first open-appsec support

backend/internal/proxy-host.js

@@ -4,8 +4,12 @@ const utils               = require('../lib/utils');
 const proxyHostModel      = require('../models/proxy_host');
 const internalHost        = require('./host');
 const internalNginx       = require('./nginx');
+const internalNginxOpenappsec= require('./nginx-openappsec');
 const internalAuditLog    = require('./audit-log');
 const internalCertificate = require('./certificate');
+const fs                  = require('fs');
+const path                = require('path');
+const yaml                = require('js-yaml');
 
 function omissions () {
 	return ['is_deleted'];
@@ -48,9 +52,15 @@ const internalProxyHost = {
 				data.owner_user_id = access.token.getUserId(1);
 				data               = internalHost.cleanSslHstsData(data);
 
+				let db_data = _.assign({}, data);
+				// Remove the openappsec fields from data. they are not in the database.
+				delete db_data.use_openappsec;
+				delete db_data.openappsec_mode;
+				delete db_data.minimum_confidence;
+				
 				return proxyHostModel
 					.query()
-					.insertAndFetch(data)
+					.insertAndFetch(db_data)
 					.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
@@ -84,6 +94,10 @@ const internalProxyHost = {
 						return row;
 					});
 			})
+			.then(row => {
+				internalNginxOpenappsec.generateConfig(access, row, data)
+									return row;
+							})
 			.then((row) => {
 				// Audit log
 				data.meta = _.assign({}, data.meta || {}, row.meta);
@@ -159,6 +173,11 @@ const internalProxyHost = {
 					return row;
 				}
 			})
+			.then(row => {
+				internalNginxOpenappsec.generateConfig(access, row, data);
+				// internalNginxOpenappsec.updateConfig(row, data)
+					return row;
+							})
 			.then((row) => {
 				// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
 				data = _.assign({}, {
@@ -167,6 +186,11 @@ const internalProxyHost = {
 
 				data = internalHost.cleanSslHstsData(data, row);
 
+				// Remove the openappsec fields from data. they are not in the database
+				delete data.use_openappsec;
+				delete data.openappsec_mode;
+				delete data.minimum_confidence;
+
 				return proxyHostModel
 					.query()
 					.where({id: data.id})
@@ -247,6 +271,22 @@ const internalProxyHost = {
 				if (typeof data.omit !== 'undefined' && data.omit !== null) {
 					row = _.omit(row, data.omit);
 				}
+				return row;
+			})
+			.then((row) => {
+				// add openappsec fields to row
+				try {
+					const configFilePath = internalNginxOpenappsec.getConfigFilePath(access);
+					const openappsecConfig = yaml.load(fs.readFileSync(configFilePath, 'utf8'));
+					let result = internalNginxOpenappsec.getOpenappsecFields(openappsecConfig, row.id);
+					row.use_openappsec = result.use_openappsec;
+					row.openappsec_mode = result.mode;
+					row.minimum_confidence = result.minimum_confidence;
+				}
+				catch (e) {
+					console.log("Error reading openappsec config file: " + e);
+				}
+
 				return row;
 			});
 	},
@@ -274,6 +314,10 @@ const internalProxyHost = {
 					.patch({
 						is_deleted: 1
 					})
+					.then(() => {
+						// Delete openappsec config
+						internalNginxOpenappsec.deleteConfig(access, row);
+					})
 					.then(() => {
 						// Delete Nginx Config
 						return internalNginx.deleteConfig('proxy_host', row)
@@ -430,6 +474,21 @@ const internalProxyHost = {
 				return query.then(utils.omitRows(omissions()));
 			})
 			.then((rows) => {
+				// add openappsec fields to rows
+				try {
+					const configFilePath = internalNginxOpenappsec.getConfigFilePath(access);
+					const openappsecConfig = yaml.load(fs.readFileSync(configFilePath, 'utf8'));
+					rows.map(function (row, idx) {
+						let result = internalNginxOpenappsec.getOpenappsecFields(openappsecConfig, row.id);
+						rows[idx].use_openappsec = result.use_openappsec;
+						rows[idx].openappsec_mode = result.mode;
+						rows[idx].minimum_confidence = result.minimum_confidence;
+					});
+				}
+				catch (e) {
+					console.log("Error reading openappsec config file: " + e);
+				}
+				
 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
 					return internalHost.cleanAllRowsCertificateMeta(rows);
 				}