ashirt-ops · jkennedyvz · Jul 28, 2023 · Jul 26, 2023 · Jul 25, 2023 · Jul 25, 2023
@@ -101,6 +101,12 @@ func main() {
 		)
 	})
 
+	r.Route("/api", func(r chi.Router) {
+		server.API(r,
+			db, contentStore, logger,
+		)
+	})
+
 	logger.Log("msg", "starting Web server", "port", config.Port())
 	serveErr := http.ListenAndServe(":"+config.Port(), r)
 	logging.Fatal(logger, "msg", "server shutting down", "err", serveErr)

@@ -12,7 +12,6 @@ import (
 	"github.com/ashirt-ops/ashirt-server/backend"
 	"github.com/ashirt-ops/ashirt-server/backend/contentstore"
 	"github.com/ashirt-ops/ashirt-server/backend/database"
-	"github.com/ashirt-ops/ashirt-server/backend/dtos"
 	"github.com/ashirt-ops/ashirt-server/backend/logging"
 	"github.com/ashirt-ops/ashirt-server/backend/server/middleware"
 	"github.com/ashirt-ops/ashirt-server/backend/services"
@@ -25,44 +24,12 @@ func API(r chi.Router, db *database.Connection, contentStore contentstore.Store,
 	r.Group(func(r chi.Router) {
 		r.Use(middleware.AuthenticateAppAndInjectCtx(db))
 		r.Use(middleware.LogRequests(logger))
+		bindSharedRoutes(r, db, contentStore)
 		bindAPIRoutes(r, db, contentStore)
 	})
 }
 
