@etcsec-com/etc-collector 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +60 -0
- package/.env.test.example +33 -0
- package/.github/workflows/ci.yml +83 -0
- package/.github/workflows/release.yml +246 -0
- package/.prettierrc.json +10 -0
- package/CHANGELOG.md +15 -0
- package/Dockerfile +57 -0
- package/LICENSE +190 -0
- package/README.md +194 -0
- package/dist/api/controllers/audit.controller.d.ts +21 -0
- package/dist/api/controllers/audit.controller.d.ts.map +1 -0
- package/dist/api/controllers/audit.controller.js +179 -0
- package/dist/api/controllers/audit.controller.js.map +1 -0
- package/dist/api/controllers/auth.controller.d.ts +16 -0
- package/dist/api/controllers/auth.controller.d.ts.map +1 -0
- package/dist/api/controllers/auth.controller.js +146 -0
- package/dist/api/controllers/auth.controller.js.map +1 -0
- package/dist/api/controllers/export.controller.d.ts +27 -0
- package/dist/api/controllers/export.controller.d.ts.map +1 -0
- package/dist/api/controllers/export.controller.js +80 -0
- package/dist/api/controllers/export.controller.js.map +1 -0
- package/dist/api/controllers/health.controller.d.ts +5 -0
- package/dist/api/controllers/health.controller.d.ts.map +1 -0
- package/dist/api/controllers/health.controller.js +16 -0
- package/dist/api/controllers/health.controller.js.map +1 -0
- package/dist/api/controllers/jobs.controller.d.ts +13 -0
- package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
- package/dist/api/controllers/jobs.controller.js +125 -0
- package/dist/api/controllers/jobs.controller.js.map +1 -0
- package/dist/api/controllers/providers.controller.d.ts +15 -0
- package/dist/api/controllers/providers.controller.d.ts.map +1 -0
- package/dist/api/controllers/providers.controller.js +112 -0
- package/dist/api/controllers/providers.controller.js.map +1 -0
- package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
- package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
- package/dist/api/dto/AuditRequest.dto.js +3 -0
- package/dist/api/dto/AuditRequest.dto.js.map +1 -0
- package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
- package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
- package/dist/api/dto/AuditResponse.dto.js +3 -0
- package/dist/api/dto/AuditResponse.dto.js.map +1 -0
- package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
- package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
- package/dist/api/dto/TokenRequest.dto.js +3 -0
- package/dist/api/dto/TokenRequest.dto.js.map +1 -0
- package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
- package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
- package/dist/api/dto/TokenResponse.dto.js +3 -0
- package/dist/api/dto/TokenResponse.dto.js.map +1 -0
- package/dist/api/middlewares/authenticate.d.ts +12 -0
- package/dist/api/middlewares/authenticate.d.ts.map +1 -0
- package/dist/api/middlewares/authenticate.js +141 -0
- package/dist/api/middlewares/authenticate.js.map +1 -0
- package/dist/api/middlewares/errorHandler.d.ts +3 -0
- package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
- package/dist/api/middlewares/errorHandler.js +30 -0
- package/dist/api/middlewares/errorHandler.js.map +1 -0
- package/dist/api/middlewares/rateLimit.d.ts +3 -0
- package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
- package/dist/api/middlewares/rateLimit.js +34 -0
- package/dist/api/middlewares/rateLimit.js.map +1 -0
- package/dist/api/middlewares/validate.d.ts +4 -0
- package/dist/api/middlewares/validate.d.ts.map +1 -0
- package/dist/api/middlewares/validate.js +31 -0
- package/dist/api/middlewares/validate.js.map +1 -0
- package/dist/api/routes/audit.routes.d.ts +5 -0
- package/dist/api/routes/audit.routes.d.ts.map +1 -0
- package/dist/api/routes/audit.routes.js +24 -0
- package/dist/api/routes/audit.routes.js.map +1 -0
- package/dist/api/routes/auth.routes.d.ts +6 -0
- package/dist/api/routes/auth.routes.d.ts.map +1 -0
- package/dist/api/routes/auth.routes.js +22 -0
- package/dist/api/routes/auth.routes.js.map +1 -0
- package/dist/api/routes/export.routes.d.ts +5 -0
- package/dist/api/routes/export.routes.d.ts.map +1 -0
- package/dist/api/routes/export.routes.js +16 -0
- package/dist/api/routes/export.routes.js.map +1 -0
- package/dist/api/routes/health.routes.d.ts +4 -0
- package/dist/api/routes/health.routes.d.ts.map +1 -0
- package/dist/api/routes/health.routes.js +11 -0
- package/dist/api/routes/health.routes.js.map +1 -0
- package/dist/api/routes/index.d.ts +10 -0
- package/dist/api/routes/index.d.ts.map +1 -0
- package/dist/api/routes/index.js +20 -0
- package/dist/api/routes/index.js.map +1 -0
- package/dist/api/routes/providers.routes.d.ts +5 -0
- package/dist/api/routes/providers.routes.d.ts.map +1 -0
- package/dist/api/routes/providers.routes.js +13 -0
- package/dist/api/routes/providers.routes.js.map +1 -0
- package/dist/api/validators/audit.schemas.d.ts +60 -0
- package/dist/api/validators/audit.schemas.d.ts.map +1 -0
- package/dist/api/validators/audit.schemas.js +55 -0
- package/dist/api/validators/audit.schemas.js.map +1 -0
- package/dist/api/validators/auth.schemas.d.ts +17 -0
- package/dist/api/validators/auth.schemas.d.ts.map +1 -0
- package/dist/api/validators/auth.schemas.js +21 -0
- package/dist/api/validators/auth.schemas.js.map +1 -0
- package/dist/app.d.ts +3 -0
- package/dist/app.d.ts.map +1 -0
- package/dist/app.js +62 -0
- package/dist/app.js.map +1 -0
- package/dist/config/config.schema.d.ts +65 -0
- package/dist/config/config.schema.d.ts.map +1 -0
- package/dist/config/config.schema.js +95 -0
- package/dist/config/config.schema.js.map +1 -0
- package/dist/config/index.d.ts +4 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +75 -0
- package/dist/config/index.js.map +1 -0
- package/dist/container.d.ts +47 -0
- package/dist/container.d.ts.map +1 -0
- package/dist/container.js +137 -0
- package/dist/container.js.map +1 -0
- package/dist/data/database.d.ts +13 -0
- package/dist/data/database.d.ts.map +1 -0
- package/dist/data/database.js +68 -0
- package/dist/data/database.js.map +1 -0
- package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
- package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
- package/dist/data/jobs/token-cleanup.job.js +96 -0
- package/dist/data/jobs/token-cleanup.job.js.map +1 -0
- package/dist/data/migrations/migration.runner.d.ts +13 -0
- package/dist/data/migrations/migration.runner.d.ts.map +1 -0
- package/dist/data/migrations/migration.runner.js +136 -0
- package/dist/data/migrations/migration.runner.js.map +1 -0
- package/dist/data/models/Token.model.d.ts +30 -0
- package/dist/data/models/Token.model.d.ts.map +1 -0
- package/dist/data/models/Token.model.js +3 -0
- package/dist/data/models/Token.model.js.map +1 -0
- package/dist/data/repositories/token.repository.d.ts +16 -0
- package/dist/data/repositories/token.repository.d.ts.map +1 -0
- package/dist/data/repositories/token.repository.js +97 -0
- package/dist/data/repositories/token.repository.js.map +1 -0
- package/dist/providers/azure/auth.provider.d.ts +5 -0
- package/dist/providers/azure/auth.provider.d.ts.map +1 -0
- package/dist/providers/azure/auth.provider.js +13 -0
- package/dist/providers/azure/auth.provider.js.map +1 -0
- package/dist/providers/azure/azure-errors.d.ts +40 -0
- package/dist/providers/azure/azure-errors.d.ts.map +1 -0
- package/dist/providers/azure/azure-errors.js +121 -0
- package/dist/providers/azure/azure-errors.js.map +1 -0
- package/dist/providers/azure/azure-retry.d.ts +41 -0
- package/dist/providers/azure/azure-retry.d.ts.map +1 -0
- package/dist/providers/azure/azure-retry.js +85 -0
- package/dist/providers/azure/azure-retry.js.map +1 -0
- package/dist/providers/azure/graph-client.d.ts +26 -0
- package/dist/providers/azure/graph-client.d.ts.map +1 -0
