@etcsec-com/etc-collector 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +60 -0
- package/.env.test.example +33 -0
- package/.github/workflows/ci.yml +83 -0
- package/.github/workflows/release.yml +246 -0
- package/.prettierrc.json +10 -0
- package/CHANGELOG.md +15 -0
- package/Dockerfile +57 -0
- package/LICENSE +190 -0
- package/README.md +194 -0
- package/dist/api/controllers/audit.controller.d.ts +21 -0
- package/dist/api/controllers/audit.controller.d.ts.map +1 -0
- package/dist/api/controllers/audit.controller.js +179 -0
- package/dist/api/controllers/audit.controller.js.map +1 -0
- package/dist/api/controllers/auth.controller.d.ts +16 -0
- package/dist/api/controllers/auth.controller.d.ts.map +1 -0
- package/dist/api/controllers/auth.controller.js +146 -0
- package/dist/api/controllers/auth.controller.js.map +1 -0
- package/dist/api/controllers/export.controller.d.ts +27 -0
- package/dist/api/controllers/export.controller.d.ts.map +1 -0
- package/dist/api/controllers/export.controller.js +80 -0
- package/dist/api/controllers/export.controller.js.map +1 -0
- package/dist/api/controllers/health.controller.d.ts +5 -0
- package/dist/api/controllers/health.controller.d.ts.map +1 -0
- package/dist/api/controllers/health.controller.js +16 -0
- package/dist/api/controllers/health.controller.js.map +1 -0
- package/dist/api/controllers/jobs.controller.d.ts +13 -0
- package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
- package/dist/api/controllers/jobs.controller.js +125 -0
- package/dist/api/controllers/jobs.controller.js.map +1 -0
- package/dist/api/controllers/providers.controller.d.ts +15 -0
- package/dist/api/controllers/providers.controller.d.ts.map +1 -0
- package/dist/api/controllers/providers.controller.js +112 -0
- package/dist/api/controllers/providers.controller.js.map +1 -0
- package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
- package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
- package/dist/api/dto/AuditRequest.dto.js +3 -0
- package/dist/api/dto/AuditRequest.dto.js.map +1 -0
- package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
- package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
- package/dist/api/dto/AuditResponse.dto.js +3 -0
- package/dist/api/dto/AuditResponse.dto.js.map +1 -0
- package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
- package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
- package/dist/api/dto/TokenRequest.dto.js +3 -0
- package/dist/api/dto/TokenRequest.dto.js.map +1 -0
- package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
- package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
- package/dist/api/dto/TokenResponse.dto.js +3 -0
- package/dist/api/dto/TokenResponse.dto.js.map +1 -0
- package/dist/api/middlewares/authenticate.d.ts +12 -0
- package/dist/api/middlewares/authenticate.d.ts.map +1 -0
- package/dist/api/middlewares/authenticate.js +141 -0
- package/dist/api/middlewares/authenticate.js.map +1 -0
- package/dist/api/middlewares/errorHandler.d.ts +3 -0
- package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
- package/dist/api/middlewares/errorHandler.js +30 -0
- package/dist/api/middlewares/errorHandler.js.map +1 -0
- package/dist/api/middlewares/rateLimit.d.ts +3 -0
- package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
- package/dist/api/middlewares/rateLimit.js +34 -0
- package/dist/api/middlewares/rateLimit.js.map +1 -0
- package/dist/api/middlewares/validate.d.ts +4 -0
- package/dist/api/middlewares/validate.d.ts.map +1 -0
- package/dist/api/middlewares/validate.js +31 -0
- package/dist/api/middlewares/validate.js.map +1 -0
- package/dist/api/routes/audit.routes.d.ts +5 -0
- package/dist/api/routes/audit.routes.d.ts.map +1 -0
- package/dist/api/routes/audit.routes.js +24 -0
- package/dist/api/routes/audit.routes.js.map +1 -0
- package/dist/api/routes/auth.routes.d.ts +6 -0
- package/dist/api/routes/auth.routes.d.ts.map +1 -0
- package/dist/api/routes/auth.routes.js +22 -0
- package/dist/api/routes/auth.routes.js.map +1 -0
- package/dist/api/routes/export.routes.d.ts +5 -0
- package/dist/api/routes/export.routes.d.ts.map +1 -0
- package/dist/api/routes/export.routes.js +16 -0
- package/dist/api/routes/export.routes.js.map +1 -0
- package/dist/api/routes/health.routes.d.ts +4 -0
- package/dist/api/routes/health.routes.d.ts.map +1 -0
- package/dist/api/routes/health.routes.js +11 -0
- package/dist/api/routes/health.routes.js.map +1 -0
- package/dist/api/routes/index.d.ts +10 -0
- package/dist/api/routes/index.d.ts.map +1 -0
- package/dist/api/routes/index.js +20 -0
- package/dist/api/routes/index.js.map +1 -0
- package/dist/api/routes/providers.routes.d.ts +5 -0
- package/dist/api/routes/providers.routes.d.ts.map +1 -0
- package/dist/api/routes/providers.routes.js +13 -0
- package/dist/api/routes/providers.routes.js.map +1 -0
- package/dist/api/validators/audit.schemas.d.ts +60 -0
- package/dist/api/validators/audit.schemas.d.ts.map +1 -0
- package/dist/api/validators/audit.schemas.js +55 -0
- package/dist/api/validators/audit.schemas.js.map +1 -0
- package/dist/api/validators/auth.schemas.d.ts +17 -0
- package/dist/api/validators/auth.schemas.d.ts.map +1 -0
- package/dist/api/validators/auth.schemas.js +21 -0
- package/dist/api/validators/auth.schemas.js.map +1 -0
- package/dist/app.d.ts +3 -0
- package/dist/app.d.ts.map +1 -0
- package/dist/app.js +62 -0
- package/dist/app.js.map +1 -0
- package/dist/config/config.schema.d.ts +65 -0
- package/dist/config/config.schema.d.ts.map +1 -0
- package/dist/config/config.schema.js +95 -0
- package/dist/config/config.schema.js.map +1 -0
- package/dist/config/index.d.ts +4 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +75 -0
- package/dist/config/index.js.map +1 -0
- package/dist/container.d.ts +47 -0
- package/dist/container.d.ts.map +1 -0
- package/dist/container.js +137 -0
- package/dist/container.js.map +1 -0
- package/dist/data/database.d.ts +13 -0
- package/dist/data/database.d.ts.map +1 -0
- package/dist/data/database.js +68 -0
- package/dist/data/database.js.map +1 -0
- package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
- package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
- package/dist/data/jobs/token-cleanup.job.js +96 -0
- package/dist/data/jobs/token-cleanup.job.js.map +1 -0
- package/dist/data/migrations/migration.runner.d.ts +13 -0
- package/dist/data/migrations/migration.runner.d.ts.map +1 -0
- package/dist/data/migrations/migration.runner.js +136 -0
- package/dist/data/migrations/migration.runner.js.map +1 -0
- package/dist/data/models/Token.model.d.ts +30 -0
- package/dist/data/models/Token.model.d.ts.map +1 -0
- package/dist/data/models/Token.model.js +3 -0
- package/dist/data/models/Token.model.js.map +1 -0
- package/dist/data/repositories/token.repository.d.ts +16 -0
- package/dist/data/repositories/token.repository.d.ts.map +1 -0
- package/dist/data/repositories/token.repository.js +97 -0
- package/dist/data/repositories/token.repository.js.map +1 -0
- package/dist/providers/azure/auth.provider.d.ts +5 -0
- package/dist/providers/azure/auth.provider.d.ts.map +1 -0
- package/dist/providers/azure/auth.provider.js +13 -0
- package/dist/providers/azure/auth.provider.js.map +1 -0
- package/dist/providers/azure/azure-errors.d.ts +40 -0
- package/dist/providers/azure/azure-errors.d.ts.map +1 -0
- package/dist/providers/azure/azure-errors.js +121 -0
- package/dist/providers/azure/azure-errors.js.map +1 -0
- package/dist/providers/azure/azure-retry.d.ts +41 -0
- package/dist/providers/azure/azure-retry.d.ts.map +1 -0
- package/dist/providers/azure/azure-retry.js +85 -0
- package/dist/providers/azure/azure-retry.js.map +1 -0
