Backlog/api key

agent/main.go

@@ -3,7 +3,6 @@ package main
 import (
 	"fmt"
 	"os"
-	"strings"
 	"time"
 
 	pb "github.com/utmstack/UTMStack/agent/agent"
@@ -170,41 +169,6 @@ func main() {
 			fmt.Println("TLS certificates loaded successfully!")
 			time.Sleep(5 * time.Second)
 
-		case "check-tls-certs":
-			fmt.Println("Checking TLS certificates status ...")
-
-			status := utils.GetTLSStatus(
-				config.IntegrationCertPath,
-				config.IntegrationKeyPath,
-				config.IntegrationCAPath,
-			)
-
-			fmt.Printf("Certificate file exists: %v\n", status.CertExists)
-			fmt.Printf("Private key file exists: %v\n", status.KeyExists)
-			fmt.Printf("CA certificate file exists: %v\n", status.CAExists)
-			fmt.Printf("TLS Available: %v\n", status.Available)
-			fmt.Printf("Certificates Valid: %v\n", status.Valid)
-
-			if status.Error != "" {
-				fmt.Printf("Error: %s\n", status.Error)
-			}
-
-			if status.Available {
-				fmt.Println("\n" + strings.Repeat("=", 50))
-				details, err := utils.GetCertificateDetails(config.IntegrationCertPath)
-				if err == nil {
-					fmt.Println(details)
-				}
-				fmt.Println("TLS is ready for use!")
-				fmt.Println("Use: ./utmstack_agent enable-tls <integration> tcp")
-			} else {
-				fmt.Println("\n" + strings.Repeat("=", 50))
-				fmt.Println("TLS is NOT available.")
-				fmt.Println("To enable TLS:")
-				fmt.Println("  Load your certificates: ./utmstack_agent load-tls-certs <cert> <key> [ca]")
-			}
-			time.Sleep(5 * time.Second)
-
 		case "change-port":
 			fmt.Println("Changing integration port ...")
 			integration := os.Args[2]

agent/modules/configuration.go

@@ -69,6 +69,9 @@ func ChangeIntegrationStatus(logTyp string, proto string, isEnabled bool, tlsOpt
 		// Handle TLS configuration if specified
 		if len(tlsOptions) > 0 && isEnabled {
 			if tlsOptions[0] {
+				if !utils.CheckIfPathExist(config.IntegrationCertPath) || !utils.CheckIfPathExist(config.IntegrationKeyPath) {
+					return "", fmt.Errorf("TLS certificates not found. Please load certificates first")
+				}
 				// Enable TLS
 				integration.TCP.TLSEnabled = true
 				mod := GetModule(logTyp)

agent/modules/syslog.go

@@ -98,6 +98,12 @@ func (m *SyslogModule) GetPort(proto string) string {
 func (m *SyslogModule) EnablePort(proto string, enableTLS bool) error {
 	switch proto {
 	case "tcp":
+		if enableTLS {
+			if !utils.CheckIfPathExist(config.IntegrationCertPath) || !utils.CheckIfPathExist(config.IntegrationKeyPath) {
+				return fmt.Errorf("TLS certificates not found. Please load certificates first")
+			}
+		}
+
 		m.TCPListener.TLSEnabled = enableTLS
 		go m.enableTCP()
 		return nil

agent/serv/service.go

@@ -40,19 +40,6 @@ func (p *program) run() {
 		utils.Logger.Fatal("error getting config: %v", err)
 	}
 
-	if utils.CheckIfPathExist(config.IntegrationCertPath) && utils.CheckIfPathExist(config.IntegrationKeyPath) {
-		err = utils.ValidateIntegrationCertificates(config.IntegrationCertPath, config.IntegrationKeyPath)
-		if err != nil {
-			utils.Logger.ErrorF("TLS certificates are invalid: %v", err)
-			utils.Logger.Info("TLS functionality will be disabled. Use 'load-tls-certs' command to fix this.")
-		} else {
-			utils.Logger.Info("TLS certificates are valid and ready for use")
-		}
-	} else {
-		utils.Logger.Info("No TLS certificates found. TLS functionality is disabled.")
-		utils.Logger.Info("Use 'load-tls-certs' command to load your certificates.")
-	}
-
 	db := database.GetDB()
 	err = db.Migrate(models.Log{})
 	if err != nil {

agent/utils/files.go

@@ -157,3 +157,20 @@ func IsDirEmpty(path string) (bool, error) {
 	}
 	return false, err
 }
+
+func copyFile(src, dst string) error {
+	sourceFile, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer sourceFile.Close()
+
+	destFile, err := os.Create(dst)
+	if err != nil {
+		return err
+	}
+	defer destFile.Close()
+
+	_, err = io.Copy(destFile, sourceFile)
+	return err
+}

agent/utils/integration_tls.go → agent/utils/int_tls.go

@@ -4,12 +4,9 @@ import (
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
-	"encoding/pem"
 	"fmt"
-	"io"
 	"os"
 	"path/filepath"
-	"strings"
 	"time"
 )
 