- package/dist/providers/azure/graph-client.js +146 -0
- package/dist/providers/azure/graph-client.js.map +1 -0
- package/dist/providers/azure/graph.provider.d.ts +23 -0
- package/dist/providers/azure/graph.provider.d.ts.map +1 -0
- package/dist/providers/azure/graph.provider.js +161 -0
- package/dist/providers/azure/graph.provider.js.map +1 -0
- package/dist/providers/azure/queries/app.queries.d.ts +6 -0
- package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/app.queries.js +9 -0
- package/dist/providers/azure/queries/app.queries.js.map +1 -0
- package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
- package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/policy.queries.js +9 -0
- package/dist/providers/azure/queries/policy.queries.js.map +1 -0
- package/dist/providers/azure/queries/user.queries.d.ts +7 -0
- package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/user.queries.js +10 -0
- package/dist/providers/azure/queries/user.queries.js.map +1 -0
- package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
- package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
- package/dist/providers/interfaces/IGraphProvider.js +3 -0
- package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
- package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
- package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
- package/dist/providers/interfaces/ILDAPProvider.js +3 -0
- package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
- package/dist/providers/ldap/acl-parser.d.ts +8 -0
- package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
- package/dist/providers/ldap/acl-parser.js +157 -0
- package/dist/providers/ldap/acl-parser.js.map +1 -0
- package/dist/providers/ldap/ad-mappers.d.ts +8 -0
- package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
- package/dist/providers/ldap/ad-mappers.js +162 -0
- package/dist/providers/ldap/ad-mappers.js.map +1 -0
- package/dist/providers/ldap/ldap-client.d.ts +33 -0
- package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-client.js +195 -0
- package/dist/providers/ldap/ldap-client.js.map +1 -0
- package/dist/providers/ldap/ldap-errors.d.ts +48 -0
- package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-errors.js +120 -0
- package/dist/providers/ldap/ldap-errors.js.map +1 -0
- package/dist/providers/ldap/ldap-retry.d.ts +14 -0
- package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-retry.js +102 -0
- package/dist/providers/ldap/ldap-retry.js.map +1 -0
- package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
- package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-sanitizer.js +104 -0
- package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
- package/dist/providers/ldap/ldap.provider.d.ts +21 -0
- package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
- package/dist/providers/ldap/ldap.provider.js +165 -0
- package/dist/providers/ldap/ldap.provider.js.map +1 -0
- package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
- package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/computer.queries.js +9 -0
- package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
- package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
- package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/group.queries.js +9 -0
- package/dist/providers/ldap/queries/group.queries.js.map +1 -0
- package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
- package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/user.queries.js +10 -0
- package/dist/providers/ldap/queries/user.queries.js.map +1 -0
- package/dist/providers/smb/smb.provider.d.ts +68 -0
- package/dist/providers/smb/smb.provider.d.ts.map +1 -0
- package/dist/providers/smb/smb.provider.js +382 -0
- package/dist/providers/smb/smb.provider.js.map +1 -0
- package/dist/server.d.ts +2 -0
- package/dist/server.d.ts.map +1 -0
- package/dist/server.js +44 -0
- package/dist/server.js.map +1 -0
- package/dist/services/audit/ad-audit.service.d.ts +70 -0
- package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
- package/dist/services/audit/ad-audit.service.js +1019 -0
- package/dist/services/audit/ad-audit.service.js.map +1 -0
- package/dist/services/audit/attack-graph.service.d.ts +62 -0
- package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
- package/dist/services/audit/attack-graph.service.js +702 -0
- package/dist/services/audit/attack-graph.service.js.map +1 -0
- package/dist/services/audit/audit.service.d.ts +4 -0
- package/dist/services/audit/audit.service.d.ts.map +1 -0
- package/dist/services/audit/audit.service.js +10 -0
- package/dist/services/audit/audit.service.js.map +1 -0
- package/dist/services/audit/azure-audit.service.d.ts +37 -0
- package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
- package/dist/services/audit/azure-audit.service.js +153 -0
- package/dist/services/audit/azure-audit.service.js.map +1 -0
- package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
- package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
- package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
- package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
- package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
- package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
- package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
- package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
- package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
- package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
- package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
- package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
- package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
- package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
- package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/index.d.ts +15 -0
- package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/index.js +51 -0
- package/dist/services/audit/detectors/ad/index.js.map +1 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
- package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/network.detector.js +257 -0
- package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
- package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/password.detector.js +235 -0
- package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
- package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
- package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
- package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
- package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
- package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
- package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
- package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
- package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/index.d.ts +2 -0
- package/dist/services/audit/detectors/index.d.ts.map +1 -0
- package/dist/services/audit/detectors/index.js +38 -0
- package/dist/services/audit/detectors/index.js.map +1 -0
- package/dist/services/audit/response-formatter.d.ts +176 -0
- package/dist/services/audit/response-formatter.d.ts.map +1 -0
- package/dist/services/audit/response-formatter.js +240 -0
- package/dist/services/audit/response-formatter.js.map +1 -0
- package/dist/services/audit/scoring.service.d.ts +15 -0
- package/dist/services/audit/scoring.service.d.ts.map +1 -0
- package/dist/services/audit/scoring.service.js +139 -0
- package/dist/services/audit/scoring.service.js.map +1 -0
- package/dist/services/auth/crypto.service.d.ts +19 -0
- package/dist/services/auth/crypto.service.d.ts.map +1 -0
- package/dist/services/auth/crypto.service.js +135 -0
- package/dist/services/auth/crypto.service.js.map +1 -0