- package/dist/providers/azure/graph-client.d.ts +26 -0
- package/dist/providers/azure/graph-client.d.ts.map +1 -0
- package/dist/providers/azure/graph-client.js +146 -0
- package/dist/providers/azure/graph-client.js.map +1 -0
- package/dist/providers/azure/graph.provider.d.ts +23 -0
- package/dist/providers/azure/graph.provider.d.ts.map +1 -0
- package/dist/providers/azure/graph.provider.js +161 -0
- package/dist/providers/azure/graph.provider.js.map +1 -0
- package/dist/providers/azure/queries/app.queries.d.ts +6 -0
- package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/app.queries.js +9 -0
- package/dist/providers/azure/queries/app.queries.js.map +1 -0
- package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
- package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/policy.queries.js +9 -0
- package/dist/providers/azure/queries/policy.queries.js.map +1 -0
- package/dist/providers/azure/queries/user.queries.d.ts +7 -0
- package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/user.queries.js +10 -0
- package/dist/providers/azure/queries/user.queries.js.map +1 -0
- package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
- package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
- package/dist/providers/interfaces/IGraphProvider.js +3 -0
- package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
- package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
- package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
- package/dist/providers/interfaces/ILDAPProvider.js +3 -0
- package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
- package/dist/providers/ldap/acl-parser.d.ts +8 -0
- package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
- package/dist/providers/ldap/acl-parser.js +157 -0
- package/dist/providers/ldap/acl-parser.js.map +1 -0
- package/dist/providers/ldap/ad-mappers.d.ts +8 -0
- package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
- package/dist/providers/ldap/ad-mappers.js +162 -0
- package/dist/providers/ldap/ad-mappers.js.map +1 -0
- package/dist/providers/ldap/ldap-client.d.ts +33 -0
- package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-client.js +195 -0
- package/dist/providers/ldap/ldap-client.js.map +1 -0
- package/dist/providers/ldap/ldap-errors.d.ts +48 -0
- package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-errors.js +120 -0
- package/dist/providers/ldap/ldap-errors.js.map +1 -0
- package/dist/providers/ldap/ldap-retry.d.ts +14 -0
- package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-retry.js +102 -0
- package/dist/providers/ldap/ldap-retry.js.map +1 -0
- package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
- package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-sanitizer.js +104 -0
- package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
- package/dist/providers/ldap/ldap.provider.d.ts +21 -0
- package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
- package/dist/providers/ldap/ldap.provider.js +165 -0
- package/dist/providers/ldap/ldap.provider.js.map +1 -0
- package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
- package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/computer.queries.js +9 -0
- package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
- package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
- package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/group.queries.js +9 -0
- package/dist/providers/ldap/queries/group.queries.js.map +1 -0
- package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
- package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/user.queries.js +10 -0
- package/dist/providers/ldap/queries/user.queries.js.map +1 -0
- package/dist/providers/smb/smb.provider.d.ts +68 -0
- package/dist/providers/smb/smb.provider.d.ts.map +1 -0
- package/dist/providers/smb/smb.provider.js +382 -0
- package/dist/providers/smb/smb.provider.js.map +1 -0
- package/dist/server.d.ts +2 -0
- package/dist/server.d.ts.map +1 -0
- package/dist/server.js +44 -0
- package/dist/server.js.map +1 -0
- package/dist/services/audit/ad-audit.service.d.ts +70 -0
- package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
- package/dist/services/audit/ad-audit.service.js +1019 -0
- package/dist/services/audit/ad-audit.service.js.map +1 -0
- package/dist/services/audit/attack-graph.service.d.ts +62 -0
- package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
- package/dist/services/audit/attack-graph.service.js +702 -0
- package/dist/services/audit/attack-graph.service.js.map +1 -0
- package/dist/services/audit/audit.service.d.ts +4 -0
- package/dist/services/audit/audit.service.d.ts.map +1 -0
- package/dist/services/audit/audit.service.js +10 -0
- package/dist/services/audit/audit.service.js.map +1 -0
- package/dist/services/audit/azure-audit.service.d.ts +37 -0
- package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
- package/dist/services/audit/azure-audit.service.js +153 -0
- package/dist/services/audit/azure-audit.service.js.map +1 -0
- package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
- package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
- package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
- package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
- package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
- package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
- package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
- package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
- package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
- package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
- package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
- package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
- package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
- package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
- package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/index.d.ts +15 -0
- package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/index.js +51 -0
- package/dist/services/audit/detectors/ad/index.js.map +1 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
- package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/network.detector.js +257 -0
- package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
- package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/password.detector.js +235 -0
- package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
- package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
- package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
- package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
- package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
- package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
- package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
- package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
- package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/index.d.ts +2 -0
- package/dist/services/audit/detectors/index.d.ts.map +1 -0
- package/dist/services/audit/detectors/index.js +38 -0
- package/dist/services/audit/detectors/index.js.map +1 -0
- package/dist/services/audit/response-formatter.d.ts +176 -0
- package/dist/services/audit/response-formatter.d.ts.map +1 -0
- package/dist/services/audit/response-formatter.js +240 -0
- package/dist/services/audit/response-formatter.js.map +1 -0
- package/dist/services/audit/scoring.service.d.ts +15 -0
- package/dist/services/audit/scoring.service.d.ts.map +1 -0
- package/dist/services/audit/scoring.service.js +139 -0
- package/dist/services/audit/scoring.service.js.map +1 -0
- package/dist/services/auth/crypto.service.d.ts +19 -0
