mirror of https://github.com/D4-project/d4-core
fix: [api register_sensor] fix role + endpoint
Terrtia
parent
e5720087de
commit
3630ec0460
|
|
@ -21,7 +21,7 @@ def is_valid_uuid_v4(UUID):
|
|||
except:
|
||||
return False
|
||||
|
||||
## TODO: add user_id + description
|
||||
## TODO: add description
|
||||
def register_sensor(req_dict):
|
||||
sensor_uuid = req_dict.get('uuid', None)
|
||||
hmac_key = req_dict.get('hmac_key', None)
|
||||
|
|
@ -33,14 +33,16 @@ def register_sensor(req_dict):
|
|||
if r_serv_db.exists('metadata_uuid:{}'.format(sensor_uuid)):
|
||||
return ({"status": "error", "reason": "Sensor already registred"}, 409)
|
||||
|
||||
res = _register_sensor(sensor_uuid, hmac_key, user_id=None, description=None)
|
||||
user_id = req_dict.get('uuid', None)
|
||||
|
||||
res = _register_sensor(sensor_uuid, hmac_key, user_id=user_id, description=None)
|
||||
return res
|
||||
|
||||
|
||||
def _register_sensor(sensor_uuid, secret_key, user_id=None, description=None):
|
||||
r_serv_db.hset('metadata_uuid:{}'.format(sensor_uuid), 'hmac_key', secret_key)
|
||||
if user_id:
|
||||
r_serv_db.hset('metadata_uuid:{}'.format(sensor_uuid), 'description', description)
|
||||
r_serv_db.hset('metadata_uuid:{}'.format(sensor_uuid), 'user_mail', user_id)
|
||||
if description:
|
||||
r_serv_db.hset('metadata_uuid:{}'.format(sensor_uuid), 'description', description)
|
||||
return ({'uuid': sensor_uuid}, 200)
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ import bcrypt
|
|||
|
||||
# Import Role_Manager
|
||||
from Role_Manager import create_user_db, check_password_strength, check_user_role_integrity
|
||||
from Role_Manager import login_admin, login_analyst
|
||||
from Role_Manager import login_user_basic
|
||||
|
||||
sys.path.append(os.path.join(os.environ['D4_HOME'], 'lib'))
|
||||
from User import User
|
||||
|
|
@ -361,18 +361,16 @@ def logout():
|
|||
def role():
|
||||
return render_template("error/403.html"), 403
|
||||
|
||||
@app.route('/test')
|
||||
def test():
|
||||
return 'test'
|
||||
|
||||
@app.route('/')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def index():
|
||||
date = datetime.datetime.now().strftime("%Y/%m/%d")
|
||||
return render_template("index.html", date=date)
|
||||
|
||||
@app.route('/_json_daily_uuid_stats')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def _json_daily_uuid_stats():
|
||||
date = datetime.datetime.now().strftime("%Y%m%d")
|
||||
daily_uuid = redis_server_metadata.zrange('daily_uuid:{}'.format(date), 0, -1, withscores=True)
|
||||
|
|
@ -385,6 +383,7 @@ def _json_daily_uuid_stats():
|
|||
|
||||
@app.route('/_json_daily_type_stats')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def _json_daily_type_stats():
|
||||
date = datetime.datetime.now().strftime("%Y%m%d")
|
||||
daily_uuid = redis_server_metadata.zrange('daily_type:{}'.format(date), 0, -1, withscores=True)
|
||||
|
|
@ -402,6 +401,7 @@ def _json_daily_type_stats():
|
|||
|
||||
@app.route('/sensors_status')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def sensors_status():
|
||||
active_connection_filter = request.args.get('active_connection_filter')
|
||||
if active_connection_filter is None:
|
||||
|
|
@ -482,6 +482,7 @@ def sensors_status():
|
|||
|
||||
@app.route('/show_active_uuid')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def show_active_uuid():
|
||||
#swap switch value
|
||||
active_connection_filter = request.args.get('show_active_connection')
|
||||
|
|
@ -497,6 +498,7 @@ def show_active_uuid():
|
|||
|
||||
@app.route('/server_management')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def server_management():
|
||||
blacklisted_ip = request.args.get('blacklisted_ip')
|
||||
unblacklisted_ip = request.args.get('unblacklisted_ip')
|
||||
|
|
@ -568,6 +570,7 @@ def server_management():
|
|||
|
||||
@app.route('/uuid_management')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def uuid_management():
|
||||
uuid_sensor = request.args.get('uuid')
|
||||
if is_valid_uuid_v4(uuid_sensor):
|
||||
|
|
@ -641,6 +644,7 @@ def uuid_management():
|
|||
|
||||
@app.route('/blacklisted_ip')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def blacklisted_ip():
|
||||