- package/dist/services/auth/errors.d.ts +19 -0
- package/dist/services/auth/errors.d.ts.map +1 -0
- package/dist/services/auth/errors.js +46 -0
- package/dist/services/auth/errors.js.map +1 -0
- package/dist/services/auth/token.service.d.ts +41 -0
- package/dist/services/auth/token.service.d.ts.map +1 -0
- package/dist/services/auth/token.service.js +208 -0
- package/dist/services/auth/token.service.js.map +1 -0
- package/dist/services/config/config.service.d.ts +6 -0
- package/dist/services/config/config.service.d.ts.map +1 -0
- package/dist/services/config/config.service.js +64 -0
- package/dist/services/config/config.service.js.map +1 -0
- package/dist/services/export/export.service.d.ts +28 -0
- package/dist/services/export/export.service.d.ts.map +1 -0
- package/dist/services/export/export.service.js +28 -0
- package/dist/services/export/export.service.js.map +1 -0
- package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
- package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
- package/dist/services/export/formatters/csv.formatter.js +46 -0
- package/dist/services/export/formatters/csv.formatter.js.map +1 -0
- package/dist/services/export/formatters/json.formatter.d.ts +40 -0
- package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
- package/dist/services/export/formatters/json.formatter.js +58 -0
- package/dist/services/export/formatters/json.formatter.js.map +1 -0
- package/dist/services/jobs/azure-job-runner.d.ts +38 -0
- package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
- package/dist/services/jobs/azure-job-runner.js +199 -0
- package/dist/services/jobs/azure-job-runner.js.map +1 -0
- package/dist/services/jobs/index.d.ts +4 -0
- package/dist/services/jobs/index.d.ts.map +1 -0
- package/dist/services/jobs/index.js +20 -0
- package/dist/services/jobs/index.js.map +1 -0
- package/dist/services/jobs/job-runner.d.ts +64 -0
- package/dist/services/jobs/job-runner.d.ts.map +1 -0
- package/dist/services/jobs/job-runner.js +952 -0
- package/dist/services/jobs/job-runner.js.map +1 -0
- package/dist/services/jobs/job-store.d.ts +27 -0
- package/dist/services/jobs/job-store.d.ts.map +1 -0
- package/dist/services/jobs/job-store.js +261 -0
- package/dist/services/jobs/job-store.js.map +1 -0
- package/dist/services/jobs/job.types.d.ts +67 -0
- package/dist/services/jobs/job.types.d.ts.map +1 -0
- package/dist/services/jobs/job.types.js +36 -0
- package/dist/services/jobs/job.types.js.map +1 -0
- package/dist/types/ad.types.d.ts +74 -0
- package/dist/types/ad.types.d.ts.map +1 -0
- package/dist/types/ad.types.js +3 -0
- package/dist/types/ad.types.js.map +1 -0
- package/dist/types/adcs.types.d.ts +58 -0
- package/dist/types/adcs.types.d.ts.map +1 -0
- package/dist/types/adcs.types.js +38 -0
- package/dist/types/adcs.types.js.map +1 -0
- package/dist/types/attack-graph.types.d.ts +135 -0
- package/dist/types/attack-graph.types.d.ts.map +1 -0
- package/dist/types/attack-graph.types.js +58 -0
- package/dist/types/attack-graph.types.js.map +1 -0
- package/dist/types/audit.types.d.ts +34 -0
- package/dist/types/audit.types.d.ts.map +1 -0
- package/dist/types/audit.types.js +3 -0
- package/dist/types/audit.types.js.map +1 -0
- package/dist/types/azure.types.d.ts +61 -0
- package/dist/types/azure.types.d.ts.map +1 -0
- package/dist/types/azure.types.js +3 -0
- package/dist/types/azure.types.js.map +1 -0
- package/dist/types/config.types.d.ts +63 -0
- package/dist/types/config.types.d.ts.map +1 -0
- package/dist/types/config.types.js +3 -0
- package/dist/types/config.types.js.map +1 -0
- package/dist/types/error.types.d.ts +33 -0
- package/dist/types/error.types.d.ts.map +1 -0
- package/dist/types/error.types.js +70 -0
- package/dist/types/error.types.js.map +1 -0
- package/dist/types/finding.types.d.ts +133 -0
- package/dist/types/finding.types.d.ts.map +1 -0
- package/dist/types/finding.types.js +3 -0
- package/dist/types/finding.types.js.map +1 -0
- package/dist/types/gpo.types.d.ts +39 -0
- package/dist/types/gpo.types.d.ts.map +1 -0
- package/dist/types/gpo.types.js +15 -0
- package/dist/types/gpo.types.js.map +1 -0
- package/dist/types/token.types.d.ts +26 -0
- package/dist/types/token.types.d.ts.map +1 -0
- package/dist/types/token.types.js +3 -0
- package/dist/types/token.types.js.map +1 -0
- package/dist/types/trust.types.d.ts +45 -0
- package/dist/types/trust.types.d.ts.map +1 -0
- package/dist/types/trust.types.js +71 -0
- package/dist/types/trust.types.js.map +1 -0
- package/dist/utils/entity-converter.d.ts +17 -0
- package/dist/utils/entity-converter.d.ts.map +1 -0
- package/dist/utils/entity-converter.js +285 -0
- package/dist/utils/entity-converter.js.map +1 -0
- package/dist/utils/graph.util.d.ts +66 -0
- package/dist/utils/graph.util.d.ts.map +1 -0
- package/dist/utils/graph.util.js +382 -0
- package/dist/utils/graph.util.js.map +1 -0
- package/dist/utils/logger.d.ts +7 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +86 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/type-name-normalizer.d.ts +5 -0
- package/dist/utils/type-name-normalizer.d.ts.map +1 -0
- package/dist/utils/type-name-normalizer.js +218 -0
- package/dist/utils/type-name-normalizer.js.map +1 -0
- package/docker-compose.yml +26 -0
- package/docs/api/README.md +178 -0
- package/docs/api/openapi.yaml +1524 -0
- package/eslint.config.js +54 -0
- package/jest.config.js +38 -0
- package/package.json +97 -0
- package/scripts/fetch-ad-cert.sh +142 -0
- package/src/.gitkeep +0 -0
- package/src/api/.gitkeep +0 -0
- package/src/api/controllers/.gitkeep +0 -0
- package/src/api/controllers/audit.controller.ts +313 -0
- package/src/api/controllers/auth.controller.ts +258 -0
- package/src/api/controllers/export.controller.ts +153 -0
- package/src/api/controllers/health.controller.ts +16 -0
- package/src/api/controllers/jobs.controller.ts +187 -0
- package/src/api/controllers/providers.controller.ts +165 -0
- package/src/api/dto/.gitkeep +0 -0
- package/src/api/dto/AuditRequest.dto.ts +8 -0
- package/src/api/dto/AuditResponse.dto.ts +19 -0
- package/src/api/dto/TokenRequest.dto.ts +8 -0
- package/src/api/dto/TokenResponse.dto.ts +14 -0
- package/src/api/middlewares/.gitkeep +0 -0
- package/src/api/middlewares/authenticate.ts +203 -0
- package/src/api/middlewares/errorHandler.ts +54 -0
- package/src/api/middlewares/rateLimit.ts +35 -0
- package/src/api/middlewares/validate.ts +32 -0
- package/src/api/routes/.gitkeep +0 -0
- package/src/api/routes/audit.routes.ts +77 -0
- package/src/api/routes/auth.routes.ts +71 -0
- package/src/api/routes/export.routes.ts +34 -0
- package/src/api/routes/health.routes.ts +14 -0
- package/src/api/routes/index.ts +40 -0
- package/src/api/routes/providers.routes.ts +24 -0
- package/src/api/validators/.gitkeep +0 -0
- package/src/api/validators/audit.schemas.ts +59 -0
- package/src/api/validators/auth.schemas.ts +59 -0
- package/src/app.ts +87 -0
- package/src/config/.gitkeep +0 -0
- package/src/config/config.schema.ts +108 -0
- package/src/config/index.ts +82 -0
- package/src/container.ts +221 -0
- package/src/data/.gitkeep +0 -0
- package/src/data/database.ts +78 -0
- package/src/data/jobs/token-cleanup.job.ts +166 -0
- package/src/data/migrations/.gitkeep +0 -0
- package/src/data/migrations/001_initial_schema.sql +47 -0
- package/src/data/migrations/migration.runner.ts +125 -0
- package/src/data/models/.gitkeep +0 -0
- package/src/data/models/Token.model.ts +35 -0
- package/src/data/repositories/.gitkeep +0 -0
- package/src/data/repositories/token.repository.ts +160 -0
- package/src/providers/.gitkeep +0 -0
- package/src/providers/azure/.gitkeep +0 -0
- package/src/providers/azure/auth.provider.ts +14 -0
- package/src/providers/azure/azure-errors.ts +189 -0