- package/dist/services/auth/crypto.service.d.ts.map +1 -0
- package/dist/services/auth/crypto.service.js +135 -0
- package/dist/services/auth/crypto.service.js.map +1 -0
- package/dist/services/auth/errors.d.ts +19 -0
- package/dist/services/auth/errors.d.ts.map +1 -0
- package/dist/services/auth/errors.js +46 -0
- package/dist/services/auth/errors.js.map +1 -0
- package/dist/services/auth/token.service.d.ts +41 -0
- package/dist/services/auth/token.service.d.ts.map +1 -0
- package/dist/services/auth/token.service.js +208 -0
- package/dist/services/auth/token.service.js.map +1 -0
- package/dist/services/config/config.service.d.ts +6 -0
- package/dist/services/config/config.service.d.ts.map +1 -0
- package/dist/services/config/config.service.js +64 -0
- package/dist/services/config/config.service.js.map +1 -0
- package/dist/services/export/export.service.d.ts +28 -0
- package/dist/services/export/export.service.d.ts.map +1 -0
- package/dist/services/export/export.service.js +28 -0
- package/dist/services/export/export.service.js.map +1 -0
- package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
- package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
- package/dist/services/export/formatters/csv.formatter.js +46 -0
- package/dist/services/export/formatters/csv.formatter.js.map +1 -0
- package/dist/services/export/formatters/json.formatter.d.ts +40 -0
- package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
- package/dist/services/export/formatters/json.formatter.js +58 -0
- package/dist/services/export/formatters/json.formatter.js.map +1 -0
- package/dist/services/jobs/azure-job-runner.d.ts +38 -0
- package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
- package/dist/services/jobs/azure-job-runner.js +199 -0
- package/dist/services/jobs/azure-job-runner.js.map +1 -0
- package/dist/services/jobs/index.d.ts +4 -0
- package/dist/services/jobs/index.d.ts.map +1 -0
- package/dist/services/jobs/index.js +20 -0
- package/dist/services/jobs/index.js.map +1 -0
- package/dist/services/jobs/job-runner.d.ts +64 -0
- package/dist/services/jobs/job-runner.d.ts.map +1 -0
- package/dist/services/jobs/job-runner.js +952 -0
- package/dist/services/jobs/job-runner.js.map +1 -0
- package/dist/services/jobs/job-store.d.ts +27 -0
- package/dist/services/jobs/job-store.d.ts.map +1 -0
- package/dist/services/jobs/job-store.js +261 -0
- package/dist/services/jobs/job-store.js.map +1 -0
- package/dist/services/jobs/job.types.d.ts +67 -0
- package/dist/services/jobs/job.types.d.ts.map +1 -0
- package/dist/services/jobs/job.types.js +36 -0
- package/dist/services/jobs/job.types.js.map +1 -0
- package/dist/types/ad.types.d.ts +74 -0
- package/dist/types/ad.types.d.ts.map +1 -0
- package/dist/types/ad.types.js +3 -0
- package/dist/types/ad.types.js.map +1 -0
- package/dist/types/adcs.types.d.ts +58 -0
- package/dist/types/adcs.types.d.ts.map +1 -0
- package/dist/types/adcs.types.js +38 -0
- package/dist/types/adcs.types.js.map +1 -0
- package/dist/types/attack-graph.types.d.ts +135 -0
- package/dist/types/attack-graph.types.d.ts.map +1 -0
- package/dist/types/attack-graph.types.js +58 -0
- package/dist/types/attack-graph.types.js.map +1 -0
- package/dist/types/audit.types.d.ts +34 -0
- package/dist/types/audit.types.d.ts.map +1 -0
- package/dist/types/audit.types.js +3 -0
- package/dist/types/audit.types.js.map +1 -0
- package/dist/types/azure.types.d.ts +61 -0
- package/dist/types/azure.types.d.ts.map +1 -0
- package/dist/types/azure.types.js +3 -0
- package/dist/types/azure.types.js.map +1 -0
- package/dist/types/config.types.d.ts +63 -0
- package/dist/types/config.types.d.ts.map +1 -0
- package/dist/types/config.types.js +3 -0
- package/dist/types/config.types.js.map +1 -0
- package/dist/types/error.types.d.ts +33 -0
- package/dist/types/error.types.d.ts.map +1 -0
- package/dist/types/error.types.js +70 -0
- package/dist/types/error.types.js.map +1 -0
- package/dist/types/finding.types.d.ts +133 -0
- package/dist/types/finding.types.d.ts.map +1 -0
- package/dist/types/finding.types.js +3 -0
- package/dist/types/finding.types.js.map +1 -0
- package/dist/types/gpo.types.d.ts +39 -0
- package/dist/types/gpo.types.d.ts.map +1 -0
- package/dist/types/gpo.types.js +15 -0
- package/dist/types/gpo.types.js.map +1 -0
- package/dist/types/token.types.d.ts +26 -0
- package/dist/types/token.types.d.ts.map +1 -0
- package/dist/types/token.types.js +3 -0
- package/dist/types/token.types.js.map +1 -0
- package/dist/types/trust.types.d.ts +45 -0
- package/dist/types/trust.types.d.ts.map +1 -0
- package/dist/types/trust.types.js +71 -0
- package/dist/types/trust.types.js.map +1 -0
- package/dist/utils/entity-converter.d.ts +17 -0
- package/dist/utils/entity-converter.d.ts.map +1 -0
- package/dist/utils/entity-converter.js +285 -0
- package/dist/utils/entity-converter.js.map +1 -0
- package/dist/utils/graph.util.d.ts +66 -0
- package/dist/utils/graph.util.d.ts.map +1 -0
- package/dist/utils/graph.util.js +382 -0
- package/dist/utils/graph.util.js.map +1 -0
- package/dist/utils/logger.d.ts +7 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +86 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/type-name-normalizer.d.ts +5 -0
- package/dist/utils/type-name-normalizer.d.ts.map +1 -0
- package/dist/utils/type-name-normalizer.js +218 -0
- package/dist/utils/type-name-normalizer.js.map +1 -0
- package/docker-compose.yml +26 -0
- package/docs/api/README.md +178 -0
- package/docs/api/openapi.yaml +1524 -0
- package/eslint.config.js +54 -0
- package/jest.config.js +38 -0
- package/package.json +97 -0
- package/scripts/fetch-ad-cert.sh +142 -0
- package/src/.gitkeep +0 -0
- package/src/api/.gitkeep +0 -0
- package/src/api/controllers/.gitkeep +0 -0
- package/src/api/controllers/audit.controller.ts +313 -0
- package/src/api/controllers/auth.controller.ts +258 -0
- package/src/api/controllers/export.controller.ts +153 -0
- package/src/api/controllers/health.controller.ts +16 -0
- package/src/api/controllers/jobs.controller.ts +187 -0
- package/src/api/controllers/providers.controller.ts +165 -0
- package/src/api/dto/.gitkeep +0 -0
- package/src/api/dto/AuditRequest.dto.ts +8 -0
- package/src/api/dto/AuditResponse.dto.ts +19 -0
- package/src/api/dto/TokenRequest.dto.ts +8 -0
- package/src/api/dto/TokenResponse.dto.ts +14 -0
- package/src/api/middlewares/.gitkeep +0 -0
- package/src/api/middlewares/authenticate.ts +203 -0
- package/src/api/middlewares/errorHandler.ts +54 -0
- package/src/api/middlewares/rateLimit.ts +35 -0
- package/src/api/middlewares/validate.ts +32 -0
- package/src/api/routes/.gitkeep +0 -0
- package/src/api/routes/audit.routes.ts +77 -0
- package/src/api/routes/auth.routes.ts +71 -0
- package/src/api/routes/export.routes.ts +34 -0
- package/src/api/routes/health.routes.ts +14 -0
- package/src/api/routes/index.ts +40 -0
- package/src/api/routes/providers.routes.ts +24 -0
- package/src/api/validators/.gitkeep +0 -0
- package/src/api/validators/audit.schemas.ts +59 -0
- package/src/api/validators/auth.schemas.ts +59 -0
- package/src/app.ts +87 -0
- package/src/config/.gitkeep +0 -0
- package/src/config/config.schema.ts +108 -0
- package/src/config/index.ts +82 -0
- package/src/container.ts +221 -0
- package/src/data/.gitkeep +0 -0
- package/src/data/database.ts +78 -0
- package/src/data/jobs/token-cleanup.job.ts +166 -0
- package/src/data/migrations/.gitkeep +0 -0
- package/src/data/migrations/001_initial_schema.sql +47 -0
- package/src/data/migrations/migration.runner.ts +125 -0
- package/src/data/models/.gitkeep +0 -0
- package/src/data/models/Token.model.ts +35 -0
- package/src/data/repositories/.gitkeep +0 -0
- package/src/data/repositories/token.repository.ts +160 -0
