00
r.Handle("/api/v1/kolide/users/{id}/require_password_reset", h.RequirePasswordReset).Methods("POST").Name("require_password_reset")
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/kolide/users/{id}/sessions", h.GetSessionsForUserInfo).Methods("GET").Name("get_session_for_user")
r.Handle("/api/v1/kolide/users/{id}/sessions", h.DeleteSessionsForUser).Methods("DELETE").Name("delete_session_for_user")
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/kolide/sessions/{id}", h.GetSessionInfo).Methods("GET").Name("get_session_info")
r.Handle("/api/v1/kolide/sessions/{id}", h.DeleteSession).Methods("DELETE").Name("delete_session")
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
add endpoint to serve the kolide certificate back to the user (#1025) add endpoint to serve the kolide certificate back to the user The API will attempt to establish a TLS connection and fetch the certificate from the TLS ConnectionState. The PEM encoded certificate will be served to the client in a JSON response as a base64 encoded string. Closes #1012
2017-01-20 19:32:10 +00:00
r.Handle("/api/v1/kolide/config/certificate", h.GetCertificate).Methods("GET").Name("get_certificate")
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/kolide/config", h.GetAppConfig).Methods("GET").Name("get_app_config")
r.Handle("/api/v1/kolide/config", h.ModifyAppConfig).Methods("PATCH").Name("modify_app_config")
r.Handle("/api/v1/kolide/invites", h.CreateInvite).Methods("POST").Name("create_invite")
r.Handle("/api/v1/kolide/invites", h.ListInvites).Methods("GET").Name("list_invites")
r.Handle("/api/v1/kolide/invites/{id}", h.DeleteInvite).Methods("DELETE").Name("delete_invite")
Add endpoint to retrieve an invite with the invite token. (#719) Closes #579
2016-12-30 01:58:12 +00:00
r.Handle("/api/v1/kolide/invites/{token}", h.VerifyInvite).Methods("GET").Name("verify_invite")
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
Allow user to change email with confirmation (#1102) * Change email functionality * Code review changes for @groob * Name change per @groob * Code review changes per @marpaia Also added addition non-happy path tests to satisfy concerns by @groob
2017-01-27 13:35:58 +00:00
r.Handle("/api/v1/kolide/email/change/{token}", h.ChangeEmail).Methods("GET").Name("change_email")
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/kolide/queries/{id}", h.GetQuery).Methods("GET").Name("get_query")
r.Handle("/api/v1/kolide/queries", h.ListQueries).Methods("GET").Name("list_queries")
r.Handle("/api/v1/kolide/queries", h.CreateQuery).Methods("POST").Name("create_query")
r.Handle("/api/v1/kolide/queries/{id}", h.ModifyQuery).Methods("PATCH").Name("modify_query")
r.Handle("/api/v1/kolide/queries/{id}", h.DeleteQuery).Methods("DELETE").Name("delete_query")
r.Handle("/api/v1/kolide/queries/delete", h.DeleteQueries).Methods("POST").Name("delete_queries")
r.Handle("/api/v1/kolide/queries/run", h.CreateDistributedQueryCampaign).Methods("POST").Name("create_distributed_query_campaign")
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/kolide/packs/{id}", h.GetPack).Methods("GET").Name("get_pack")
r.Handle("/api/v1/kolide/packs", h.ListPacks).Methods("GET").Name("list_packs")
r.Handle("/api/v1/kolide/packs", h.CreatePack).Methods("POST").Name("create_pack")
r.Handle("/api/v1/kolide/packs/{id}", h.ModifyPack).Methods("PATCH").Name("modify_pack")
r.Handle("/api/v1/kolide/packs/{id}", h.DeletePack).Methods("DELETE").Name("delete_pack")
r.Handle("/api/v1/kolide/packs/{id}/scheduled", h.GetScheduledQueriesInPack).Methods("GET").Name("get_scheduled_queries_in_pack")
r.Handle("/api/v1/kolide/schedule", h.ScheduleQuery).Methods("POST").Name("schedule_query")
r.Handle("/api/v1/kolide/schedule/{id}", h.GetScheduledQuery).Methods("GET").Name("get_scheduled_query")
r.Handle("/api/v1/kolide/schedule/{id}", h.ModifyScheduledQuery).Methods("PATCH").Name("modify_scheduled_query")
r.Handle("/api/v1/kolide/schedule/{id}", h.DeleteScheduledQuery).Methods("DELETE").Name("delete_scheduled_query")
r.Handle("/api/v1/kolide/labels/{id}", h.GetLabel).Methods("GET").Name("get_label")
r.Handle("/api/v1/kolide/labels", h.ListLabels).Methods("GET").Name("list_labels")
r.Handle("/api/v1/kolide/labels", h.CreateLabel).Methods("POST").Name("create_label")
r.Handle("/api/v1/kolide/labels/{id}", h.DeleteLabel).Methods("DELETE").Name("delete_label")
Add ability to modify labels (#1202)
2017-02-12 04:27:43 +00:00
r.Handle("/api/v1/kolide/labels/{id}", h.ModifyLabel).Methods("PATCH").Name("modify_label")
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests
2016-09-29 04:21:39 +00:00