- package/src/providers/azure/azure-retry.ts +168 -0
- package/src/providers/azure/graph-client.ts +315 -0
- package/src/providers/azure/graph.provider.ts +294 -0
- package/src/providers/azure/queries/app.queries.ts +9 -0
- package/src/providers/azure/queries/policy.queries.ts +9 -0
- package/src/providers/azure/queries/user.queries.ts +10 -0
- package/src/providers/interfaces/.gitkeep +0 -0
- package/src/providers/interfaces/IGraphProvider.ts +117 -0
- package/src/providers/interfaces/ILDAPProvider.ts +142 -0
- package/src/providers/ldap/.gitkeep +0 -0
- package/src/providers/ldap/acl-parser.ts +231 -0
- package/src/providers/ldap/ad-mappers.ts +280 -0
- package/src/providers/ldap/ldap-client.ts +259 -0
- package/src/providers/ldap/ldap-errors.ts +188 -0
- package/src/providers/ldap/ldap-retry.ts +267 -0
- package/src/providers/ldap/ldap-sanitizer.ts +273 -0
- package/src/providers/ldap/ldap.provider.ts +293 -0
- package/src/providers/ldap/queries/computer.queries.ts +9 -0
- package/src/providers/ldap/queries/group.queries.ts +9 -0
- package/src/providers/ldap/queries/user.queries.ts +10 -0
- package/src/providers/smb/smb.provider.ts +653 -0
- package/src/server.ts +60 -0
- package/src/services/.gitkeep +0 -0
- package/src/services/audit/.gitkeep +0 -0
- package/src/services/audit/ad-audit.service.ts +1481 -0
- package/src/services/audit/attack-graph.service.ts +1104 -0
- package/src/services/audit/audit.service.ts +12 -0
- package/src/services/audit/azure-audit.service.ts +286 -0
- package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
- package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
- package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
- package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
- package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
- package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
- package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
- package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
- package/src/services/audit/detectors/ad/index.ts +84 -0
- package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
- package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
- package/src/services/audit/detectors/ad/network.detector.ts +538 -0
- package/src/services/audit/detectors/ad/password.detector.ts +324 -0
- package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
- package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
- package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
- package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
- package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
- package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
- package/src/services/audit/detectors/index.ts +18 -0
- package/src/services/audit/response-formatter.ts +604 -0
- package/src/services/audit/scoring.service.ts +234 -0
- package/src/services/auth/.gitkeep +0 -0
- package/src/services/auth/crypto.service.ts +230 -0
- package/src/services/auth/errors.ts +47 -0
- package/src/services/auth/token.service.ts +420 -0
- package/src/services/config/.gitkeep +0 -0
- package/src/services/config/config.service.ts +75 -0
- package/src/services/export/.gitkeep +0 -0
- package/src/services/export/export.service.ts +99 -0
- package/src/services/export/formatters/csv.formatter.ts +124 -0
- package/src/services/export/formatters/json.formatter.ts +160 -0
- package/src/services/jobs/azure-job-runner.ts +312 -0
- package/src/services/jobs/index.ts +9 -0
- package/src/services/jobs/job-runner.ts +1280 -0
- package/src/services/jobs/job-store.ts +384 -0
- package/src/services/jobs/job.types.ts +182 -0
- package/src/types/.gitkeep +0 -0
- package/src/types/ad.types.ts +91 -0
- package/src/types/adcs.types.ts +107 -0
- package/src/types/attack-graph.types.ts +260 -0
- package/src/types/audit.types.ts +42 -0
- package/src/types/azure.types.ts +68 -0
- package/src/types/config.types.ts +79 -0
- package/src/types/error.types.ts +69 -0
- package/src/types/finding.types.ts +284 -0
- package/src/types/gpo.types.ts +72 -0
- package/src/types/smb2.d.ts +73 -0
- package/src/types/token.types.ts +32 -0
- package/src/types/trust.types.ts +140 -0
- package/src/utils/.gitkeep +0 -0
- package/src/utils/entity-converter.ts +453 -0
- package/src/utils/graph.util.ts +609 -0
- package/src/utils/logger.ts +111 -0
- package/src/utils/type-name-normalizer.ts +302 -0
- package/tests/.gitkeep +0 -0
- package/tests/e2e/.gitkeep +0 -0
- package/tests/fixtures/.gitkeep +0 -0
- package/tests/integration/.gitkeep +0 -0
- package/tests/integration/README.md +156 -0
- package/tests/integration/ad-audit.integration.test.ts +216 -0
- package/tests/integration/api/.gitkeep +0 -0
- package/tests/integration/api/endpoints.integration.test.ts +431 -0
- package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
- package/tests/integration/providers/.gitkeep +0 -0
- package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
- package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
- package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
- package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
- package/tests/mocks/.gitkeep +0 -0
- package/tests/setup.ts +16 -0
- package/tests/unit/.gitkeep +0 -0
- package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
- package/tests/unit/providers/.gitkeep +0 -0
- package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
- package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
- package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
- package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
- package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
- package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
- package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
- package/tests/unit/sample.test.ts +19 -0
- package/tests/unit/services/.gitkeep +0 -0
- package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
- package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
- package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
- package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
- package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
- package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
- package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
- package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
- package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
- package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
- package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
- package/tests/unit/services/auth/crypto.service.test.ts +296 -0
- package/tests/unit/services/auth/token.service.test.ts +579 -0
- package/tests/unit/services/export/export.service.test.ts +241 -0
- package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
- package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
- package/tests/unit/utils/.gitkeep +0 -0
- package/tsconfig.json +50 -0
|
@@ -0,0 +1,165 @@
|
|
|
1
|
+
import { Request, Response, NextFunction } from 'express';
|
|
2
|
+
import type { Logger } from 'winston';
|
|
3
|
+
import { logger } from '../../utils/logger';
|
|
4
|
+
import { LDAPConfig, AzureConfig } from '../../types/config.types';
|
|
5
|
+
import { GraphProvider } from '../../providers/azure/graph.provider';
|
|
6
|
+
|
|
7
|
+
/**
|
|
8
|
+
* Provider info without sensitive data
|
|
9
|
+
*/
|
|
10
|
+
interface ProviderInfo {
|
|
11
|
+
name: string;
|
|
12
|
+
enabled: boolean;
|
|
13
|
+
status: 'configured' | 'not_configured' | 'partial';
|
|
14
|
+
details?: Record<string, unknown>;
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
/**
|
|
18
|
+
* ProvidersController
|
|
19
|
+
*
|
|
20
|
+
* Handles provider information endpoints.
