Skip to content

Commit

Permalink
#1456 Return session expiration status in stream output
Browse files Browse the repository at this point in the history
  • Loading branch information
@To-om
To-om committed Nov 13, 2020
1 parent 169bb1f commit eefb972
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 37 deletions.
2 changes: 1 addition & 1 deletion ScalliGraph
Submodule ScalliGraph updated 2 files
+1 −1 core/src/main/resources/reference.conf
+35 −26 core/src/main/scala/org/thp/scalligraph/auth/SessionAuthSrv.scala
79 changes: 43 additions & 36 deletions thehive/app/org/thp/thehive/controllers/v0/StreamCtrl.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package org.thp.thehive.controllers.v0

import javax.inject.{Inject, Named, Singleton}
import org.apache.tinkerpop.gremlin.process.traversal.Order
import org.thp.scalligraph.auth.{ExpirationStatus, SessionAuthSrv}
import org.thp.scalligraph.controllers.Entrypoint
import org.thp.scalligraph.models.{Database, Schema}
import org.thp.scalligraph.traversal.TraversalOps._
Expand All @@ -11,7 +12,7 @@ import org.thp.thehive.services._
import play.api.libs.json.{JsArray, JsObject, Json}
import play.api.mvc.{Action, AnyContent, Results}

import scala.concurrent.ExecutionContext
import scala.concurrent.{ExecutionContext, Future}
import scala.util.Success

@Singleton
Expand All @@ -35,43 +36,49 @@ class StreamCtrl @Inject() (
}

def get(streamId: String): Action[AnyContent] =
entrypoint("get stream").async { _ =>
streamSrv
.get(streamId)
.map {
case auditIds if auditIds.nonEmpty =>
db.roTransaction { implicit graph =>
val audits = auditSrv
.getMainByIds(Order.desc, auditIds: _*)
.richAuditWithCustomRenderer(auditRenderer)
.toIterator
.map {
case (audit, obj) =>
audit
.toJson
.as[JsObject]
.deepMerge(
Json.obj(
"base" -> Json.obj("object" -> obj, "rootId" -> audit.context._id),
"summary" -> jsonSummary(auditSrv, audit.requestId)
entrypoint("get stream").async { request =>
if (SessionAuthSrv.isExpired(request))
Future.successful(Results.Unauthorized)
else
streamSrv
.get(streamId)
.map {
case auditIds if auditIds.nonEmpty =>
db.roTransaction { implicit graph =>
val audits = auditSrv
.getMainByIds(Order.desc, auditIds: _*)
.richAuditWithCustomRenderer(auditRenderer)
.toIterator
.map {
case (audit, obj) =>
audit
.toJson
.as[JsObject]
.deepMerge(
Json.obj(
"base" -> Json.obj("object" -> obj, "rootId" -> audit.context._id),
"summary" -> jsonSummary(auditSrv, audit.requestId)
)
)
)
}
Results.Ok(JsArray(audits.toSeq))
}
case _ => Results.Ok(JsArray.empty)
}
}
if (SessionAuthSrv.isWarning(request))
new Results.Status(220)(JsArray(audits.toSeq))
else
Results.Ok(JsArray(audits.toSeq))
}
case _ if SessionAuthSrv.isWarning(request) => new Results.Status(220)(JsArray.empty)
case _ => Results.Ok(JsArray.empty)
}
}

def status: Action[AnyContent] = // TODO
entrypoint("get stream") { _ =>
Success(
Results.Ok(
Json.obj(
"remaining" -> 3600,
"warning" -> false
)
)
)
def status: Action[AnyContent] =
entrypoint("get stream") { request =>
val status = SessionAuthSrv.expirationStatus(request) match {
case Some(ExpirationStatus.Ok(remaining)) => Json.obj("warning" -> false, "remaining" -> remaining.toMillis)
case Some(ExpirationStatus.Warning(remaining)) => Json.obj("warning" -> true, "remaining" -> remaining.toMillis)
case Some(ExpirationStatus.Error) => Json.obj("warning" -> true, "remaining" -> 0)
case None => Json.obj("warning" -> false, "remaining" -> 1)
}
Success(Results.Ok(status))
}
}

0 comments on commit eefb972

Please sign in to comment.