summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--api/admin.go2
-rw-r--r--api4/api.go4
-rw-r--r--api4/compliance.go127
-rw-r--r--api4/context.go11
-rw-r--r--api4/params.go5
-rw-r--r--app/compliance.go4
-rw-r--r--i18n/en.json4
-rw-r--r--model/client4.go65
-rw-r--r--store/sql_compliance_store.go6
-rw-r--r--store/sql_compliance_store_test.go20
-rw-r--r--store/store.go2
11 files changed, 241 insertions, 9 deletions
diff --git a/api/admin.go b/api/admin.go
index 785b8bf24..5e0d8c28c 100644
--- a/api/admin.go
+++ b/api/admin.go
@@ -142,7 +142,7 @@ func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) {
- crs, err := app.GetComplianceReports()
+ crs, err := app.GetComplianceReports(0, 10000)
if err != nil {
c.Err = err
return
diff --git a/api4/api.go b/api4/api.go
index 289291951..fb0ca2758 100644
--- a/api4/api.go
+++ b/api4/api.go
@@ -65,6 +65,8 @@ type Routes struct {
Admin *mux.Router // 'api/v4/admin'
+ Compliance *mux.Router // 'api/v4/compliance'
+
System *mux.Router // 'api/v4/system'
Preferences *mux.Router // 'api/v4/preferences'
@@ -134,6 +136,7 @@ func InitApi(full bool) {
BaseRoutes.SAML = BaseRoutes.ApiRoot.PathPrefix("/saml").Subrouter()
BaseRoutes.OAuth = BaseRoutes.ApiRoot.PathPrefix("/oauth").Subrouter()
BaseRoutes.Admin = BaseRoutes.ApiRoot.PathPrefix("/admin").Subrouter()
+ BaseRoutes.Compliance = BaseRoutes.ApiRoot.PathPrefix("/compliance").Subrouter()
BaseRoutes.System = BaseRoutes.ApiRoot.PathPrefix("/system").Subrouter()
BaseRoutes.Preferences = BaseRoutes.User.PathPrefix("/preferences").Subrouter()
BaseRoutes.License = BaseRoutes.ApiRoot.PathPrefix("/license").Subrouter()
@@ -153,6 +156,7 @@ func InitApi(full bool) {
InitWebhook()
InitPreference()
InitSaml()
+ InitCompliance()
app.Srv.Router.Handle("/api/v4/{anything:.*}", http.HandlerFunc(Handle404))
diff --git a/api4/compliance.go b/api4/compliance.go
new file mode 100644
index 000000000..37196c853
--- /dev/null
+++ b/api4/compliance.go
@@ -0,0 +1,127 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+ "net/http"
+ "strconv"
+
+ l4g "github.com/alecthomas/log4go"
+ "github.com/mattermost/platform/app"
+ "github.com/mattermost/platform/model"
+ "github.com/mattermost/platform/utils"
+ "github.com/mssola/user_agent"
+)
+
+func InitCompliance() {
+ l4g.Debug(utils.T("api.compliance.init.debug"))
+
+ BaseRoutes.Compliance.Handle("/reports", ApiSessionRequired(createComplianceReport)).Methods("POST")
+ BaseRoutes.Compliance.Handle("/reports", ApiSessionRequired(getComplianceReports)).Methods("GET")
+ BaseRoutes.Compliance.Handle("/reports/{report_id:[A-Za-z0-9]+}", ApiSessionRequired(getComplianceReport)).Methods("GET")
+ BaseRoutes.Compliance.Handle("/reports/{report_id:[A-Za-z0-9]+}/download", ApiSessionRequired(downloadComplianceReport)).Methods("GET")
+}
+
+func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
+ job := model.ComplianceFromJson(r.Body)
+ if job == nil {
+ c.SetInvalidParam("compliance")
+ return
+ }
+
+ if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+ return
+ }
+
+ job.UserId = c.Session.UserId
+