- package/src/providers/.gitkeep +0 -0
- package/src/providers/azure/.gitkeep +0 -0
- package/src/providers/azure/auth.provider.ts +14 -0
- package/src/providers/azure/azure-errors.ts +189 -0
- package/src/providers/azure/azure-retry.ts +168 -0
- package/src/providers/azure/graph-client.ts +315 -0
- package/src/providers/azure/graph.provider.ts +294 -0
- package/src/providers/azure/queries/app.queries.ts +9 -0
- package/src/providers/azure/queries/policy.queries.ts +9 -0
- package/src/providers/azure/queries/user.queries.ts +10 -0
- package/src/providers/interfaces/.gitkeep +0 -0
- package/src/providers/interfaces/IGraphProvider.ts +117 -0
- package/src/providers/interfaces/ILDAPProvider.ts +142 -0
- package/src/providers/ldap/.gitkeep +0 -0
- package/src/providers/ldap/acl-parser.ts +231 -0
- package/src/providers/ldap/ad-mappers.ts +280 -0
- package/src/providers/ldap/ldap-client.ts +259 -0
- package/src/providers/ldap/ldap-errors.ts +188 -0
- package/src/providers/ldap/ldap-retry.ts +267 -0
- package/src/providers/ldap/ldap-sanitizer.ts +273 -0
- package/src/providers/ldap/ldap.provider.ts +293 -0
- package/src/providers/ldap/queries/computer.queries.ts +9 -0
- package/src/providers/ldap/queries/group.queries.ts +9 -0
- package/src/providers/ldap/queries/user.queries.ts +10 -0
- package/src/providers/smb/smb.provider.ts +653 -0
- package/src/server.ts +60 -0
- package/src/services/.gitkeep +0 -0
- package/src/services/audit/.gitkeep +0 -0
- package/src/services/audit/ad-audit.service.ts +1481 -0
- package/src/services/audit/attack-graph.service.ts +1104 -0
- package/src/services/audit/audit.service.ts +12 -0
- package/src/services/audit/azure-audit.service.ts +286 -0
- package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
- package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
- package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
- package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
- package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
- package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
- package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
- package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
- package/src/services/audit/detectors/ad/index.ts +84 -0
- package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
- package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
- package/src/services/audit/detectors/ad/network.detector.ts +538 -0
- package/src/services/audit/detectors/ad/password.detector.ts +324 -0
- package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
- package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
- package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
- package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
- package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
- package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
- package/src/services/audit/detectors/index.ts +18 -0
- package/src/services/audit/response-formatter.ts +604 -0
- package/src/services/audit/scoring.service.ts +234 -0
- package/src/services/auth/.gitkeep +0 -0
- package/src/services/auth/crypto.service.ts +230 -0
- package/src/services/auth/errors.ts +47 -0
- package/src/services/auth/token.service.ts +420 -0
- package/src/services/config/.gitkeep +0 -0
- package/src/services/config/config.service.ts +75 -0
- package/src/services/export/.gitkeep +0 -0
- package/src/services/export/export.service.ts +99 -0
- package/src/services/export/formatters/csv.formatter.ts +124 -0
- package/src/services/export/formatters/json.formatter.ts +160 -0
- package/src/services/jobs/azure-job-runner.ts +312 -0
- package/src/services/jobs/index.ts +9 -0
- package/src/services/jobs/job-runner.ts +1280 -0
- package/src/services/jobs/job-store.ts +384 -0
- package/src/services/jobs/job.types.ts +182 -0
- package/src/types/.gitkeep +0 -0
- package/src/types/ad.types.ts +91 -0
- package/src/types/adcs.types.ts +107 -0
- package/src/types/attack-graph.types.ts +260 -0
- package/src/types/audit.types.ts +42 -0
- package/src/types/azure.types.ts +68 -0
- package/src/types/config.types.ts +79 -0
- package/src/types/error.types.ts +69 -0
- package/src/types/finding.types.ts +284 -0
- package/src/types/gpo.types.ts +72 -0
- package/src/types/smb2.d.ts +73 -0
- package/src/types/token.types.ts +32 -0
- package/src/types/trust.types.ts +140 -0
- package/src/utils/.gitkeep +0 -0
- package/src/utils/entity-converter.ts +453 -0
- package/src/utils/graph.util.ts +609 -0
- package/src/utils/logger.ts +111 -0
- package/src/utils/type-name-normalizer.ts +302 -0
- package/tests/.gitkeep +0 -0
- package/tests/e2e/.gitkeep +0 -0
- package/tests/fixtures/.gitkeep +0 -0
- package/tests/integration/.gitkeep +0 -0
- package/tests/integration/README.md +156 -0
- package/tests/integration/ad-audit.integration.test.ts +216 -0
- package/tests/integration/api/.gitkeep +0 -0
- package/tests/integration/api/endpoints.integration.test.ts +431 -0
- package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
- package/tests/integration/providers/.gitkeep +0 -0
- package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
- package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
- package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
- package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
- package/tests/mocks/.gitkeep +0 -0
- package/tests/setup.ts +16 -0
- package/tests/unit/.gitkeep +0 -0
- package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
- package/tests/unit/providers/.gitkeep +0 -0
- package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
- package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
- package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
- package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
- package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
- package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
- package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
- package/tests/unit/sample.test.ts +19 -0
- package/tests/unit/services/.gitkeep +0 -0
- package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
- package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
- package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
- package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
- package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
- package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
- package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
- package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
- package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
- package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
- package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
- package/tests/unit/services/auth/crypto.service.test.ts +296 -0
- package/tests/unit/services/auth/token.service.test.ts +579 -0
- package/tests/unit/services/export/export.service.test.ts +241 -0
- package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
- package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
- package/tests/unit/utils/.gitkeep +0 -0
- package/tsconfig.json +50 -0
|
@@ -0,0 +1,258 @@
|
|
|
1
|
+
import { Request, Response, NextFunction } from 'express';
|
|
2
|
+
import { TokenService } from '../../services/auth/token.service';
|
|
3
|
+
import type { Logger } from 'winston';
|
|
4
|
+
import { logger } from '../../utils/logger';
|
|
5
|
+
import { JWTConfig } from '../../types/config.types';
|
|
6
|
+
|
|
7
|
+
/**
|
|
8
|
+
* AuthController
|
|
9
|
+
*
|
|
10
|
+
* Handles JWT token management endpoints: generation, validation, revocation, and info.
