2016-09-26 18:48:55 +00:00
|
|
|
package service
|
2016-08-28 03:59:17 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"net/http"
|
|
|
|
|
|
2016-09-26 17:14:39 +00:00
|
|
|
"github.com/go-kit/kit/endpoint"
|
2016-08-28 03:59:17 +00:00
|
|
|
kitlog "github.com/go-kit/kit/log"
|
|
|
|
|
kithttp "github.com/go-kit/kit/transport/http"
|
|
|
|
|
"github.com/gorilla/mux"
|
2016-09-26 18:48:55 +00:00
|
|
|
"github.com/kolide/kolide-ose/server/kolide"
|
2016-12-22 17:39:44 +00:00
|
|
|
"github.com/prometheus/client_golang/prometheus"
|
2016-09-03 17:25:16 +00:00
|
|
|
"golang.org/x/net/context"
|
2016-08-28 03:59:17 +00:00
|
|
|
)
|
|
|
|
|
|
2016-09-26 17:14:39 +00:00
|
|
|
// KolideEndpoints is a collection of RPC endpoints implemented by the Kolide API.
|
|
|
|
|
type KolideEndpoints struct {
|
2016-11-16 21:07:50 +00:00
|
|
|
Login endpoint.Endpoint
|
|
|
|
|
Logout endpoint.Endpoint
|
|
|
|
|
ForgotPassword endpoint.Endpoint
|
|
|
|
|
ResetPassword endpoint.Endpoint
|
|
|
|
|
Me endpoint.Endpoint
|
2016-12-14 18:11:43 +00:00
|
|
|
ChangePassword endpoint.Endpoint
|
2016-11-16 21:07:50 +00:00
|
|
|
CreateUser endpoint.Endpoint
|
|
|
|
|
GetUser endpoint.Endpoint
|
|
|
|
|
ListUsers endpoint.Endpoint
|
|
|
|
|
ModifyUser endpoint.Endpoint
|
2017-01-06 22:38:39 +00:00
|
|
|
RequirePasswordReset endpoint.Endpoint
|
2017-01-10 04:42:50 +00:00
|
|
|
PerformRequiredPasswordReset endpoint.Endpoint
|
2016-11-16 21:07:50 +00:00
|
|
|
GetSessionsForUserInfo endpoint.Endpoint
|
|
|
|
|
DeleteSessionsForUser endpoint.Endpoint
|
|
|
|
|
GetSessionInfo endpoint.Endpoint
|
|
|
|
|
DeleteSession endpoint.Endpoint
|
|
|
|
|
GetAppConfig endpoint.Endpoint
|
|
|
|
|
ModifyAppConfig endpoint.Endpoint
|
|
|
|
|
CreateInvite endpoint.Endpoint
|
|
|
|
|
ListInvites endpoint.Endpoint
|
|
|
|
|
DeleteInvite endpoint.Endpoint
|
2016-12-30 01:58:12 +00:00
|
|
|
VerifyInvite endpoint.Endpoint
|
2016-11-16 21:07:50 +00:00
|
|
|
GetQuery endpoint.Endpoint
|
|
|
|
|
ListQueries endpoint.Endpoint
|
|
|
|
|
CreateQuery endpoint.Endpoint
|
|
|
|
|
ModifyQuery endpoint.Endpoint
|
|
|
|
|
DeleteQuery endpoint.Endpoint
|
2016-12-09 17:12:45 +00:00
|
|
|
DeleteQueries endpoint.Endpoint
|
2016-11-16 21:07:50 +00:00
|
|
|
CreateDistributedQueryCampaign endpoint.Endpoint
|
|
|
|
|
GetPack endpoint.Endpoint
|
|
|
|
|
ListPacks endpoint.Endpoint
|
|
|
|
|
CreatePack endpoint.Endpoint
|
|
|
|
|
ModifyPack endpoint.Endpoint
|
|
|
|
|
DeletePack endpoint.Endpoint
|
2016-12-15 01:22:17 +00:00
|
|
|
ScheduleQuery endpoint.Endpoint
|
2016-12-13 22:22:05 +00:00
|
|
|
GetScheduledQueriesInPack endpoint.Endpoint
|
|
|
|
|
GetScheduledQuery endpoint.Endpoint
|
|
|
|
|
ModifyScheduledQuery endpoint.Endpoint
|
|
|
|
|
DeleteScheduledQuery endpoint.Endpoint
|
2016-11-16 21:07:50 +00:00
|
|
|
EnrollAgent endpoint.Endpoint
|
|
|
|
|
GetClientConfig endpoint.Endpoint
|
|
|
|
|
GetDistributedQueries endpoint.Endpoint
|
|
|
|
|
SubmitDistributedQueryResults endpoint.Endpoint
|
|
|
|
|
SubmitLogs endpoint.Endpoint
|
|
|
|
|
GetLabel endpoint.Endpoint
|
|
|
|
|
ListLabels endpoint.Endpoint
|
|
|
|
|
CreateLabel endpoint.Endpoint
|
|
|
|
|
DeleteLabel endpoint.Endpoint
|
|
|
|
|
GetHost endpoint.Endpoint
|
|
|
|
|
DeleteHost endpoint.Endpoint
|
|
|
|
|
ListHosts endpoint.Endpoint
|
2017-01-04 21:16:17 +00:00
|
|
|
GetHostSummary endpoint.Endpoint
|
2016-11-16 21:07:50 +00:00
|
|
|
SearchTargets endpoint.Endpoint
|
2016-12-29 18:32:28 +00:00
|
|
|
GetOptions endpoint.Endpoint
|
|
|
|
|
ModifyOptions endpoint.Endpoint
|
2016-09-26 17:14:39 +00:00
|
|
|
}
|
2016-09-04 05:13:42 +00:00
|
|
|
|
2016-09-26 17:14:39 +00:00
|
|
|
// MakeKolideServerEndpoints creates the Kolide API endpoints.