Decorator support (#1430) * Added migrations * Added handler for decorators * Added logging and metrics for decorators * WIP decorators * Wip added decorator service * Added service implementation * Added mock decorator * Added modify decorator * Added testing * Addressed code review issues raised by @zwass * Added logging for missing type per @zwass
2017-03-28 21:45:18 +00:00
r.Handle("/api/v1/kolide/decorators", h.ListDecorators).Methods("GET").Name("list_decorators")
r.Handle("/api/v1/kolide/decorators", h.NewDecorator).Methods("POST").Name("create_decorator")
r.Handle("/api/v1/kolide/decorators/{id}", h.ModifyDecorator).Methods("PATCH").Name("modify_decorator")
r.Handle("/api/v1/kolide/decorators/{id}", h.DeleteDecorator).Methods("DELETE").Name("delete_decorator")
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/kolide/hosts", h.ListHosts).Methods("GET").Name("list_hosts")
Host summary endpoint (#742) * Initial scaffolding of the host summary endpoint * inmem datastore implementation of GenerateHostStatusStatistics * HostSummary docstring * changing the url of the host summary endpoint * datastore tests for GenerateHostStatusStatistics * MySQL datastore implementation of GenerateHostStatusStatistics * <= and >= to catch exact time edge case * removing clock interface method * lowercase error wraps * removin superfluous whitespace * use updated_at * adding a seen_at column to the hosts table * moving the update of seen_time to the caller * using db.Get instead of db.Select
2017-01-04 21:16:17 +00:00
r.Handle("/api/v1/kolide/host_summary", h.GetHostSummary).Methods("GET").Name("get_host_summary")
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/kolide/hosts/{id}", h.GetHost).Methods("GET").Name("get_host")
r.Handle("/api/v1/kolide/hosts/{id}", h.DeleteHost).Methods("DELETE").Name("delete_host")
Implement endpoints for host service methods (#280) - Remove service methods for modifying hosts
2016-10-06 00:10:44 +00:00
Osquery options 365 (#657)
2016-12-29 18:32:28 +00:00
r.Handle("/api/v1/kolide/options", h.GetOptions).Methods("GET").Name("get_options")
r.Handle("/api/v1/kolide/options", h.ModifyOptions).Methods("PATCH").Name("modify_options")
Addresses Issue where the reset button doesn't work on options page (#1447) Closes issue #1388. The problem here is that previously, the reset button loaded a hard coded list of default options into the component state, instead of the proper behavior which is to reset the options to default values on the back end, and then load them back into the redux store. This PR adds a ResetOptions endpoint on the server, and wires up the UI so that it triggers the endpoint, then loads the default options from the backend server.
2017-03-30 23:56:11 +00:00
r.Handle("/api/v1/kolide/options/reset", h.ResetOptions).Methods("GET").Name("reset_options")
Osquery options 365 (#657)
2016-12-29 18:32:28 +00:00
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/kolide/targets", h.SearchTargets).Methods("POST").Name("search_targets")
Target search endpoint (#339)
2016-11-02 14:59:53 +00:00
Import Config - /config/import #366 (#764)
2017-01-13 18:35:25 +00:00
r.Handle("/api/v1/kolide/osquery/config/import", h.ImportConfig).Methods("POST").Name("import_config")
Licensing (#1123)
2017-02-02 20:30:59 +00:00
r.Handle("/api/v1/kolide/license", h.UpdateLicense).Methods("POST").Name("update_license")
r.Handle("/api/v1/kolide/license", h.GetLicense).Methods("GET").Name("get_license")
add prometheus metrics to every http endpoint in the app (#680) tracking the following metrics: http_request_duration_microseconds http_request_size_bytes http_response_size_bytes http_requests_total
2016-12-22 17:39:44 +00:00
r.Handle("/api/v1/osquery/enroll", h.EnrollAgent).Methods("POST").Name("enroll_agent")
r.Handle("/api/v1/osquery/config", h.GetClientConfig).Methods("POST").Name("get_client_config")
r.Handle("/api/v1/osquery/distributed/read", h.GetDistributedQueries).Methods("POST").Name("get_distributed_queries")
r.Handle("/api/v1/osquery/distributed/write", h.SubmitDistributedQueryResults).Methods("POST").Name("submit_distributed_query_results")
r.Handle("/api/v1/osquery/log", h.SubmitLogs).Methods("POST").Name("submit_logs")
Create context packages (#228) add token context package add viewer context package add host context package update authenticated middleware to set viewer context or return error re-organize API handler
2016-09-26 17:14:39 +00:00
}
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
// WithSetup is an http middleware that checks is setup procedures have been completed.
