Initial PanOS db support
This commit is contained in:
parent
a8a4bf7f6a
commit
681b83188b
|
@ -41,4 +41,10 @@ CISCO_PASSWORD=senhadacontroladoracisco
|
|||
PA_HOST=10.1.0.2
|
||||
PA_USER=pti
|
||||
PA_PASSWORD=senhadopaloaltocompermissaoparaapi
|
||||
PA_NET=10.7.
|
||||
PA_NET=10.7.
|
||||
|
||||
# Criptografia
|
||||
CRYPT_SECRET=umasenhaquenaopodeseralteradadepois
|
||||
|
||||
# Opicionais
|
||||
TASK_SLEEP=30000
|
81
server/package-lock.json
generated
81
server/package-lock.json
generated
|
@ -1,12 +1,12 @@
|
|||
{
|
||||
"name": "ifms-pti-svr",
|
||||
"version": "2.5.0",
|
||||
"version": "2.6.0",
|
||||
"lockfileVersion": 2,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "ifms-pti-svr",
|
||||
"version": "2.5.0",
|
||||
"version": "2.6.0",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"@babel/polyfill": "^7.12.1",
|
||||
|
@ -16,6 +16,7 @@
|
|||
"apollo-server-plugin-response-cache": "^0.5.6",
|
||||
"axios": "^0.21.0",
|
||||
"bcrypt": "^5.0.0",
|
||||
"crypto-js": "^4.0.0",
|
||||
"date-fns": "^2.16.1",
|
||||
"dotenv": "^8.2.0",
|
||||
"graphql": "^14.6.0",
|
||||
|
@ -3883,6 +3884,11 @@
|
|||
"underscore": ">1.4.4"
|
||||
}
|
||||
},
|
||||
"node_modules/crypto-js": {
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.0.0.tgz",
|
||||
"integrity": "sha512-bzHZN8Pn+gS7DQA6n+iUmBfl0hO5DJq++QP3U6uTucDtk/0iGpXd/Gg7CGR0p8tJhofJyaKoWBuJI4eAO00BBg=="
|
||||
},
|
||||
"node_modules/crypto-random-string": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-2.0.0.tgz",
|
||||
|
@ -4456,7 +4462,71 @@
|
|||
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.9.tgz",
|
||||
"integrity": "sha512-oeyj2H3EjjonWcFjD5NvZNE9Rqe4UW+nQBU2HNeKw0koVLEFIhtyETyAakeAM3de7Z/SW5kcA+fZUait9EApnw==",
|
||||
"bundleDependencies": [
|
||||
"node-pre-gyp"
|
||||
"node-pre-gyp",
|
||||
"abbrev",
|
||||
"ansi-regex",
|
||||
"aproba",
|
||||
"are-we-there-yet",
|
||||
"balanced-match",
|
||||
"brace-expansion",
|
||||
"chownr",
|
||||
"code-point-at",
|
||||
"concat-map",
|
||||
"console-control-strings",
|
||||
"core-util-is",
|
||||
"debug",
|
||||
"deep-extend",
|
||||
"delegates",
|
||||
"detect-libc",
|
||||
"fs-minipass",
|
||||
"fs.realpath",
|
||||
"gauge",
|
||||
"glob",
|
||||
"has-unicode",
|
||||
"iconv-lite",
|
||||
"ignore-walk",
|
||||
"inflight",
|
||||
"inherits",
|
||||
"ini",
|
||||
"is-fullwidth-code-point",
|
||||
"isarray",
|
||||
"minimatch",
|
||||
"minimist",
|
||||
"minipass",
|
||||
"minizlib",
|
||||
"mkdirp",
|
||||
"ms",
|
||||
"needle",
|
||||
"nopt",
|
||||
"npm-bundled",
|
||||
"npm-packlist",
|
||||
"npmlog",
|
||||
"number-is-nan",
|
||||
"object-assign",
|
||||
"once",
|
||||
"os-homedir",
|
||||
"os-tmpdir",
|
||||
"osenv",
|
||||
"path-is-absolute",
|
||||
"process-nextick-args",
|
||||
"rc",
|
||||
"readable-stream",
|
||||
"rimraf",
|
||||
"safe-buffer",
|
||||
"safer-buffer",
|
||||
"sax",
|
||||
"semver",
|
||||
"set-blocking",
|
||||
"signal-exit",
|
||||
"string_decoder",
|
||||
"string-width",
|
||||
"strip-ansi",
|
||||
"strip-json-comments",
|
||||
"tar",
|
||||
"util-deprecate",
|
||||
"wide-align",
|
||||
"wrappy",
|
||||
"yallist"
|
||||
],
|
||||
"dev": true,
|
||||
"hasInstallScript": true,
|
||||
|
@ -12114,6 +12184,11 @@
|
|||
"underscore": ">1.4.4"
|
||||
}
|
||||
},
|
||||
"crypto-js": {
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.0.0.tgz",
|
||||
"integrity": "sha512-bzHZN8Pn+gS7DQA6n+iUmBfl0hO5DJq++QP3U6uTucDtk/0iGpXd/Gg7CGR0p8tJhofJyaKoWBuJI4eAO00BBg=="
|
||||
},
|
||||
"crypto-random-string": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-2.0.0.tgz",
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
"apollo-server-plugin-response-cache": "^0.5.6",
|
||||
"axios": "^0.21.0",
|
||||
"bcrypt": "^5.0.0",
|
||||
"crypto-js": "^4.0.0",
|
||||
"date-fns": "^2.16.1",
|
||||
"dotenv": "^8.2.0",
|
||||
"graphql": "^14.6.0",
|
||||
|
|
|
@ -5,6 +5,7 @@ CREATE TABLE "PanOS" (
|
|||
"ip" TEXT NOT NULL,