|
|
21
|
+
*
|
|
22
|
+
* Endpoints:
|
|
23
|
+
* - GET /api/v1/providers/info - Get all configured providers info
|
|
24
|
+
*/
|
|
25
|
+
export class ProvidersController {
|
|
26
|
+
private logger: Logger;
|
|
27
|
+
|
|
28
|
+
constructor(
|
|
29
|
+
private ldapConfig: LDAPConfig,
|
|
30
|
+
private azureConfig: AzureConfig,
|
|
31
|
+
private graphProvider?: GraphProvider
|
|
32
|
+
) {
|
|
33
|
+
this.logger = logger;
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
/**
|
|
37
|
+
* GET /api/v1/providers/info
|
|
38
|
+
* Get information about all configured providers
|
|
39
|
+
*
|
|
40
|
+
* This endpoint requires PROVIDERS_INFO_ENABLED=true.
|
|
41
|
+
* Returns non-sensitive configuration details for each provider.
|
|
42
|
+
*
|
|
43
|
+
* Response:
|
|
44
|
+
* - 200: Providers information
|
|
45
|
+
* - 500: Server error
|
|
46
|
+
*/
|
|
47
|
+
async getProvidersInfo(_req: Request, res: Response, next: NextFunction): Promise<void> {
|
|
48
|
+
try {
|
|
49
|
+
const providers: ProviderInfo[] = [];
|
|
50
|
+
|
|
51
|
+
// LDAP/Active Directory provider
|
|
52
|
+
const ldapProvider = this.getLDAPProviderInfo();
|
|
53
|
+
providers.push(ldapProvider);
|
|
54
|
+
|
|
55
|
+
// Azure/Entra ID provider - use config tenantName or fetch from API
|
|
56
|
+
let tenantInfo: { displayName: string; verifiedDomains: string[] } | null = null;
|
|
57
|
+
if (this.azureConfig.tenantName) {
|
|
58
|
+
// Use configured tenant name
|
|
59
|
+
tenantInfo = { displayName: this.azureConfig.tenantName, verifiedDomains: [] };
|
|
60
|
+
} else if (this.graphProvider && this.azureConfig.enabled) {
|
|
61
|
+
// Try to fetch from API
|
|
62
|
+
try {
|
|
63
|
+
const org = await this.graphProvider.getOrganization();
|
|
64
|
+
tenantInfo = { displayName: org.displayName, verifiedDomains: org.verifiedDomains };
|
|
65
|
+
} catch (err) {
|
|
66
|
+
this.logger.debug('Could not fetch Azure organization info', { error: err });
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
const azureProvider = this.getAzureProviderInfo(tenantInfo);
|
|
70
|
+
providers.push(azureProvider);
|
|
71
|
+
|
|
72
|
+
this.logger.debug('Providers info requested', {
|
|
73
|
+
providerCount: providers.length,
|
|
74
|
+
providers: providers.map((p) => ({ name: p.name, enabled: p.enabled })),
|
|
75
|
+
});
|
|
76
|
+
|
|
77
|
+
res.json({
|
|
78
|
+
success: true,
|
|
79
|
+
providers,
|
|
80
|
+
summary: {
|
|
81
|
+
total: providers.length,
|
|
82
|
+
enabled: providers.filter((p) => p.enabled).length,
|
|
83
|
+
configured: providers.filter((p) => p.status === 'configured').length,
|
|
84
|
+
},
|
|
85
|
+
});
|
|
86
|
+
} catch (error) {
|
|
87
|
+
next(error);
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
/**
|
|
92
|
+
* Get LDAP provider info (non-sensitive)
|
|
93
|
+
*/
|
|
94
|
+
private getLDAPProviderInfo(): ProviderInfo {
|
|
95
|
+
const hasUrl = !!this.ldapConfig.url;
|
|
96
|
+
const hasBindDN = !!this.ldapConfig.bindDN;
|
|
97
|
+
const hasBaseDN = !!this.ldapConfig.baseDN;
|
|
98
|
+
const hasPassword = !!this.ldapConfig.bindPassword;
|
|
99
|
+
|
|
100
|
+
const isConfigured = hasUrl && hasBindDN && hasBaseDN && hasPassword;
|
|
101
|
+
const isPartial = (hasUrl || hasBindDN || hasBaseDN) && !isConfigured;
|
|
102
|
+
|
|
103
|
+
// Extract domain from URL without exposing IP
|
|
104
|
+
let serverInfo = 'not configured';
|
|
105
|
+
if (hasUrl) {
|
|
106
|
+
try {
|
|
107
|
+
const url = new URL(this.ldapConfig.url);
|
|
108
|
+
serverInfo = `${url.protocol}//${url.hostname}:${url.port || (url.protocol === 'ldaps:' ? '636' : '389')}`;
|
|
109
|
+
} catch {
|
|
110
|
+
serverInfo = 'invalid URL';
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
return {
|
|
115
|
+
name: 'active-directory',
|
|
116
|
+
enabled: isConfigured,
|
|
117
|
+
status: isConfigured ? 'configured' : isPartial ? 'partial' : 'not_configured',
|
|
118
|
+
details: {
|
|
119
|
+
server: serverInfo,
|
|
120
|
+
baseDN: this.ldapConfig.baseDN || 'not configured',
|
|
121
|
+
tlsVerify: this.ldapConfig.tlsVerify,
|
|
122
|
+
timeout: this.ldapConfig.timeout,
|
|
123
|
+
hasCACert: !!this.ldapConfig.caCertPath,
|
|
124
|
+
},
|
|
125
|
+
};
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
/**
|
|
129
|
+
* Get Azure provider info (non-sensitive)
|
|
130
|
+
*/
|
|
131
|
+
private getAzureProviderInfo(
|
|
132
|
+
tenantInfo: { displayName: string; verifiedDomains: string[] } | null
|
|
133
|
+
): ProviderInfo {
|
|
134
|
+
const isEnabled = this.azureConfig.enabled;
|
|
135
|
+
const hasTenantId = !!this.azureConfig.tenantId;
|
|
136
|
+
const hasClientId = !!this.azureConfig.clientId;
|
|
137
|
+
const hasClientSecret = !!this.azureConfig.clientSecret;
|
|
138
|
+
|
|
139
|
+
const isConfigured = isEnabled && hasTenantId && hasClientId && hasClientSecret;
|
|
140
|
+
const isPartial = isEnabled && !isConfigured;
|
|
141
|
+
|
|
142
|
+
return {
|
|
143
|
+
name: 'azure-entra-id',
|
|
144
|
+
enabled: isEnabled,
|
|
145
|
+
status: isConfigured ? 'configured' : isPartial ? 'partial' : 'not_configured',
|
|
146
|
+
details: {
|
|
147
|
+
tenantName: tenantInfo?.displayName || 'not available',
|
|
148
|
+
tenantId: this.azureConfig.tenantId || 'not configured',
|
|
149
|
+
