241 lines
8 KiB
Python
241 lines
8 KiB
Python
import base64
|
|
import binascii
|
|
import logging
|
|
import re
|
|
from datetime import datetime, timedelta, timezone
|
|
from typing import Optional, List, Callable, Any, Type, Dict, Union, Literal
|
|
|
|
from flask import Blueprint, request, jsonify, abort
|
|
from flask.typing import ResponseReturnValue
|
|
from sqlalchemy import select, BinaryExpression, ColumnElement
|
|
from werkzeug.exceptions import HTTPException
|
|
|
|
from app.extensions import db
|
|
from app.models.base import Group
|
|
from app.models.mirrors import Origin, Proxy
|
|
from app.models.onions import Onion
|
|
|
|
api = Blueprint('api', __name__)
|
|
logger = logging.getLogger(__name__)
|
|
|
|
MAX_DOMAIN_NAME_LENGTH = 255
|
|
DOMAIN_NAME_REGEX = re.compile(r'^[a-zA-Z0-9.\-]*$')
|
|
MAX_ALLOWED_ITEMS = 100
|
|
|
|
ListFilter = Union[BinaryExpression[Any], ColumnElement[Any]]
|
|
|
|
|
|
@api.errorhandler(400)
|
|
def bad_request(error: HTTPException) -> ResponseReturnValue:
|
|
response = jsonify({'error': 'Bad Request', 'message': error.description})
|
|
response.status_code = 400
|
|
return response
|
|
|
|
|
|
@api.errorhandler(401)
|
|
def unauthorized(error: HTTPException) -> ResponseReturnValue:
|
|
response = jsonify({'error': 'Unauthorized', 'message': error.description})
|
|
response.status_code = 401
|
|
return response
|
|
|
|
|
|
@api.errorhandler(404)
|
|
def not_found(_: HTTPException) -> ResponseReturnValue:
|
|
response = jsonify({'error': 'Not found', 'message': 'Resource could not be found.'})
|
|
response.status_code = 404
|
|
return response
|
|
|
|
|
|
@api.errorhandler(500)
|
|
def internal_server_error(_: HTTPException) -> ResponseReturnValue:
|
|
response = jsonify({'error': 'Internal Server Error', 'message': 'An unexpected error occurred.'})
|
|
response.status_code = 500
|
|
return response
|
|
|
|
|
|
def validate_max_items(max_items_str: str, max_allowed: int) -> int:
|
|
try:
|
|
max_items = int(max_items_str)
|
|
if max_items <= 0 or max_items > max_allowed:
|
|
raise ValueError()
|
|
return max_items
|
|
except ValueError:
|
|
abort(400, description=f"MaxItems must be a positive integer not exceeding {max_allowed}.")
|
|
|
|
|
|
def validate_marker(marker_str: str) -> int:
|
|
try:
|
|
marker_decoded = base64.urlsafe_b64decode(marker_str.encode()).decode()
|
|
marker_id = int(marker_decoded)
|
|
return marker_id
|
|
except (ValueError, binascii.Error):
|
|
abort(400, description="Marker must be a valid token.")
|
|
|
|
|
|
TlpMarkings = Union[
|
|
Literal["default"],
|
|
Literal["clear"],
|
|
Literal["green"],
|
|
Literal["amber"],
|
|
Literal["amber+strict"],
|
|
Literal["red"],
|
|
]
|
|
|
|
|
|
def list_resources( # pylint: disable=too-many-arguments,too-many-locals
|
|
model: Type[Any],
|
|
serialize_func: Callable[[Any], Dict[str, Any]],
|
|
*,
|
|
filters: List[ListFilter] = None,
|
|
order_by: Optional[ColumnElement[Any]] = None,
|
|
resource_name: str = 'ResourceList',
|
|
max_items_param: str = 'MaxItems',
|
|
marker_param: str = 'Marker',
|
|
max_allowed_items: int = 100,
|
|
protective_marking: TlpMarkings = 'default',
|
|
) -> ResponseReturnValue:
|
|
try:
|
|
marker = request.args.get(marker_param)
|
|
max_items = validate_max_items(
|
|
request.args.get(max_items_param, default='100'), max_allowed_items)
|
|
query = select(model)
|
|
|
|
if filters:
|
|
query = query.where(*filters)
|
|
|
|
if marker:
|
|
marker_id = validate_marker(marker)
|
|
query = query.where(model.id > marker_id)
|
|
|
|
query = query.order_by(order_by or model.id)
|
|
query = query.limit(max_items + 1) # Need to know if there's more
|
|
|
|
result = db.session.execute(query)
|
|
items = result.scalars().all()
|
|
items_list = [serialize_func(item) for item in items[:max_items]]
|
|
is_truncated = len(items) > max_items
|
|
|
|
response = {
|
|
resource_name: {
|
|
marker_param: marker if marker else None,
|
|
max_items_param: str(max_items),
|
|
"Quantity": len(items_list),
|
|
"Items": items_list,
|
|
"IsTruncated": is_truncated,
|
|
"ProtectiveMarking": protective_marking,
|
|
}
|
|
}
|
|
|
|
if is_truncated:
|
|
last_id = items[max_items - 1].id
|
|
next_marker = base64.urlsafe_b64encode(str(last_id).encode()).decode()
|
|
response[resource_name]["NextMarker"] = next_marker
|
|
|
|
return jsonify(response)
|
|
except Exception: # pylint: disable=broad-exception-caught
|
|
logger.exception("An unexpected error occurred")
|
|
abort(500)
|
|
|
|
|
|
@api.route('/web/group', methods=['GET'])
|
|
def list_groups() -> ResponseReturnValue:
|
|
return list_resources(
|
|
Group,
|
|
lambda group: group.to_dict(),
|
|
resource_name='OriginGroupList',
|
|
max_allowed_items=MAX_ALLOWED_ITEMS,
|
|
protective_marking='amber',
|
|
)
|
|
|
|
|
|
@api.route('/web/origin', methods=['GET'])
|
|
def list_origins() -> ResponseReturnValue:
|
|
domain_name_filter = request.args.get('DomainName')
|
|
group_id_filter = request.args.get('GroupId')
|
|
|
|
filters: List[ListFilter] = []
|
|
|
|
if domain_name_filter:
|
|
if len(domain_name_filter) > MAX_DOMAIN_NAME_LENGTH:
|
|
abort(400, description=f"DomainName cannot exceed {MAX_DOMAIN_NAME_LENGTH} characters.")
