Secure all endpoints
This commit is contained in:
parent
9e169980e3
commit
9bb7148f50
|
@ -15,23 +15,20 @@ __author__ = 'Barak'
|
|||
|
||||
|
||||
class Monkey(flask_restful.Resource):
|
||||
|
||||
# Used by monkey. can't secure.
|
||||
def get(self, guid=None, **kw):
|
||||
NodeService.update_dead_monkeys() # refresh monkeys status
|
||||
if not guid:
|
||||
guid = request.args.get('guid')
|
||||
timestamp = request.args.get('timestamp')
|
||||
|
||||
if guid:
|
||||
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
|
||||
return monkey_json
|
||||
else:
|
||||
result = {'timestamp': datetime.now().isoformat()}
|
||||
find_filter = {}
|
||||
if timestamp is not None:
|
||||
find_filter['modifytime'] = {'$gt': dateutil.parser.parse(timestamp)}
|
||||
result['objects'] = [x for x in mongo.db.monkey.find(find_filter)]
|
||||
return result
|
||||
|
||||
return {}
|
||||
|
||||
# Used by monkey. can't secure.
|
||||
def patch(self, guid):
|
||||
monkey_json = json.loads(request.data)
|
||||
update = {"$set": {'modifytime': datetime.now()}}
|
||||
|
@ -51,6 +48,7 @@ class Monkey(flask_restful.Resource):
|
|||
|
||||
return mongo.db.monkey.update({"_id": monkey["_id"]}, update, upsert=False)
|
||||
|
||||
# Used by monkey. can't secure.
|
||||
def post(self, **kw):
|
||||
monkey_json = json.loads(request.data)
|
||||
monkey_json['creds'] = []
|
||||
|
|
|
@ -1,18 +1,20 @@
|
|||
import json
|
||||
|
||||
from flask import request, jsonify
|
||||
import flask_restful
|
||||
from flask import request, jsonify
|
||||
|
||||
from cc.database import mongo
|
||||
from cc.auth import jwt_required
|
||||
from cc.services.config import ConfigService
|
||||
|
||||
__author__ = 'Barak'
|
||||
|
||||
|
||||
class MonkeyConfiguration(flask_restful.Resource):
|
||||
@jwt_required()
|
||||
def get(self):
|
||||
return jsonify(schema=ConfigService.get_config_schema(), configuration=ConfigService.get_config())
|
||||
|
||||
@jwt_required()
|
||||
def post(self):
|
||||
config_json = json.loads(request.data)
|
||||
if config_json.has_key('reset'):
|
||||
|
@ -20,4 +22,3 @@ class MonkeyConfiguration(flask_restful.Resource):
|
|||
else:
|
||||
ConfigService.update_config(config_json)
|
||||
return self.get()
|
||||
|
||||
|
|
|
@ -47,9 +47,12 @@ def get_monkey_executable(host_os, machine):
|
|||
|
||||
|
||||
class MonkeyDownload(flask_restful.Resource):
|
||||
|
||||
# Used by monkey. can't secure.
|
||||
def get(self, path):
|
||||
return send_from_directory('binaries', path)
|
||||
|
||||
# Used by monkey. can't secure.
|
||||
def post(self):
|
||||
host_json = json.loads(request.data)
|
||||
host_os = host_json.get('os')
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import flask_restful
|
||||
|
||||
from cc.auth import jwt_required
|
||||
from cc.services.edge import EdgeService
|
||||
from cc.services.node import NodeService
|
||||
from cc.database import mongo
|
||||
|
@ -8,6 +9,7 @@ __author__ = 'Barak'
|
|||
|
||||
|
||||
class NetMap(flask_restful.Resource):
|
||||
@jwt_required()
|
||||
def get(self, **kw):
|
||||
monkeys = [NodeService.monkey_to_net_node(x) for x in mongo.db.monkey.find({})]
|
||||
nodes = [NodeService.node_to_net_node(x) for x in mongo.db.node.find({})]
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
from flask import request
|
||||
import flask_restful
|
||||
|
||||
from cc.auth import jwt_required
|
||||
from cc.services.node import NodeService
|
||||
|
||||
__author__ = 'Barak'
|
||||
|
||||
|
||||
class Node(flask_restful.Resource):
|
||||
@jwt_required()
|
||||
def get(self):
|
||||
node_id = request.args.get('id')
|
||||
if node_id:
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
import flask_restful
|
||||
|
||||
from cc.auth import jwt_required
|
||||
from cc.services.report import ReportService
|
||||
|
||||
__author__ = "itay.mizeretz"
|
||||
|
||||
|
||||
class Report(flask_restful.Resource):
|
||||
|
||||
@jwt_required()
|
||||
def get(self):
|
||||
return ReportService.get_report()
|
||||
|
|
|
@ -3,6 +3,7 @@ from datetime import datetime
|
|||
import flask_restful
|
||||
from flask import request, make_response, jsonify
|
||||
|
||||
from cc.auth import jwt_required
|
||||
from cc.database import mongo
|
||||
from cc.services.config import ConfigService
|
||||
from cc.services.node import NodeService
|
||||
|
@ -13,6 +14,8 @@ __author__ = 'Barak'
|
|||
|
||||
|
||||
class Root(flask_restful.Resource):
|
||||
|
||||
@jwt_required()
|
||||
def get(self, action=None):
|
||||
if not action:
|
||||
action = request.args.get('action')
|
||||
|
|
|
@ -7,6 +7,7 @@ import dateutil
|
|||
import flask_restful
|
||||
from flask import request
|
||||
|
||||
from cc.auth import jwt_required
|
||||
from cc.database import mongo
|
||||
from cc.services.config import ConfigService
|
||||
from cc.services.edge import EdgeService
|
||||
|
@ -16,6 +17,7 @@ __author__ = 'Barak'
|
|||
|
||||
|
||||
class Telemetry(flask_restful.Resource):
|
||||
@jwt_required()
|
||||
def get(self, **kw):
|
||||
monkey_guid = request.args.get('monkey_guid')
|
||||
telem_type = request.args.get('telem_type')
|
||||
|
@ -36,6 +38,7 @@ class Telemetry(flask_restful.Resource):
|
|||
result['objects'] = self.telemetry_to_displayed_telemetry(mongo.db.telemetry.find(find_filter))
|
||||
return result
|
||||
|
||||
# Used by monkey. can't secure.
|
||||
def post(self):
|
||||
telemetry_json = json.loads(request.data)
|
||||
telemetry_json['timestamp'] = datetime.now()
|
||||
|
|
|
@ -5,6 +5,7 @@ import flask_restful
|
|||
from flask import request
|
||||
import flask_pymongo
|
||||
|
||||
from cc.auth import jwt_required
|
||||
from cc.database import mongo
|
||||
from cc.services.node import NodeService
|
||||
|
||||
|
@ -12,6 +13,7 @@ __author__ = 'itay.mizeretz'
|
|||
|
||||
|
||||
class TelemetryFeed(flask_restful.Resource):
|
||||
@jwt_required()
|
||||
def get(self, **kw):
|
||||
timestamp = request.args.get('timestamp')
|
||||
if "null" == timestamp or timestamp is None: # special case to avoid ugly JS code...
|
||||
|
|
Loading…
Reference in New Issue