|
|
11
|
+
*
|
|
12
|
+
* Endpoints:
|
|
13
|
+
* - POST /api/v1/auth/token - Generate new token
|
|
14
|
+
* - POST /api/v1/auth/validate - Validate token without incrementing usage
|
|
15
|
+
* - POST /api/v1/auth/revoke - Revoke token by jti
|
|
16
|
+
* - GET /api/v1/auth/tokens - List all tokens
|
|
17
|
+
* - GET /api/v1/auth/tokens/:jti - Get token info
|
|
18
|
+
*
|
|
19
|
+
* Task 4: Auth Controller with Token Endpoints (Story 1.4)
|
|
20
|
+
*/
|
|
21
|
+
export class AuthController {
|
|
22
|
+
private logger: Logger;
|
|
23
|
+
|
|
24
|
+
constructor(
|
|
25
|
+
private tokenService: TokenService,
|
|
26
|
+
private jwtConfig: JWTConfig
|
|
27
|
+
) {
|
|
28
|
+
this.logger = logger;
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
/**
|
|
32
|
+
* POST /api/v1/auth/token
|
|
33
|
+
* Generate a new JWT token with usage quotas
|
|
34
|
+
*
|
|
35
|
+
* Request Body:
|
|
36
|
+
* - expiresIn: string (optional, default from config) - e.g., '1h', '7d', '30d'
|
|
37
|
+
* - maxUses: number (optional, default from TOKEN_MAX_USES config) - 0 = unlimited
|
|
38
|
+
* - metadata: object (optional) - arbitrary metadata
|
|
39
|
+
*
|
|
40
|
+
* Response:
|
|
41
|
+
* - 201: Token generated successfully
|
|
42
|
+
* - 400: Invalid request
|
|
43
|
+
* - 500: Server error
|
|
44
|
+
*/
|
|
45
|
+
async generateToken(req: Request, res: Response, next: NextFunction): Promise<void> {
|
|
46
|
+
try {
|
|
47
|
+
const { expiresIn, maxUses, metadata } = req.body;
|
|
48
|
+
|
|
49
|
+
// Use config defaults if not provided
|
|
50
|
+
const effectiveExpiresIn = expiresIn || this.jwtConfig.tokenExpiry;
|
|
51
|
+
const effectiveMaxUses = maxUses !== undefined ? maxUses : this.jwtConfig.tokenMaxUses;
|
|
52
|
+
|
|
53
|
+
const token = await this.tokenService.generate({
|
|
54
|
+
expiresIn: effectiveExpiresIn,
|
|
55
|
+
maxUses: effectiveMaxUses,
|
|
56
|
+
metadata,
|
|
57
|
+
});
|
|
58
|
+
|
|
59
|
+
this.logger.info('Token generated via API', {
|
|
60
|
+
expiresIn: effectiveExpiresIn,
|
|
61
|
+
maxUses: effectiveMaxUses,
|
|
62
|
+
hasMetadata: !!metadata,
|
|
63
|
+
});
|
|
64
|
+
|
|
65
|
+
res.status(201).json({
|
|
66
|
+
success: true,
|
|
67
|
+
token,
|
|
68
|
+
expiresIn: effectiveExpiresIn,
|
|
69
|
+
maxUses: effectiveMaxUses,
|
|
70
|
+
});
|
|
71
|
+
} catch (error) {
|
|
72
|
+
next(error);
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
/**
|
|
77
|
+
* POST /api/v1/auth/validate
|
|
78
|
+
* Validate a JWT token without incrementing usage
|
|
79
|
+
*
|
|
80
|
+
* This endpoint checks token validity but does NOT increment usage count.
|
|
81
|
+
* Use this for validation checks that shouldn't consume usage quota.
|
|
82
|
+
*
|
|
83
|
+
* Request Body:
|
|
84
|
+
* - token: string - JWT token to validate
|
|
85
|
+
*
|
|
86
|
+
* Response:
|
|
87
|
+
* - 200: Validation result (always 200, even if invalid)
|
|
88
|
+
* - valid: true - Token is valid
|
|
89
|
+
* - valid: false - Token is invalid (includes error message)
|
|
90
|
+
*/
|
|
91
|
+
async validateToken(req: Request, res: Response, _next: NextFunction): Promise<void> {
|
|
92
|
+
try {
|
|
93
|
+
const { token } = req.body;
|
|
94
|
+
|
|
95
|
+
// Attempt to validate token
|
|
96
|
+
const payload = await this.tokenService.validate(token);
|
|
97
|
+
|
|
98
|
+
// Token is valid
|
|
99
|
+
res.json({
|
|
100
|
+
success: true,
|
|
101
|
+
valid: true,
|
|
102
|
+
payload: {
|
|
103
|
+
jti: payload.jti,
|
|
104
|
+
iat: payload.iat,
|
|
105
|
+
exp: payload.exp,
|
|
106
|
+
maxUses: payload.maxUses,
|
|
107
|
+
},
|
|
108
|
+
});
|
|
109
|
+
} catch (error) {
|
|
110
|
+
// Token validation failed, but still return 200 with valid: false
|
|
111
|
+
// This allows clients to distinguish between validation failure and server errors
|
|
112
|
+
res.json({
|
|
113
|
+
success: true,
|
|
114
|
+
valid: false,
|
|
115
|
+
error: error instanceof Error ? error.message : 'Unknown error',
|
|
116
|
+
});
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
/**
|
|
121
|
+
* POST /api/v1/auth/revoke
|
|
122
|
+
* Revoke a token by jti
|
|
123
|
+
*
|
|
124
|
+
* Request Body:
|
|
125
|
+
* - jti: string - JWT ID to revoke
|
|
126
|
+
* - reason: string (optional) - Revocation reason
|
|
127
|
+
*
|
|
128
|
+
* Response:
|
|
129
|
+
* - 200: Token revoked successfully
|
|
130
|
+
* - 404: Token not found
|
|
131
|
+
* - 500: Server error
|
|
132
|
+
*/
|
|
133
|
+
