Add server version header

Add compiler version to version string
Fix unmarshalling of ip from postgres
2021-06-18 14:51:43 +02:00 · 2021-06-18 14:48:59 +02:00 · 2021-04-14 18:01:11 +02:00 · 2021-04-14 17:55:44 +02:00 · 2021-04-14 17:32:31 +02:00 · 2021-04-14 17:27:03 +02:00
12 changed files with 248 additions and 5 deletions
--- a/2
+++ b/2
@@ -5,7 +5,7 @@ NAME = apiary
 INSTALL_PREFIX ?= /usr/local
-VERSION = $(shell cat version.go |grep "Version"| cut -d "=" -f2| tr -d "\" ")
+VERSION = $(shell cat version.go |grep "var Version"| cut -d "=" -f2| tr -d "\" ")
 ARCH = $(shell go env | grep GOHOSTARCH | cut -d"=" -f2 | tr -d "\"")
 OS = $(shell go env | grep GOHOSTOS | cut -d"=" -f2 | tr -d "\"")
 GIT_COMMIT := $(shell git rev-parse --short HEAD)
--- a/apiary.toml
+++ b/apiary.toml
@@ -25,7 +25,7 @@ ListenAddr = ":2222"
 # Throttle incoming and outgoing data per connection
 # Values are in bytes per second. Empty means no unlimited
 # Default: ""
-ThrottleSpeed = 10240
+ThrottleSpeed = 10240.0
 [Frontend]
 # Log level for SSH Honeypot
--- a/cmd/apiary.go
+++ b/cmd/apiary.go
@@ -23,7 +23,7 @@ import (
 func main() {
 	app := &cli.App{
 		Name:    "apiary",
-		Version: apiary.Version,
+		Version: apiary.FullVersion(),
 		Authors: []*cli.Author{
 			{
 				Name:  "Torjus Håkestad",
--- a/honeypot/store/memory.go
+++ b/honeypot/store/memory.go
@@ -3,6 +3,7 @@ package store
 import (
 	"fmt"
 	"sort"
 	"strings"
 	"sync"
 	"github.uio.no/torjus/apiary/models"
@@ -116,6 +117,31 @@ func (ms *MemoryStore) statTotals() ([]StatsResult, error) {
 	return stats, nil
 }
 func (ms *MemoryStore) Query(query AttemptQuery) ([]models.LoginAttempt, error) {
 	var results []models.LoginAttempt
 	ms.lock.Lock()
 	defer ms.lock.Unlock()
 	for _, la := range ms.attempts {
 		switch query.QueryType {
 		case AttemptQueryTypeIP:
 			if la.RemoteIP.String() == query.Query {
 				results = append(results, la)
 			}
 		case AttemptQueryTypePassword:
 			if strings.Contains(la.Password, query.Query) {
 				results = append(results, la)
 			}
 		case AttemptQueryTypeUsername:
 			if strings.Contains(la.Username, query.Query) {
 				results = append(results, la)
 			}
 		}
 	}
 	return results, nil
 }
 func toResults(m map[string]int) []StatsResult {
 	var results []StatsResult
--- a/honeypot/store/postgres.go
+++ b/honeypot/store/postgres.go
@@ -3,6 +3,7 @@ package store
 import (
 	"database/sql"
 	"fmt"
 	"net"
 	_ "github.com/jackc/pgx/v4/stdlib"
 	"github.uio.no/torjus/apiary/models"
@@ -158,3 +159,44 @@ func (s *PostgresStore) statsTotal(limit int) ([]StatsResult, error) {
 		{Name: "TotalLoginAttempts", Count: attemptsCount},
 	}, nil
 }
 func (s *PostgresStore) Query(query AttemptQuery) ([]models.LoginAttempt, error) {
 	var stmt string
 	queryString := query.Query
 	switch query.QueryType {
 	case AttemptQueryTypeIP:
 		stmt = `SELECT id, date, remote_ip, username, password, client_version, connection_uuid, country
 					FROM login_attempts WHERE remote_ip = $1`
 	case AttemptQueryTypePassword:
 		stmt = `SELECT id, date, remote_ip, username, password, client_version, connection_uuid, country
 					FROM login_attempts WHERE password like $1`
 		queryString = fmt.Sprintf("%%%s%%", queryString)
 	case AttemptQueryTypeUsername:
 		stmt = `SELECT id, date, remote_ip, username, password, client_version, connection_uuid, country
 					FROM login_attempts WHERE username like $1`
 		queryString = fmt.Sprintf("%%%s%%", queryString)
