-
Notifications
You must be signed in to change notification settings - Fork 6
/
routes.go
155 lines (126 loc) · 15.8 KB
/
routes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
/*
Copyright 2021 Adevinta
*/
package transport
import (
"net/http"
kitlog "github.com/go-kit/kit/log"
"github.com/gorilla/mux"
"github.com/adevinta/vulcan-api/pkg/api/endpoint"
)
// AttachRoutes wire handlers with routes
func AttachRoutes(e endpoint.Endpoints, logger kitlog.Logger) http.Handler {
r := mux.NewRouter()
r.Methods("GET").Path("/api/v1").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/api/v1/login?redirect_to=/api/v1/home.html", http.StatusFound)
})
// Healthcheck
r.Methods("GET").Path("/api/v1/healthcheck").Handler(newServer(e[endpoint.Healthcheck], endpoint.HealthcheckJSONRequest{}, logger, endpoint.Healthcheck))
// Jobs
r.Methods("GET").Path("/api/v1/jobs/{job_id}").Handler(newServer(e[endpoint.FindJob], endpoint.JobRequest{}, logger, endpoint.FindJob))
// Users
r.Methods("GET").Path("/api/v1/users").Handler(newServer(e[endpoint.ListUsers], endpoint.EmptyRequest{}, logger, endpoint.ListUsers))
r.Methods("POST").Path("/api/v1/users").Handler(newServer(e[endpoint.CreateUser], endpoint.UserRequest{}, logger, endpoint.CreateUser))
r.Methods("GET").Path("/api/v1/users/{user_id}").Handler(newServer(e[endpoint.FindUser], endpoint.UserRequest{}, logger, endpoint.FindUser))
r.Methods("PATCH").Path("/api/v1/users/{user_id}").Handler(newServer(e[endpoint.UpdateUser], endpoint.UserRequest{}, logger, endpoint.UpdateUser))
r.Methods("DELETE").Path("/api/v1/users/{user_id}").Handler(newServer(e[endpoint.DeleteUser], endpoint.UserRequest{}, logger, endpoint.DeleteUser))
// Profile
r.Methods("GET").Path("/api/v1/profile").Handler(newServer(e[endpoint.FindProfile], endpoint.EmptyRequest{}, logger, endpoint.FindProfile))
// Token
r.Methods("POST").Path("/api/v1/users/{user_id}/token").Handler(newServer(e[endpoint.GenerateAPIToken], endpoint.UserRequest{}, logger, endpoint.GenerateAPIToken))
// Teams from a User
r.Methods("GET").Path("/api/v1/users/{user_id}/teams").Handler(newServer(e[endpoint.FindTeamsByUser], endpoint.UserRequest{}, logger, endpoint.FindTeamsByUser))
// Teams
r.Methods("GET").Path("/api/v1/teams").Handler(newServer(e[endpoint.ListTeams], endpoint.TeamRequest{}, logger, endpoint.ListTeams))
r.Methods("POST").Path("/api/v1/teams").Handler(newServer(e[endpoint.CreateTeam], endpoint.TeamRequest{}, logger, endpoint.CreateTeam))
r.Methods("GET").Path("/api/v1/teams/{team_id}").Handler(newServer(e[endpoint.FindTeam], endpoint.TeamRequest{}, logger, endpoint.FindTeam))
r.Methods("PATCH").Path("/api/v1/teams/{team_id}").Handler(newServer(e[endpoint.UpdateTeam], endpoint.TeamUpdateRequest{}, logger, endpoint.UpdateTeam))
r.Methods("DELETE").Path("/api/v1/teams/{team_id}").Handler(newServer(e[endpoint.DeleteTeam], endpoint.TeamRequest{}, logger, endpoint.DeleteTeam))
// Team members
r.Methods("POST").Path("/api/v1/teams/{team_id}/members").Handler(newServer(e[endpoint.CreateTeamMember], endpoint.TeamMemberRequest{}, logger, endpoint.CreateTeamMember))
r.Methods("GET").Path("/api/v1/teams/{team_id}/members").Handler(newServer(e[endpoint.ListTeamMembers], endpoint.TeamMemberRequest{}, logger, endpoint.ListTeamMembers))