+ rjob, err := app.SaveComplianceReport(job)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("")
+ w.WriteHeader(http.StatusCreated)
+ w.Write([]byte(rjob.ToJson()))
+}
+
+func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) {
+ if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+ return
+ }
+
+ crs, err := app.GetComplianceReports(c.Params.Page, c.Params.PerPage)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ w.Write([]byte(crs.ToJson()))
+}
+
+func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireReportId()
+ if c.Err != nil {
+ return
+ }
+
+ if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+ return
+ }
+
+ job, err := app.GetComplianceReport(c.Params.ReportId)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ w.Write([]byte(job.ToJson()))
+}
+
+func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireReportId()
+ if c.Err != nil {
+ return
+ }
+
+ if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+ return
+ }
+
+ job, err := app.GetComplianceReport(c.Params.ReportId)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ reportBytes, err := app.GetComplianceFile(job)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("downloaded " + job.Desc)
+
+ w.Header().Set("Cache-Control", "max-age=2592000, public")
+ w.Header().Set("Content-Length", strconv.Itoa(len(reportBytes)))
+ w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
+
+ // attach extra headers to trigger a download on IE, Edge, and Safari
+ ua := user_agent.New(r.UserAgent())
+ bname, _ := ua.Browser()
+
+ w.Header().Set("Content-Disposition", "attachment;filename=\""+job.JobName()+".zip\"")
+
+ if bname == "Edge" || bname == "Internet Explorer" || bname == "Safari" {
+ // trim off anything before the final / so we just get the file's name
+ w.Header().Set("Content-Type", "application/octet-stream")
+ }
+
+ w.Write(reportBytes)
+}
diff --git a/api4/context.go b/api4/context.go
index f9460f53b..fe2e8d35b 100644
--- a/api4/context.go
+++ b/api4/context.go
@@ -396,6 +396,17 @@ func (c *Context) RequireFileId() *Context {
return c
}
+func (c *Context) RequireReportId() *Context {
+ if c.Err != nil {
+ return c
+ }
+
+ if len(c.Params.ReportId) != 26 {
+ c.SetInvalidUrlParam("report_id")
+ }
+ return c
+}
+
func (c *Context) RequireTeamName() *Context {
if c.Err != nil {
return c
diff --git a/api4/params.go b/api4/params.go
index b1688a859..15f632195 100644
--- a/api4/params.go
+++ b/api4/params.go
@@ -24,6 +24,7 @@ type ApiParams struct {
FileId string
CommandId string
HookId string
+ ReportId string
EmojiId string
Email string
Username string
@@ -68,6 +69,10 @@ func ApiParamsFromRequest(r *http.Request) *ApiParams {
params.HookId = val
}
+ if val, ok := props["report_id"]; ok {
+ params.ReportId = val
+ }
+
if val, ok := props["emoji_id"]; ok {
params.EmojiId = val
}
diff --git a/app/compliance.go b/app/compliance.go
index ffef69b44..966b9b523 100644
--- a/app/compliance.go
+++ b/app/compliance.go
@@ -11,12 +11,12 @@ import (
"github.com/mattermost/platform/utils"
)
-func GetComplianceReports() (model.Compliances, *model.AppError) {
