diff --git a/config.yml b/config.yml index 674037c5e..5b7bb4d74 100644 --- a/config.yml +++ b/config.yml @@ -21,4 +21,8 @@ extensions: pci : false oscap : true aws : false - virustotal: false \ No newline at end of file + virustotal: false + +login: + enabled : true + password: changeme \ No newline at end of file diff --git a/public/controllers/login.js b/public/controllers/login.js new file mode 100644 index 000000000..709eb5c6b --- /dev/null +++ b/public/controllers/login.js @@ -0,0 +1,7 @@ +const app = require('ui/modules').get('app/wazuh', []); + +app.controller('loginController', function ($scope, appState) { + $scope.submit = async () => { + + } +}); \ No newline at end of file diff --git a/public/templates/auth/login.html b/public/templates/auth/login.html new file mode 100644 index 000000000..65a07c319 --- /dev/null +++ b/public/templates/auth/login.html @@ -0,0 +1,13 @@ + + + + + + Submit + + +
+ {{ errorFromRequest }} +
+ + \ No newline at end of file diff --git a/server/api/wazuh-api.js b/server/api/wazuh-api.js index f131dcdde..5b704ef03 100644 --- a/server/api/wazuh-api.js +++ b/server/api/wazuh-api.js @@ -17,7 +17,9 @@ const path = require('path'); const pciRequirementsFile = '../integration_files/pci_requirements.json'; module.exports = (server, options) => { - + if(typeof global.sessions === 'undefined') { + global.sessions = { }; + } // Variables let packageInfo; @@ -27,9 +29,20 @@ module.exports = (server, options) => { } catch (e) { server.log([blueWazuh, 'initialize', 'error'], 'Could not read the Wazuh package file.'); } + + global.protectedRoute = req => { + const session = (req.method === 'get') ? sessions[req.query.code] : sessions[req.payload.code]; + if(!session) return false; + const timeElapsed = (new Date() - session.created) / 1000; + if(timeElapsed >= session.exp){ + delete sessions[req.payload.code]; + return false; + } + return true; + } const checkStoredAPI = (req, reply) => { - + if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500); // Get config from elasticsearch getConfig(req.payload, (wapi_config) => { if (wapi_config.error_code > 1) { @@ -241,6 +254,7 @@ module.exports = (server, options) => { }; const getPciRequirement = (req, reply) => { + if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500); let pciRequirements = {}; let pci_description = ''; @@ -342,6 +356,7 @@ module.exports = (server, options) => { }; const requestApi = (req, reply) => { + if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500); if (!req.payload.method) { reply({ 'statusCode': 400, @@ -360,6 +375,7 @@ module.exports = (server, options) => { }; const getApiSettings = (req, reply) => { + if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500); getConfig(req.payload.id, (wapi_config) => { if (wapi_config.error_code > 1) { //Can not connect to elasticsearch @@ -382,6 +398,7 @@ module.exports = (server, options) => { // Fetch agent status and insert it directly on demand const fetchAgents = (req, reply) => { + if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500); fetchAgentsExternal(); return reply({ 'statusCode': 200, @@ -415,7 +432,12 @@ module.exports = (server, options) => { const getConfigurationFile = (req,reply) => { try{ + + if(!protectedRoute(req)) return reply(genericErrorBuilder(500,7,'Session expired.')).code(500); const configFile = yml.load(fs.readFileSync(path.join(__dirname,'../../') + 'config.yml', {encoding: 'utf-8'})); + if(configFile.login){ + delete configFile.login.password; + } return reply({ statusCode: 200, error: 0, @@ -424,9 +446,34 @@ module.exports = (server, options) => { } catch (error) { return reply(genericErrorBuilder(500,6,error.message || error)).code(500) } - } + const login = (req,reply) => { + try{ + const configFile = yml.load(fs.readFileSync(path.join(__dirname,'../../') + 'config.yml', {encoding: 'utf-8'})); + if(!req.payload.password) { + return reply(genericErrorBuilder(500,7,'Please give me a password.')).code(500) + } else if(req.payload.password !== configFile.login.password){ + return reply(genericErrorBuilder(500,7,'Wrong password, please try again.')).code(500) + } + + const code = (new Date()-1) + 'wazuhapp'; + sessions[code] = { + created: new Date(), + exp: 60 + } + return reply({ + statusCode: 200, + error: 0, + code: code + }); + } catch (error) { + return reply(genericErrorBuilder(500,6,error.message || error)).code(500) + } + } + + + //Server routes /* @@ -512,4 +559,10 @@ module.exports = (server, options) => { path: '/api/wazuh-api/configuration', handler: getConfigurationFile }); + + server.route({ + method: 'POST', + path: '/api/wazuh-api/login', + handler: login + }); }; \ No newline at end of file