|
|
|
|
|
func MakeKolideServerEndpoints(svc kolide.Service, jwtKey string) KolideEndpoints {
|
|
|
|
|
return KolideEndpoints{
|
2016-09-29 04:21:39 +00:00
|
|
|
Login: makeLoginEndpoint(svc),
|
|
|
|
|
Logout: makeLogoutEndpoint(svc),
|
|
|
|
|
ForgotPassword: makeForgotPasswordEndpoint(svc),
|
|
|
|
|
ResetPassword: makeResetPasswordEndpoint(svc),
|
|
|
|
|
CreateUser: makeCreateUserEndpoint(svc),
|
2016-12-30 01:58:12 +00:00
|
|
|
VerifyInvite: makeVerifyInviteEndpoint(svc),
|
2016-09-29 04:21:39 +00:00
|
|
|
|
|
|
|
|
// Authenticated user endpoints
|
2016-12-13 16:57:49 +00:00
|
|
|
// Each of these endpoints should have exactly one
|
|
|
|
|
// authorization check around the make.*Endpoint method. At a
|
|
|
|
|
// minimum, canPerformActions. Some endpoints use
|
|
|
|
|
// stricter/different checks and should NOT also use
|
|
|
|
|
// canPerformActions (these other checks should also call
|
|
|
|
|
// canPerformActions if that is appropriate).
|
2017-01-10 04:42:50 +00:00
|
|
|
Me: authenticatedUser(jwtKey, svc, canPerformActions(makeGetSessionUserEndpoint(svc))),
|
|
|
|
|
ChangePassword: authenticatedUser(jwtKey, svc, canPerformActions(makeChangePasswordEndpoint(svc))),
|
|
|
|
|
GetUser: authenticatedUser(jwtKey, svc, canReadUser(makeGetUserEndpoint(svc))),
|
|
|
|
|
ListUsers: authenticatedUser(jwtKey, svc, canPerformActions(makeListUsersEndpoint(svc))),
|
|
|
|
|
ModifyUser: authenticatedUser(jwtKey, svc, validateModifyUserRequest(makeModifyUserEndpoint(svc))),
|
|
|
|
|
RequirePasswordReset: authenticatedUser(jwtKey, svc, mustBeAdmin(makeRequirePasswordResetEndpoint(svc))),
|
|
|
|
|
// PerformRequiredPasswordReset needs only to authenticate the
|
|
|
|
|
// logged in user
|
|
|
|
|
PerformRequiredPasswordReset: authenticatedUser(jwtKey, svc, makePerformRequiredPasswordResetEndpoint(svc)),
|
2016-11-16 21:07:50 +00:00
|
|
|
GetSessionsForUserInfo: authenticatedUser(jwtKey, svc, canReadUser(makeGetInfoAboutSessionsForUserEndpoint(svc))),
|
|
|
|
|
DeleteSessionsForUser: authenticatedUser(jwtKey, svc, canModifyUser(makeDeleteSessionsForUserEndpoint(svc))),
|
|
|
|
|
GetSessionInfo: authenticatedUser(jwtKey, svc, mustBeAdmin(makeGetInfoAboutSessionEndpoint(svc))),
|
|
|
|
|
DeleteSession: authenticatedUser(jwtKey, svc, mustBeAdmin(makeDeleteSessionEndpoint(svc))),
|
2016-12-13 16:57:49 +00:00
|
|
|
GetAppConfig: authenticatedUser(jwtKey, svc, canPerformActions(makeGetAppConfigEndpoint(svc))),
|
2016-11-16 21:07:50 +00:00
|
|
|
ModifyAppConfig: authenticatedUser(jwtKey, svc, mustBeAdmin(makeModifyAppConfigRequest(svc))),
|
|
|
|
|
CreateInvite: authenticatedUser(jwtKey, svc, mustBeAdmin(makeCreateInviteEndpoint(svc))),
|
|
|
|
|
ListInvites: authenticatedUser(jwtKey, svc, mustBeAdmin(makeListInvitesEndpoint(svc))),
|
|
|
|
|
DeleteInvite: authenticatedUser(jwtKey, svc, mustBeAdmin(makeDeleteInviteEndpoint(svc))),
|
2016-12-13 22:22:05 +00:00
|
|
|
GetQuery: authenticatedUser(jwtKey, svc, makeGetQueryEndpoint(svc)),
|
|
|
|
|
ListQueries: authenticatedUser(jwtKey, svc, makeListQueriesEndpoint(svc)),
|
|
|
|
|
CreateQuery: authenticatedUser(jwtKey, svc, makeCreateQueryEndpoint(svc)),
|
|
|
|
|
ModifyQuery: authenticatedUser(jwtKey, svc, makeModifyQueryEndpoint(svc)),
|
|
|
|
|
DeleteQuery: authenticatedUser(jwtKey, svc, makeDeleteQueryEndpoint(svc)),
|
|
|
|
|
DeleteQueries: authenticatedUser(jwtKey, svc, makeDeleteQueriesEndpoint(svc)),
|
|
|
|
|
CreateDistributedQueryCampaign: authenticatedUser(jwtKey, svc, makeCreateDistributedQueryCampaignEndpoint(svc)),
|
|
|
|
|
