Switch basic auth with key auth and use DB for PA hosts

server/.env.example

@@ -37,12 +37,6 @@ CISCO_HOST=10.1.0.2
 CISCO_USER=serti.xx
 CISCO_PASSWORD=senhadacontroladoracisco
 
-# Palo Alto
-PA_HOST=10.1.0.2
-PA_USER=pti
-PA_PASSWORD=senhadopaloaltocompermissaoparaapi
-PA_NET=10.7.
-
 # Criptografia
 CRYPT_SECRET=umasenhaquenaopodeseralteradadepois
 

server/src/lib/paloalto.js

@@ -18,7 +18,7 @@ const httpsAgent = new https.Agent({
   rejectUnauthorized: false
 })
 
-async function getDevicesWithUserFromNet(network) {
+async function getDevicesWithUser(network) {
   const now = new Date()
   const timeoutThreshold = subMinutes(now, TIMEOUT_IN_MINUTES)
 
@@ -26,8 +26,7 @@ async function getDevicesWithUserFromNet(network) {
     where: {
       userId: { not: null },
       status: 'ONLINE',
-      lastSeen: { gt: timeoutThreshold },
+      lastSeen: { gt: timeoutThreshold }
-      ip: { startsWith: network }
     },
     select: {
       ip: true,
@@ -58,29 +57,35 @@ function createCommand(devices) {
 }
 
 async function updateUserIdMappings() {
-  try {
+  const allDevices = await getDevicesWithUser(process.env.PA_NET)
-    const devices = await getDevicesWithUserFromNet(process.env.PA_NET)
 
+  const pAHosts = await prisma.pAHost.findMany()
+
+  const jobs = pAHosts.map(async pAHost => {
+    const net = ip.cidrSubnet(pAHost.cidr)
+
+    const devices = allDevices.filter(device => net.contains(device.ip))
+
+    try {
       if (devices.length == 0) return 0
 
       const cmd = createCommand(devices)
 
       await axios({
-      url: `https://${process.env.PA_HOST}/api/`,
+        url: `https://${pAHost.cidr.split('/')[0]}/api/`,
         method: 'POST',
-      params: { type: 'user-id' },
+        params: { type: 'user-id', key: decryptKey(pAHost.encryptedKey) },
         data: qs.stringify({ cmd }),
         headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-      auth: {
+
-        username: process.env.PA_USER,
-        password: process.env.PA_PASSWORD
-      },
         httpsAgent
       })
 
       logSuccess({
         tags: ['user-id', 'paloalto'],
-      message: `Updated ${devices.length} user-id mappings`,
+        message: `Updated ${devices.length} user-id mappings on ${
+          pAHost.description || pAHost.cidr
+        }`,
         data: devices
       })
 
@@ -94,6 +99,9 @@ async function updateUserIdMappings() {
 
       return 'Não foi possível atualizar. Veja o log do servidor'
     }
+  })
+
+  return Promise.allSettled(jobs)
 }
 
 async function getUserKey({ ipAddr, user, password }) {

server/src/resolvers/Mutation/index.js

@@ -4,7 +4,7 @@ import { ResetToken } from '../../classes/ResetToken'
 
 import { updateDevicesInfo } from '../../lib/wifiDevices'
 import { updateUserIdMappings, addHost } from '../../lib/paloalto'
-import { logInfo } from '../../lib/logger'
+import { logInfo, logSuccess, logWarning } from '../../lib/logger'
 
 const Mutation = {
   async login(_, { data }) {
@@ -43,11 +43,29 @@ const Mutation = {
   },
 
   async updateUserIdMappings() {
-    return updateUserIdMappings()
+    updateUserIdMappings()
+    return 'A atualização está em andamento. Acompanhe os logs do servidor para mais informações.'
   },
 
-  async addPAHost(_, { data: { cidr, user, password, description, note } }) {
+  async addPAHost(
-    return addHost({ cidr, user, password, description, note })
+    _,
+    { data: { cidr, user, password, description, note } },
+    { auth }
+  ) {
+    logWarning({
+      message: `User ${auth.sAMAccountName}(${auth.displayName}) está tentando adicionar um novo host Palo Alto.`,
+      tags: ['paloalto']
+    })
+
+    const host = await addHost({ cidr, user, password, description, note })
+
+    if (host)
+      logSuccess({
+        message: `User ${auth.sAMAccountName}(${auth.displayName}) adicionou um novo host Palo Alto (${host.cidr}).`,
+        tags: ['paloalto']
+      })
+
+    return host
   }
 }