|
|
if not DOMAIN_NAME_REGEX.match(domain_name_filter):
|
|
abort(400, description="DomainName contains invalid characters.")
|
|
filters.append(Origin.domain_name.ilike(f"%{domain_name_filter}%"))
|
|
|
|
if group_id_filter:
|
|
try:
|
|
filters.append(Origin.group_id == int(group_id_filter))
|
|
except ValueError:
|
|
abort(400, description="GroupId must be a valid integer.")
|
|
|
|
return list_resources(
|
|
Origin,
|
|
lambda origin: origin.to_dict(),
|
|
filters=filters,
|
|
resource_name='OriginsList',
|
|
max_allowed_items=MAX_ALLOWED_ITEMS,
|
|
protective_marking='amber',
|
|
)
|
|
|
|
|
|
@api.route('/web/mirror', methods=['GET'])
|
|
def list_mirrors() -> ResponseReturnValue:
|
|
filters = []
|
|
|
|
twenty_four_hours_ago = datetime.now(timezone.utc) - timedelta(hours=24)
|
|
status_filter = request.args.get('Status')
|
|
if status_filter:
|
|
if status_filter == "pending":
|
|
filters.append(Proxy.url.is_(None))
|
|
filters.append(Proxy.deprecated.is_(None))
|
|
filters.append(Proxy.destroyed.is_(None))
|
|
if status_filter == "active":
|
|
filters.append(Proxy.url.is_not(None))
|
|
filters.append(Proxy.deprecated.is_(None))
|
|
filters.append(Proxy.destroyed.is_(None))
|
|
if status_filter == "expiring":
|
|
filters.append(Proxy.deprecated.is_not(None))
|
|
filters.append(Proxy.destroyed.is_(None))
|
|
if status_filter == "destroyed":
|
|
filters.append(Proxy.destroyed > twenty_four_hours_ago)
|
|
else:
|
|
filters.append((Proxy.destroyed.is_(None)) | (Proxy.destroyed > twenty_four_hours_ago))
|
|
|
|
return list_resources(
|
|
Proxy,
|
|
lambda proxy: proxy.to_dict(),
|
|
filters=filters,
|
|
resource_name='MirrorsList',
|
|
max_allowed_items=MAX_ALLOWED_ITEMS,
|
|
protective_marking='amber',
|
|
)
|
|
|
|
|
|
@api.route('/web/onion', methods=['GET'])
|
|
def list_onions() -> ResponseReturnValue:
|
|
domain_name_filter = request.args.get('DomainName')
|
|
group_id_filter = request.args.get('GroupId')
|
|
|
|
filters: List[ListFilter] = []
|
|
|
|
if domain_name_filter:
|
|
if len(domain_name_filter) > MAX_DOMAIN_NAME_LENGTH:
|
|
abort(400, description=f"DomainName cannot exceed {MAX_DOMAIN_NAME_LENGTH} characters.")
|
|
if not DOMAIN_NAME_REGEX.match(domain_name_filter):
|
|
abort(400, description="DomainName contains invalid characters.")
|
|
filters.append(Onion.domain_name.ilike(f"%{domain_name_filter}%"))
|
|
|
|
if group_id_filter:
|
|
try:
|
|
filters.append(Onion.group_id == int(group_id_filter))
|
|
except ValueError:
|
|
abort(400, description="GroupId must be a valid integer.")
|
|
|
|
return list_resources(
|
|
Onion,
|
|
lambda onion: onion.to_dict(),
|
|
filters=filters,
|
|
resource_name='OnionsList',
|
|
max_allowed_items=MAX_ALLOWED_ITEMS,
|
|
protective_marking='amber',
|
|
)
|