Merge pull request #36 from jmpsec/productionalize-api

Productionalize osctrl-api
jmpsec · Feb 14, 2020 · b9270e8 · b9270e8
2 parents ca80abb + 4272979
commit b9270e8
Show file tree

Hide file tree

Showing 13 changed files with 132 additions and 22 deletions.
diff --git a/cmd/admin/handlers-get.go b/cmd/admin/handlers-get.go
@@ -895,7 +895,7 @@ func envsGETHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// Prepare template
-	tempateFiles := NewTemplateFiles(templatesFilesFolder, "node.html").filepaths
+	tempateFiles := NewTemplateFiles(templatesFilesFolder, "environments.html").filepaths
 	t, err := template.ParseFiles(tempateFiles...)
 	if err != nil {
 		incMetric(metricAdminErr)
@@ -955,7 +955,7 @@ func settingsGETHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// Verify service
-	if serviceVar != settings.ServiceTLS && serviceVar != settings.ServiceAdmin {
+	if !checkTargetService(serviceVar) {
 		incMetric(metricAdminErr)
 		log.Printf("error unknown service (%s)", serviceVar)
 		return

diff --git a/cmd/admin/handlers-post.go b/cmd/admin/handlers-post.go
@@ -1070,7 +1070,7 @@ func settingsPOSTHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// Verify service
-	if serviceVar != settings.ServiceTLS && serviceVar != settings.ServiceAdmin {
+	if !checkTargetService(serviceVar) {
 		if settingsmgr.DebugService(settings.ServiceAdmin) {
 			log.Printf("DebugService: error unknown service (%s)", serviceVar)
 		}

diff --git a/cmd/admin/templates/components/page-aside-right.html b/cmd/admin/templates/components/page-aside-right.html
@@ -17,7 +17,7 @@ <h6>TLS Server Settings</h6>
               </label>
             </div>
             <div>
-              <small class="text-muted">Enables verbose logging for the TLS service</small>
+              <small class="text-muted">Verbose service logging for TLS</small>
             </div>
             <div class="clearfix mt-4">
               <small>
@@ -27,17 +27,17 @@ <h6>TLS Server Settings</h6>
               </small>
             </div>
             <div>
-              <small class="text-muted">Manages the environments for the TLS service</small>
+              <small class="text-muted">TLS endpoint environments</small>
             </div>
             <div class="clearfix mt-4">
               <small>
                 <button class="btn btn-block btn-sm btn-info" type="button" onclick="window.location = '/settings/tls';">
-                  <b>Change Settings</b>
+                  <b>TLS Settings</b>
                 </button>
               </small>
             </div>
             <div>
-              <small class="text-muted">Change the settings for the TLS service</small>
+              <small class="text-muted">Settings for the TLS service</small>
             </div>
           </div>
           <hr>
@@ -53,7 +53,7 @@ <h6>Admin Server Settings</h6>
               </label>
             </div>
             <div>
-              <small class="text-muted">Enables verbose logging for the Admin service</small>
+              <small class="text-muted">Verbose service logging for Admin</small>
             </div>
             <div class="clearfix mt-3">
               <small>
@@ -65,17 +65,17 @@ <h6>Admin Server Settings</h6>
               </label>
             </div>
             <div>
-              <small class="text-muted">Enables verbose HTTP logging for the Admin service</small>
+              <small class="text-muted">Verbose HTTP logging for Admin</small>
             </div>
             <div class="clearfix mt-4">
               <small>
                 <button class="btn btn-block btn-sm btn-info" type="button" onclick="window.location = '/settings/admin';">
-                  <b>Change Settings</b>
+                  <b>Admin Settings</b>
                 </button>
               </small>
             </div>
             <div>
-              <small class="text-muted">Change the settings for the Admin service</small>
+              <small class="text-muted">Settings for the Admin service</small>
             </div>
             <div class="clearfix mt-4">
               <small>
@@ -85,10 +85,47 @@ <h6>Admin Server Settings</h6>
               </small>
             </div>
             <div>
-              <small class="text-muted">Manage users for the Admin service</small>
+              <small class="text-muted">Admin service users</small>
             </div>
           </div>
           <hr>
+          <h6>API Server Settings</h6>
+          <div class="aside-options">
+            <div class="clearfix mt-3">
+              <small>
+                <b>API service debug</b>
+              </small>
+              <label class="switch switch-label switch-pill switch-success switch-sm float-right">
+                <input id="debug_service_api" class="switch-input" type="checkbox" onclick="changeDebug('debug_service', 'api');" {{ if .APIDebug }} checked {{ end }}>
+                <span class="switch-slider" data-checked="On" data-unchecked="Off"></span>
+              </label>
+            </div>
+            <div>
+              <small class="text-muted">Verbose service logging for API</small>
+            </div>
+            <div class="clearfix mt-3">
+              <small>
+                <b>API HTTP debug</b>
+              </small>
+              <label class="switch switch-label switch-pill switch-success switch-sm float-right">
+                <input id="debug_http_api" class="switch-input" type="checkbox" onclick="changeDebug('debug_http', 'api');" {{ if .APIDebugHTTP }} checked {{ end }}>
+                <span class="switch-slider" data-checked="On" data-unchecked="Off"></span>
+              </label>
+            </div>
+            <div>
+              <small class="text-muted">Verbose HTTP logging for API</small>
+            </div>
+            <div class="clearfix mt-4">
+              <small>
+                <button class="btn btn-block btn-sm btn-info" type="button" onclick="window.location = '/settings/api';">
+                  <b>API Settings</b>
+                </button>
+              </small>
+            </div>
+            <div>
+              <small class="text-muted">Settings for the API service</small>
+            </div>
+          </div>
           <div class="server-version">
             <small class="text-muted">{{ .Service }} {{ .Version }}</small>
           </div>