blacklisted_ip = request.args.get('blacklisted_ip')
|
||||
unblacklisted_ip = request.args.get('unblacklisted_ip')
|
||||
|
|
@ -667,6 +671,7 @@ def blacklisted_ip():
|
|||
|
||||
@app.route('/blacklisted_uuid')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def blacklisted_uuid():
|
||||
blacklisted_uuid = request.args.get('blacklisted_uuid')
|
||||
unblacklisted_uuid = request.args.get('unblacklisted_uuid')
|
||||
|
|
@ -694,6 +699,7 @@ def blacklisted_uuid():
|
|||
|
||||
@app.route('/uuid_change_stream_max_size')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def uuid_change_stream_max_size():
|
||||
uuid_sensor = request.args.get('uuid')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -713,6 +719,7 @@ def uuid_change_stream_max_size():
|
|||
|
||||
@app.route('/uuid_change_description')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def uuid_change_description():
|
||||
uuid_sensor = request.args.get('uuid')
|
||||
description = request.args.get('description')
|
||||
|
|
@ -725,6 +732,7 @@ def uuid_change_description():
|
|||
# # TODO: check analyser uuid dont exist
|
||||
@app.route('/add_new_analyzer')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def add_new_analyzer():
|
||||
type = request.args.get('type')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -752,6 +760,7 @@ def add_new_analyzer():
|
|||
|
||||
@app.route('/empty_analyzer_queue')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def empty_analyzer_queue():
|
||||
analyzer_uuid = request.args.get('analyzer_uuid')
|
||||
type = request.args.get('type')
|
||||
|
|
@ -775,6 +784,7 @@ def empty_analyzer_queue():
|
|||
|
||||
@app.route('/remove_analyzer')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def remove_analyzer():
|
||||
analyzer_uuid = request.args.get('analyzer_uuid')
|
||||
type = request.args.get('type')
|
||||
|
|
@ -801,6 +811,7 @@ def remove_analyzer():
|
|||
|
||||
@app.route('/analyzer_change_max_size')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def analyzer_change_max_size():
|
||||
analyzer_uuid = request.args.get('analyzer_uuid')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -820,6 +831,7 @@ def analyzer_change_max_size():
|
|||
|
||||
@app.route('/kick_uuid')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def kick_uuid():
|
||||
uuid_sensor = request.args.get('uuid')
|
||||
if is_valid_uuid_v4(uuid_sensor):
|
||||
|
|
@ -830,6 +842,7 @@ def kick_uuid():
|
|||
|
||||
@app.route('/blacklist_uuid')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def blacklist_uuid():
|
||||
uuid_sensor = request.args.get('uuid')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -851,6 +864,7 @@ def blacklist_uuid():
|
|||
|
||||
@app.route('/unblacklist_uuid')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def unblacklist_uuid():
|
||||
uuid_sensor = request.args.get('uuid')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -875,6 +889,7 @@ def unblacklist_uuid():
|
|||
|
||||
@app.route('/blacklist_ip')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def blacklist_ip():
|
||||
ip = request.args.get('ip')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -901,6 +916,7 @@ def blacklist_ip():
|
|||
|
||||
@app.route('/unblacklist_ip')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def unblacklist_ip():
|
||||
ip = request.args.get('ip')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -929,6 +945,7 @@ def unblacklist_ip():
|
|||
|
||||
@app.route('/blacklist_ip_by_uuid')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def blacklist_ip_by_uuid():
|
||||
uuid_sensor = request.args.get('uuid')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -941,6 +958,7 @@ def blacklist_ip_by_uuid():
|
|||
|
||||
@app.route('/unblacklist_ip_by_uuid')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def unblacklist_ip_by_uuid():
|
||||
uuid_sensor = request.args.get('uuid')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -953,6 +971,7 @@ def unblacklist_ip_by_uuid():
|
|||
|
||||
@app.route('/add_accepted_type')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def add_accepted_type():
|
||||
type = request.args.get('type')
|
||||
extended_type_name = request.args.get('extended_type_name')
|
||||
|