GetPack: authenticatedUser(jwtKey, svc, makeGetPackEndpoint(svc)),
|
|
|
|
|
ListPacks: authenticatedUser(jwtKey, svc, makeListPacksEndpoint(svc)),
|
|
|
|
|
CreatePack: authenticatedUser(jwtKey, svc, makeCreatePackEndpoint(svc)),
|
|
|
|
|
ModifyPack: authenticatedUser(jwtKey, svc, makeModifyPackEndpoint(svc)),
|
|
|
|
|
DeletePack: authenticatedUser(jwtKey, svc, makeDeletePackEndpoint(svc)),
|
2016-12-15 01:22:17 +00:00
|
|
|
ScheduleQuery: authenticatedUser(jwtKey, svc, makeScheduleQueryEndpoint(svc)),
|
2016-12-13 22:22:05 +00:00
|
|
|
GetScheduledQueriesInPack: authenticatedUser(jwtKey, svc, makeGetScheduledQueriesInPackEndpoint(svc)),
|
|
|
|
|
GetScheduledQuery: authenticatedUser(jwtKey, svc, makeGetScheduledQueryEndpoint(svc)),
|
|
|
|
|
ModifyScheduledQuery: authenticatedUser(jwtKey, svc, makeModifyScheduledQueryEndpoint(svc)),
|
|
|
|
|
DeleteScheduledQuery: authenticatedUser(jwtKey, svc, makeDeleteScheduledQueryEndpoint(svc)),
|
|
|
|
|
GetHost: authenticatedUser(jwtKey, svc, makeGetHostEndpoint(svc)),
|
|
|
|
|
ListHosts: authenticatedUser(jwtKey, svc, makeListHostsEndpoint(svc)),
|
2017-01-04 21:16:17 +00:00
|
|
|
GetHostSummary: authenticatedUser(jwtKey, svc, makeGetHostSummaryEndpoint(svc)),
|
2016-12-13 22:22:05 +00:00
|
|
|
DeleteHost: authenticatedUser(jwtKey, svc, makeDeleteHostEndpoint(svc)),
|
|
|
|
|
GetLabel: authenticatedUser(jwtKey, svc, makeGetLabelEndpoint(svc)),
|
|
|
|
|
ListLabels: authenticatedUser(jwtKey, svc, makeListLabelsEndpoint(svc)),
|
|
|
|
|
CreateLabel: authenticatedUser(jwtKey, svc, makeCreateLabelEndpoint(svc)),
|
|
|
|
|
DeleteLabel: authenticatedUser(jwtKey, svc, makeDeleteLabelEndpoint(svc)),
|
|
|
|
|
SearchTargets: authenticatedUser(jwtKey, svc, makeSearchTargetsEndpoint(svc)),
|
2016-12-29 18:32:28 +00:00
|
|
|
GetOptions: authenticatedUser(jwtKey, svc, mustBeAdmin(makeGetOptionsEndpoint(svc))),
|
|
|
|
|
ModifyOptions: authenticatedUser(jwtKey, svc, mustBeAdmin(makeModifyOptionsEndpoint(svc))),
|
2016-09-29 04:21:39 +00:00
|
|
|
|
|
|
|
|
// Osquery endpoints
|
|
|
|
|
EnrollAgent: makeEnrollAgentEndpoint(svc),
|
|
|
|
|
GetClientConfig: authenticatedHost(svc, makeGetClientConfigEndpoint(svc)),
|
|
|
|
|
GetDistributedQueries: authenticatedHost(svc, makeGetDistributedQueriesEndpoint(svc)),
|
|
|
|
|
SubmitDistributedQueryResults: authenticatedHost(svc, makeSubmitDistributedQueryResultsEndpoint(svc)),
|
|
|
|
|
SubmitLogs: authenticatedHost(svc, makeSubmitLogsEndpoint(svc)),
|
2016-09-26 17:14:39 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-09-04 05:13:42 +00:00
|
|
|
|
2016-09-26 17:14:39 +00:00
|
|
|
type kolideHandlers struct {
|
2016-12-22 17:39:44 +00:00
|
|
|
Login http.Handler
|
|
|
|
|
Logout http.Handler
|
|
|
|
|
ForgotPassword http.Handler
|
|
|
|
|
ResetPassword http.Handler
|
|
|
|
|
Me http.Handler
|
|
|
|
|
ChangePassword http.Handler
|
|
|
|
|
CreateUser http.Handler
|
|
|
|
|
GetUser http.Handler
|
|
|
|
|
ListUsers http.Handler
|
|
|
|
|
ModifyUser http.Handler
|
2017-01-06 22:38:39 +00:00
|
|
|
RequirePasswordReset http.Handler
|
2017-01-10 04:42:50 +00:00
|
|
|
PerformRequiredPasswordReset http.Handler
|
2016-12-22 17:39:44 +00:00
|
|
|
GetSessionsForUserInfo http.Handler
|
|
|
|
|
DeleteSessionsForUser http.Handler
|
|
|
|
|
GetSessionInfo http.Handler
|
|
|
|
|
DeleteSession http.Handler
|
|
|
|
|
GetAppConfig http.Handler
|
|
|
|
|
ModifyAppConfig http.Handler
|
|
|
|
|
CreateInvite http.Handler
|
|
|
|
|
ListInvites http.Handler
|
|
|
|
|
DeleteInvite http.Handler
|
2016-12-30 01:58:12 +00:00
|
|
|
VerifyInvite http.Handler
|
