Initial support for user-id mappings

2020-12-02 11:20:27 -04:00 · 2020-12-02 11:20:27 -04:00 · eccdca4f29
commit eccdca4f29
parent dad3d60246
7 changed files with 99 additions and 10 deletions
--- a/server/.env.example
+++ b/server/.env.example
@ -16,7 +16,7 @@ TOKEN_CREATOR_GROUP=PP-PTI-TokenCreator
 STUDENT_GROUP=Estudantes
 # Servidores (Servant)
 SERVANT_GROUP=G_SERVIDORES
-# Presença Online (watcher)
+# Presença no Campus (watcher)
 WATCHER_GROUP=PP-PTI-Watchers

 # Altere a Variável de ambiente abaixo
@ -36,3 +36,8 @@ UNIFI_PASSWORD=senha_do_unifi_admin
 CISCO_HOST=10.1.0.2
 CISCO_USER=serti.xx
 CISCO_PASSWORD=senhadacontroladoracisco
+
+# Palo Alto
+PA_USER=pti
+PA_PASSWORD=senhadopaloaltocompermissaoparaapi
+PA_NET=10.7.
--- a/server/src/cronTasks.js
+++ b/server/src/cronTasks.js
@ -10,7 +10,7 @@ function logMsg(msg) {

 logMsg('Scheduling tasks')

-cron.schedule('*/5 * * * *', async () => {
+cron.schedule('*/1 * * * *', async () => {
  logMsg('updateDBWithOnlineDevices started.')

  logMsg(
--- a/server/src/resolvers/Mutation.js
+++ b/server/src/resolvers/Mutation.js
@ -2,6 +2,8 @@ import { replacePassword } from '../utils/activedirectory/passwordUtils'
 import { User } from '../classes/User'
 import { ResetToken } from '../classes/ResetToken'

+import { updateUserIdMappings } from '../utils/paloalto'
+
 const Mutation = {
  async login(_, { data }) {
    return User.login(data.username, data.password)
@ -27,6 +29,10 @@ const Mutation = {
    User.importAllUsers()

    return 'A importação está sendo feita. Isso pode demorar alguns minutos.'
+  },
+
+  async updateUserIdMappings() {
+    return updateUserIdMappings()
  }
 }

--- a/server/src/typeDefs.js
+++ b/server/src/typeDefs.js
@ -43,6 +43,7 @@ const typeDefs = gql`
      @auth(roles: ["superAdmin", "tokenCreator"])
    useResetToken(data: UseResetTokenInput!): Boolean!
    importUsers: String! @auth(roles: ["superAdmin"])
+    updateUserIdMappings: String! @auth(roles: ["superAdmin"])
  }

  directive @auth(roles: [String!]) on FIELD_DEFINITION
--- a/server/src/utils/ciscoController.js
+++ b/server/src/utils/ciscoController.js
@ -1,4 +1,4 @@
-import axios from 'axios'
+import { create } from 'axios'
 import https from 'https'
 import { ouiFinder } from './ouiFinder'

@ -7,7 +7,7 @@ const httpsAgent = new https.Agent({
  ciphers: 'AES256-SHA' // That's necessary to connect to a TLS 1.0 server. Run node with --tls-min-v1.0
 })

-const configuredClient = axios.create({
+const axios = create({
  httpsAgent: httpsAgent,
  auth: {
    username: process.env.CISCO_USER,
@ -27,7 +27,7 @@ async function getDevices() {
    do {
      let url = `https://${process.env.CISCO_HOST}/data/client-table.html?columns=524287&take=${take}&skip=${skip}&page=${page}&pageSize=50&sort[0][field]=ST&sort[0][dir]=desc`

-      response = await configuredClient.get(url)
+      response = await axios.get(url)

      devices = devices.concat(response.data.data)

--- a/server/src/utils/paloalto.js
+++ b/server/src/utils/paloalto.js
@ -0,0 +1,73 @@
+import axios from 'axios'
+import prisma from '../prisma'
+import https from 'https'
+
+const agent = new https.Agent({
+  rejectUnauthorized: false
+})
+
+let working = false
+
+const DEBOUNCE_TIME_MS = 10000
+
+async function updateUserIdMappings() {
+  if (working) return 0
+
+  working = true
+
+  try {
+    const wifiDevices = await prisma.wifiDevice.findMany({
+      where: {
+        userId: { not: null },
+        status: 'ONLINE',
+        ip: { startsWith: process.env.PA_NET }
+      },
+      include: {
+        user: { select: { sAMAccountName: true } }
+      }
+    })
+
+    await Promise.all(
+      wifiDevices.map(async device => {
+        return axios.get(
+          'https://10.7.0.2/api/',
+
+          {
+            params: {
+              type: 'user-id',
+              cmd: `
+                <uid-message> 
+                <version>1.0</version> 
+                <type>update</type> 
+                <payload> 
+                    <login> 
+                        <entry name="ifms\\${device.user.sAMAccountName}" ip="${device.ip}" timeout="5"> 
+                        </entry> 
+                    </login> 
+                </payload>
+                </uid-message>
+        `
+            },
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            httpsAgent: agent,
+            auth: {
+              username: process.env.PA_USER,
+              password: process.env.PA_PASSWORD
+            }
+          }
+        )
+      })
+    )
+
+    return wifiDevices.length
+  } catch (e) {
+    console.log('Error updating user-id mappings:', e.message)
+    return "Não foi possível atualizar. Veja o log do servidor"
+  } finally {
+    setTimeout(() => {
+      working = false
+    }, DEBOUNCE_TIME_MS)
+  }
+}
+
+export { updateUserIdMappings }
--- a/server/src/utils/wifiUtils.js
+++ b/server/src/utils/wifiUtils.js
@ -1,16 +1,18 @@
 import { getOnlineWifiDevices as getOnlineUnifiDevices } from './unifiController'
 import { getOnlineWifiDevices as getOnlineCiscoDevices } from './ciscoController'

+import { updateUserIdMappings } from './paloalto'
+
 import prisma from '../prisma'

 const DEBOUNCE_TIME_MS = 10000

-let updating = false
+let working = false

 async function updateDBWithOnlineDevices() {
-  if (updating) return -1 // Debounce updates
+  if (working) return -1 // Debounce updates

-  updating = true
+  working = true

  const onlineUnifiDevicesPromise = getOnlineUnifiDevices()
  const onlineCiscoDevicesPromise = getOnlineCiscoDevices()
@ -61,8 +63,10 @@ async function updateDBWithOnlineDevices() {
      }
    }

+    updateUserIdMappings()
+
    setTimeout(() => {
-      updating = false
+      working = false
    }, DEBOUNCE_TIME_MS)

    // TODO: pubsub