+func GetComplianceReports(page, perPage int) (model.Compliances, *model.AppError) {
if !*utils.Cfg.ComplianceSettings.Enable || !utils.IsLicensed || !*utils.License.Features.Compliance {
return nil, model.NewLocAppError("GetComplianceReports", "ent.compliance.licence_disable.app_error", nil, "")
}
- if result := <-Srv.Store.Compliance().GetAll(); result.Err != nil {
+ if result := <-Srv.Store.Compliance().GetAll(page*perPage, perPage); result.Err != nil {
return nil, result.Err
} else {
return result.Data.(model.Compliances), nil
diff --git a/i18n/en.json b/i18n/en.json
index 70f9906f0..bfb2017e9 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -84,6 +84,10 @@
"translation": "Initializing admin API routes"
},
{
+ "id": "api.compliance.init.debug",
+ "translation": "Initializing compliance API routes"
+ },
+ {
"id": "api.admin.recycle_db_end.warn",
"translation": "Finished recycling the database connection"
},
diff --git a/model/client4.go b/model/client4.go
index 63f65ed48..94ac2c144 100644
--- a/model/client4.go
+++ b/model/client4.go
@@ -154,6 +154,14 @@ func (c *Client4) GetIncomingWebhookRoute(hookID string) string {
return fmt.Sprintf(c.GetIncomingWebhooksRoute()+"/%v", hookID)
}
+func (c *Client4) GetComplianceReportsRoute() string {
+ return fmt.Sprintf("/compliance/reports")
+}
+
+func (c *Client4) GetComplianceReportRoute(reportId string) string {
+ return fmt.Sprintf("/compliance/reports/%v", reportId)
+}
+
func (c *Client4) GetPreferencesRoute(userId string) string {
return fmt.Sprintf(c.GetUserRoute(userId) + "/preferences")
}
@@ -1276,3 +1284,60 @@ func (c *Client4) GetSamlCertificateStatus() (*SamlCertificateStatus, *Response)
return SamlCertificateStatusFromJson(r.Body), BuildResponse(r)
}
}
+
+// Compliance Section
+
+// CreateComplianceReport creates an incoming webhook for a channel.
+func (c *Client4) CreateComplianceReport(report *Compliance) (*Compliance, *Response) {
+ if r, err := c.DoApiPost(c.GetComplianceReportsRoute(), report.ToJson()); err != nil {
+ return nil, &Response{StatusCode: r.StatusCode, Error: err}
+ } else {
+ defer closeBody(r)
+ return ComplianceFromJson(r.Body), BuildResponse(r)
+ }
+}
+
+// GetComplianceReports returns list of compliance reports.
+func (c *Client4) GetComplianceReports(page, perPage int) (Compliances, *Response) {
+ query := fmt.Sprintf("?page=%v&per_page=%v", page, perPage)
+ if r, err := c.DoApiGet(c.GetComplianceReportsRoute()+query, ""); err != nil {
+ return nil, &Response{StatusCode: r.StatusCode, Error: err}
+ } else {
+ defer closeBody(r)
+ return CompliancesFromJson(r.Body), BuildResponse(r)
+ }
+}
+
+// GetComplianceReport returns a compliance report.
+func (c *Client4) GetComplianceReport(reportId string) (*Compliance, *Response) {
+ if r, err := c.DoApiGet(c.GetComplianceReportRoute(reportId), ""); err != nil {
+ return nil, &Response{StatusCode: r.StatusCode, Error: err}
+ } else {
+ defer closeBody(r)
+ return ComplianceFromJson(r.Body), BuildResponse(r)
+ }
+}
+
+// DownloadComplianceReport returns a full compliance report as a file.