verifiedDomains: tenantInfo?.verifiedDomains || [],
|
|
150
|
+
clientId: hasClientId ? this.maskString(this.azureConfig.clientId!) : 'not configured',
|
|
151
|
+
hasClientSecret: hasClientSecret,
|
|
152
|
+
},
|
|
153
|
+
};
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
/**
|
|
157
|
+
* Mask a string for display (show first and last 4 chars)
|
|
158
|
+
*/
|
|
159
|
+
private maskString(str: string): string {
|
|
160
|
+
if (str.length <= 8) {
|
|
161
|
+
return '****';
|
|
162
|
+
}
|
|
163
|
+
return `${str.substring(0, 4)}...${str.substring(str.length - 4)}`;
|
|
164
|
+
}
|
|
165
|
+
}
|
|
File without changes
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* DTO for audit response structure
|
|
3
|
+
*/
|
|
4
|
+
export interface AuditResponseDto {
|
|
5
|
+
success: boolean;
|
|
6
|
+
provider: 'active-directory' | 'azure';
|
|
7
|
+
auditId: string;
|
|
8
|
+
timestamp: string;
|
|
9
|
+
summary: {
|
|
10
|
+
totalFindings: number;
|
|
11
|
+
critical: number;
|
|
12
|
+
high: number;
|
|
13
|
+
medium: number;
|
|
14
|
+
low: number;
|
|
15
|
+
riskScore: number;
|
|
16
|
+
};
|
|
17
|
+
findings?: unknown[]; // Will be properly typed in later stories
|
|
18
|
+
metadata?: Record<string, unknown>;
|
|
19
|
+
}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* DTO for token information response
|
|
3
|
+
*/
|
|
4
|
+
export interface TokenResponseDto {
|
|
5
|
+
jti: string;
|
|
6
|
+
token?: string;
|
|
7
|
+
createdAt: string;
|
|
8
|
+
expiresAt: string;
|
|
9
|
+
maxUses: number;
|
|
10
|
+
usedCount: number;
|
|
11
|
+
revoked: boolean;
|
|
12
|
+
revokedAt?: string;
|
|
13
|
+
revokedReason?: string;
|
|
14
|
+
}
|
|
File without changes
|
|
@@ -0,0 +1,203 @@
|
|
|
1
|
+
import { Request, Response, NextFunction } from 'express';
|
|
2
|
+
import { TokenService } from '../../services/auth/token.service';
|
|
3
|
+
import { logger } from '../../utils/logger';
|
|
4
|
+
import {
|
|
5
|
+
TokenExpiredError,
|
|
6
|
+
TokenRevokedError,
|
|
7
|
+
UsageLimitExceededError,
|
|
8
|
+
TokenNotFoundError,
|
|
9
|
+
InvalidSignatureError,
|
|
10
|
+
InvalidTokenError,
|
|
11
|
+
} from '../../services/auth/errors';
|
|
12
|
+
|
|
13
|
+
/**
|
|
14
|
+
* Authentication Middleware
|
|
15
|
+
*
|
|
16
|
+
* Validates JWT tokens from Authorization header and enforces usage quotas.
|
|
17
|
+
*
|
|
18
|
+
* Features:
|
|
19
|
+
* - Extracts token from Authorization: Bearer <token> header
|
|
20
|
+
* - Validates JWT signature and constraints
|
|
21
|
+
* - Increments usage count on successful authentication
|
|
22
|
+
* - Attaches token info to request object
|
|
23
|
+
* - Returns appropriate error responses (401/403)
|
|
24
|
+
*
|
|
25
|
+
* Task 3: Authentication Middleware (Story 1.4)
|
|
26
|
+
*/
|
|
27
|
+
|
|
28
|
+
/**
|
|
29
|
+
* Extended Request interface with token information
|
|
30
|
+
*/
|
|
31
|
+
export interface AuthenticatedRequest extends Request {
|
|
32
|
+
token?: {
|
|
33
|
+
jti: string;
|
|
34
|
+
iat: number;
|
|
35
|
+
exp: number;
|
|
36
|
+
maxUses: number;
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
/**
|
|
41
|
+
* Create authentication middleware with token service
|
|
42
|
+
*
|
|
43
|
+
* Usage:
|
|
44
|
+
* ```typescript
|
|
45
|
+
* router.post('/protected', authenticate(tokenService), controller.method);
|
|
46
|
+
* ```
|
|
47
|
+
*
|
|
48
|
+
* @param tokenService TokenService instance for validation
|
|
49
|
+
* @returns Express middleware function
|
|
50
|
+
*/
|
|
51
|
+
export const authenticate = (tokenService: TokenService) => {
|
|
52
|
+
return async (req: AuthenticatedRequest, res: Response, next: NextFunction): Promise<void> => {
|
|
53
|
+
try {
|
|
54
|
+
// 1. Extract token from Authorization header (Bearer <token>)
|
|
55
|
+
const authHeader = req.headers.authorization;
|
|
56
|
+
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
57
|
+
logger.warn('Authentication failed: missing or invalid Authorization header', {
|
|
58
|
+
path: req.path,
|
|
59
|
+
method: req.method,
|
|
60
|
+
});
|
|
61
|
+
res.status(401).json({
|
|
62
|
+
success: false,
|
|
63
|
+
error: {
|
|
64
|
+
code: 'AUTHENTICATION_FAILED',
|
|
65
|
+
message: 'Missing or invalid Authorization header',
|
|
66
|
+
},
|
|
67
|
+
});
|
|
68
|
+
return;
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
const token = authHeader.substring(7); // Remove 'Bearer '
|
|
72
|
+
|
|
73
|
+
// 2. Validate token
|
|
74
|
+
const payload = await tokenService.validate(token);
|
|
75
|
+
|
|
76
|
+
// 3. Increment usage count
|
|
77
|
+
await tokenService.incrementUsage(payload.jti);
|
|
78
|
+
|
|
79
|
+
// 4. Attach token info to request
|
|
80
|
+
req.token = {
|
|
81
|
+
jti: payload.jti,
|
|
82
|
+
iat: payload.iat,
|
|
83
|
+
exp: payload.exp,
|
|
84
|
+
maxUses: payload.maxUses,
|
|
85
|
+
};
|
|
86
|
+
|
|
87
|
+
// 5. Log successful authentication
|
|
88
|
+
logger.debug('Request authenticated', {
|
|
89
|
+
jti: payload.jti,
|
|
90
|
+
path: req.path,
|
|
91
|
+
method: req.method,
|
|
92
|
+
});
|
|
93
|
+
|
|
94
|
+
next();
|
|
95
|
+
} catch (error) {
|
|
96
|
+
// Handle authentication errors with specific error codes
|
|
97
|
+
|
|
98
|
+
if (error instanceof TokenExpiredError) {
|
|
99
|
+
logger.warn('Authentication failed: token expired', {