2016-12-22 17:39:44 +00:00
|
|
|
GetQuery http.Handler
|
|
|
|
|
ListQueries http.Handler
|
|
|
|
|
CreateQuery http.Handler
|
|
|
|
|
ModifyQuery http.Handler
|
|
|
|
|
DeleteQuery http.Handler
|
|
|
|
|
DeleteQueries http.Handler
|
|
|
|
|
CreateDistributedQueryCampaign http.Handler
|
|
|
|
|
GetPack http.Handler
|
|
|
|
|
ListPacks http.Handler
|
|
|
|
|
CreatePack http.Handler
|
|
|
|
|
ModifyPack http.Handler
|
|
|
|
|
DeletePack http.Handler
|
|
|
|
|
ScheduleQuery http.Handler
|
|
|
|
|
GetScheduledQueriesInPack http.Handler
|
|
|
|
|
GetScheduledQuery http.Handler
|
|
|
|
|
ModifyScheduledQuery http.Handler
|
|
|
|
|
DeleteScheduledQuery http.Handler
|
|
|
|
|
EnrollAgent http.Handler
|
|
|
|
|
GetClientConfig http.Handler
|
|
|
|
|
GetDistributedQueries http.Handler
|
|
|
|
|
SubmitDistributedQueryResults http.Handler
|
|
|
|
|
SubmitLogs http.Handler
|
|
|
|
|
GetLabel http.Handler
|
|
|
|
|
ListLabels http.Handler
|
|
|
|
|
CreateLabel http.Handler
|
|
|
|
|
DeleteLabel http.Handler
|
|
|
|
|
GetHost http.Handler
|
|
|
|
|
DeleteHost http.Handler
|
|
|
|
|
ListHosts http.Handler
|
2017-01-04 21:16:17 +00:00
|
|
|
GetHostSummary http.Handler
|
2016-12-22 17:39:44 +00:00
|
|
|
SearchTargets http.Handler
|
2016-12-29 18:32:28 +00:00
|
|
|
GetOptions http.Handler
|
|
|
|
|
ModifyOptions http.Handler
|
2016-09-26 17:14:39 +00:00
|
|
|
}
|
2016-09-04 05:13:42 +00:00
|
|
|
|
2016-12-22 17:39:44 +00:00
|
|
|
func makeKolideKitHandlers(ctx context.Context, e KolideEndpoints, opts []kithttp.ServerOption) *kolideHandlers {
|
|
|
|
|
newServer := func(e endpoint.Endpoint, decodeFn kithttp.DecodeRequestFunc) http.Handler {
|
2016-09-26 17:14:39 +00:00
|
|
|
return kithttp.NewServer(ctx, e, decodeFn, encodeResponse, opts...)
|
|
|
|
|
}
|
2016-12-22 17:39:44 +00:00
|
|
|
return &kolideHandlers{
|
2016-11-16 21:07:50 +00:00
|
|
|
Login: newServer(e.Login, decodeLoginRequest),
|
|
|
|
|
Logout: newServer(e.Logout, decodeNoParamsRequest),
|
|
|
|
|
ForgotPassword: newServer(e.ForgotPassword, decodeForgotPasswordRequest),
|
|
|
|
|
ResetPassword: newServer(e.ResetPassword, decodeResetPasswordRequest),
|
|
|
|
|
Me: newServer(e.Me, decodeNoParamsRequest),
|
2016-12-14 18:11:43 +00:00
|
|
|
ChangePassword: newServer(e.ChangePassword, decodeChangePasswordRequest),
|
2016-11-16 21:07:50 +00:00
|
|
|
CreateUser: newServer(e.CreateUser, decodeCreateUserRequest),
|
|
|
|
|
GetUser: newServer(e.GetUser, decodeGetUserRequest),
|
|
|
|
|
ListUsers: newServer(e.ListUsers, decodeListUsersRequest),
|
|
|
|
|
ModifyUser: newServer(e.ModifyUser, decodeModifyUserRequest),
|
2017-01-06 22:38:39 +00:00
|
|
|
RequirePasswordReset: newServer(e.RequirePasswordReset, decodeRequirePasswordResetRequest),
|
2017-01-10 04:42:50 +00:00
|
|
|
PerformRequiredPasswordReset: newServer(e.PerformRequiredPasswordReset, decodePerformRequiredPasswordResetRequest),
|
2016-11-16 21:07:50 +00:00
|
|
|
GetSessionsForUserInfo: newServer(e.GetSessionsForUserInfo, decodeGetInfoAboutSessionsForUserRequest),
|
|
|
|
|
DeleteSessionsForUser: newServer(e.DeleteSessionsForUser, decodeDeleteSessionsForUserRequest),
|
|
|
|
|
GetSessionInfo: newServer(e.GetSessionInfo, decodeGetInfoAboutSessionRequest),
|
|
|
|
|
DeleteSession: newServer(e.DeleteSession, decodeDeleteSessionRequest),
|
|
|
|
|
GetAppConfig: newServer(e.GetAppConfig, decodeNoParamsRequest),
|
|
|
|
|
ModifyAppConfig: newServer(e.ModifyAppConfig, decodeModifyAppConfigRequest),
|
|
|
|
|
CreateInvite: newServer(e.CreateInvite, decodeCreateInviteRequest),
|
|
|
|
|