+func (c *Client4) DownloadComplianceReport(reportId string) ([]byte, *Response) {
+ var rq *http.Request
+ rq, _ = http.NewRequest("GET", c.ApiUrl+c.GetComplianceReportRoute(reportId), nil)
+ rq.Close = true
+
+ if len(c.AuthToken) > 0 {
+ rq.Header.Set(HEADER_AUTH, "BEARER "+c.AuthToken)
+ }
+
+ if rp, err := c.HttpClient.Do(rq); err != nil {
+ return nil, &Response{Error: NewAppError("DownloadComplianceReport", "model.client.connecting.app_error", nil, err.Error(), http.StatusBadRequest)}
+ } else if rp.StatusCode >= 300 {
+ defer rp.Body.Close()
+ return nil, &Response{StatusCode: rp.StatusCode, Error: AppErrorFromJson(rp.Body)}
+ } else if data, err := ioutil.ReadAll(rp.Body); err != nil {
+ defer closeBody(rp)
+ return nil, &Response{StatusCode: rp.StatusCode, Error: NewAppError("DownloadComplianceReport", "model.client.read_file.app_error", nil, err.Error(), rp.StatusCode)}
+ } else {
+ defer closeBody(rp)
+ return data, BuildResponse(rp)
+ }
+}
diff --git a/store/sql_compliance_store.go b/store/sql_compliance_store.go
index 0a131d289..2307a98cf 100644
--- a/store/sql_compliance_store.go
+++ b/store/sql_compliance_store.go
@@ -87,17 +87,17 @@ func (us SqlComplianceStore) Update(compliance *model.Compliance) StoreChannel {
return storeChannel
}
-func (s SqlComplianceStore) GetAll() StoreChannel {
+func (s SqlComplianceStore) GetAll(offset, limit int) StoreChannel {
storeChannel := make(StoreChannel, 1)
go func() {
result := StoreResult{}
- query := "SELECT * FROM Compliances ORDER BY CreateAt DESC"
+ query := "SELECT * FROM Compliances ORDER BY CreateAt DESC LIMIT :Limit OFFSET :Offset"
var compliances model.Compliances
- if _, err := s.GetReplica().Select(&compliances, query); err != nil {
+ if _, err := s.GetReplica().Select(&compliances, query, map[string]interface{}{"Offset": offset, "Limit": limit}); err != nil {
result.Err = model.NewLocAppError("SqlComplianceStore.Get", "store.sql_compliance.get.finding.app_error", nil, err.Error())
} else {
result.Data = compliances
diff --git a/store/sql_compliance_store_test.go b/store/sql_compliance_store_test.go
index 25b6f2dce..e9b0cf94a 100644
--- a/store/sql_compliance_store_test.go
+++ b/store/sql_compliance_store_test.go
@@ -20,7 +20,7 @@ func TestSqlComplianceStore(t *testing.T) {
Must(store.Compliance().Save(compliance2))
time.Sleep(100 * time.Millisecond)
- c := store.Compliance().GetAll()
+ c := store.Compliance().GetAll(0, 1000)
result := <-c
compliances := result.Data.(model.Compliances)
@@ -31,7 +31,7 @@ func TestSqlComplianceStore(t *testing.T) {
compliance2.Status = model.COMPLIANCE_STATUS_FAILED
Must(store.Compliance().Update(compliance2))
- c = store.Compliance().GetAll()
+ c = store.Compliance().GetAll(0, 1000)
result = <-c
compliances = result.Data.(model.Compliances)
@@ -39,6 +39,22 @@ func TestSqlComplianceStore(t *testing.T) {
t.Fatal()
}
+ c = store.Compliance().GetAll(0, 1)
+ result = <-c
+ compliances = result.Data.(model.Compliances)
+
+ if len(compliances) != 1 {
+ t.Fatal("should only have returned 1")
+ }
+
+ c = store.Compliance().GetAll(1, 1)
+ result = <-c
+ compliances = result.Data.(model.Compliances)
+
+ if len(compliances) != 1 {
+ t.Fatal("should only have returned 1")
+ }
+
rc2 := (<-store.Compliance().Get(compliance2.Id)).Data.(*model.Compliance)
if rc2.Status != compliance2.Status {
t.Fatal()
diff --git a/store/store.go b/store/store.go
index b8b874f41..5596fa7f8 100644
--- a/store/store.go
+++ b/store/store.go
@@ -228,7 +228,7 @@ type ComplianceStore interface {
Save(compliance *model.Compliance) StoreChannel
Update(compliance *model.Compliance) StoreChannel
Get(id string) StoreChannel
- GetAll() StoreChannel
+ GetAll(offset, limit int) StoreChannel
ComplianceExport(compliance *model.Compliance) StoreChannel
}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-05-16 17:54:19 +0000