async revokeToken(req: Request, res: Response, next: NextFunction): Promise<void> {
|
|
134
|
+
try {
|
|
135
|
+
const { jti, reason } = req.body;
|
|
136
|
+
const revokedBy = 'system'; // TODO: Get from authenticated user in future
|
|
137
|
+
|
|
138
|
+
await this.tokenService.revoke(jti, revokedBy, reason || 'Manual revocation');
|
|
139
|
+
|
|
140
|
+
this.logger.info('Token revoked via API', { jti, reason });
|
|
141
|
+
|
|
142
|
+
res.json({
|
|
143
|
+
success: true,
|
|
144
|
+
message: 'Token revoked successfully',
|
|
145
|
+
jti,
|
|
146
|
+
});
|
|
147
|
+
} catch (error) {
|
|
148
|
+
next(error);
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
|
|
152
|
+
/**
|
|
153
|
+
* GET /api/v1/auth/tokens
|
|
154
|
+
* List all tokens (including expired and revoked)
|
|
155
|
+
*
|
|
156
|
+
* Response:
|
|
157
|
+
* - 200: List of all tokens
|
|
158
|
+
* - 500: Server error
|
|
159
|
+
*/
|
|
160
|
+
async listTokens(_req: Request, res: Response, next: NextFunction): Promise<void> {
|
|
161
|
+
try {
|
|
162
|
+
const tokens = await this.tokenService.listAll();
|
|
163
|
+
|
|
164
|
+
res.json({
|
|
165
|
+
success: true,
|
|
166
|
+
count: tokens.length,
|
|
167
|
+
tokens,
|
|
168
|
+
});
|
|
169
|
+
} catch (error) {
|
|
170
|
+
next(error);
|
|
171
|
+
}
|
|
172
|
+
}
|
|
173
|
+
|
|
174
|
+
/**
|
|
175
|
+
* GET /api/v1/auth/tokens/:jti
|
|
176
|
+
* Get detailed information about a specific token
|
|
177
|
+
*
|
|
178
|
+
* URL Parameters:
|
|
179
|
+
* - jti: string - JWT ID
|
|
180
|
+
*
|
|
181
|
+
* Response:
|
|
182
|
+
* - 200: Token information
|
|
183
|
+
* - 404: Token not found
|
|
184
|
+
* - 500: Server error
|
|
185
|
+
*/
|
|
186
|
+
async getTokenInfo(req: Request, res: Response, next: NextFunction): Promise<void> {
|
|
187
|
+
try {
|
|
188
|
+
const jti = req.params['jti'];
|
|
189
|
+
if (!jti || Array.isArray(jti)) {
|
|
190
|
+
res.status(400).json({
|
|
191
|
+
success: false,
|
|
192
|
+
error: { code: 'BAD_REQUEST', message: 'jti parameter is required and must be a string' },
|
|
193
|
+
});
|
|
194
|
+
return;
|
|
195
|
+
}
|
|
196
|
+
|
|
197
|
+
const info = await this.tokenService.getInfo(jti);
|
|
198
|
+
|
|
199
|
+
res.json({
|
|
200
|
+
success: true,
|
|
201
|
+
token: info,
|
|
202
|
+
});
|
|
203
|
+
} catch (error) {
|
|
204
|
+
next(error);
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
|
|
208
|
+
/**
|
|
209
|
+
* GET /api/v1/auth/token/info
|
|
210
|
+
* Get detailed information about the current token from Authorization header
|
|
211
|
+
*
|
|
212
|
+
* This endpoint requires TOKEN_INFO_ENABLED=true.
|
|
213
|
+
* Returns full token details including usage stats.
|
|
214
|
+
*
|
|
215
|
+
* Response:
|
|
216
|
+
* - 200: Token information
|
|
217
|
+
* - 401: No token provided
|
|
218
|
+
* - 500: Server error
|
|
219
|
+
*/
|
|
220
|
+
async getCurrentTokenInfo(req: Request, res: Response, next: NextFunction): Promise<void> {
|
|
221
|
+
try {
|
|
222
|
+
// Extract token from Authorization header
|
|
223
|
+
const authHeader = req.headers.authorization;
|
|
224
|
+
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
225
|
+
res.status(401).json({
|
|
226
|
+
success: false,
|
|
227
|
+
error: { code: 'UNAUTHORIZED', message: 'No token provided in Authorization header' },
|
|
228
|
+
});
|
|
229
|
+
return;
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
const token = authHeader.substring(7);
|
|
233
|
+
|
|
234
|
+
// Validate token and get payload
|
|
235
|
+
const payload = await this.tokenService.validate(token);
|
|
236
|
+
|
|
237
|
+
// Get full token info from database
|
|
238
|
+
const info = await this.tokenService.getInfo(payload.jti);
|
|
239
|
+
|
|
240
|
+
res.json({
|
|
241
|
+
success: true,
|
|
242
|
+
token: {
|
|
243
|
+
jti: info.jti,
|
|
244
|
+
createdAt: info.created_at,
|
|
245
|
+
expiresAt: info.expires_at,
|
|
246
|
+
maxUses: info.max_uses,
|
|
247
|
+
usageCount: info.used_count,
|
|
248
|
+
remainingUses: info.max_uses === 0 ? 'unlimited' : info.remaining_uses,
|
|
249
|
+
revoked: info.revoked,
|
|
250
|
+
revokedAt: info.revoked_at,
|
|
251
|
+
revokedReason: info.revoked_reason,
|
|
252
|
+
},
|
|
253
|
+
});
|
|
254
|
+
} catch (error) {
|
|
255
|
+
next(error);
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
}
|
|
@@ -0,0 +1,153 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Export Controller
|
|
3
|
+
*
|
|
4
|
+
* Handles audit result export operations.