// If setup hasn't been completed it serves the API with a setup middleware.
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
// If the server is already configured, the default API handler is exposed.
enbable API route after setup is complete (#564) Fixes #563
2016-12-02 18:46:31 +00:00
func WithSetup(svc kolide.Service, logger kitlog.Logger, next http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
configRouter := http.NewServeMux()
configRouter.Handle("/api/v1/setup", kithttp.NewServer(
makeSetupEndpoint(svc),
decodeSetupRequest,
encodeResponse,
))
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
configRouter.Handle("/api/v1/license", kithttp.NewServer(
add namedError in addition to baseError (#1195)
2017-02-09 22:27:09 +00:00
makeSetupLicenseEndpoint(svc),
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
decodeLicenseRequest,
encodeResponse,
))
allow osqueryd endpoints to enroll before app setup is complete (#931) Closes #929
2017-01-12 00:40:58 +00:00
// whitelist osqueryd endpoints
if strings.HasPrefix(r.URL.Path, "/api/v1/osquery") {
next.ServeHTTP(w, r)
return
}
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
requireSetup, err := RequireSetup(svc)
if err != nil {
logger.Log("msg", "fetching setup info from db", "err", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
if requireSetup {
enbable API route after setup is complete (#564) Fixes #563
2016-12-02 18:46:31 +00:00
configRouter.ServeHTTP(w, r)
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
return
enbable API route after setup is complete (#564) Fixes #563
2016-12-02 18:46:31 +00:00
}
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
next.ServeHTTP(w, r)
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
}
}
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
// RedirectLoginToSetup detects if the setup endpoint should be used. If setup is required it redirect all
// frontend urls to /setup, otherwise the frontend router is used.
func RedirectLoginToSetup(svc kolide.Service, logger kitlog.Logger, next http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
redirect := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
if r.URL.Path == "/setup" || r.URL.Path == "/license" {
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
next.ServeHTTP(w, r)
return
}
newURL := r.URL
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
license, err := svc.License(context.Background())
if err != nil {
logger.Log("msg", "fetching license info from db", "err", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
if license.Token == nil {
newURL.Path = "/license"
} else {
newURL.Path = "/setup"
}
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
http.Redirect(w, r, newURL.String(), http.StatusTemporaryRedirect)
})
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
setupRequired, err := RequireSetup(svc)
if err != nil {
logger.Log("msg", "fetching license info from db", "err", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
if setupRequired {
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
redirect.ServeHTTP(w, r)
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
return
Redirect frontend routes to setup if setup is not configured. (#721) Closes #617
2016-12-29 23:36:36 +00:00
}
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
RedirectSetupToLogin(svc, logger, next).ServeHTTP(w, r)
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
}
}
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
// RequireSetup checks to see if the service has a license and has been setup.
// if either of these things has not been done, return true
func RequireSetup(svc kolide.Service) (bool, error) {
ctx := context.Background()
license, err := svc.License(ctx)
if err != nil {
return false, err
}
if license.Token == nil {
return true, nil
}
users, err := svc.ListUsers(ctx, kolide.ListOptions{Page: 0, PerPage: 1})
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
if err != nil {
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
return false, err
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
}
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
if len(users) == 0 {
return true, nil
}
return false, nil
create first time setup endpoint (#436) The endpoint is only active if there are no users in the datastore. While the endpoint is active, it also disables all the other API endpoints, and /config returns `{"require_setup":true}` for #378
2016-11-09 17:19:07 +00:00
}
add middleware to redirect setup to login if the app has an admin (#900) user.
2017-01-11 19:05:07 +00:00
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
// RedirectSetupToLogin forces the /setup and /license path to be redirected to login. This middleware is used after
add middleware to redirect setup to login if the app has an admin (#900) user.
2017-01-11 19:05:07 +00:00
// the app has been setup.
func RedirectSetupToLogin(svc kolide.Service, logger kitlog.Logger, next http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/setup" {
newURL := r.URL
newURL.Path = "/login"
http.Redirect(w, r, newURL.String(), http.StatusTemporaryRedirect)
return
}
Licensed endpoints (#1188)
2017-02-09 18:43:45 +00:00
if r.URL.Path == "/license" {
newURL := r.URL
newURL.Path = "/login"
http.Redirect(w, r, newURL.String(), http.StatusTemporaryRedirect)
return
}
add middleware to redirect setup to login if the app has an admin (#900) user.
2017-01-11 19:05:07 +00:00
next.ServeHTTP(w, r)
}
}
Reference in New Issue Copy Permalink