r.Methods("GET").Path("/api/v1/teams/{team_id}/members/{user_id}").Handler(newServer(e[endpoint.FindTeamMember], endpoint.TeamMemberRequest{}, logger, endpoint.FindTeamMember))
r.Methods("PATCH").Path("/api/v1/teams/{team_id}/members/{user_id}").Handler(newServer(e[endpoint.UpdateTeamMember], endpoint.TeamMemberRequest{}, logger, endpoint.UpdateTeamMember))
r.Methods("DELETE").Path("/api/v1/teams/{team_id}/members/{user_id}").Handler(newServer(e[endpoint.DeleteTeamMember], endpoint.TeamMemberRequest{}, logger, endpoint.DeleteTeamMember))
// Team recipients
r.Methods("GET").Path("/api/v1/teams/{team_id}/recipients").Handler(newServer(e[endpoint.ListRecipients], endpoint.RecipientsData{}, logger, endpoint.ListRecipients))
r.Methods("PUT").Path("/api/v1/teams/{team_id}/recipients").Handler(newServer(e[endpoint.UpdateRecipients], endpoint.RecipientsData{}, logger, endpoint.UpdateRecipients))
// Assets
r.Methods("GET").Path("/api/v1/teams/{team_id}/assets").Handler(newServer(e[endpoint.ListAssets], endpoint.AssetRequest{}, logger, endpoint.ListAssets))
r.Methods("POST").Path("/api/v1/teams/{team_id}/assets").Handler(newServer(e[endpoint.CreateAsset], endpoint.AssetsListRequest{}, logger, endpoint.CreateAsset))
r.Methods("POST").Path("/api/v1/teams/{team_id}/assets/multistatus").Handler(newServer(e[endpoint.CreateAssetMultiStatus], endpoint.AssetsListRequest{}, logger, endpoint.CreateAssetMultiStatus))
r.Methods("PUT").Path("/api/v1/teams/{team_id}/assets/discovery").Handler(newServer(e[endpoint.MergeDiscoveredAssets], endpoint.DiscoveredAssetsRequest{}, logger, endpoint.MergeDiscoveredAssets))
r.Methods("GET").Path("/api/v1/teams/{team_id}/assets/{asset_id}").Handler(newServer(e[endpoint.FindAsset], endpoint.AssetRequest{}, logger, endpoint.FindAsset))
r.Methods("PATCH").Path("/api/v1/teams/{team_id}/assets/{asset_id}").Handler(newServer(e[endpoint.UpdateAsset], endpoint.AssetRequest{}, logger, endpoint.UpdateAsset))
r.Methods("DELETE").Path("/api/v1/teams/{team_id}/assets/{asset_id}").Handler(newServer(e[endpoint.DeleteAsset], endpoint.AssetRequest{}, logger, endpoint.DeleteAsset))
// Asset Annotations
r.Methods("GET").Path("/api/v1/teams/{team_id}/assets/{asset_id}/annotations").Handler(newServer(e[endpoint.ListAssetAnnotations], endpoint.AssetAnnotationRequest{}, logger, endpoint.ListAssetAnnotations))
r.Methods("POST").Path("/api/v1/teams/{team_id}/assets/{asset_id}/annotations").Handler(newServer(e[endpoint.CreateAssetAnnotations], endpoint.AssetAnnotationRequest{}, logger, endpoint.CreateAssetAnnotations))
r.Methods("PATCH").Path("/api/v1/teams/{team_id}/assets/{asset_id}/annotations").Handler(newServer(e[endpoint.UpdateAssetAnnotations], endpoint.AssetAnnotationRequest{}, logger, endpoint.UpdateAssetAnnotations))
r.Methods("PUT").Path("/api/v1/teams/{team_id}/assets/{asset_id}/annotations").Handler(newServer(e[endpoint.PutAssetAnnotations], endpoint.AssetAnnotationRequest{}, logger, endpoint.PutAssetAnnotations))
r.Methods("DELETE").Path("/api/v1/teams/{team_id}/assets/{asset_id}/annotations").Handler(newServer(e[endpoint.DeleteAssetAnnotations], endpoint.AssetAnnotationDeleteRequest{}, logger, endpoint.DeleteAssetAnnotations))