|
|
5
|
+
* Story 1.10: API Controllers & Routes
|
|
6
|
+
*
|
|
7
|
+
* Endpoints:
|
|
8
|
+
* - POST /api/v1/audit/ad/export - Export AD audit results
|
|
9
|
+
* - POST /api/v1/audit/azure/export - Export Azure audit results
|
|
10
|
+
*/
|
|
11
|
+
|
|
12
|
+
import { Request, Response, NextFunction } from 'express';
|
|
13
|
+
import { ExportService, ExportAuditResult } from '../../services/export/export.service';
|
|
14
|
+
import { JSONExportOptions } from '../../services/export/formatters/json.formatter';
|
|
15
|
+
import { CSVExportOptions } from '../../services/export/formatters/csv.formatter';
|
|
16
|
+
|
|
17
|
+
/**
|
|
18
|
+
* Export format
|
|
19
|
+
*/
|
|
20
|
+
type ExportFormat = 'json' | 'csv';
|
|
21
|
+
|
|
22
|
+
/**
|
|
23
|
+
* AD Export request body
|
|
24
|
+
*/
|
|
25
|
+
interface ADExportRequest {
|
|
26
|
+
auditResult: ExportAuditResult;
|
|
27
|
+
format: ExportFormat;
|
|
28
|
+
domain?: string;
|
|
29
|
+
includeDetails?: boolean;
|
|
30
|
+
includeAffectedEntities?: boolean;
|
|
31
|
+
delimiter?: string;
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
/**
|
|
35
|
+
* Azure Export request body
|
|
36
|
+
*/
|
|
37
|
+
interface AzureExportRequest {
|
|
38
|
+
auditResult: ExportAuditResult;
|
|
39
|
+
format: ExportFormat;
|
|
40
|
+
tenantId?: string;
|
|
41
|
+
includeDetails?: boolean;
|
|
42
|
+
includeAffectedEntities?: boolean;
|
|
43
|
+
delimiter?: string;
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
/**
|
|
47
|
+
* Export Controller
|
|
48
|
+
*/
|
|
49
|
+
export class ExportController {
|
|
50
|
+
private exportService: ExportService;
|
|
51
|
+
|
|
52
|
+
constructor() {
|
|
53
|
+
this.exportService = new ExportService();
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
/**
|
|
57
|
+
* Export AD audit results
|
|
58
|
+
*
|
|
59
|
+
* POST /api/v1/audit/ad/export
|
|
60
|
+
*/
|
|
61
|
+
async exportADAudit(
|
|
62
|
+
req: Request<object, object, ADExportRequest>,
|
|
63
|
+
res: Response,
|
|
64
|
+
next: NextFunction
|
|
65
|
+
): Promise<void> {
|
|
66
|
+
try {
|
|
67
|
+
const { auditResult, format, domain, includeDetails, includeAffectedEntities, delimiter } = req.body;
|
|
68
|
+
|
|
69
|
+
let result;
|
|
70
|
+
|
|
71
|
+
if (format === 'json') {
|
|
72
|
+
// Export as JSON
|
|
73
|
+
const options: JSONExportOptions = {
|
|
74
|
+
provider: 'ad',
|
|
75
|
+
domain,
|
|
76
|
+
includeDetails,
|
|
77
|
+
};
|
|
78
|
+
result = this.exportService.exportToJSON(auditResult, options);
|
|
79
|
+
} else if (format === 'csv') {
|
|
80
|
+
// Export as CSV
|
|
81
|
+
const options: CSVExportOptions = {
|
|
82
|
+
includeAffectedEntities,
|
|
83
|
+
delimiter,
|
|
84
|
+
};
|
|
85
|
+
result = this.exportService.exportToCSV(auditResult, 'ad', domain || 'unknown', options);
|
|
86
|
+
} else {
|
|
87
|
+
res.status(400).json({
|
|
88
|
+
success: false,
|
|
89
|
+
error: 'Invalid format. Must be "json" or "csv".',
|
|
90
|
+
});
|
|
91
|
+
return;
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
// Set headers
|
|
95
|
+
res.setHeader('Content-Type', result.contentType);
|
|
96
|
+
res.setHeader('Content-Disposition', result.contentDisposition);
|
|
97
|
+
|
|
98
|
+
// Send content
|
|
99
|
+
res.send(result.content);
|
|
100
|
+
} catch (error) {
|
|
101
|
+
next(error);
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
/**
|
|
106
|
+
* Export Azure audit results
|
|
107
|
+
*
|
|
108
|
+
* POST /api/v1/audit/azure/export
|
|
109
|
+
*/
|
|
110
|
+
async exportAzureAudit(
|
|
111
|
+
req: Request<object, object, AzureExportRequest>,
|
|
112
|
+
res: Response,
|
|
113
|
+
next: NextFunction
|
|
114
|
+
): Promise<void> {
|
|
115
|
+
try {
|
|
116
|
+
const { auditResult, format, tenantId, includeDetails, includeAffectedEntities, delimiter } = req.body;
|
|
117
|
+
|
|
118
|
+
let result;
|
|
119
|
+
|
|
120
|
+
if (format === 'json') {
|
|
121
|
+
// Export as JSON
|
|
122
|
+
const options: JSONExportOptions = {
|
|
123
|
+
provider: 'azure',
|
|
124
|
+
tenantId,
|
|
125
|
+
includeDetails,
|
|
126
|
+
};
|
|
127
|
+
result = this.exportService.exportToJSON(auditResult, options);
|
|
128
|
+
} else if (format === 'csv') {
|
|
129
|
+
// Export as CSV
|
|
130
|
+
const options: CSVExportOptions = {
|
|
131
|
+
includeAffectedEntities,
|
|
132
|
+
delimiter,
|
|
133
|
+
};
|
|
134
|
+
result = this.exportService.exportToCSV(auditResult, 'azure', tenantId || 'unknown', options);
|
|
135
|
+
} else {
|
|
136
|
+
res.status(400).json({
|
|
137
|
+
success: false,
|
|
138
|
+
error: 'Invalid format. Must be "json" or "csv".',
|
|
139
|
+
});
|
|
140
|
+
return;
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
// Set headers
|
|
144
|
+
res.setHeader('Content-Type', result.contentType);
|
|
145
|
+
res.setHeader('Content-Disposition', result.contentDisposition);
|
|
146
|
+
|
|
147
|
+
// Send content
|
|
148
|
+
res.send(result.content);
|
|
149
|
+
} catch (error) {
|
|
150
|
+
next(error);
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { Request, Response } from 'express';
|
|
2
|
+
import { version } from '../../../package.json';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Health check controller
|
|
6
|
+
*/
|
|
7
|
+
export class HealthController {
|
|
8
|
+
async checkHealth(_req: Request, res: Response): Promise<void> {
|
|
9
|
+
res.json({
|
|
10
|
+
success: true,
|
|
11
|
+
status: 'healthy',
|
|
12
|
+
timestamp: new Date().toISOString(),
|
|
13
|
+
version,
|
|
14
|
+
});
|
|
15
|
+
}
|
|
16
|
+
}
|
|
@@ -0,0 +1,187 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Jobs Controller
|
|
3
|
+
*
|
|
4
|
+
* Handles async job status and management operations.
