Fimeg/Redflag
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Add agent distribution system

Browse Source
This commit is contained in:
Fimeg
2025-10-29 12:50:00 -04:00
parent c027a1da6c
commit 5251825ac1
2 changed files with 132 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
aggregator-server/cmd/server/main.go
View File

@@ -101,6 +101,7 @@ func main() {
dockerHandler := handlers.NewDockerHandler(updateQueries, agentQueries, commandQueries) dockerHandler := handlers.NewDockerHandler(updateQueries, agentQueries, commandQueries)
registrationTokenHandler := handlers.NewRegistrationTokenHandler(registrationTokenQueries, agentQueries, cfg) registrationTokenHandler := handlers.NewRegistrationTokenHandler(registrationTokenQueries, agentQueries, cfg)
rateLimitHandler := handlers.NewRateLimitHandler(rateLimiter) rateLimitHandler := handlers.NewRateLimitHandler(rateLimiter)
downloadHandler := handlers.NewDownloadHandler(filepath.Join(".", "redflag-agent"))
// Setup router // Setup router
router := gin.Default() router := gin.Default()
@@ -181,6 +182,10 @@ func main() {
dashboard.POST("/docker/containers/:container_id/images/:image_id/reject", dockerHandler.RejectUpdate) dashboard.POST("/docker/containers/:container_id/images/:image_id/reject", dockerHandler.RejectUpdate)
dashboard.POST("/docker/containers/:container_id/images/:image_id/install", dockerHandler.InstallUpdate) dashboard.POST("/docker/containers/:container_id/images/:image_id/install", dockerHandler.InstallUpdate)
// Download routes (authenticated)
dashboard.GET("/downloads/:platform", downloadHandler.DownloadAgent)
dashboard.GET("/install/:platform", downloadHandler.InstallScript)
// Admin/Registration Token routes (for agent enrollment management) // Admin/Registration Token routes (for agent enrollment management)
admin := dashboard.Group("/admin") admin := dashboard.Group("/admin")
{ {

127
aggregator-server/internal/api/handlers/downloads.go Normal file
View File

@@ -0,0 +1,127 @@
package handlers
import (
"net/http"
"path/filepath"
"strings"
"github.com/gin-gonic/gin"
)
// DownloadHandler handles agent binary downloads
type DownloadHandler struct {
agentDir string
}
func NewDownloadHandler(agentDir string) *DownloadHandler {
return &DownloadHandler{
agentDir: agentDir,
}
}
// DownloadAgent serves agent binaries for different platforms
func (h *DownloadHandler) DownloadAgent(c *gin.Context) {
platform := c.Param("platform")
// Validate platform to prevent directory traversal
validPlatforms := map[string]bool{
"linux-amd64": true,
"linux-arm64": true,
"windows-amd64": true,
"windows-arm64": true,
"darwin-amd64": true,
"darwin-arm64": true,
}
if !validPlatforms[platform] {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid platform"})
return
}
filename := "redflag-agent"
if strings.HasPrefix(platform, "windows") {
filename += ".exe"
}
agentPath := filepath.Join(h.agentDir, filename)
c.File(agentPath)
}
// InstallScript serves the installation script
func (h *DownloadHandler) InstallScript(c *gin.Context) {
platform := c.Param("platform")
// Validate platform
validPlatforms := map[string]bool{
"linux": true,
"darwin": true,
"windows": true,
}
if !validPlatforms[platform] {
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid platform"})
return
}
scriptContent := h.generateInstallScript(platform, c.Request.Host)
c.Header("Content-Type", "text/plain")
c.String(http.StatusOK, scriptContent)
}
func (h *DownloadHandler) generateInstallScript(platform, serverHost string) string {
baseURL := "http://" + serverHost
switch platform {
case "linux":
return `#!/bin/bash
set -e
REDFLAG_SERVER="` + baseURL + `"
AGENT_DIR="/usr/local/bin"
SERVICE_NAME="redflag-agent"
# Check if running as root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root or with sudo"
exit 1
fi
echo "Installing RedFlag agent from ${REDFLAG_SERVER}..."
# Download agent
curl -sfL "${REDFLAG_SERVER}/api/v1/downloads/linux-amd64" -o "${AGENT_DIR}/redflag-agent"
chmod +x "${AGENT_DIR}/redflag-agent"
echo "Agent downloaded. Please visit ${REDFLAG_SERVER}/admin to get a registration token."
echo "Then run: ${AGENT_DIR}/redflag-agent --server ${REDFLAG_SERVER} --token <YOUR_TOKEN>"`
case "darwin":
return `#!/bin/bash
set -e
REDFLAG_SERVER="` + baseURL + `"
AGENT_DIR="/usr/local/bin"
echo "Installing RedFlag agent from ${REDFLAG_SERVER}..."
# Download agent
curl -sfL "${REDFLAG_SERVER}/api/v1/downloads/darwin-amd64" -o "${AGENT_DIR}/redflag-agent"
chmod +x "${AGENT_DIR}/redflag-agent"
echo "Agent downloaded. Please visit ${REDFLAG_SERVER}/admin to get a registration token."
echo "Then run: ${AGENT_DIR}/redflag-agent --server ${REDFLAG_SERVER} --token <YOUR_TOKEN>"`
case "windows":
return `@echo off
set REDFLAG_SERVER=` + baseURL + `
echo Downloading RedFlag agent from %REDFLAG_SERVER%...
curl -sfL "%REDFLAG_SERVER%/api/v1/downloads/windows-amd64" -o redflag-agent.exe
echo Agent downloaded. Please visit %REDFLAG_SERVER%/admin to get a registration token.
echo Then run: redflag-agent.exe --server %REDFLAG_SERVER% --token <YOUR_TOKEN%`
default:
return "# Unsupported platform"
}
}