First approach of simple protected routes

2024-11-06 09:55:18 +00:00 · 2018-01-24 21:33:45 +01:00 · 2018-01-24 21:33:45 +01:00 · e6082e2d29
commit e6082e2d29
parent 459f58ff4a
4 changed files with 81 additions and 4 deletions
--- a/config.yml
+++ b/config.yml
@ -21,4 +21,8 @@ extensions:
  pci       : false
  oscap     : true
  aws       : false
-  virustotal: false
+  virustotal: false
+
+login:
+  enabled : true
+  password: changeme
--- a/public/controllers/login.js
+++ b/public/controllers/login.js
@ -0,0 +1,7 @@
+const app = require('ui/modules').get('app/wazuh', []);
+
+app.controller('loginController', function ($scope, appState) {
+    $scope.submit = async () => {
+
+    }
+});
--- a/public/templates/auth/login.html
+++ b/public/templates/auth/login.html
@ -0,0 +1,13 @@
+<md-content flex ng-controller="loginController" layout="column">
+    <md-input-container class="md-block">
+        <label>Password</label>
+        <input required type="password" name="passwordField" ng-model="passwordField"  minlength="1" maxlength="100" />
+        <md-button type="submit" class="buttonBlueLightSettings md-raised md-primary">
+            <i class="fa fa-plus-circle settings-template-3" aria-hidden="true"></i> Submit
+        </md-button>
+    
+        <div role="alert" ng-show="errorFromRequest">
+          {{ errorFromRequest }}
+        </div>
+      </md-input-container>
+</md-content>
--- a/server/api/wazuh-api.js
+++ b/server/api/wazuh-api.js
@ -17,7 +17,9 @@ const path = require('path');
 const pciRequirementsFile = '../integration_files/pci_requirements.json';

 module.exports = (server, options) => {
-
+    if(typeof global.sessions === 'undefined') {
+        global.sessions = { };
+    }
    // Variables
    let packageInfo;

@ -27,9 +29,20 @@ module.exports = (server, options) => {
    } catch (e) {
        server.log([blueWazuh, 'initialize', 'error'], 'Could not read the Wazuh package file.');
    }
+    
+    global.protectedRoute = req => {
+        const session = (req.method === 'get') ? sessions[req.query.code] : sessions[req.payload.code];
+        if(!session) return false;
+        const timeElapsed = (new Date() - session.created) / 1000;
+        if(timeElapsed >= session.exp){
+            delete sessions[req.payload.code];
+            return false;
+        }
+        return true;
+    }

    const checkStoredAPI = (req, reply) => {
-
+        if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500);
        // Get config from elasticsearch
        getConfig(req.payload, (wapi_config) => {
            if (wapi_config.error_code > 1) {
@ -241,6 +254,7 @@ module.exports = (server, options) => {
    };

    const getPciRequirement = (req, reply) => {
+        if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500);
        let pciRequirements = {};
        let pci_description = '';

@ -342,6 +356,7 @@ module.exports = (server, options) => {
    };

    const requestApi = (req, reply) => {
+        if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500);
        if (!req.payload.method) {
            reply({
                'statusCode': 400,
@ -360,6 +375,7 @@ module.exports = (server, options) => {
    };

    const getApiSettings = (req, reply) => {
+        if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500);
        getConfig(req.payload.id, (wapi_config) => {
            if (wapi_config.error_code > 1) {
                //Can not connect to elasticsearch
@ -382,6 +398,7 @@ module.exports = (server, options) => {

    // Fetch agent status and insert it directly on demand
    const fetchAgents = (req, reply) => {
+        if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500);
        fetchAgentsExternal();
        return reply({
            'statusCode': 200,
@ -415,7 +432,12 @@ module.exports = (server, options) => {

    const getConfigurationFile = (req,reply) => {
        try{
+
+            if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500);
            const configFile = yml.load(fs.readFileSync(path.join(__dirname,'../../') + 'config.yml', {encoding: 'utf-8'}));
+            if(configFile.login){
+                delete configFile.login.password;
+            }
            return reply({
                statusCode: 200,
                error:      0,
@ -424,9 +446,34 @@ module.exports = (server, options) => {
        } catch (error) {
            return reply(genericErrorBuilder(500,6,error.message || error)).code(500)
        }
-
    }

+    const login = (req,reply) => {
+        try{
+            const configFile = yml.load(fs.readFileSync(path.join(__dirname,'../../') + 'config.yml', {encoding: 'utf-8'}));
+            if(!req.payload.password) {
+                return reply(genericErrorBuilder(500,7,'Please give me a password.')).code(500)
+            } else if(req.payload.password !== configFile.login.password){
+                return reply(genericErrorBuilder(500,7,'Wrong password, please try again.')).code(500)
+            }
+
+            const code = (new Date()-1) + 'wazuhapp';
+            sessions[code] = {
+                created: new Date(),
+                exp: 60
+            }
+            return reply({
+                statusCode: 200,
+                error:      0,
+                code: code
+            });
+        } catch (error) {
+            return reply(genericErrorBuilder(500,6,error.message || error)).code(500)
+        }
+    }
+
+
+
    //Server routes

    /*
@ -512,4 +559,10 @@ module.exports = (server, options) => {
        path:    '/api/wazuh-api/configuration',
        handler: getConfigurationFile
    });
+
+    server.route({
+        method:  'POST',
+        path:    '/api/wazuh-api/login',
+        handler: login
+    });
 };