|
|
5
|
+
*
|
|
6
|
+
* Endpoints:
|
|
7
|
+
* - GET /api/v1/audit/jobs/:jobId - Get job status and progress
|
|
8
|
+
* - GET /api/v1/audit/jobs - List all jobs (optional status filter)
|
|
9
|
+
* - DELETE /api/v1/audit/jobs/:jobId - Cancel/delete a job
|
|
10
|
+
*/
|
|
11
|
+
|
|
12
|
+
import { Request, Response, NextFunction } from 'express';
|
|
13
|
+
import { JobStore } from '../../services/jobs/job-store';
|
|
14
|
+
import { JobStatus } from '../../services/jobs/job.types';
|
|
15
|
+
import { formatADAuditResponse } from '../../services/audit/response-formatter';
|
|
16
|
+
import { loadConfig } from '../../services/config/config.service';
|
|
17
|
+
|
|
18
|
+
/**
|
|
19
|
+
* Jobs Controller
|
|
20
|
+
*/
|
|
21
|
+
export class JobsController {
|
|
22
|
+
private jobStore: JobStore;
|
|
23
|
+
|
|
24
|
+
constructor() {
|
|
25
|
+
this.jobStore = JobStore.getInstance();
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
/**
|
|
29
|
+
* Get job status
|
|
30
|
+
*
|
|
31
|
+
* GET /api/v1/audit/jobs/:jobId
|
|
32
|
+
*/
|
|
33
|
+
async getJobStatus(
|
|
34
|
+
req: Request<{ jobId: string }>,
|
|
35
|
+
res: Response,
|
|
36
|
+
next: NextFunction
|
|
37
|
+
): Promise<void> {
|
|
38
|
+
try {
|
|
39
|
+
const { jobId } = req.params;
|
|
40
|
+
|
|
41
|
+
const job = this.jobStore.getJob(jobId);
|
|
42
|
+
|
|
43
|
+
if (!job) {
|
|
44
|
+
res.status(404).json({
|
|
45
|
+
success: false,
|
|
46
|
+
error: {
|
|
47
|
+
code: 'JOB_NOT_FOUND',
|
|
48
|
+
message: `Job ${jobId} not found`,
|
|
49
|
+
},
|
|
50
|
+
});
|
|
51
|
+
return;
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
// If job is completed, format the result like a normal audit response
|
|
55
|
+
if (job.status === 'completed' && job.result) {
|
|
56
|
+
const config = await loadConfig();
|
|
57
|
+
const result = job.result as any;
|
|
58
|
+
|
|
59
|
+
// Format response to PRD FR55 structure
|
|
60
|
+
const response = formatADAuditResponse(
|
|
61
|
+
result.score,
|
|
62
|
+
result.findings,
|
|
63
|
+
result.stats,
|
|
64
|
+
{
|
|
65
|
+
domain: {
|
|
66
|
+
name: config.ldap.baseDN,
|
|
67
|
+
baseDN: config.ldap.baseDN,
|
|
68
|
+
ldapUrl: config.ldap.url,
|
|
69
|
+
},
|
|
70
|
+
options: {
|
|
71
|
+
includeDetails: (job.options?.['includeDetails'] as boolean) || false,
|
|
72
|
+
includeComputers: true,
|
|
73
|
+
includeConfig: true,
|
|
74
|
+
},
|
|
75
|
+
executionTimeMs: result.stats.executionTimeMs,
|
|
76
|
+
timestamp: result.timestamp,
|
|
77
|
+
domainConfig: result.domainConfig,
|
|
78
|
+
attackGraph: result.attackGraph,
|
|
79
|
+
}
|
|
80
|
+
);
|
|
81
|
+
|
|
82
|
+
res.json({
|
|
83
|
+
job_id: job.job_id,
|
|
84
|
+
type: job.type,
|
|
85
|
+
status: job.status,
|
|
86
|
+
progress: job.progress,
|
|
87
|
+
current_step: job.current_step,
|
|
88
|
+
description: job.description,
|
|
89
|
+
started_at: job.started_at,
|
|
90
|
+
completed_at: job.completed_at,
|
|
91
|
+
duration_ms: job.duration_ms,
|
|
92
|
+
steps: job.steps,
|
|
93
|
+
result: response,
|
|
94
|
+
});
|
|
95
|
+
return;
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
// Return job progress for running/pending/failed jobs
|
|
99
|
+
res.json({
|
|
100
|
+
job_id: job.job_id,
|
|
101
|
+
type: job.type,
|
|
102
|
+
status: job.status,
|
|
103
|
+
progress: job.progress,
|
|
104
|
+
current_step: job.current_step,
|
|
105
|
+
description: job.description,
|
|
106
|
+
started_at: job.started_at,
|
|
107
|
+
updated_at: job.updated_at,
|
|
108
|
+
completed_at: job.completed_at,
|
|
109
|
+
failed_at: job.failed_at,
|
|
110
|
+
duration_ms: job.duration_ms,
|
|
111
|
+
steps: job.steps,
|
|
112
|
+
error: job.error,
|
|
113
|
+
});
|
|
114
|
+
} catch (error) {
|
|
115
|
+
next(error);
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
/**
|
|
120
|
+
* List all jobs
|
|
121
|
+
*
|
|
122
|
+
* GET /api/v1/audit/jobs
|
|
123
|
+
* Query params:
|
|
124
|
+
* - status: Filter by job status (pending, running, completed, failed)
|
|
125
|
+
*/
|
|
126
|
+
async listJobs(
|
|
127
|
+
req: Request,
|
|
128
|
+
res: Response,
|
|
129
|
+
next: NextFunction
|
|
130
|
+
): Promise<void> {
|
|
131
|
+
try {
|
|
132
|
+
const statusParam = req.query['status'] as string | undefined;
|
|
133
|
+
let status: JobStatus | undefined;
|
|
134
|
+
|
|
135
|
+
if (statusParam && ['pending', 'running', 'completed', 'failed'].includes(statusParam)) {
|
|
136
|
+
status = statusParam as JobStatus;
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
const jobs = this.jobStore.listJobs(status);
|
|
140
|
+
|
|
141
|
+
res.json({
|
|
142
|
+
success: true,
|
|
143
|
+
data: {
|
|
144
|
+
jobs,
|
|
145
|
+
total: jobs.length,
|
|
146
|
+
},
|
|
147
|
+
});
|
|
148
|
+
} catch (error) {
|
|
149
|
+
next(error);
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
/**
|
|
154
|
+
* Delete/cancel a job
|
|
155
|
+
*
|
|
156
|
+
* DELETE /api/v1/audit/jobs/:jobId
|
|
157
|
+
*/
|
|
158
|
+
async deleteJob(
|
|
159
|
+
req: Request<{ jobId: string }>,
|
|
160
|
+
res: Response,
|
|
161
|
+
next: NextFunction
|
|
162
|
+
): Promise<void> {
|
|
163
|
+
try {
|
|
164
|
+
const { jobId } = req.params;
|
|
165
|
+
|
|
166
|
+
const deleted = this.jobStore.deleteJob(jobId);
|
|
167
|
+
|
|
168
|
+
if (!deleted) {
|
|
169
|
+
res.status(404).json({
|
|
170
|
+
success: false,
|
|
171
|
+
error: {
|
|
172
|
+
code: 'JOB_NOT_FOUND',
|
|
173
|
+
message: `Job ${jobId} not found`,
|
|
174
|
+
},
|
|
175
|
+
});
|
|
176
|
+
return;
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
res.json({
|
|
180
|
+
success: true,
|
|
181
|
+
message: `Job ${jobId} deleted`,
|
|
182
|
+
});
|
|
183
|
+
} catch (error) {
|
|
184
|
+
next(error);
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
}
|