Skip to content

confirmedcode/Admin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Admin Server

This is a private Node.js Express server that hosts the Admin dashboard at https://admin.[domain]. It initializes the database, generates the source and client certificates, and other admin actions. Every day at midnight, it creates a snapshot of Partner referrals. Its Security Group restricts its access to one specific whitelisted IP. Most actions are logged and many actions, such as signin or signup, send email alerts to the administrator.

Prerequisites

Database Initialization

Before running anything, you must initialize the database:

GET /?initialize=true

Sign In

The POST /signin API returns a session cookie. Use the cookie on requests that require authentication. Usually, your HTTP request framework will automatically save this cookie. If the cookie expires or server returns 401, request a new cookie.

Sign In - Web

Request

GET /signin

Sign In

Request

POST /signin
Name Type Description
email string Required User email.
password string Required User password.

Response

Set-Cookie: <Cookie with Expiration Time>

Log Out (Delete Session)

Request

GET /logout

Response

Redirects to /signin

Create Admin User

Create Admin User With Email - Web

Request

GET /signup

Create Admin User With Email

Request

POST /signup
Name Type Description
email string Required Email to use to create the user.
password string Required User password.

Response

Redirect to /signup-success

Confirm Admin Email to Complete Email Signup

Request

GET /confirm-email
Name Type Description
code string Required Code that confirms a user is the owner of an email address to complete email signup.

Response

Redirect to /signin

Resend Confirmation Email - Web

Request

GET /resend-confirm-code

Resend Confirmation Email

Request

POST /resend-confirm-code
Name Type Description
email string Required Email to resend confirmation code to.

Response

Redirect to /signin

Admin

Admin Dashboard Home - Web

Request

Authentication Required

GET /admin

Admin Dashboard Clients - Web

Request

Authentication Required

GET /clients

Admin Dashboard Source Management - Web

Request

Authentication Required

GET /sources

Admin Dashboard Suricata Management - Web

Request

Authentication Required

GET /suricata

Admin Dashboard Database Management - Web

Request

Authentication Required

GET /database

Admin Dashboard Partners Management - Web

Request

Authentication Required

GET /partners

Change Admin User Password - Web

Request

Authentication Required

GET /change-password

Change Admin User Password

Request

Authentication Required

POST /change-password
Name Type Description
currentPassword string Required User's current password.
newPassword string Required User's new password.

Response

Redirect to /admin

Source Management

Allow/Disallow Access to Server Certificate

Request

Authentication Required

POST /toggle-secret

Response

Certificate Secret API toggled.

Retrieve Server Certificate (for VPN Bringup)

Request

Authentication by CERT_ACCESS_SECRET Required

toggle-secret must be used to ensure that secret access is allowed.

IP address must be internal network 172.16.0.0/12.

POST /get-server-certificate
Name Type Description
secret string Required CERT_ACCESS_SECRET from CloudFormation bringup.
id string Required The ID of the source you want to download the certificates for.

Response

{
	cacert: <utf-8>,
	servercert: <utf-8>,
	serverkey: <utf-8>
}

New Source Certificiate

Request

Authentication Required

POST /new-source
Name Type Description
id string Required The ID of the source you want to create.

Response

Source created successfully

Set Current Source

Request

Authentication Required

POST /set-current-source
Name Type Description
id string Required The ID of the source you want to set as current source.

Response

Current source set successfully.

Get Unassigned Certificates

Request

Authentication Required

POST /get-unassigned-certificates
Name Type Description
id string Required The ID of the source you want to get the number of unassigned certificates for.

Response

{
	count: [number of unassigned certs for this source]
}

Generate Certificates

Request

Authentication Required

POST /get-unassigned-certificates
Name Type Description
id string Required The ID of the source you want to generate certificates for.
num number Required The number of certificates you want to generate.

Response

Certificate generation started.

User Tools

Delete User With Email

Request

Authentication Required

POST /delete-user-with-email
Name Type Description
email string Required User's email.
reason string Required Reason for deletion.
banned boolean Mark user as banned (abusive behavior). Defaults to false.