// Groups
r.Methods("POST").Path("/api/v1/teams/{team_id}/groups").Handler(newServer(e[endpoint.CreateGroup], endpoint.AssetsGroupRequest{}, logger, endpoint.CreateGroup))
r.Methods("GET").Path("/api/v1/teams/{team_id}/groups").Handler(newServer(e[endpoint.ListGroups], endpoint.ListGroupsRequest{}, logger, endpoint.ListGroups))
r.Methods("PATCH").Path("/api/v1/teams/{team_id}/groups/{group_id}").Handler(newServer(e[endpoint.UpdateGroup], endpoint.AssetsGroupRequest{}, logger, endpoint.UpdateGroup))
r.Methods("DELETE").Path("/api/v1/teams/{team_id}/groups/{group_id}").Handler(newServer(e[endpoint.DeleteGroup], endpoint.AssetsGroupRequest{}, logger, endpoint.DeleteGroup))
r.Methods("GET").Path("/api/v1/teams/{team_id}/groups/{group_id}").Handler(newServer(e[endpoint.FindGroup], endpoint.AssetsGroupRequest{}, logger, endpoint.FindGroup))
// Group-assets association
r.Methods("GET").Path("/api/v1/teams/{team_id}/groups/{group_id}/assets").Handler(newServer(e[endpoint.ListAssetGroup], endpoint.GroupAssetRequest{}, logger, endpoint.ListAssetGroup))
r.Methods("POST").Path("/api/v1/teams/{team_id}/groups/{group_id}/assets").Handler(newServer(e[endpoint.GroupAsset], endpoint.GroupAssetRequest{}, logger, endpoint.GroupAsset))
r.Methods("DELETE").Path("/api/v1/teams/{team_id}/groups/{group_id}/assets/{asset_id}").Handler(newServer(e[endpoint.UngroupAsset], endpoint.GroupAssetRequest{}, logger, endpoint.UngroupAsset))
// Programs
r.Methods("GET").Path("/api/v1/teams/{team_id}/programs").Handler(newServer(e[endpoint.ListPrograms], endpoint.ProgramRequest{}, logger, endpoint.ListPrograms))
r.Methods("POST").Path("/api/v1/teams/{team_id}/programs").Handler(newServer(e[endpoint.CreateProgram], endpoint.ProgramRequest{}, logger, endpoint.CreateProgram))
r.Methods("GET").Path("/api/v1/teams/{team_id}/programs/{program_id}").Handler(newServer(e[endpoint.FindProgram], endpoint.ProgramRequest{}, logger, endpoint.FindProgram))
r.Methods("PATCH").Path("/api/v1/teams/{team_id}/programs/{program_id}").Handler(newServer(e[endpoint.UpdateProgram], endpoint.ProgramRequest{}, logger, endpoint.UpdateProgram))
r.Methods("DELETE").Path("/api/v1/teams/{team_id}/programs/{program_id}").Handler(newServer(e[endpoint.DeleteProgram], endpoint.ProgramRequest{}, logger, endpoint.DeleteProgram))
r.Methods("GET").Path("/api/v1/teams/{team_id}/programs/{program_id}/scans").Handler(newServer(e[endpoint.ListProgramScans], endpoint.ListProgramScansRequest{}, logger, endpoint.ListProgramScans))
// Schedules
r.Methods("POST").Path("/api/v1/teams/{team_id}/programs/{program_id}/schedule").Handler(newServer(e[endpoint.CreateSchedule], endpoint.ScheduleRequest{}, logger, endpoint.CreateSchedule))
r.Methods("DELETE").Path("/api/v1/teams/{team_id}/programs/{program_id}/schedule").Handler(newServer(e[endpoint.DeleteSchedule], endpoint.ScheduleRequest{}, logger, endpoint.DeleteSchedule))
r.Methods("PUT").Path("/api/v1/programs/{program_id}/schedule").Handler(newServer(e[endpoint.ScheduleGlobalProgram], endpoint.ScheduleGlobalRequest{}, logger, endpoint.ScheduleGlobalProgram))
// Policies
r.Methods("GET").Path("/api/v1/teams/{team_id}/policies").Handler(newServer(e[endpoint.ListPolicies], endpoint.PolicyRequest{}, logger, endpoint.ListPolicies))