diff --git a/cmd/admin/types-templates.go b/cmd/admin/types-templates.go
@@ -24,7 +24,9 @@ type TemplateMetadata struct {
 	Version        string
 	TLSDebug       bool
 	AdminDebug     bool
+	APIDebug       bool
 	AdminDebugHTTP bool
+	APIDebugHTTP   bool
 	CSRFToken      string
 }
 

diff --git a/cmd/admin/utils.go b/cmd/admin/utils.go
@@ -315,6 +315,20 @@ func adminVersion() {
 	os.Exit(0)
 }
 
+// Helper to verify the service is valid
+func checkTargetService(service string) bool {
+	if (service == settings.ServiceTLS) {
+		return true
+	}
+	if (service == settings.ServiceAdmin) {
+		return true
+	}
+	if (service == settings.ServiceAPI) {
+		return true
+	}
+	return false
+}
+
 // Function to load the JSON data for osquery tables
 func loadOsqueryTables(file string) ([]OsqueryTable, error) {
 	var tables []OsqueryTable
@@ -377,7 +391,9 @@ func templateMetadata(ctx contextValue, service, version string) TemplateMetadat
 		Version:        version,
 		TLSDebug:       settingsmgr.DebugService(settings.ServiceTLS),
 		AdminDebug:     settingsmgr.DebugService(settings.ServiceAdmin),
+		APIDebug:       settingsmgr.DebugService(settings.ServiceAPI),
 		AdminDebugHTTP: settingsmgr.DebugHTTP(settings.ServiceAdmin),
+		APIDebugHTTP:   settingsmgr.DebugHTTP(settings.ServiceAPI),
 	}
 }
 

diff --git a/cmd/api/auth.go b/cmd/api/auth.go
@@ -55,7 +55,6 @@ func handlerAuthCheck(h http.Handler) http.Handler {
 			h.ServeHTTP(w, r.WithContext(ctx))
 		case settings.AuthJWT:
 			// Set middleware values
-			//utils.DebugHTTPDump(r, true, true)
 			token := extractHeaderToken(r)
 			if token == "" {
 				http.Redirect(w, r, forbiddenPath, http.StatusForbidden)

diff --git a/cmd/api/handlers-environments.go b/cmd/api/handlers-environments.go
@@ -43,6 +43,9 @@ func apiEnvironmentHandler(w http.ResponseWriter, r *http.Request) {
 	// Header to serve JSON
 	apiHTTPResponse(w, JSONApplicationUTF8, http.StatusOK, env)
 	incMetric(metricAPIOK)
+	if settingsmgr.DebugService(settings.ServiceAPI) {
+		log.Printf("DebugService: Returned environment %s", name)
+	}
 }
 
