feat: agent metadata with custom collectors
This commit is contained in:
@ -1,11 +1,14 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"forge.cadoles.com/Cadoles/emissary/internal/agent/metadata"
|
||||
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
|
||||
"forge.cadoles.com/Cadoles/emissary/internal/jwk"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/api"
|
||||
@ -13,13 +16,16 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
ErrCodeUnknownError api.ErrorCode = "unknown-error"
|
||||
ErrCodeNotFound api.ErrorCode = "not-found"
|
||||
ErrCodeAlreadyRegistered api.ErrorCode = "already-registered"
|
||||
ErrCodeUnknownError api.ErrorCode = "unknown-error"
|
||||
ErrCodeNotFound api.ErrorCode = "not-found"
|
||||
ErrInvalidSignature api.ErrorCode = "invalid-signature"
|
||||
)
|
||||
|
||||
type registerAgentRequest struct {
|
||||
RemoteID string `json:"remoteId"`
|
||||
KeySet json.RawMessage `json:"keySet" validate:"required"`
|
||||
Metadata []metadata.Tuple `json:"metadata" validate:"required"`
|
||||
Thumbprint string `json:"thumbprint" validate:"required"`
|
||||
Signature string `json:"signature" validate:"required"`
|
||||
}
|
||||
|
||||
func (s *Server) registerAgent(w http.ResponseWriter, r *http.Request) {
|
||||
@ -30,23 +36,79 @@ func (s *Server) registerAgent(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
ctx := r.Context()
|
||||
|
||||
keySet, err := jwk.Parse(registerAgentReq.KeySet)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not parse key set", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
ctx = logger.With(ctx, logger.F("agentThumbprint", registerAgentReq.Thumbprint))
|
||||
|
||||
validSignature, err := jwk.Verify(keySet, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not validate signature", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
if !validSignature {
|
||||
logger.Error(ctx, "invalid signature", logger.F("signature", registerAgentReq.Signature))
|
||||
api.ErrorResponse(w, http.StatusBadRequest, ErrInvalidSignature, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
metadata := metadata.FromSorted(registerAgentReq.Metadata)
|
||||
|
||||
agent, err := s.agentRepo.Create(
|
||||
ctx,
|
||||
registerAgentReq.RemoteID,
|
||||
datastore.AgentStatusPending,
|
||||
registerAgentReq.Thumbprint,
|
||||
keySet,
|
||||
metadata,
|
||||
)
|
||||
if err != nil {
|
||||
if errors.Is(err, datastore.ErrAlreadyExist) {
|
||||
logger.Error(ctx, "agent already registered", logger.F("remoteID", registerAgentReq.RemoteID))
|
||||
api.ErrorResponse(w, http.StatusConflict, ErrCodeAlreadyRegistered, nil)
|
||||
if !errors.Is(err, datastore.ErrAlreadyExist) {
|
||||
logger.Error(ctx, "could not create agent", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
logger.Error(ctx, "could not create agent", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
|
||||
agents, _, err := s.agentRepo.Query(
|
||||
ctx,
|
||||
datastore.WithAgentQueryThumbprints(registerAgentReq.Thumbprint),
|
||||
datastore.WithAgentQueryLimit(1),
|
||||
)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not retrieve agents", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
return
|
||||
}
|
||||
|
||||
if len(agents) == 0 {
|
||||
logger.Error(ctx, "could not retrieve matching agent", logger.E(errors.WithStack(err)))
|
||||
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeNotFound, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
agent, err = s.agentRepo.Update(
|
||||
ctx, agents[0].ID,
|
||||
datastore.WithAgentUpdateKeySet(keySet),
|
||||
datastore.WithAgentUpdateMetadata(metadata),
|
||||
datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint),
|
||||
)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not update agent", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
api.DataResponse(w, http.StatusCreated, struct {
|
||||
@ -132,13 +194,13 @@ func (s *Server) queryAgents(w http.ResponseWriter, r *http.Request) {
|
||||
options = append(options, datastore.WithAgentQueryID(agentIDs...))
|
||||
}
|
||||
|
||||
remoteIDs, ok := getStringSliceValues(w, r, "remoteIds", nil)
|
||||
thumbprints, ok := getStringSliceValues(w, r, "thumbprints", nil)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
if remoteIDs != nil {
|
||||
options = append(options, datastore.WithAgentQueryRemoteID(remoteIDs...))
|
||||
if thumbprints != nil {
|
||||
options = append(options, datastore.WithAgentQueryThumbprints(thumbprints...))
|
||||
}
|
||||
|
||||
statuses, ok := getIntSliceValues(w, r, "statuses", nil)
|
||||
|
||||
@ -33,7 +33,7 @@ func (s *Server) updateSpec(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
if ok, err := spec.Validate(ctx, updateSpecReq); !ok || err != nil {
|
||||
if err := spec.Validate(ctx, updateSpecReq); err != nil {
|
||||
data := struct {
|
||||
Message string `json:"message"`
|
||||
}{}
|
||||
|
||||
Reference in New Issue
Block a user