r.Methods("POST").Path("/api/v1/teams/{team_id}/policies").Handler(newServer(e[endpoint.CreatePolicy], endpoint.PolicyRequest{}, logger, endpoint.CreatePolicy))
r.Methods("GET").Path("/api/v1/teams/{team_id}/policies/{policy_id}").Handler(newServer(e[endpoint.FindPolicy], endpoint.PolicyRequest{}, logger, endpoint.FindPolicy))
r.Methods("PATCH").Path("/api/v1/teams/{team_id}/policies/{policy_id}").Handler(newServer(e[endpoint.UpdatePolicy], endpoint.PolicyRequest{}, logger, endpoint.UpdatePolicy))
r.Methods("DELETE").Path("/api/v1/teams/{team_id}/policies/{policy_id}").Handler(newServer(e[endpoint.DeletePolicy], endpoint.PolicyRequest{}, logger, endpoint.DeletePolicy))
// Policiy x CheckType Settings
r.Methods("GET").Path("/api/v1/teams/{team_id}/policies/{policy_id}/settings").Handler(newServer(e[endpoint.ListChecktypeSetting], endpoint.ChecktypeSettingRequest{}, logger, endpoint.ListChecktypeSetting))
r.Methods("POST").Path("/api/v1/teams/{team_id}/policies/{policy_id}/settings").Handler(newServer(e[endpoint.CreateChecktypeSetting], endpoint.ChecktypeSettingRequest{}, logger, endpoint.CreateChecktypeSetting))
r.Methods("GET").Path("/api/v1/teams/{team_id}/policies/{policy_id}/settings/{setting_id}").Handler(newServer(e[endpoint.FindChecktypeSetting], endpoint.ChecktypeSettingRequest{}, logger, endpoint.FindChecktypeSetting))
r.Methods("PATCH").Path("/api/v1/teams/{team_id}/policies/{policy_id}/settings/{setting_id}").Handler(newServer(e[endpoint.UpdateChecktypeSetting], endpoint.ChecktypeSettingRequest{}, logger, endpoint.UpdateChecktypeSetting))
r.Methods("DELETE").Path("/api/v1/teams/{team_id}/policies/{policy_id}/settings/{setting_id}").Handler(newServer(e[endpoint.DeleteChecktypeSetting], endpoint.ChecktypeSettingRequest{}, logger, endpoint.DeleteChecktypeSetting))
// scans
r.Methods("POST").Path("/api/v1/teams/{team_id}/scans").Handler(newServer(e[endpoint.CreateScan], endpoint.ScanRequest{}, logger, endpoint.CreateScan))
r.Methods("GET").Path("/api/v1/teams/{team_id}/scans/{scan_id}").Handler(newServer(e[endpoint.FindScan], endpoint.ScanRequest{}, logger, endpoint.FindScan))
r.Methods("PUT").Path("/api/v1/teams/{team_id}/scans/{scan_id}/abort").Handler(newServer(e[endpoint.AbortScan], endpoint.ScanRequest{}, logger, endpoint.AbortScan))
// Send Digest Report
r.Methods("POST").Path("/api/v1/teams/{team_id}/report/digest").Handler(newServer(e[endpoint.SendDigestReport], endpoint.SendDigestReportRequest{}, logger, endpoint.SendDigestReport))
// Stats
r.Methods("GET").Path("/api/v1/teams/{team_id}/stats/coverage").Handler(newServer(e[endpoint.StatsCoverage], endpoint.StatsCoverageRequest{}, logger, endpoint.StatsCoverage))
// Vulnerability DB
r.Methods("GET").Path("/api/v1/teams/{team_id}/findings").Handler(newServer(e[endpoint.ListFindings], endpoint.FindingsRequest{}, logger, endpoint.ListFindings))
r.Methods("GET").Path("/api/v1/teams/{team_id}/findings/issues").Handler(newServer(e[endpoint.ListFindingsIssues], endpoint.FindingsRequest{}, logger, endpoint.ListFindingsIssues))
r.Methods("GET").Path("/api/v1/teams/{team_id}/findings/issues/{issue_id}").Handler(newServer(e[endpoint.ListFindingsByIssue], endpoint.FindingsByIssueRequest{}, logger, endpoint.ListFindingsByIssue))