ListInvites: newServer(e.ListInvites, decodeListInvitesRequest),
|
|
|
|
|
DeleteInvite: newServer(e.DeleteInvite, decodeDeleteInviteRequest),
|
2016-12-30 01:58:12 +00:00
|
|
|
VerifyInvite: newServer(e.VerifyInvite, decodeVerifyInviteRequest),
|
2016-11-16 21:07:50 +00:00
|
|
|
GetQuery: newServer(e.GetQuery, decodeGetQueryRequest),
|
|
|
|
|
ListQueries: newServer(e.ListQueries, decodeListQueriesRequest),
|
|
|
|
|
CreateQuery: newServer(e.CreateQuery, decodeCreateQueryRequest),
|
|
|
|
|
ModifyQuery: newServer(e.ModifyQuery, decodeModifyQueryRequest),
|
|
|
|
|
DeleteQuery: newServer(e.DeleteQuery, decodeDeleteQueryRequest),
|
2016-12-09 17:12:45 +00:00
|
|
|
DeleteQueries: newServer(e.DeleteQueries, decodeDeleteQueriesRequest),
|
2016-11-16 21:07:50 +00:00
|
|
|
CreateDistributedQueryCampaign: newServer(e.CreateDistributedQueryCampaign, decodeCreateDistributedQueryCampaignRequest),
|
2016-09-29 04:21:39 +00:00
|
|
|
GetPack: newServer(e.GetPack, decodeGetPackRequest),
|
2016-10-13 18:21:47 +00:00
|
|
|
ListPacks: newServer(e.ListPacks, decodeListPacksRequest),
|
2016-09-29 04:21:39 +00:00
|
|
|
CreatePack: newServer(e.CreatePack, decodeCreatePackRequest),
|
|
|
|
|
ModifyPack: newServer(e.ModifyPack, decodeModifyPackRequest),
|
|
|
|
|
DeletePack: newServer(e.DeletePack, decodeDeletePackRequest),
|
2016-12-15 01:22:17 +00:00
|
|
|
ScheduleQuery: newServer(e.ScheduleQuery, decodeScheduleQueryRequest),
|
2016-12-13 22:22:05 +00:00
|
|
|
GetScheduledQueriesInPack: newServer(e.GetScheduledQueriesInPack, decodeGetScheduledQueriesInPackRequest),
|
|
|
|
|
GetScheduledQuery: newServer(e.GetScheduledQuery, decodeGetScheduledQueryRequest),
|
|
|
|
|
ModifyScheduledQuery: newServer(e.ModifyScheduledQuery, decodeModifyScheduledQueryRequest),
|
|
|
|
|
DeleteScheduledQuery: newServer(e.DeleteScheduledQuery, decodeDeleteScheduledQueryRequest),
|
2016-09-29 04:21:39 +00:00
|
|
|
EnrollAgent: newServer(e.EnrollAgent, decodeEnrollAgentRequest),
|
|
|
|
|
GetClientConfig: newServer(e.GetClientConfig, decodeGetClientConfigRequest),
|
|
|
|
|
GetDistributedQueries: newServer(e.GetDistributedQueries, decodeGetDistributedQueriesRequest),
|
|
|
|
|
SubmitDistributedQueryResults: newServer(e.SubmitDistributedQueryResults, decodeSubmitDistributedQueryResultsRequest),
|
|
|
|
|
SubmitLogs: newServer(e.SubmitLogs, decodeSubmitLogsRequest),
|
2016-10-03 03:14:35 +00:00
|
|
|
GetLabel: newServer(e.GetLabel, decodeGetLabelRequest),
|
2016-10-13 18:21:47 +00:00
|
|
|
ListLabels: newServer(e.ListLabels, decodeListLabelsRequest),
|
2016-10-03 03:14:35 +00:00
|
|
|
CreateLabel: newServer(e.CreateLabel, decodeCreateLabelRequest),
|
|
|
|
|
DeleteLabel: newServer(e.DeleteLabel, decodeDeleteLabelRequest),
|
2016-10-06 00:10:44 +00:00
|
|
|
GetHost: newServer(e.GetHost, decodeGetHostRequest),
|
|
|
|
|
DeleteHost: newServer(e.DeleteHost, decodeDeleteHostRequest),
|
2016-10-13 18:21:47 +00:00
|
|
|
ListHosts: newServer(e.ListHosts, decodeListHostsRequest),
|
2017-01-04 21:16:17 +00:00
|
|
|
GetHostSummary: newServer(e.GetHostSummary, decodeNoParamsRequest),
|
2016-11-02 14:59:53 +00:00
|
|
|
SearchTargets: newServer(e.SearchTargets, decodeSearchTargetsRequest),
|
2016-12-29 18:32:28 +00:00
|
|
|
GetOptions: newServer(e.GetOptions, decodeNoParamsRequest),
|
|
|
|
|
ModifyOptions: newServer(e.ModifyOptions, decodeModifyOptionsRequest),
|
2016-09-26 17:14:39 +00:00
|
|
|
}
|
2016-09-04 19:43:12 +00:00
|
|
|
}
|
2016-09-01 04:51:38 +00:00
|
|
|
|
2016-09-26 17:14:39 +00:00
|
|
|
// MakeHandler creates an HTTP handler for the Kolide server endpoints.
