Session 4 complete - RedFlag update management platform

🚩 Private development - version retention only ✅ Complete web dashboard (React + TypeScript + TailwindCSS) ✅ Production-ready server backend (Go + Gin + PostgreSQL) ✅ Linux agent with APT + Docker scanning + local CLI tools ✅ JWT authentication and REST API ✅ Update discovery and approval workflow 🚧 Status: Alpha software - active development 📦 Purpose: Version retention during development ⚠️ Not for public use or deployment
2025-10-13 16:46:31 -04:00
commit 55b7d03010
57 changed files with 7326 additions and 0 deletions
--- a/aggregator-server/internal/api/handlers/agents.go
+++ b/aggregator-server/internal/api/handlers/agents.go
@@ -0,0 +1,178 @@
+package handlers
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/aggregator-project/aggregator-server/internal/api/middleware"
+	"github.com/aggregator-project/aggregator-server/internal/database/queries"
+	"github.com/aggregator-project/aggregator-server/internal/models"
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+)
+
+type AgentHandler struct {
+	agentQueries   *queries.AgentQueries
+	commandQueries *queries.CommandQueries
+	checkInInterval int
+}
+
+func NewAgentHandler(aq *queries.AgentQueries, cq *queries.CommandQueries, checkInInterval int) *AgentHandler {
+	return &AgentHandler{
+		agentQueries:   aq,
+		commandQueries: cq,
+		checkInInterval: checkInInterval,
+	}
+}
+
+// RegisterAgent handles agent registration
+func (h *AgentHandler) RegisterAgent(c *gin.Context) {
+	var req models.AgentRegistrationRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Create new agent
+	agent := &models.Agent{
+		ID:             uuid.New(),
+		Hostname:       req.Hostname,
+		OSType:         req.OSType,
+		OSVersion:      req.OSVersion,
+		OSArchitecture: req.OSArchitecture,
+		AgentVersion:   req.AgentVersion,
+		LastSeen:       time.Now(),
+		Status:         "online",
+		Metadata:       models.JSONB{},
+	}
+
+	// Add metadata if provided
+	if req.Metadata != nil {
+		for k, v := range req.Metadata {
+			agent.Metadata[k] = v
+		}
+	}
+
+	// Save to database
+	if err := h.agentQueries.CreateAgent(agent); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to register agent"})
+		return
+	}
+
+	// Generate JWT token
+	token, err := middleware.GenerateAgentToken(agent.ID)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate token"})
+		return
+	}
+
+	// Return response
+	response := models.AgentRegistrationResponse{
+		AgentID: agent.ID,
+		Token:   token,
+		Config: map[string]interface{}{
+			"check_in_interval": h.checkInInterval,
+			"server_url":        c.Request.Host,
+		},
+	}
+
+	c.JSON(http.StatusOK, response)
+}
+
+// GetCommands returns pending commands for an agent
+func (h *AgentHandler) GetCommands(c *gin.Context) {
+	agentID := c.MustGet("agent_id").(uuid.UUID)
+
+	// Update last_seen
+	if err := h.agentQueries.UpdateAgentLastSeen(agentID); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to update last seen"})
+		return
+	}
+
+	// Get pending commands
+	commands, err := h.commandQueries.GetPendingCommands(agentID)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to retrieve commands"})
+		return
+	}
+
+	// Convert to response format
+	commandItems := make([]models.CommandItem, 0, len(commands))
+	for _, cmd := range commands {
+		commandItems = append(commandItems, models.CommandItem{
+			ID:     cmd.ID.String(),
+			Type:   cmd.CommandType,
+			Params: cmd.Params,
+		})
+
+		// Mark as sent
+		h.commandQueries.MarkCommandSent(cmd.ID)
+	}
+
+	response := models.CommandsResponse{
+		Commands: commandItems,
+	}
+
+	c.JSON(http.StatusOK, response)
+}
+
+// ListAgents returns all agents
+func (h *AgentHandler) ListAgents(c *gin.Context) {
+	status := c.Query("status")
+	osType := c.Query("os_type")
+
+	agents, err := h.agentQueries.ListAgents(status, osType)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to list agents"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"agents": agents,
+		"total":  len(agents),
+	})
+}
+
+// GetAgent returns a single agent by ID
+func (h *AgentHandler) GetAgent(c *gin.Context) {
+	idStr := c.Param("id")
+	id, err := uuid.Parse(idStr)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid agent ID"})
+		return
+	}
+
+	agent, err := h.agentQueries.GetAgentByID(id)
+	if err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "agent not found"})
+		return
+	}
+
+	c.JSON(http.StatusOK, agent)
+}
+
+// TriggerScan creates a scan command for an agent
+func (h *AgentHandler) TriggerScan(c *gin.Context) {
+	idStr := c.Param("id")
+	agentID, err := uuid.Parse(idStr)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid agent ID"})
+		return
+	}
+
+	// Create scan command
+	cmd := &models.AgentCommand{
+		ID:          uuid.New(),
+		AgentID:     agentID,
+		CommandType: models.CommandTypeScanUpdates,
+		Params:      models.JSONB{},
+		Status:      models.CommandStatusPending,
+	}
+
+	if err := h.commandQueries.CreateCommand(cmd); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create command"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "scan triggered", "command_id": cmd.ID})
+}
--- a/aggregator-server/internal/api/handlers/updates.go
+++ b/aggregator-server/internal/api/handlers/updates.go
@@ -0,0 +1,163 @@
+package handlers
+
+import (
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/aggregator-project/aggregator-server/internal/database/queries"
+	"github.com/aggregator-project/aggregator-server/internal/models"
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+)
+
+type UpdateHandler struct {