Response

{
	message: "Deleted user successfully"
}

Delete User With ID

Request

Authentication Required

POST /delete-user-with-email
Name Type Description
id string Required User's id.
reason string Required Reason for deletion.
banned boolean Mark user as banned (abusive behavior). Defaults to false.

Response

{
	message: "Deleted user successfully"
}

Suricata

Save Suricata Rule

Request

Authentication Required

POST /save-rule
Name Type Description
ruleFile string Required Name of suricata rulefile (e.g, "disabled.conf")
ruleContent string Required Contents of rulefile.

Response

Rule file saved successfully.

Client - Upload/Modify Clients

Upload Mac/PC Client or Update Files

Request

Authentication Required

POST /upload-client
Name Type Description
type string Required mac-app, mac-update, windows-app, or windows-update
file file Required The file being uploaded.

Response

Redirect to /admin with message "Upload Successful".

Modify Client Distribution Percentages

Request

Authentication Required

POST /modify-percent

Key-Value pairs where Key is the S3 Key (full path) and Value is the Percent. Percents must add up to 100. For example:

{
	"mac-app/affeefff1/30/mac-app-1.zip" : 40,
	"mac-app/affeefff1/70/mac-app-2.zip" : 60
}

Response

Redirect to /admin with message "Percent change successful".

Partners

New Partner

Request

Authentication Required

POST /new-partner
Name Type Description
newPartnerTitle string Required Name of partner to create (e.g, ACME Inc.)
newPartnerCode string Required Code of partner to create (e.g, acme)
newPartnerPercentageShare integer Required Integer between 0 and 100. This is the percentage share that the partner gets after Apple's 15% or 30% cut.

Response

Redirects to /partners

Delete Partner

Request

Authentication Required

POST /delete-partner
Name Type Description
id string Required ID of Partner to delete.

Response

Redirects to /partners

New Partner User

Request

Authentication Required

POST /new-partner-user
Name Type Description
newPartnerUserEmail string Required Email address of Partner user to create.
newPartnerUserPassword string Required Password of Partner user to create.
newPartnerUserCode string Required Code of Partner user to create.

Response

Redirects to /partners

Delete Partner User

Request

Authentication Required

POST /delete-partner-user
Name Type Description
id string Required ID of Partner User to delete.

Response

Redirects to /partners

Get Partner's Current Snapshot

Request

Authentication Required

POST /current-snapshot
Name Type Description
partnerCode string Required Code of Partner to get snapshot of.

Response

Returns the current Partner Snapshot for the specified partner code.

Save Partner's Current Snapshot

Request

Authentication Required

POST /save-snapshot
Name Type Description
partnerCode string Required Code of Partner to save current snapshot of.

Response

{
	success: true
}

Delete Partner Snapshot

Request

Authentication Required

POST /save-snapshot
Name Type Description
id string Required ID of the partner snapshot to delete.

Response

Redirects to /partners

Database - Postgres Command

Run Logged Postgres Command

The query itself will be logged to a CloudWatch Log Group called PostgresQueries. The result is not logged.

Request

Authentication Required

POST /postgres-command
Name Type Description
command string Required Postgres query to run.

Response

Displays the query result onscreen.

Redis - Redis Brute Force

Get Brute Force counts for an IP

Request

Authentication Required

POST /get-brute
Name Type Description
ip string Required IP address to look up

Response

Brute force counts

Clear Brute Force counts for an IP

Request

Authentication Required

POST /clear-brute
Name Type Description
ip string Required IP address to clear

Response

# Brute Entries Cleared

Other APIs

Test Error Logging

Request

GET /error-test

Health Check

Request

GET /health

Response

Status 200
{
	message: "OK from admin." + DOMAIN
}

Feedback

If you have any questions, concerns, or other feedback, please let us know any feedback in Github issues or by e-mail.

We also have a bug bounty program -- please email [email protected] for details.

License

This project is licensed under the GPL License - see the LICENSE.md file for details

Contact

[email protected]

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published