 	default:
 		return nil, fmt.Errorf("Invalid query type")
 	}
 	rows, err := s.db.Query(stmt, queryString)
 	if err != nil {
 		return nil, fmt.Errorf("Unable to query database: %w", err)
 	}
 	defer rows.Close()
 	var results []models.LoginAttempt
 	for rows.Next() {
 		var la models.LoginAttempt
 		var ipString string
 		if err := rows.Scan(&la.ID, &la.Date, &ipString, &la.Username, &la.Password, &la.SSHClientVersion, &la.ConnectionUUID, &la.Country); err != nil {
 			return nil, fmt.Errorf("Unable to unmarshal data from database: %w", err)
 		}
 		la.RemoteIP = net.ParseIP(ipString)
 		results = append(results, la)
 	}
 	return results, nil
 }
--- a/honeypot/store/store.go
+++ b/honeypot/store/store.go
@@ -13,13 +13,26 @@ const (
 	LoginStatsTotals    LoginStats = "total"
 )
 type AttemptQueryType string
 const (
 	AttemptQueryTypeUsername AttemptQueryType = "username"
 	AttemptQueryTypePassword AttemptQueryType = "password"
 	AttemptQueryTypeIP       AttemptQueryType = "ip"
 )
 type StatsResult struct {
 	Name  string `json:"name"`
 	Count int    `json:"count"`
 }
 type AttemptQuery struct {
 	QueryType AttemptQueryType
 	Query     string
 }
 type LoginAttemptStore interface {
 	AddAttempt(l *models.LoginAttempt) error
 	All() ([]models.LoginAttempt, error)
 	Stats(statType LoginStats, limit int) ([]StatsResult, error)
 	Query(query AttemptQuery) ([]models.LoginAttempt, error)
 }
--- a/version.go
+++ b/version.go
@@ -1,4 +1,17 @@
 package apiary
-var Version = "v0.1.1"
+import (
 	"fmt"
 	"runtime"
 )
 var Version = "v0.1.4"
 var Build string
 func FullVersion() string {
 	if Build != "" {
 		return fmt.Sprintf("%s-%s (%s)", Version, Build, runtime.Version())
 	}
 	return fmt.Sprintf("%s (%s)", Version, runtime.Version())
 }
--- a/web/frontend/src/App.vue
+++ b/web/frontend/src/App.vue
@@ -18,6 +18,7 @@
            <b-nav-item :to="'/'">Home</b-nav-item>
            <b-nav-item :to="'/stats'">Stats</b-nav-item>
            <b-nav-item :to="'/attempts'">Attempts</b-nav-item>
            <b-nav-item :to="'/search'">Search</b-nav-item>
          </b-navbar-nav>
        </b-collapse>
      </b-navbar>
--- a/web/frontend/src/components/AttemptList.vue
+++ b/web/frontend/src/components/AttemptList.vue
@@ -8,7 +8,7 @@
        hover
        :items="attempts"
        :fields="fields"
-      ></b-table>
+      />
    </p>
  </div>
 </template>
--- a/web/frontend/src/components/SearchResult.vue
+++ b/web/frontend/src/components/SearchResult.vue
@@ -0,0 +1,81 @@
 <template>
  <div class="search-result-container">
    <h1>Search</h1>
    <b-form @submit="onSubmit">
      <b-form-input v-model="searchString" placeholder="" />
    </b-form>
    <b-table
      class="search-results-table"
      responsive="md"
      striped
      hover
      :items="attempts"
      :fields="fields"
    />
  </div>
 </template>
 <script lang="ts">
 import { Component, Vue } from 'vue-property-decorator';
 import { LoginAttempt } from '@/apiary/apiary';
 import { BvTableFieldArray, BvTableFormatterCallback } from 'bootstrap-vue';
 import Axios from 'axios';
@Component
 export default class SearchResult extends Vue {
  attempts: LoginAttempt[];
  searchString: string;
  constructor() {
    super();
    this.attempts = [];
    this.searchString = '';
  }
  fields: BvTableFieldArray = [
    {
      key: 'date',
      sortable: true,
      formatter: (value: string): string => {
        const d = new Date(value);
        // This seems stupid...