|
|
|
|
|
func MakeHandler(ctx context.Context, svc kolide.Service, jwtKey string, logger kitlog.Logger) http.Handler {
|
|
|
|
|
kolideAPIOptions := []kithttp.ServerOption{
|
2016-09-04 19:43:12 +00:00
|
|
|
kithttp.ServerBefore(
|
2016-09-26 17:14:39 +00:00
|
|
|
setRequestsContexts(svc, jwtKey),
|
2016-09-04 19:43:12 +00:00
|
|
|
),
|
|
|
|
|
kithttp.ServerErrorLogger(logger),
|
2016-09-23 02:41:58 +00:00
|
|
|
kithttp.ServerErrorEncoder(encodeError),
|
2016-09-04 19:43:12 +00:00
|
|
|
kithttp.ServerAfter(
|
|
|
|
|
kithttp.SetContentType("application/json; charset=utf-8"),
|
|
|
|
|
),
|
|
|
|
|
}
|
2016-08-28 03:59:17 +00:00
|
|
|
|
2016-09-26 17:14:39 +00:00
|
|
|
kolideEndpoints := MakeKolideServerEndpoints(svc, jwtKey)
|
|
|
|
|
kolideHandlers := makeKolideKitHandlers(ctx, kolideEndpoints, kolideAPIOptions)
|
|
|
|
|
|
2016-09-04 19:43:12 +00:00
|
|
|
r := mux.NewRouter()
|
2016-09-26 17:14:39 +00:00
|
|
|
attachKolideAPIRoutes(r, kolideHandlers)
|
2016-11-23 00:35:43 +00:00
|
|
|
r.HandleFunc("/api/v1/kolide/results/{id}",
|
2016-12-23 01:31:45 +00:00
|
|
|
makeStreamDistributedQueryCampaignResultsHandler(svc, jwtKey, logger)).
|
2016-12-22 17:39:44 +00:00
|
|
|
Methods("GET").Name("distributed_query_results")
|
|
|
|
|
|
|
|
|
|
addMetrics(r)
|
2016-09-05 14:15:58 +00:00
|
|
|
|
2016-08-28 03:59:17 +00:00
|
|
|
return r
|
|
|
|
|
}
|
2016-09-26 17:14:39 +00:00
|
|
|
|
2016-12-22 17:39:44 +00:00
|
|
|
// addMetrics decorates each hander with prometheus instrumentation
|
|
|
|
|
func addMetrics(r *mux.Router) {
|
|
|
|
|
walkFn := func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
|
|
|
|
|
route.Handler(prometheus.InstrumentHandler(route.GetName(), route.GetHandler()))
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
r.Walk(walkFn)
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func attachKolideAPIRoutes(r *mux.Router, h *kolideHandlers) {
|
|
|
|
|
r.Handle("/api/v1/kolide/login", h.Login).Methods("POST").Name("login")
|
|
|
|
|
r.Handle("/api/v1/kolide/logout", h.Logout).Methods("POST").Name("logout")
|
|
|
|
|
r.Handle("/api/v1/kolide/forgot_password", h.ForgotPassword).Methods("POST").Name("forgot_password")
|
|
|
|
|
r.Handle("/api/v1/kolide/reset_password", h.ResetPassword).Methods("POST").Name("reset_password")
|
|
|
|
|
r.Handle("/api/v1/kolide/me", h.Me).Methods("GET").Name("me")
|
|
|
|
|
r.Handle("/api/v1/kolide/change_password", h.ChangePassword).Methods("POST").Name("change_password")
|
2017-01-10 04:42:50 +00:00
|
|
|
r.Handle("/api/v1/kolide/perform_required_password_reset", h.PerformRequiredPasswordReset).Methods("POST").Name("perform_required_password_reset")
|
2016-09-29 04:21:39 +00:00
|
|
|
|
2016-12-22 17:39:44 +00:00
|
|
|
r.Handle("/api/v1/kolide/users", h.ListUsers).Methods("GET").Name("list_users")
|
|
|
|
|
r.Handle("/api/v1/kolide/users", h.CreateUser).Methods("POST").Name("create_user")
|
|
|
|
|
r.Handle("/api/v1/kolide/users/{id}", h.GetUser).Methods("GET").Name("get_user")
|
|
|
|
|
r.Handle("/api/v1/kolide/users/{id}", h.ModifyUser).Methods("PATCH").Name("modify_user")
|
2017-01-06 22:38:39 +00:00
|
|
|
r.Handle("/api/v1/kolide/users/{id}/require_password_reset", h.RequirePasswordReset).Methods("POST").Name("require_password_reset")
|
2016-12-22 17:39:44 +00:00
|
|
|
r.Handle("/api/v1/kolide/users/{id}/sessions", h.GetSessionsForUserInfo).Methods("GET").Name("get_session_for_user")
|
|
|
|
|
r.Handle("/api/v1/kolide/users/{id}/sessions", h.DeleteSessionsForUser).Methods("DELETE").Name("delete_session_for_user")
|
2016-09-29 04:21:39 +00:00
|
|
|
|
2016-12-22 17:39:44 +00:00
|
|
|
r.Handle("/api/v1/kolide/sessions/{id}", h.GetSessionInfo).Methods("GET").Name("get_session_info")
|
|
|
|
|
r.Handle("/api/v1/kolide/sessions/{id}", h.DeleteSession).Methods("DELETE").Name("delete_session")