@@ -170,97 +167,3 @@ func LoadUserCertificatesWithStruct(src, dest CertificateFiles) error {
 
 	return nil
 }
-
-func GetTLSStatus(certPath, keyPath, caPath string) TLSStatus {
-	status := TLSStatus{
-		CertExists: CheckIfPathExist(certPath),
-		KeyExists:  CheckIfPathExist(keyPath),
-		CAExists:   CheckIfPathExist(caPath),
-	}
-
-	if status.CertExists && status.KeyExists {
-		err := ValidateIntegrationCertificates(certPath, keyPath)
-		if err == nil {
-			status.Available = true
-			status.Valid = true
-		} else {
-			status.Error = err.Error()
-		}
-	} else {
-		status.Error = "Certificate or private key files not found"
-	}
-
-	return status
-}
-
-func GetCertificateDetails(certPath string) (string, error) {
-	if !CheckIfPathExist(certPath) {
-		return "", fmt.Errorf("certificate file not found: %s", certPath)
-	}
-
-	// Parse certificate directly
-	certData, err := os.ReadFile(certPath)
-	if err != nil {
-		return "", fmt.Errorf("error reading certificate: %w", err)
-	}
-
-	block, _ := pem.Decode(certData)
-	if block == nil {
-		return "", fmt.Errorf("failed to decode certificate PEM")
-	}
-
-	cert, err := x509.ParseCertificate(block.Bytes)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse certificate: %w", err)
-	}
-
-	return formatCertificateDetails(cert), nil
-}
-
-func formatCertificateDetails(cert *x509.Certificate) string {
-	var builder strings.Builder
-
-	builder.WriteString(fmt.Sprintf("Subject: %s\n", cert.Subject.String()))
-	builder.WriteString(fmt.Sprintf("Issuer: %s\n", cert.Issuer.String()))
-	builder.WriteString(fmt.Sprintf("Valid from: %s\n", cert.NotBefore.Format("2006-01-02 15:04:05 UTC")))
-	builder.WriteString(fmt.Sprintf("Valid until: %s\n", cert.NotAfter.Format("2006-01-02 15:04:05 UTC")))
-	builder.WriteString(fmt.Sprintf("Serial Number: %s\n", cert.SerialNumber.String()))
-
-	if len(cert.DNSNames) > 0 || len(cert.IPAddresses) > 0 {
-		builder.WriteString("Subject Alternative Names: ")
-
-		for i, dns := range cert.DNSNames {
-			if i > 0 {
-				builder.WriteString(", ")
-			}
-			builder.WriteString(dns)
-		}
-
-		for i, ip := range cert.IPAddresses {
-			if i > 0 || len(cert.DNSNames) > 0 {
-				builder.WriteString(", ")
-			}
-			builder.WriteString(ip.String())
-		}
-		builder.WriteString("\n")
-	}
-
-	return builder.String()
-}
-
-func copyFile(src, dst string) error {
-	sourceFile, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer sourceFile.Close()
-
-	destFile, err := os.Create(dst)
-	if err != nil {
-		return err
-	}
-	defer destFile.Close()
-
-	_, err = io.Copy(destFile, sourceFile)
-	return err
-}

backend/.gitignore

@@ -62,6 +62,7 @@ local.properties
 *.orig
 classes/
 out/
+.nvim/
 
 ######################
 # Visual Studio Code

backend/pom.xml

@@ -376,6 +376,12 @@
             <version>3.0.5</version>
         </dependency>
 
+        <dependency>
+            <groupId>commons-net</groupId>
+            <artifactId>commons-net</artifactId>
+            <version>3.9.0</version>
+        </dependency>
+
     </dependencies>
 
     <build>

backend/src/main/java/com/park/utmstack/advice/GlobalExceptionHandler.java

@@ -4,10 +4,7 @@
 import com.park.utmstack.security.TooMuchLoginAttemptsException;
 import com.park.utmstack.service.application_events.ApplicationEventService;
 import com.park.utmstack.util.ResponseUtil;
-import com.park.utmstack.util.exceptions.IncidentAlertConflictException;
-import com.park.utmstack.util.exceptions.NoAlertsProvidedException;
-import com.park.utmstack.util.exceptions.TfaVerificationException;
-import com.park.utmstack.util.exceptions.TooManyRequestsException;
+import com.park.utmstack.util.exceptions.*;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
@@ -41,8 +38,9 @@ public ResponseEntity<?> handleTooManyLoginAttempts(TooMuchLoginAttemptsExceptio
         return ResponseUtil.buildLockedResponse(e.getMessage());
     }
 