 // GET Handler to return all environments as JSON
@@ -66,4 +69,7 @@ func apiEnvironmentsHandler(w http.ResponseWriter, r *http.Request) {
 	// Header to serve JSON
 	apiHTTPResponse(w, JSONApplicationUTF8, http.StatusOK, envAll)
 	incMetric(metricAPIOK)
+	if settingsmgr.DebugService(settings.ServiceAPI) {
+		log.Println("DebugService: Returned environments")
+	}
 }
diff --git a/cmd/api/handlers-nodes.go b/cmd/api/handlers-nodes.go
@@ -43,6 +43,9 @@ func apiNodeHandler(w http.ResponseWriter, r *http.Request) {
 	// Serialize and serve JSON
 	apiHTTPResponse(w, JSONApplicationUTF8, http.StatusOK, node)
 	incMetric(metricAPIOK)
+	if settingsmgr.DebugService(settings.ServiceAPI) {
+		log.Printf("DebugService: Returned node %s", uuid)
+	}
 }
 
 // GET Handler for multiple JSON nodes
@@ -72,4 +75,7 @@ func apiNodesHandler(w http.ResponseWriter, r *http.Request) {
 	// Serialize and serve JSON
 	apiHTTPResponse(w, JSONApplicationUTF8, http.StatusOK, nodes)
 	incMetric(metricAPIOK)
+	if settingsmgr.DebugService(settings.ServiceAPI) {
+		log.Println("DebugService: Returned nodes")
+	}
 }
diff --git a/cmd/api/handlers-platforms.go b/cmd/api/handlers-platforms.go
@@ -29,4 +29,7 @@ func apiPlatformsHandler(w http.ResponseWriter, r *http.Request) {
 	// Serialize and serve JSON
 	apiHTTPResponse(w, JSONApplicationUTF8, http.StatusOK, platforms)
 	incMetric(metricAPIOK)
+	if settingsmgr.DebugService(settings.ServiceAPI) {
+		log.Println("DebugService: Returned platforms")
+	}
 }
diff --git a/cmd/api/handlers-queries.go b/cmd/api/handlers-queries.go
@@ -44,6 +44,9 @@ func apiQueryShowHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	// Serialize and serve JSON
 	apiHTTPResponse(w, JSONApplicationUTF8, http.StatusOK, query)
+	if settingsmgr.DebugService(settings.ServiceAPI) {
+		log.Printf("DebugService: Returned query %s", name)
+	}
 	incMetric(metricAPIOK)
 }
 

diff --git a/cmd/api/settings.go b/cmd/api/settings.go
@@ -7,18 +7,50 @@ import (
 	"github.com/jmpsec/osctrl/pkg/settings"
 )
 
