-
Notifications
You must be signed in to change notification settings - Fork 5
/
attackjob.go
132 lines (106 loc) · 3.17 KB
/
attackjob.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
package controllers
import (
"net/http"
"github.com/labstack/echo/v4"
"github.com/lachlan2k/phatcrack/api/internal/accesscontrol"
"github.com/lachlan2k/phatcrack/api/internal/auth"
"github.com/lachlan2k/phatcrack/api/internal/db"
"github.com/lachlan2k/phatcrack/api/internal/util"
"github.com/lachlan2k/phatcrack/common/pkg/apitypes"
)
func HookJobEndpoints(api *echo.Group) {
api.GET("/ping", func(c echo.Context) error {
return c.String(http.StatusOK, "pong jobs")
})
api.GET("/all-running", func(c echo.Context) error {
user := auth.UserFromReq(c)
if user == nil {
return echo.ErrForbidden
}
jobs, err := db.GetAllRunningJobsForUser(user)
if err != nil {
return util.ServerError("Failed to load jobs", err)
}
return c.JSON(http.StatusOK, apitypes.RunningJobsForUserResponseDTO{
Jobs: jobs.ToDTO(),
})
})
api.GET("/:job-id", handleAttackJobGet)
}
func handleAttackJobGet(c echo.Context) error {
jobId := c.Param("job-id")
if !util.AreValidUUIDs(jobId) {
return echo.ErrBadRequest
}
user := auth.UserFromReq(c)
if user == nil {
return echo.ErrForbidden
}
projId, err := db.GetJobProjID(jobId)
if err != nil {
return util.ServerError("Failed to fetch project id for hashlist", err)
}
proj, err := db.GetProjectForUser(projId, user)
if err == db.ErrNotFound {
return echo.ErrForbidden
}
if err != nil {
return util.ServerError("Failed to fetch project", err)
}
if !accesscontrol.HasRightsToProject(user, proj) {
return echo.ErrForbidden
}
job, err := db.GetJob(jobId, c.QueryParams().Has("includeRuntimeData"))
if err == db.ErrNotFound {
return echo.ErrNotFound
}
if err != nil {
return util.ServerError("Failed to get job", err)
}
return c.JSON(http.StatusOK, job.ToDTO())
}
func handleAttacksAndJobsForHashlist(c echo.Context) error {
hashlistId := c.Param("hashlist-id")
if !util.AreValidUUIDs(hashlistId) {
return echo.ErrBadRequest
}
user := auth.UserFromReq(c)
if user == nil {
return echo.ErrForbidden
}
// TODO: This is all a bit gross and could ideally be collapsed into a shorter number of queries?
projId, err := db.GetHashlistProjID(hashlistId)
if err != nil {
return util.ServerError("Failed to fetch project id for hashlist", err)
}
proj, err := db.GetProjectForUser(projId, user)
if err == db.ErrNotFound {
return echo.ErrForbidden
}
if err != nil {
return util.ServerError("Failed to fetch project", err)
}
if !accesscontrol.HasRightsToProject(user, proj) {
return echo.ErrForbidden
}
attacks, err := db.GetAllAttacksForHashlist(hashlistId)
if err != nil {
return util.ServerError("Failed to get attacks for hashlist", err)
}
attackDTOs := make([]apitypes.AttackWithJobsDTO, len(attacks))
for i, attack := range attacks {
attackDTOs[i].AttackDTO = attack.ToDTO()
jobs, err := db.GetJobsForAttack(attack.ID.String(), c.QueryParams().Has("includeRuntimeData"))
if err != nil {
return util.ServerError("Failed to get job for an attack", err)
}
jobDTOs := make([]apitypes.JobDTO, len(jobs))
for j, job := range jobs {
jobDTOs[j] = job.ToDTO()
}
attackDTOs[i].Jobs = jobDTOs
}
return c.JSON(http.StatusOK, apitypes.AttackWithJobsMultipleDTO{
Attacks: attackDTOs,
})
}