jpetree331
f97d4845af
Complete RedFlag codebase with two major security audit implementations.
== A-1: Ed25519 Key Rotation Support ==
Server:
- SignCommand sets SignedAt timestamp and KeyID on every signature
- signing_keys database table (migration 020) for multi-key rotation
- InitializePrimaryKey registers active key at startup
- /api/v1/public-keys endpoint for rotation-aware agents
- SigningKeyQueries for key lifecycle management
Agent:
- Key-ID-aware verification via CheckKeyRotation
- FetchAndCacheAllActiveKeys for rotation pre-caching
- Cache metadata with TTL and staleness fallback
- SecurityLogger events for key rotation and command signing
== A-2: Replay Attack Fixes (F-1 through F-7) ==
F-5 CRITICAL - RetryCommand now signs via signAndCreateCommand
F-1 HIGH - v3 format: "{agent_id}:{cmd_id}:{type}:{hash}:{ts}"
F-7 HIGH - Migration 026: expires_at column with partial index
F-6 HIGH - GetPendingCommands/GetStuckCommands filter by expires_at
F-2 HIGH - Agent-side executedIDs dedup map with cleanup
F-4 HIGH - commandMaxAge reduced from 24h to 4h
F-3 CRITICAL - Old-format commands rejected after 48h via CreatedAt
Verification fixes: migration idempotency (ETHOS #4), log format
compliance (ETHOS #1), stale comments updated.
All 24 tests passing. Docker --no-cache build verified.
See docs/ for full audit reports and deviation log (DEV-001 to DEV-019).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
80 lines
2.5 KiB
Go
80 lines
2.5 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/Fimeg/RedFlag/aggregator-server/internal/database/queries"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// StatsHandler handles statistics for the dashboard
|
|
type StatsHandler struct {
|
|
agentQueries *queries.AgentQueries
|
|
updateQueries *queries.UpdateQueries
|
|
}
|
|
|
|
// NewStatsHandler creates a new stats handler
|
|
func NewStatsHandler(agentQueries *queries.AgentQueries, updateQueries *queries.UpdateQueries) *StatsHandler {
|
|
return &StatsHandler{
|
|
agentQueries: agentQueries,
|
|
updateQueries: updateQueries,
|
|
}
|
|
}
|
|
|
|
// DashboardStats represents dashboard statistics
|
|
type DashboardStats struct {
|
|
TotalAgents int `json:"total_agents"`
|
|
OnlineAgents int `json:"online_agents"`
|
|
OfflineAgents int `json:"offline_agents"`
|
|
PendingUpdates int `json:"pending_updates"`
|
|
FailedUpdates int `json:"failed_updates"`
|
|
CriticalUpdates int `json:"critical_updates"`
|
|
ImportantUpdates int `json:"high_updates"`
|
|
ModerateUpdates int `json:"medium_updates"`
|
|
LowUpdates int `json:"low_updates"`
|
|
UpdatesByType map[string]int `json:"updates_by_type"`
|
|
}
|
|
|
|
// GetDashboardStats returns dashboard statistics using the new state table
|
|
func (h *StatsHandler) GetDashboardStats(c *gin.Context) {
|
|
// Get all agents
|
|
agents, err := h.agentQueries.ListAgents("", "")
|
|
if err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to get agents"})
|
|
return
|
|
}
|
|
|
|
// Calculate stats
|
|
stats := DashboardStats{
|
|
TotalAgents: len(agents),
|
|
UpdatesByType: make(map[string]int),
|
|
}
|
|
|
|
// Count online/offline agents based on last_seen timestamp
|
|
for _, agent := range agents {
|
|
// Consider agent online if it has checked in within the last 10 minutes
|
|
if time.Since(agent.LastSeen) <= 10*time.Minute {
|
|
stats.OnlineAgents++
|
|
} else {
|
|
stats.OfflineAgents++
|
|
}
|
|
|
|
// Get update stats for each agent using the new state table
|
|
agentStats, err := h.updateQueries.GetUpdateStatsFromState(agent.ID)
|
|
if err != nil {
|
|
// Log error but continue with other agents
|
|
continue
|
|
}
|
|
|
|
// Aggregate stats across all agents
|
|
stats.PendingUpdates += agentStats.PendingUpdates
|
|
stats.FailedUpdates += agentStats.FailedUpdates
|
|
stats.CriticalUpdates += agentStats.CriticalUpdates
|
|
stats.ImportantUpdates += agentStats.ImportantUpdates
|
|
stats.ModerateUpdates += agentStats.ModerateUpdates
|
|
stats.LowUpdates += agentStats.LowUpdates
|
|
}
|
|
|
|
c.JSON(http.StatusOK, stats)
|
|
} |