-    @ExceptionHandler(NoSuchElementException.class)
-    public ResponseEntity<?> handleNotFound(NoSuchElementException e, HttpServletRequest request) {
+    @ExceptionHandler({NoSuchElementException.class,
+                       ApiKeyNotFoundException.class})
+    public ResponseEntity<?> handleNotFound(Exception e, HttpServletRequest request) {
         return ResponseUtil.buildNotFoundResponse(e.getMessage());
     }
 
@@ -56,8 +54,9 @@ public ResponseEntity<?> handleNoAlertsProvided(Exception e, HttpServletRequest
         return ResponseUtil.buildErrorResponse(HttpStatus.BAD_REQUEST, e.getMessage());
     }
 
-    @ExceptionHandler(IncidentAlertConflictException.class)
-    public ResponseEntity<?> handleConflict(IncidentAlertConflictException e, HttpServletRequest request) {
+    @ExceptionHandler({IncidentAlertConflictException.class,
+                       ApiKeyExistException.class})
+    public ResponseEntity<?> handleConflict(Exception e, HttpServletRequest request) {
         return ResponseUtil.buildErrorResponse(HttpStatus.CONFLICT, e.getMessage());
     }
 

backend/src/main/java/com/park/utmstack/config/Constants.java

@@ -2,7 +2,9 @@
 
 import com.park.utmstack.domain.index_pattern.enums.SystemIndexPattern;
 
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 public final class Constants {
@@ -137,6 +139,7 @@ public final class Constants {
     // Defines the index pattern for querying Elasticsearch statistics indexes.
     // ----------------------------------------------------------------------------------
     public static final String STATISTICS_INDEX_PATTERN = "v11-statistics-*";
+    public static final String V11_API_ACCESS_LOGS = "v11-api-access-logs-*";
 
     // Logging
     public static final String TRACE_ID_KEY = "traceId";
@@ -156,6 +159,9 @@ public final class Constants {
     public static final String CONF_TYPE_PASSWORD = "password";
     public static final String CONF_TYPE_FILE = "file";
 
+    public static final String API_KEY_HEADER = "Utm-Api-Key";
+    public static final List<String> API_ENDPOINT_IGNORE = Collections.emptyList();
+
     private Constants() {
     }
 }

backend/src/main/java/com/park/utmstack/config/OpenApiConfiguration.java

@@ -23,21 +23,30 @@ public OpenApiConfiguration(InfoEndpoint infoEndpoint) {
     @Bean
     public OpenAPI customOpenAPI() {
         final String securitySchemeBearer = "bearerAuth";
+        final String securitySchemeApiInternalKey = "ApiInternalKeyAuth";
         final String securitySchemeApiKey = "ApiKeyAuth";
+
         final String apiTitle = "UTMStack API";
         String version = MapUtil.flattenToStringMap(infoEndpoint.info(), true).get("build.version");
         return new OpenAPI()
-            .addSecurityItem(new SecurityRequirement().addList(securitySchemeBearer).addList(securitySchemeApiKey))
+            .addSecurityItem(new SecurityRequirement()
+                    .addList(securitySchemeBearer)
+                    .addList(securitySchemeApiInternalKey)
+                    .addList(securitySchemeApiKey))
             .components(new Components()
                 .addSecuritySchemes(securitySchemeBearer,
                     new SecurityScheme()
                         .name(securitySchemeBearer)
                         .type(SecurityScheme.Type.HTTP)
                         .scheme("bearer")
                         .bearerFormat("JWT"))
-                .addSecuritySchemes(securitySchemeApiKey, new SecurityScheme()
+                .addSecuritySchemes(securitySchemeApiInternalKey, new SecurityScheme()
                     .name("Utm-Internal-Key")
                     .type(SecurityScheme.Type.APIKEY)
+                    .in(SecurityScheme.In.HEADER))
+                .addSecuritySchemes(securitySchemeApiKey, new SecurityScheme()
+                    .name(Constants.API_KEY_HEADER)
+                    .type(SecurityScheme.Type.APIKEY)
                     .in(SecurityScheme.In.HEADER)))
             .info(new Info().title(apiTitle).version(version))
             .addServersItem(new Server().url("/").description("Default Server URL"));