|
2016-09-29 04:21:39 +00:00
|
|
|
|
2016-12-22 17:39:44 +00:00
|
|
|
r.Handle("/api/v1/kolide/config", h.GetAppConfig).Methods("GET").Name("get_app_config")
|
|
|
|
|
r.Handle("/api/v1/kolide/config", h.ModifyAppConfig).Methods("PATCH").Name("modify_app_config")
|
|
|
|
|
r.Handle("/api/v1/kolide/invites", h.CreateInvite).Methods("POST").Name("create_invite")
|
|
|
|
|
r.Handle("/api/v1/kolide/invites", h.ListInvites).Methods("GET").Name("list_invites")
|
|
|
|
|
r.Handle("/api/v1/kolide/invites/{id}", h.DeleteInvite).Methods("DELETE").Name("delete_invite")
|
2016-12-30 01:58:12 +00:00
|
|
|
r.Handle("/api/v1/kolide/invites/{token}", h.VerifyInvite).Methods("GET").Name("verify_invite")
|
2016-09-29 04:21:39 +00:00
|
|
|
|
2016-12-22 17:39:44 +00:00
|
|
|
r.Handle("/api/v1/kolide/queries/{id}", h.GetQuery).Methods("GET").Name("get_query")
|
|
|
|
|
r.Handle("/api/v1/kolide/queries", h.ListQueries).Methods("GET").Name("list_queries")
|
|
|
|
|
r.Handle("/api/v1/kolide/queries", h.CreateQuery).Methods("POST").Name("create_query")
|
|
|
|
|
r.Handle("/api/v1/kolide/queries/{id}", h.ModifyQuery).Methods("PATCH").Name("modify_query")
|
|
|
|
|
r.Handle("/api/v1/kolide/queries/{id}", h.DeleteQuery).Methods("DELETE").Name("delete_query")
|
|
|
|
|
r.Handle("/api/v1/kolide/queries/delete", h.DeleteQueries).Methods("POST").Name("delete_queries")
|
|
|
|
|
r.Handle("/api/v1/kolide/queries/run", h.CreateDistributedQueryCampaign).Methods("POST").Name("create_distributed_query_campaign")
|
2016-09-29 04:21:39 +00:00
|
|
|
|
2016-12-22 17:39:44 +00:00
|
|
|
r.Handle("/api/v1/kolide/packs/{id}", h.GetPack).Methods("GET").Name("get_pack")
|
|
|
|
|
r.Handle("/api/v1/kolide/packs", h.ListPacks).Methods("GET").Name("list_packs")
|
|
|
|
|
r.Handle("/api/v1/kolide/packs", h.CreatePack).Methods("POST").Name("create_pack")
|
|
|
|
|
r.Handle("/api/v1/kolide/packs/{id}", h.ModifyPack).Methods("PATCH").Name("modify_pack")
|
|
|
|
|
r.Handle("/api/v1/kolide/packs/{id}", h.DeletePack).Methods("DELETE").Name("delete_pack")
|
|
|
|
|
r.Handle("/api/v1/kolide/packs/{id}/scheduled", h.GetScheduledQueriesInPack).Methods("GET").Name("get_scheduled_queries_in_pack")
|
|
|
|
|
r.Handle("/api/v1/kolide/schedule", h.ScheduleQuery).Methods("POST").Name("schedule_query")
|
|
|
|
|
r.Handle("/api/v1/kolide/schedule/{id}", h.GetScheduledQuery).Methods("GET").Name("get_scheduled_query")
|
|
|
|
|
r.Handle("/api/v1/kolide/schedule/{id}", h.ModifyScheduledQuery).Methods("PATCH").Name("modify_scheduled_query")
|
|
|
|
|
r.Handle("/api/v1/kolide/schedule/{id}", h.DeleteScheduledQuery).Methods("DELETE").Name("delete_scheduled_query")
|
|
|
|
|
r.Handle("/api/v1/kolide/labels/{id}", h.GetLabel).Methods("GET").Name("get_label")
|
|
|
|
|
r.Handle("/api/v1/kolide/labels", h.ListLabels).Methods("GET").Name("list_labels")
|
|
|
|
|
r.Handle("/api/v1/kolide/labels", h.CreateLabel).Methods("POST").Name("create_label")
|
|
|
|
|
r.Handle("/api/v1/kolide/labels/{id}", h.DeleteLabel).Methods("DELETE").Name("delete_label")
|
2016-09-29 04:21:39 +00:00
|
|
|
|
2016-12-22 17:39:44 +00:00
|
|
|
r.Handle("/api/v1/kolide/hosts", h.ListHosts).Methods("GET").Name("list_hosts")
|
2017-01-04 21:16:17 +00:00
|
|
|
r.Handle("/api/v1/kolide/host_summary", h.GetHostSummary).Methods("GET").Name("get_host_summary")
|
2016-12-22 17:39:44 +00:00
|
|
|
r.Handle("/api/v1/kolide/hosts/{id}", h.GetHost).Methods("GET").Name("get_host")
|
|
|
|
|
r.Handle("/api/v1/kolide/hosts/{id}", h.DeleteHost).Methods("DELETE").Name("delete_host")
|
2016-10-06 00:10:44 +00:00
|
|
|
|
2016-12-29 18:32:28 +00:00
|
|
|
r.Handle("/api/v1/kolide/options", h.GetOptions).Methods("GET").Name("get_options")
|
|
|
|
|
r.Handle("/api/v1/kolide/options", h.ModifyOptions).Methods("PATCH").Name("modify_options")