 func bindAPIRoutes(r chi.Router, db *database.Connection, contentStore contentstore.Store) {
-	route(r, "GET", "/operations", jsonHandler(func(r *http.Request) (interface{}, error) {
-		return services.ListOperations(r.Context(), db)
-	}))
-
-	route(r, "GET", "/checkconnection", jsonHandler(func(r *http.Request) (interface{}, error) {
-		return dtos.CheckConnection{Ok: true}, nil
-	}))
-
-	route(r, "POST", "/operations", jsonHandler(func(r *http.Request) (interface{}, error) {
-		dr := dissectJSONRequest(r)
-		i := services.CreateOperationInput{
-			Slug:    dr.FromBody("slug").Required().AsString(),
-			Name:    dr.FromBody("name").Required().AsString(),
-			OwnerID: middleware.UserID(r.Context()),
-		}
-		if dr.Error != nil {
-			return nil, dr.Error
-		}
-		return services.CreateOperation(r.Context(), db, i)
-	}))
-
-	route(r, "GET", "/operations/{operation_slug}/evidence/{evidence_uuid}", jsonHandler(func(r *http.Request) (interface{}, error) {
-		dr := dissectJSONRequest(r)
-		i := services.ReadEvidenceInput{
-			EvidenceUUID:  dr.FromURL("evidence_uuid").Required().AsString(),
-			OperationSlug: dr.FromURL("operation_slug").Required().AsString(),
-		}
-		if dr.Error != nil {
-			return nil, dr.Error
-		}
-		return services.ReadEvidence(r.Context(), db, contentStore, i)
-	}))
-
 	route(r, "GET", "/operations/{operation_slug}/evidence/{evidence_uuid}/{type:media|preview}", mediaHandler(func(r *http.Request) (io.Reader, error) {
 		dr := dissectNoBodyRequest(r)
 		i := services.ReadEvidenceInput{
@@ -139,25 +106,4 @@ func bindAPIRoutes(r chi.Router, db *database.Connection, contentStore contentst
 		}
 		return nil, services.UpsertEvidenceMetadata(r.Context(), db, i)
 	}))
-
-	route(r, "GET", "/operations/{operation_slug}/tags", jsonHandler(func(r *http.Request) (interface{}, error) {
-		dr := dissectJSONRequest(r)
-		i := services.ListTagsForOperationInput{
-			OperationSlug: dr.FromURL("operation_slug").Required().AsString(),
-		}
-		return services.ListTagsForOperation(r.Context(), db, i)
-	}))
-
-	route(r, "POST", "/operations/{operation_slug}/tags", jsonHandler(func(r *http.Request) (interface{}, error) {
-		dr := dissectJSONRequest(r)
-		i := services.CreateTagInput{
-			Name:          dr.FromBody("name").Required().AsString(),
-			ColorName:     dr.FromBody("colorName").AsString(),
-			OperationSlug: dr.FromURL("operation_slug").Required().AsString(),
-		}
-		if dr.Error != nil {
-			return nil, dr.Error
-		}
-		return services.CreateTag(r.Context(), db, i)
-	}))
 }
@@ -0,0 +1,59 @@
+// Copyright 2023, Yahoo Inc.
+// Licensed under the terms of the MIT. See LICENSE file in project root for terms.
+
+package server
+
+import (
+	"net/http"
+
+	"github.com/ashirt-ops/ashirt-server/backend/contentstore"
+	"github.com/ashirt-ops/ashirt-server/backend/database"
+	"github.com/ashirt-ops/ashirt-server/backend/dtos"
+	"github.com/ashirt-ops/ashirt-server/backend/server/middleware"
+	"github.com/ashirt-ops/ashirt-server/backend/services"
+	"github.com/go-chi/chi/v5"
+)
+
+func bindSharedRoutes(r chi.Router, db *database.Connection, contentStore contentstore.Store) {
+	route(r, "GET", "/checkconnection", jsonHandler(func(r *http.Request) (interface{}, error) {
+		return dtos.CheckConnection{Ok: true}, nil
+	}))
+
+	route(r, "GET", "/operations", jsonHandler(func(r *http.Request) (interface{}, error) {
+		return services.ListOperations(r.Context(), db)
+	}))
+
+	route(r, "POST", "/operations", jsonHandler(func(r *http.Request) (interface{}, error) {
+		dr := dissectJSONRequest(r)
+		i := services.CreateOperationInput{
+			Slug:    dr.FromBody("slug").Required().AsString(),
+			Name:    dr.FromBody("name").Required().AsString(),
+			OwnerID: middleware.UserID(r.Context()),
+		}
+		if dr.Error != nil {
+			return nil, dr.Error
+		}
+		return services.CreateOperation(r.Context(), db, i)
+	}))
+
+	route(r, "GET", "/operations/{operation_slug}/tags", jsonHandler(func(r *http.Request) (interface{}, error) {
+		dr := dissectJSONRequest(r)
+		i := services.ListTagsForOperationInput{
+			OperationSlug: dr.FromURL("operation_slug").Required().AsString(),
+		}
+		return services.ListTagsForOperation(r.Context(), db, i)
+	}))
+
+	route(r, "POST", "/operations/{operation_slug}/tags", jsonHandler(func(r *http.Request) (interface{}, error) {
+		dr := dissectJSONRequest(r)
+		i := services.CreateTagInput{
+			Name:          dr.FromBody("name").Required().AsString(),
+			ColorName:     dr.FromBody("colorName").AsString(),
+			OperationSlug: dr.FromURL("operation_slug").Required().AsString(),
+		}
+		if dr.Error != nil {
+			return nil, dr.Error
+		}
+		return services.CreateTag(r.Context(), db, i)
+	}))
+}
@@ -103,6 +103,7 @@ func Web(r chi.Router, db *database.Connection, contentStore contentstore.Store,
 			}
 		}
 
+		bindSharedRoutes(r, db, contentStore)
 		bindWebRoutes(r, db, contentStore, sessionStore, &authsWithOutRecovery)
 	})
 }
@@ -278,27 +279,10 @@ func bindWebRoutes(r chi.Router, db *database.Connection, contentStore contentst
 		return nil, services.DeleteAuthSchemeUsers(r.Context(), db, schemeCode)
 	}))
 
-	route(r, "GET", "/operations", jsonHandler(func(r *http.Request) (interface{}, error) {
-		return services.ListOperations(r.Context(), db)
-	}))
-
 	route(r, "GET", "/admin/operations", jsonHandler(func(r *http.Request) (interface{}, error) {
 		return services.ListOperationsForAdmin(r.Context(), db)
 	}))
 