|
@ -973,6 +992,7 @@ def add_accepted_type():
|
|||
|
||||
@app.route('/remove_accepted_type')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def remove_accepted_type():
|
||||
type = request.args.get('type')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -986,6 +1006,7 @@ def remove_accepted_type():
|
|||
|
||||
@app.route('/remove_accepted_extended_type')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def remove_accepted_extended_type():
|
||||
type_name = request.args.get('type_name')
|
||||
redis_server_metadata.srem('server:accepted_extended_type', type_name)
|
||||
|
|
@ -994,6 +1015,7 @@ def remove_accepted_extended_type():
|
|||
# demo function
|
||||
@app.route('/delete_data')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def delete_data():
|
||||
date = datetime.datetime.now().strftime("%Y%m%d")
|
||||
redis_server_metadata.delete('daily_type:{}'.format(date))
|
||||
|
|
@ -1003,6 +1025,7 @@ def delete_data():
|
|||
# demo function
|
||||
@app.route('/set_uuid_hmac_key')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def set_uuid_hmac_key():
|
||||
uuid_sensor = request.args.get('uuid')
|
||||
user = request.args.get('redirect')
|
||||
|
|
@ -1015,6 +1038,7 @@ def set_uuid_hmac_key():
|
|||
# demo function
|
||||
@app.route('/whois_data')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def whois_data():
|
||||
ip = request.args.get('ip')
|
||||
if is_valid_ip:
|
||||
|
|
@ -1024,12 +1048,14 @@ def whois_data():
|
|||
|
||||
@app.route('/generate_uuid')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def generate_uuid():
|
||||
new_uuid = uuid.uuid4()
|
||||
return jsonify({'uuid': new_uuid})
|
||||
|
||||
@app.route('/get_analyser_sample')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def get_analyser_sample():
|
||||
type = request.args.get('type')
|
||||
analyzer_uuid = request.args.get('analyzer_uuid')
|
||||
|
|
@ -1058,6 +1084,7 @@ def get_analyser_sample():
|
|||
|
||||
@app.route('/get_uuid_type_history_json')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def get_uuid_type_history_json():
|
||||
uuid_sensor = request.args.get('uuid_sensor')
|
||||
if is_valid_uuid_v4(uuid_sensor):
|
||||
|
|
@ -1089,6 +1116,7 @@ def get_uuid_type_history_json():
|
|||
|
||||
@app.route('/get_uuid_stats_history_json')
|
||||
@login_required
|
||||
@login_user_basic
|
||||
def get_uuid_stats_history_json():
|
||||
uuid_sensor = request.args.get('uuid_sensor')
|
||||
stats = request.args.get('stats')
|
||||
|
|
|
|||
|
|
@ -42,12 +42,12 @@ def login_admin(func):
|
|||
return func(*args, **kwargs)
|
||||
return decorated_view
|
||||
|
||||
def login_analyst(func):
|
||||
def login_user_basic(func):
|
||||
@wraps(func)
|
||||
def decorated_view(*args, **kwargs):
|
||||
if not current_user.is_authenticated:
|
||||
return login_manager.unauthorized()
|
||||
elif (not current_user.is_in_role('analyst')):
|
||||
elif (not current_user.is_in_role('user')):
|
||||
return login_manager.unauthorized()
|
||||
return func(*args, **kwargs)
|
||||
return decorated_view
|
||||
|
|
@ -158,7 +158,7 @@ def get_role_level(role):
|
|||
|
||||
def get_all_user_role(user_role):
|
||||
current_role_val = get_role_level(user_role)
|
||||
return r_serv_db.zrange('d4:all_role', current_role_val -1, -1)
|
||||
return r_serv_db.zrangebyscore('d4:all_role', current_role_val -1, 50)
|
||||
|
||||
def get_all_user_upper_role(user_role):
|
||||
current_role_val = get_role_level(user_role)
|
||||
|
|
|
|||
|
|
@ -33,6 +33,16 @@ if __name__ == "__main__":
|
|||
edit_user_db(username, password=password, role='admin')
|
||||
else:
|
||||
create_user_db(username, password, role='admin', default=True)
|
||||
|
||||
|
||||
username2 = 'config_generator@register.test'
|
||||
password2 = gen_password()
|
||||
if r_serv.exists('user_metadata:config_generator@register.test'):
|
||||
edit_user_db(username2, password=password2, role='sensor_register')
|
||||
else:
|
||||
create_user_db(username2, password2, role='sensor_register', default=True)
|
||||
|
||||
|
||||
token = get_default_admin_token()
|
||||
|
||||
default_passwd_file = os.path.join(os.environ['D4_HOME'], 'DEFAULT_PASSWORD')
|
||||
|
|
|
|||
Loading…
Reference in New Issue