|
|
100
|
+
path: req.path,
|
|
101
|
+
method: req.method,
|
|
102
|
+
});
|
|
103
|
+
res.status(401).json({
|
|
104
|
+
success: false,
|
|
105
|
+
error: {
|
|
106
|
+
code: 'TOKEN_EXPIRED',
|
|
107
|
+
message: 'Token has expired',
|
|
108
|
+
},
|
|
109
|
+
});
|
|
110
|
+
return;
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
if (error instanceof TokenRevokedError) {
|
|
114
|
+
logger.warn('Authentication failed: token revoked', {
|
|
115
|
+
path: req.path,
|
|
116
|
+
method: req.method,
|
|
117
|
+
});
|
|
118
|
+
res.status(401).json({
|
|
119
|
+
success: false,
|
|
120
|
+
error: {
|
|
121
|
+
code: 'TOKEN_REVOKED',
|
|
122
|
+
message: 'Token has been revoked',
|
|
123
|
+
},
|
|
124
|
+
});
|
|
125
|
+
return;
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
if (error instanceof UsageLimitExceededError) {
|
|
129
|
+
logger.warn('Authentication failed: usage limit exceeded', {
|
|
130
|
+
path: req.path,
|
|
131
|
+
method: req.method,
|
|
132
|
+
});
|
|
133
|
+
res.status(403).json({
|
|
134
|
+
success: false,
|
|
135
|
+
error: {
|
|
136
|
+
code: 'USAGE_LIMIT_EXCEEDED',
|
|
137
|
+
message: 'Token usage limit exceeded',
|
|
138
|
+
},
|
|
139
|
+
});
|
|
140
|
+
return;
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
if (error instanceof TokenNotFoundError) {
|
|
144
|
+
logger.warn('Authentication failed: token not found', {
|
|
145
|
+
path: req.path,
|
|
146
|
+
method: req.method,
|
|
147
|
+
});
|
|
148
|
+
res.status(401).json({
|
|
149
|
+
success: false,
|
|
150
|
+
error: {
|
|
151
|
+
code: 'AUTHENTICATION_FAILED',
|
|
152
|
+
message: 'Invalid token',
|
|
153
|
+
},
|
|
154
|
+
});
|
|
155
|
+
return;
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
if (error instanceof InvalidSignatureError) {
|
|
159
|
+
logger.warn('Authentication failed: invalid signature', {
|
|
160
|
+
path: req.path,
|
|
161
|
+
method: req.method,
|
|
162
|
+
});
|
|
163
|
+
res.status(401).json({
|
|
164
|
+
success: false,
|
|
165
|
+
error: {
|
|
166
|
+
code: 'AUTHENTICATION_FAILED',
|
|
167
|
+
message: 'Invalid token signature',
|
|
168
|
+
},
|
|
169
|
+
});
|
|
170
|
+
return;
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
if (error instanceof InvalidTokenError) {
|
|
174
|
+
logger.warn('Authentication failed: invalid token', {
|
|
175
|
+
path: req.path,
|
|
176
|
+
method: req.method,
|
|
177
|
+
});
|
|
178
|
+
res.status(401).json({
|
|
179
|
+
success: false,
|
|
180
|
+
error: {
|
|
181
|
+
code: 'AUTHENTICATION_FAILED',
|
|
182
|
+
message: 'Invalid token',
|
|
183
|
+
},
|
|
184
|
+
});
|
|
185
|
+
return;
|
|
186
|
+
}
|
|
187
|
+
|
|
188
|
+
// Generic error for unexpected cases
|
|
189
|
+
logger.error('Authentication failed: unexpected error', {
|
|
190
|
+
path: req.path,
|
|
191
|
+
method: req.method,
|
|
192
|
+
error: error instanceof Error ? error.message : 'Unknown error',
|
|
193
|
+
});
|
|
194
|
+
res.status(401).json({
|
|
195
|
+
success: false,
|
|
196
|
+
error: {
|
|
197
|
+
code: 'AUTHENTICATION_FAILED',
|
|
198
|
+
message: 'Authentication failed',
|
|
199
|
+
},
|
|
200
|
+
});
|
|
201
|
+
}
|
|
202
|
+
};
|
|
203
|
+
};
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import { Request, Response, NextFunction } from 'express';
|
|
2
|
+
import { BaseError } from '../../types/error.types';
|
|
3
|
+
import { logError } from '../../utils/logger';
|
|
4
|
+
|
|
5
|
+
/**
|
|
6
|
+
* Centralized error handling middleware
|
|
7
|
+
* Catches all errors and formats consistent error responses
|
|
8
|
+
*/
|
|
9
|
+
export const errorHandler = (
|
|
10
|
+
error: Error,
|
|
11
|
+
_req: Request,
|
|
12
|
+
res: Response,
|
|
13
|
+
_next: NextFunction
|
|
14
|
+
): void => {
|
|
15
|
+
// Log the error
|
|
16
|
+
logError('Error caught by error handler', error, {
|
|
17
|
+
path: _req.path,
|
|
18
|
+
method: _req.method,
|
|
19
|
+
});
|
|
20
|
+
|
|
21
|
+
// Determine if this is an operational error
|
|
22
|
+
const isOperational = error instanceof BaseError && error.isOperational;
|
|
23
|
+
const statusCode = error instanceof BaseError ? error.statusCode : 500;
|
|
24
|
+
|
|
25
|
+
// Determine error code
|
|
26
|
+
const errorCode =
|
|
27
|
+
error.name !== 'Error' ? error.name.replace(/([A-Z])/g, '_$1').toUpperCase() : 'INTERNAL_SERVER_ERROR';
|
|
28
|
+
|
|
29
|
+
// Build error response
|
|
30
|
+
const errorResponse: {
|
|
31
|
+
success: false;
|
|
32
|
+
error: {
|
|
33
|
+
code: string;
|
|
34
|
+
message: string;
|
|
35
|
+
details?: unknown;
|
|
36
|
+
};
|
|
37
|
+
} = {
|
|
38
|
+
success: false,
|
|
39
|
+
error: {
|
|
40
|
+
code: errorCode,
|
|
41
|
+
message: error.message || 'An unexpected error occurred',
|
|
42
|
+
},
|
|
43
|
+
};
|
|
44
|
+
|
|
45
|
+
// In development, include stack trace and additional details
|
|
46
|
+
if (process.env['NODE_ENV'] === 'development') {
|
|
47
|
+
errorResponse.error.details = {
|
|
48
|
+
stack: error.stack,
|
|
49
|
+
isOperational,
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
res.status(statusCode).json(errorResponse);
|
|
54
|
+
};
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import rateLimit from 'express-rate-limit';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Rate limiting configuration