+	updateQueries *queries.UpdateQueries
+}
+
+func NewUpdateHandler(uq *queries.UpdateQueries) *UpdateHandler {
+	return &UpdateHandler{updateQueries: uq}
+}
+
+// ReportUpdates handles update reports from agents
+func (h *UpdateHandler) ReportUpdates(c *gin.Context) {
+	agentID := c.MustGet("agent_id").(uuid.UUID)
+
+	var req models.UpdateReportRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Process each update
+	for _, item := range req.Updates {
+		update := &models.UpdatePackage{
+			ID:                 uuid.New(),
+			AgentID:            agentID,
+			PackageType:        item.PackageType,
+			PackageName:        item.PackageName,
+			PackageDescription: item.PackageDescription,
+			CurrentVersion:     item.CurrentVersion,
+			AvailableVersion:   item.AvailableVersion,
+			Severity:           item.Severity,
+			CVEList:            models.StringArray(item.CVEList),
+			KBID:               item.KBID,
+			RepositorySource:   item.RepositorySource,
+			SizeBytes:          item.SizeBytes,
+			Status:             "pending",
+			Metadata:           item.Metadata,
+		}
+
+		if err := h.updateQueries.UpsertUpdate(update); err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to save update"})
+			return
+		}
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "updates recorded",
+		"count":   len(req.Updates),
+	})
+}
+
+// ListUpdates retrieves updates with filtering
+func (h *UpdateHandler) ListUpdates(c *gin.Context) {
+	filters := &models.UpdateFilters{
+		Status:      c.Query("status"),
+		Severity:    c.Query("severity"),
+		PackageType: c.Query("package_type"),
+	}
+
+	// Parse agent_id if provided
+	if agentIDStr := c.Query("agent_id"); agentIDStr != "" {
+		agentID, err := uuid.Parse(agentIDStr)
+		if err == nil {
+			filters.AgentID = &agentID
+		}
+	}
+
+	// Parse pagination
+	page, _ := strconv.Atoi(c.DefaultQuery("page", "1"))
+	pageSize, _ := strconv.Atoi(c.DefaultQuery("page_size", "50"))
+	filters.Page = page
+	filters.PageSize = pageSize
+
+	updates, total, err := h.updateQueries.ListUpdates(filters)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to list updates"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"updates":   updates,
+		"total":     total,
+		"page":      page,
+		"page_size": pageSize,
+	})
+}
+
+// GetUpdate retrieves a single update by ID
+func (h *UpdateHandler) GetUpdate(c *gin.Context) {
+	idStr := c.Param("id")
+	id, err := uuid.Parse(idStr)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid update ID"})
+		return
+	}
+
+	update, err := h.updateQueries.GetUpdateByID(id)
+	if err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "update not found"})
+		return
+	}
+
+	c.JSON(http.StatusOK, update)
+}
+
+// ApproveUpdate marks an update as approved
+func (h *UpdateHandler) ApproveUpdate(c *gin.Context) {
+	idStr := c.Param("id")
+	id, err := uuid.Parse(idStr)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid update ID"})
+		return
+	}
+
+	// For now, use "admin" as approver. Will integrate with proper auth later
+	if err := h.updateQueries.ApproveUpdate(id, "admin"); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to approve update"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "update approved"})
+}
+
+// ReportLog handles update execution logs from agents
+func (h *UpdateHandler) ReportLog(c *gin.Context) {
+	agentID := c.MustGet("agent_id").(uuid.UUID)
+
+	var req models.UpdateLogRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	log := &models.UpdateLog{
+		ID:              uuid.New(),
+		AgentID:         agentID,
+		Action:          req.Action,
+		Result:          req.Result,
+		Stdout:          req.Stdout,
+		Stderr:          req.Stderr,
+		ExitCode:        req.ExitCode,
+		DurationSeconds: req.DurationSeconds,
+		ExecutedAt:      time.Now(),
+	}
+
+	if err := h.updateQueries.CreateUpdateLog(log); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to save log"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "log recorded"})
+}
--- a/aggregator-server/internal/api/middleware/auth.go
+++ b/aggregator-server/internal/api/middleware/auth.go
@@ -0,0 +1,71 @@
+package middleware
+
+import (
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
+)
+
+// AgentClaims represents JWT claims for agent authentication
+type AgentClaims struct {
+	AgentID uuid.UUID `json:"agent_id"`
+	jwt.RegisteredClaims
+}
+
+// JWTSecret is set by the server at initialization
+var JWTSecret string
+
+// GenerateAgentToken creates a new JWT token for an agent
+func GenerateAgentToken(agentID uuid.UUID) (string, error) {
+	claims := AgentClaims{
+		AgentID: agentID,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString([]byte(JWTSecret))
+}
+
+// AuthMiddleware validates JWT tokens from agents
+func AuthMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "missing authorization header"})
+			c.Abort()
+			return
+		}
+
+		tokenString := strings.TrimPrefix(authHeader, "Bearer ")
+		if tokenString == authHeader {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid authorization format"})
+			c.Abort()
+			return
+		}
+
+		token, err := jwt.ParseWithClaims(tokenString, &AgentClaims{}, func(token *jwt.Token) (interface{}, error) {
+			return []byte(JWTSecret), nil
+		})
+
+		if err != nil || !token.Valid {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid token"})
+			c.Abort()
+			return
+		}
+
+		if claims, ok := token.Claims.(*AgentClaims); ok {
+			c.Set("agent_id", claims.AgentID)
+			c.Next()
+		} else {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid token claims"})
+			c.Abort()
+		}
+	}
+}