-	route(r, "POST", "/operations", jsonHandler(func(r *http.Request) (interface{}, error) {
-		dr := dissectJSONRequest(r)
-		i := services.CreateOperationInput{
-			Slug:    dr.FromBody("slug").Required().AsString(),
-			Name:    dr.FromBody("name").Required().AsString(),
-			OwnerID: middleware.UserID(r.Context()),
-		}
-		if dr.Error != nil {
-			return nil, dr.Error
-		}
-		return services.CreateOperation(r.Context(), db, i)
-	}))
-
 	route(r, "DELETE", "/operations/{operation_slug}", jsonHandler(func(r *http.Request) (interface{}, error) {
 		dr := dissectJSONRequest(r)
 		operationSlug := dr.FromURL("operation_slug").Required().AsString()
@@ -744,27 +728,6 @@ func bindWebRoutes(r chi.Router, db *database.Connection, contentStore contentst
 		return nil, services.DeleteQuery(r.Context(), db, i)
 	}))
 
-	route(r, "GET", "/operations/{operation_slug}/tags", jsonHandler(func(r *http.Request) (interface{}, error) {
-		dr := dissectJSONRequest(r)
-		i := services.ListTagsForOperationInput{
-			OperationSlug: dr.FromURL("operation_slug").Required().AsString(),
-		}
-		return services.ListTagsForOperation(r.Context(), db, i)
-	}))
-
-	route(r, "POST", "/operations/{operation_slug}/tags", jsonHandler(func(r *http.Request) (interface{}, error) {
-		dr := dissectJSONRequest(r)
-		i := services.CreateTagInput{
-			Name:          dr.FromBody("name").Required().AsString(),
-			ColorName:     dr.FromBody("colorName").AsString(),
-			OperationSlug: dr.FromURL("operation_slug").Required().AsString(),
-		}
-		if dr.Error != nil {
-			return nil, dr.Error
-		}
-		return services.CreateTag(r.Context(), db, i)
-	}))
-
 	route(r, "PUT", "/operations/{operation_slug}/tags/{tag_id}", jsonHandler(func(r *http.Request) (interface{}, error) {
 		dr := dissectJSONRequest(r)
 		i := services.UpdateTagInput{

@@ -1,6 +1,6 @@
 version: "3"
 services:
-  ashirt-private-service:
+  ashirt-service:
     build:
       context: .
       dockerfile: Dockerfile.prod.web
@@ -23,21 +23,6 @@ services:
       AUTH_SERVICES: ashirt
       DB_URI: dev-user:dev-user-password@tcp(db:3306)/dev-db
 
-
-  ashirt-public-service:
-    build:
-      context: .
-      dockerfile: Dockerfile.prod.api
-    ports:
-      - 8001:8000
-    restart: on-failure
-    environment:
-      APP_IMGSTORE_BUCKET_NAME: ""
-      APP_IMGSTORE_REGION: ""
-      APP_PORT: 8000
-      DB_URI: dev-user:dev-user-password@tcp(db:3306)/dev-db
-
-
   frontend:
     build:
       context: .
@@ -46,7 +31,7 @@ services:
       - 8080:8080
     environment:
       NGINX_PORT: 8080
-      WEB_URL: http://ashirt-private-service:8000
+      WEB_URL: http://ashirt-service:8000
 
   db:
     image: mysql:8.0

@@ -15,6 +15,10 @@ server {
       proxy_pass ${WEB_URL};
     }
 
+    location /api {
+      proxy_pass ${WEB_URL};
+    }
+
     location /assets {
       root     /usr/share/nginx/html;
       try_files $uri $uri/;

@@ -75,6 +75,7 @@ module.exports = (env, argv) => ({
     historyApiFallback: true,
     proxy: {
       '/web': {target: process.env.WEB_BACKEND_ORIGIN},
+      '/api': {target: process.env.WEB_BACKEND_ORIGIN},
     },
     devMiddleware: {
       publicPath: "/assets/"