+// Function to load the metrics settings
+func loadingMetrics() {
+	// Check if service settings for metrics is ready, initialize if so
+	if !settingsmgr.IsValue(settings.ServiceAPI, settings.ServiceMetrics) {
+		if err := settingsmgr.NewBooleanValue(settings.ServiceAPI, settings.ServiceMetrics, false); err != nil {
+			log.Printf("Failed to add %s to configuration: %v", settings.ServiceMetrics, err)
+		}
+	} else if settingsmgr.ServiceMetrics(settings.ServiceAPI) {
+		_mCfg, err := metrics.LoadConfiguration()
+		if err != nil {
+			if err := settingsmgr.SetBoolean(false, settings.ServiceAPI, settings.ServiceMetrics); err != nil {
+				log.Fatalf("Failed to disable metrics: %v", err)
+			}
+			log.Printf("Failed to initialize metrics: %v", err)
+		} else {
+			_metrics, err = metrics.CreateMetrics(_mCfg.Protocol, _mCfg.Host, _mCfg.Port, serviceName)
+			if err != nil {
+				log.Fatalf("Failed to initialize metrics: %v", err)
+				if err := settingsmgr.SetBoolean(false, settings.ServiceAPI, settings.ServiceMetrics); err != nil {
+					log.Fatalf("Failed to disable metrics: %v", err)
+				}
+			}
+		}
+	}
+}
+
 // Function to load all settings for the service
 func loadingSettings() {
 	// Check if service settings for debug service is ready
 	if !settingsmgr.IsValue(settings.ServiceAPI, settings.DebugService) {
 		if err := settingsmgr.NewBooleanValue(settings.ServiceAPI, settings.DebugService, false); err != nil {
-			log.Fatalf("Failed to add %s to configuration: %v", settings.DebugService, err)
+			log.Fatalf("Failed to add %s to settings: %v", settings.DebugService, err)
+		}
+	}
+	// Check if service settings for debug HTTP is ready
+	if !settingsmgr.IsValue(settings.ServiceAPI, settings.DebugHTTP) {
+		if err := settingsmgr.NewBooleanValue(settings.ServiceAPI, settings.DebugHTTP, false); err != nil {
+			log.Fatalf("Failed to add %s to settings: %v", settings.DebugHTTP, err)
 		}
 	}
 	// Check if service settings for metrics is ready, initialize if so
 	if !settingsmgr.IsValue(settings.ServiceAPI, settings.ServiceMetrics) {
 		if err := settingsmgr.NewBooleanValue(settings.ServiceAPI, settings.ServiceMetrics, false); err != nil {
-			log.Printf("Failed to add %s to configuration: %v", settings.ServiceMetrics, err)
+			log.Printf("Failed to add %s to settings: %v", settings.ServiceMetrics, err)
 		}
 	} else if settingsmgr.ServiceMetrics(settings.ServiceAPI) {
 		_mCfg, err := metrics.LoadConfiguration()
@@ -40,15 +72,17 @@ func loadingSettings() {
 	// Check if service settings for environments refresh is ready
 	if !settingsmgr.IsValue(settings.ServiceAPI, settings.RefreshEnvs) {
 		if err := settingsmgr.NewIntegerValue(settings.ServiceAPI, settings.RefreshEnvs, int64(defaultRefresh)); err != nil {
-			log.Fatalf("Failed to add %s to configuration: %v", settings.RefreshEnvs, err)
+			log.Fatalf("Failed to add %s to settings: %v", settings.RefreshEnvs, err)
 		}
 	}
 	// Check if service settings for settings refresh is ready
 	if !settingsmgr.IsValue(settings.ServiceAPI, settings.RefreshSettings) {
 		if err := settingsmgr.NewIntegerValue(settings.ServiceAPI, settings.RefreshSettings, int64(defaultRefresh)); err != nil {
-			log.Fatalf("Failed to add %s to configuration: %v", settings.RefreshSettings, err)
+			log.Fatalf("Failed to add %s to settings: %v", settings.RefreshSettings, err)
 		}
 	}
+	// Metrics
+	loadingMetrics()
 	// Write JSON config to settings
 	if err := settingsmgr.SetAllJSON(settings.ServiceAPI, apiConfig.Listener, apiConfig.Port, apiConfig.Host, apiConfig.Auth, apiConfig.Logging); err != nil {
 		log.Fatalf("Failed to add JSON values to configuration: %v", err)

diff --git a/cmd/tls/db.go b/cmd/tls/db.go
@@ -44,7 +44,9 @@ func getDB(file string) *gorm.DB {
 		t, config.Host, config.Port, config.Name, config.Username, config.Password)
 	db, err := gorm.Open("postgres", postgresDSN)
 	if err != nil {
-		log.Fatalf("Failed to open database connection: %v", err)
+		//log.Fatalf("Failed to open database connection: %v", err)
+		log.Printf("Failed to open database connection: %v", err)
+		return nil
 	}
 	// Performance settings for DB access
 	db.DB().SetMaxIdleConns(config.MaxIdleConns)

diff --git a/plugins/logging_dispatcher/logging.go b/plugins/logging_dispatcher/logging.go
@@ -156,10 +156,12 @@ func LogsDispatcher(logging, logType string, params ...interface{}) {
 			status := params[5].(int)
 			debug := params[6].(bool)
 			dbQuery(db, data, environment, uuid, name, status, debug)
-		} /*else {
-			debug := params[4].(bool)
-			dbLog(logType, db, data, environment, uuid, debug)
-		}*/
+		} else {
+			if logging == settings.LoggingDB {
+				debug := params[4].(bool)
+				dbLog(logType, db, data, environment, uuid, debug)
+			}
+		}
 	} else {
 		log.Printf("Logging with %s isn't ready - Dropping %d bytes", dbName, len(data))
 	}