r.Methods("GET").Path("/api/v1/teams/{team_id}/findings/targets").Handler(newServer(e[endpoint.ListFindingsTargets], endpoint.FindingsRequest{}, logger, endpoint.ListFindingsTargets))
r.Methods("GET").Path("/api/v1/teams/{team_id}/findings/targets/{target_id}").Handler(newServer(e[endpoint.ListFindingsByTarget], endpoint.FindingsByTargetRequest{}, logger, endpoint.ListFindingsByTarget))
r.Methods("GET").Path("/api/v1/teams/{team_id}/findings/labels").Handler(newServer(e[endpoint.ListFindingsLabels], endpoint.FindingsRequest{}, logger, endpoint.ListFindingsLabels))
r.Methods("GET").Path("/api/v1/teams/{team_id}/findings/{finding_id}").Handler(newServer(e[endpoint.FindFinding], endpoint.FindingsRequest{}, logger, endpoint.FindFinding))
r.Methods("GET").Path("/api/v1/teams/{team_id}/findings/{finding_id}/overwrites").Handler(newServer(e[endpoint.ListFindingOverwrites], endpoint.FindingsRequest{}, logger, endpoint.ListFindingOverwrites))
r.Methods("POST").Path("/api/v1/teams/{team_id}/findings/{finding_id}/overwrites").Handler(newServer(e[endpoint.CreateFindingOverwrite], endpoint.FindingOverwriteRequest{}, logger, endpoint.CreateFindingOverwrite))
r.Methods("POST").Path("/api/v1/teams/{team_id}/findings/{finding_id}/ticket").Handler(newServer(e[endpoint.CreateFindingTicket], endpoint.FindingCreateTicketRequest{}, logger, endpoint.CreateFindingTicket))
r.Methods("GET").Path("/api/v1/teams/{team_id}/stats/mttr").Handler(newServer(e[endpoint.StatsMTTR], endpoint.StatsRequest{}, logger, endpoint.StatsMTTR))
r.Methods("GET").Path("/api/v1/teams/{team_id}/stats/exposure").Handler(newServer(e[endpoint.StatsExposure], endpoint.StatsRequest{}, logger, endpoint.StatsExposure))
r.Methods("GET").Path("/api/v1/teams/{team_id}/stats/exposure/current").Handler(newServer(e[endpoint.StatsCurrentExposure], endpoint.StatsRequest{}, logger, endpoint.StatsCurrentExposure))
r.Methods("GET").Path("/api/v1/teams/{team_id}/stats/open").Handler(newServer(e[endpoint.StatsOpen], endpoint.StatsRequest{}, logger, endpoint.StatsOpen))
r.Methods("GET").Path("/api/v1/teams/{team_id}/stats/fixed").Handler(newServer(e[endpoint.StatsFixed], endpoint.StatsRequest{}, logger, endpoint.StatsFixed))
r.Methods("GET").Path("/api/v1/stats/mttr").Handler(newServer(e[endpoint.GlobalStatsMTTR], endpoint.GlobalStatsRequest{}, logger, endpoint.GlobalStatsMTTR))
r.Methods("GET").Path("/api/v1/stats/exposure").Handler(newServer(e[endpoint.GlobalStatsExposure], endpoint.GlobalStatsRequest{}, logger, endpoint.GlobalStatsExposure))
r.Methods("GET").Path("/api/v1/stats/exposure/current").Handler(newServer(e[endpoint.GlobalStatsCurrentExposure], endpoint.GlobalStatsRequest{}, logger, endpoint.GlobalStatsCurrentExposure))
r.Methods("GET").Path("/api/v1/stats/open").Handler(newServer(e[endpoint.GlobalStatsOpen], endpoint.GlobalStatsRequest{}, logger, endpoint.GlobalStatsOpen))
r.Methods("GET").Path("/api/v1/stats/fixed").Handler(newServer(e[endpoint.GlobalStatsFixed], endpoint.GlobalStatsRequest{}, logger, endpoint.GlobalStatsFixed))
r.Methods("GET").Path("/api/v1/stats/assets").Handler(newServer(e[endpoint.GlobalStatsAssets], endpoint.GlobalStatsRequest{}, logger, endpoint.GlobalStatsAssets))
return r
}