|
|
|
|
|
|
2016-12-22 17:39:44 +00:00
|
|
|
r.Handle("/api/v1/kolide/targets", h.SearchTargets).Methods("POST").Name("search_targets")
|
2016-11-02 14:59:53 +00:00
|
|
|
|
2016-12-22 17:39:44 +00:00
|
|
|
r.Handle("/api/v1/osquery/enroll", h.EnrollAgent).Methods("POST").Name("enroll_agent")
|
|
|
|
|
r.Handle("/api/v1/osquery/config", h.GetClientConfig).Methods("POST").Name("get_client_config")
|
|
|
|
|
r.Handle("/api/v1/osquery/distributed/read", h.GetDistributedQueries).Methods("POST").Name("get_distributed_queries")
|
|
|
|
|
r.Handle("/api/v1/osquery/distributed/write", h.SubmitDistributedQueryResults).Methods("POST").Name("submit_distributed_query_results")
|
|
|
|
|
r.Handle("/api/v1/osquery/log", h.SubmitLogs).Methods("POST").Name("submit_logs")
|
2016-09-26 17:14:39 +00:00
|
|
|
}
|
2016-11-09 17:19:07 +00:00
|
|
|
|
|
|
|
|
// WithSetup is an http middleware that checks if a database user exists.
|
|
|
|
|
// If one does, it serves the API with a setup middleware.
|
|
|
|
|
// If the server is already configured, the default API handler is exposed.
|
2016-12-02 18:46:31 +00:00
|
|
|
func WithSetup(svc kolide.Service, logger kitlog.Logger, next http.Handler) http.HandlerFunc {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
configRouter := http.NewServeMux()
|
|
|
|
|
configRouter.Handle("/api/v1/setup", kithttp.NewServer(
|
|
|
|
|
context.Background(),
|
|
|
|
|
makeSetupEndpoint(svc),
|
|
|
|
|
decodeSetupRequest,
|
|
|
|
|
encodeResponse,
|
|
|
|
|
))
|
|
|
|
|
if RequireSetup(svc, logger) {
|
|
|
|
|
configRouter.ServeHTTP(w, r)
|
|
|
|
|
} else {
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
}
|
2016-11-09 17:19:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-29 23:36:36 +00:00
|
|
|
// RedirectLoginToSetup detects if the setup endpoint should be used. If setup is required it redirect all
|
|
|
|
|
// frontend urls to /setup, otherwise the frontend router is used.
|
|
|
|
|
func RedirectLoginToSetup(svc kolide.Service, logger kitlog.Logger, next http.Handler) http.HandlerFunc {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
redirect := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if r.URL.Path == "/setup" {
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
newURL := r.URL
|
|
|
|
|
newURL.Path = "/setup"
|
|
|
|
|
http.Redirect(w, r, newURL.String(), http.StatusTemporaryRedirect)
|
|
|
|
|
})
|
|
|
|
|
if RequireSetup(svc, logger) {
|
|
|
|
|
redirect.ServeHTTP(w, r)
|
|
|
|
|
} else {
|
2017-01-11 19:05:07 +00:00
|
|
|
RedirectSetupToLogin(svc, logger, next).ServeHTTP(w, r)
|
2016-12-29 23:36:36 +00:00
|
|
|
}
|
2016-11-09 17:19:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RequireSetup checks if the service must be configured by an administrator.
|
|
|
|
|
func RequireSetup(svc kolide.Service, logger kitlog.Logger) bool {
|
2016-11-10 00:35:49 +00:00
|
|
|
users, err := svc.ListUsers(context.Background(), kolide.ListOptions{Page: 0, PerPage: 1})
|
2016-11-09 17:19:07 +00:00
|
|
|
if err != nil {
|
|
|
|
|
logger.Log("err", err)
|
2016-12-02 18:46:31 +00:00
|
|
|
return false
|
2016-11-09 17:19:07 +00:00
|
|
|
}
|
|
|
|
|
return len(users) == 0
|
|
|
|
|
}
|
2017-01-11 19:05:07 +00:00
|
|
|
|
|
|
|
|
// RedirectSetupToLogin forces the /setup path to be redirected to login. This middleware is used after
|
|
|
|
|
// the app has been setup.
|
|
|
|
|
func RedirectSetupToLogin(svc kolide.Service, logger kitlog.Logger, next http.Handler) http.HandlerFunc {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if r.URL.Path == "/setup" {
|
|
|
|
|
newURL := r.URL
|
|
|
|
|
newURL.Path = "/login"
|
|
|
|
|
http.Redirect(w, r, newURL.String(), http.StatusTemporaryRedirect)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
}
|
|
|
|
|
}
|