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
// General API rate limit: 100 requests per minute
|
|
8
|
+
export const apiLimiter = rateLimit({
|
|
9
|
+
windowMs: 60 * 1000, // 1 minute
|
|
10
|
+
max: 100,
|
|
11
|
+
message: {
|
|
12
|
+
success: false,
|
|
13
|
+
error: {
|
|
14
|
+
code: 'RATE_LIMIT_EXCEEDED',
|
|
15
|
+
message: 'Too many requests, please try again later',
|
|
16
|
+
},
|
|
17
|
+
},
|
|
18
|
+
standardHeaders: true,
|
|
19
|
+
legacyHeaders: false,
|
|
20
|
+
});
|
|
21
|
+
|
|
22
|
+
// Audit endpoint rate limit: 10 audits per 5 minutes
|
|
23
|
+
export const auditLimiter = rateLimit({
|
|
24
|
+
windowMs: 5 * 60 * 1000, // 5 minutes
|
|
25
|
+
max: 10,
|
|
26
|
+
message: {
|
|
27
|
+
success: false,
|
|
28
|
+
error: {
|
|
29
|
+
code: 'AUDIT_RATE_LIMIT_EXCEEDED',
|
|
30
|
+
message: 'Too many audit requests, please try again later',
|
|
31
|
+
},
|
|
32
|
+
},
|
|
33
|
+
standardHeaders: true,
|
|
34
|
+
legacyHeaders: false,
|
|
35
|
+
});
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import { Request, Response, NextFunction } from 'express';
|
|
2
|
+
import { z, ZodError } from 'zod';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Zod validation middleware
|
|
6
|
+
* Validates request body against a Zod schema
|
|
7
|
+
*/
|
|
8
|
+
export const validate = (schema: z.ZodSchema) => {
|
|
9
|
+
return (req: Request, res: Response, next: NextFunction): void => {
|
|
10
|
+
try {
|
|
11
|
+
// Validate and parse the request body
|
|
12
|
+
req.body = schema.parse(req.body);
|
|
13
|
+
next();
|
|
14
|
+
} catch (error) {
|
|
15
|
+
if (error instanceof ZodError) {
|
|
16
|
+
res.status(400).json({
|
|
17
|
+
success: false,
|
|
18
|
+
error: {
|
|
19
|
+
code: 'VALIDATION_ERROR',
|
|
20
|
+
message: 'Request validation failed',
|
|
21
|
+
details: error.issues.map((err) => ({
|
|
22
|
+
field: err.path.join('.'),
|
|
23
|
+
message: err.message,
|
|
24
|
+
})),
|
|
25
|
+
},
|
|
26
|
+
});
|
|
27
|
+
return;
|
|
28
|
+
}
|
|
29
|
+
next(error);
|
|
30
|
+
}
|
|
31
|
+
};
|
|
32
|
+
};
|
|
File without changes
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
import { Router, Request, Response, NextFunction } from 'express';
|
|
2
|
+
import { AuditController } from '../controllers/audit.controller';
|
|
3
|
+
import { JobsController } from '../controllers/jobs.controller';
|
|
4
|
+
import { validate } from '../middlewares/validate';
|
|
5
|
+
import { authenticate } from '../middlewares/authenticate';
|
|
6
|
+
import { auditLimiter } from '../middlewares/rateLimit';
|
|
7
|
+
import { auditRequestSchema } from '../validators/audit.schemas';
|
|
8
|
+
import { TokenService } from '../../services/auth/token.service';
|
|
9
|
+
|
|
10
|
+
/**
|
|
11
|
+
* Audit routes
|
|
12
|
+
* POST /api/v1/audit/ad - Run AD audit (sync or async with ?async=true)
|
|
13
|
+
* GET /api/v1/audit/ad/status - Check LDAP connection
|
|
14
|
+
* POST /api/v1/audit/azure - Run Azure audit
|
|
15
|
+
* GET /api/v1/audit/azure/status - Check Graph connection
|
|
16
|
+
* GET /api/v1/audit/jobs - List all jobs
|
|
17
|
+
* GET /api/v1/audit/jobs/:jobId - Get job status/progress
|
|
18
|
+
* DELETE /api/v1/audit/jobs/:jobId - Delete/cancel a job
|
|
19
|
+
*/
|
|
20
|
+
export const createAuditRoutes = (controller: AuditController, tokenService: TokenService): Router => {
|
|
21
|
+
const router = Router();
|
|
22
|
+
const authMiddleware = authenticate(tokenService);
|
|
23
|
+
const jobsController = new JobsController();
|
|
24
|
+
|
|
25
|
+
// AD endpoints
|
|
26
|
+
router.post(
|
|
27
|
+
'/ad',
|
|
28
|
+
authMiddleware,
|
|
29
|
+
auditLimiter,
|
|
30
|
+
validate(auditRequestSchema),
|
|
31
|
+
(req: Request, res: Response, next: NextFunction) => controller.runADAudit(req, res, next)
|
|
32
|
+
);
|
|
33
|
+
|
|
34
|
+
router.get(
|
|
35
|
+
'/ad/status',
|
|
36
|
+
authMiddleware,
|
|
37
|
+
(req: Request, res: Response, next: NextFunction) => controller.getADStatus(req, res, next)
|
|
38
|
+
);
|
|
39
|
+
|
|
40
|
+
// Azure endpoints
|
|
41
|
+
router.post(
|
|
42
|
+
'/azure',
|
|
43
|
+
authMiddleware,
|
|
44
|
+
auditLimiter,
|
|
45
|
+
validate(auditRequestSchema),
|
|
46
|
+
(req: Request, res: Response, next: NextFunction) => controller.runAzureAudit(req, res, next)
|
|
47
|
+
);
|
|
48
|
+
|
|
49
|
+
router.get(
|
|
50
|
+
'/azure/status',
|
|
51
|
+
authMiddleware,
|
|
52
|
+
(req: Request, res: Response, next: NextFunction) => controller.getAzureStatus(req, res, next)
|
|
53
|
+
);
|
|
54
|
+
|
|
55
|
+
// Jobs endpoints (for async audit polling)
|
|
56
|
+
router.get(
|
|
57
|
+
'/jobs',
|
|
58
|
+
authMiddleware,
|
|
59
|
+
(req: Request, res: Response, next: NextFunction) => jobsController.listJobs(req, res, next)
|
|
60
|
+
);
|
|
61
|
+
|
|
62
|
+
router.get(
|
|
63
|
+
'/jobs/:jobId',
|
|
64
|
+
authMiddleware,
|
|
65
|
+
(req: Request<{ jobId: string }>, res: Response, next: NextFunction) =>
|
|
66
|
+
jobsController.getJobStatus(req, res, next)
|
|
67
|
+
);
|
|
68
|
+
|
|
69
|
+
router.delete(
|
|
70
|
+
'/jobs/:jobId',
|
|
71
|
+
authMiddleware,
|
|
72
|
+
(req: Request<{ jobId: string }>, res: Response, next: NextFunction) =>
|
|
73
|
+
jobsController.deleteJob(req, res, next)
|
|
74
|
+
);
|
|
75
|
+
|
|
76
|
+
return router;
|
|
77
|
+
};
|