feat: machine binding and version enforcement
migration 017 adds machine_id to agents table middleware validates X-Machine-ID header on authed routes agent client sends machine ID with requests MIN_AGENT_VERSION config defaults 0.1.22 version utils added for comparison blocks config copying attacks via hardware fingerprint old agents get 426 upgrade required breaking: <0.1.22 agents rejected
This commit is contained in:
Fimeg
@@ -1,6 +1,8 @@
|
||||
package queries
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/Fimeg/RedFlag/aggregator-server/internal/models"
|
||||
@@ -245,3 +247,51 @@ func (q *AgentQueries) UpdateAgentLastReboot(id uuid.UUID, rebootTime time.Time)
|
||||
_, err := q.db.Exec(query, rebootTime, time.Now(), id)
|
||||
return err
|
||||
}
|
||||
|
||||
// GetAgentByMachineID retrieves an agent by its machine ID
|
||||
func (q *AgentQueries) GetAgentByMachineID(machineID string) (*models.Agent, error) {
|
||||
query := `
|
||||
SELECT id, hostname, os_type, os_version, os_architecture, agent_version,
|
||||
current_version, update_available, last_version_check, machine_id,
|
||||
public_key_fingerprint, is_updating, updating_to_version,
|
||||
update_initiated_at, last_seen, status, metadata, reboot_required,
|
||||
last_reboot_at, reboot_reason, created_at, updated_at
|
||||
FROM agents
|
||||
WHERE machine_id = $1
|
||||
`
|
||||
|
||||
var agent models.Agent
|
||||
err := q.db.Get(&agent, query, machineID)
|
||||
if err != nil {
|
||||
if err == sql.ErrNoRows {
|
||||
return nil, nil // Return nil if not found (not an error)
|
||||
}
|
||||
return nil, fmt.Errorf("failed to get agent by machine ID: %w", err)
|
||||
}
|
||||
|
||||
return &agent, nil
|
||||
}
|
||||
|
||||
// UpdateAgentUpdatingStatus updates the agent's update status
|
||||
func (q *AgentQueries) UpdateAgentUpdatingStatus(id uuid.UUID, isUpdating bool, updatingToVersion *string) error {
|
||||
query := `
|
||||
UPDATE agents
|
||||
SET
|
||||
is_updating = $1,
|
||||
updating_to_version = $2,
|
||||
update_initiated_at = CASE
|
||||
WHEN $1 = true THEN $3
|
||||
ELSE NULL
|
||||
END,
|
||||
updated_at = $3
|
||||
WHERE id = $4
|
||||
`
|
||||
|
||||
var versionPtr *string
|
||||
if updatingToVersion != nil {
|
||||
versionPtr = updatingToVersion
|
||||
}
|
||||
|
||||
_, err := q.db.Exec(query, isUpdating, versionPtr, time.Now(), id)
|
||||
return err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user