|
||||
"encryptedKey" TEXT NOT NULL,
|
||||
"note" TEXT,
|
||||
"user" TEXT NOT NULL,
|
||||
"createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
"updatedAt" TIMESTAMP(3) NOT NULL,
|
||||
|
||||
|
|
|
@ -125,6 +125,7 @@ model Statistic {
|
|||
|
||||
model PanOS {
|
||||
id Int @id @default(autoincrement())
|
||||
user String
|
||||
description String
|
||||
ip String @unique
|
||||
encryptedKey String
|
||||
|
|
|
@ -6,6 +6,7 @@ import https from 'https'
|
|||
import { subMinutes } from 'date-fns'
|
||||
import qs from 'qs'
|
||||
import { logError, logSuccess } from './logger'
|
||||
import { AES, enc } from 'crypto-js'
|
||||
|
||||
const TIMEOUT_IN_MINUTES = '3'
|
||||
|
||||
|
@ -91,4 +92,53 @@ async function updateUserIdMappings() {
|
|||
}
|
||||
}
|
||||
|
||||
export { updateUserIdMappings }
|
||||
async function getUserKey({ ip, user, password }) {
|
||||
const result = await axios({
|
||||
url: `https://${ip}/api/`,
|
||||
method: 'POST',
|
||||
params: { type: 'keygen', user, password },
|
||||
httpsAgent
|
||||
})
|
||||
|
||||
return result.data.split('<key>')[1].split('</key>')[0]
|
||||
}
|
||||
|
||||
async function addHost({ ip, user, password, description, note }) {
|
||||
try {
|
||||
const key = await getUserKey({ ip, user, password })
|
||||
|
||||
const encryptedKey = AES.encrypt(key, process.env.CRYPT_SECRET).toString()
|
||||
|
||||
// const decryptedKey = AES.decrypt(
|
||||
// encryptedKey,
|
||||
// process.env.CRYPT_SECRET
|
||||
// ).toString(enc.Utf8)
|
||||
|
||||
const host = await prisma.panOS.create({
|
||||
data: {
|
||||
ip,
|
||||
encryptedKey,
|
||||
user,
|
||||
description,
|
||||
note
|
||||
}
|
||||
})
|
||||
|
||||
return {
|
||||
...host,
|
||||
key: `${key.slice(
|
||||
0,
|
||||
8
|
||||
)}************************************************************************************************`
|
||||
}
|
||||
} catch (e) {
|
||||
logError({
|
||||
message: `Não foi possível adicionar o host ${ip}.`,
|
||||
data: e.message,
|
||||
tags: ['paloalto']
|
||||
})
|
||||
throw new Error(e.message)
|
||||
}
|
||||
}
|
||||
|
||||
export { updateUserIdMappings, addHost }
|
||||
|
|
|
@ -3,7 +3,7 @@ import { User } from '../../classes/User'
|
|||
import { ResetToken } from '../../classes/ResetToken'
|
||||
|
||||
import { updateDevicesInfo } from '../../lib/wifiDevices'
|
||||
import { updateUserIdMappings } from '../../lib/paloalto'
|
||||
import { updateUserIdMappings, addHost } from '../../lib/paloalto'
|
||||
import { logInfo } from '../../lib/logger'
|
||||
|
||||
const Mutation = {
|
||||
|
@ -44,6 +44,10 @@ const Mutation = {
|
|||
|
||||
async updateUserIdMappings() {
|
||||
return updateUserIdMappings()
|
||||
},
|
||||
|
||||
async addPAHost(_, { data: { ip, user, password, description, note } }) {
|
||||
return addHost({ ip, user, password, description, note })
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -84,6 +84,9 @@ const typeDefs = gql`
|
|||
|
||||
"Force update user-id mapping on firewall"
|
||||
updateUserIdMappings: String! @auth(roles: ["superAdmin"])
|
||||
|
||||
"Add a PA host"
|
||||
addPAHost(data: AddPAHostInput!): PAHost! @auth(roles: ["superAdmin"])
|
||||
}
|
||||
|
||||
type Subscription {
|
||||
|
@ -254,6 +257,16 @@ const typeDefs = gql`
|
|||
ERROR
|
||||
}
|
||||
|
||||
type PAHost {
|
||||
id: ID!
|
||||
description: String
|
||||
ip: String
|
||||
key: String
|
||||
note: String
|
||||
createdAt: String
|
||||
updatedAt: String
|
||||
}
|
||||
|
||||
input LoginInput {
|
||||
username: String!
|
||||
password: String!
|
||||
|
@ -288,6 +301,14 @@ const typeDefs = gql`
|
|||
token: String!
|
||||
newPassword: String!
|
||||
}
|
||||
|
||||
input AddPAHostInput {
|
||||
ip: String!
|
||||
user: String!
|
||||
password: String!
|
||||
description: String!
|
||||
note: String
|
||||
}
|
||||
`
|
||||
|
||||
export { typeDefs }
|
||||
|
|
Loading…
Reference in New Issue
Block a user