        return d.toTimeString().split(' ')[0];
      },
      sortByFormatted: false,
    },
    {
      key: 'username',
    },
    {
      key: 'password',
    },
    {
      key: 'remoteIP',
      sortable: true,
    },
    {
      key: 'country',
    },
  ];
  onSubmit(event: Event) {
    event.preventDefault();
    console.log(this.searchString);
    const resp = Axios.get<LoginAttempt[]>(
      `/api/query?query=${this.searchString}`,
    );
    resp.then((r) => {
      this.attempts = r.data;
    });
  }
 }
 </script>
 <style lang="scss" scoped>
 .search-results-table {
  margin-top: 50px;
 }
 </style>
--- a/web/frontend/src/main.ts
+++ b/web/frontend/src/main.ts
@@ -4,6 +4,7 @@ import VueRouter, { RouteConfig } from 'vue-router';
 import AttemptList from '@/components/AttemptList.vue';
 import Home from '@/components/Home.vue';
 import Stats from '@/components/Stats.vue';
 import SearchResult from '@/components/SearchResult.vue';
 import 'bootstrap/dist/css/bootstrap.css';
 import 'bootstrap-vue/dist/bootstrap-vue.css';
 import '@fontsource/rubik';
@@ -38,6 +39,11 @@ const routes: Array<RouteConfig> = [
    name: 'Stats',
    component: Stats,
  },
  {
    path: '/search',
    name: 'Search',
    component: SearchResult,
  }
 ];
 const router = new VueRouter({
--- a/web/server.go
+++ b/web/server.go
@@ -14,6 +14,7 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/google/uuid"
 	"github.uio.no/torjus/apiary"
 	"github.uio.no/torjus/apiary/config"
 	"github.uio.no/torjus/apiary/honeypot"
 	"github.uio.no/torjus/apiary/honeypot/store"
@@ -91,6 +92,7 @@ func NewServer(cfg config.FrontendConfig, hs *honeypot.HoneypotServer, store sto
 			r.Use(middleware.SetHeader("Content-Type", "application/json"))
 			r.Get("/stats", s.HandlerStats)
 			r.Get("/stream", s.HandlerAttemptStream)
 			r.Get("/query", s.HandlerQuery)
 		})
 	})
 	s.Handler = r
@@ -150,6 +152,7 @@ func (s *Server) HandlerAttemptStream(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Cache-Control", "no-cache")
 	w.Header().Set("Connection", "keep-alive")
 	w.Header().Set("Access-Control-Allow-Origin", "*")
 	w.Header().Set("Server", apiary.FullVersion())
 	id, ch := s.addAttemptListener()
 	defer s.closeAttemptListener(id)
 	w.WriteHeader(http.StatusOK)
@@ -185,6 +188,7 @@ func (s *Server) HandlerAttemptStream(w http.ResponseWriter, r *http.Request) {
 }
 func (s *Server) HandlerStats(w http.ResponseWriter, r *http.Request) {
 	w.Header().Add("Content-Type", "application/json")
 	statType := store.LoginStats(r.URL.Query().Get("type"))
 	if statType == store.LoginStatsUndefined {
 		statType = store.LoginStatsPasswords
@@ -209,6 +213,63 @@ func (s *Server) HandlerStats(w http.ResponseWriter, r *http.Request) {
 		s.ServerLogger.Debugf("Error encoding or writing response", "remote_ip", r.RemoteAddr, "error", err)
 	}
 }
 func (s *Server) HandlerQuery(w http.ResponseWriter, r *http.Request) {
 	w.Header().Add("Content-Type", "application/json")
 	queryType := r.URL.Query().Get("type")
 	query := r.URL.Query().Get("query")
 	if query == "" {
 		s.WriteAPIError(w, r, http.StatusBadRequest, "Invalid query or query type")
 		return
 	}
 	results := []models.LoginAttempt{}
 	if queryType == "" {
 		uq := store.AttemptQuery{
 			QueryType: store.AttemptQueryType(store.AttemptQueryTypePassword),
 			Query:     query,
 		}
 		pq := store.AttemptQuery{
 			QueryType: store.AttemptQueryType(store.AttemptQueryTypeUsername),
 			Query:     query,
 		}
 		userResults, err := s.store.Query(uq)
 		if err != nil {
 			s.WriteAPIError(w, r, http.StatusInternalServerError, "Unable to perform query")
 			s.ServerLogger.Warnw("Error performing query", "error", err)
 			return
 		}
 		passwordResults, err := s.store.Query(pq)
 		if err != nil {
 			s.WriteAPIError(w, r, http.StatusInternalServerError, "Unable to perform query")
 			s.ServerLogger.Warnw("Error performing query", "error", err)
 			return
 		}
 		results = append(results, userResults...)
 		results = append(results, passwordResults...)
 	} else {
 		aq := store.AttemptQuery{
 			QueryType: store.AttemptQueryType(queryType),
 			Query:     query,
 		}
 		queryResults, err := s.store.Query(aq)
 		if err != nil {
 			s.WriteAPIError(w, r, http.StatusInternalServerError, "Unable to perform query")
 			s.ServerLogger.Warnw("Error performing query", "error", err)
 			return
 		}
 		results = append(results, queryResults...)
 	}
 	encoder := json.NewEncoder(w)
 	if err := encoder.Encode(&results); err != nil {
 		s.ServerLogger.Warnw("Error writing query results", "error", err)
 	}
 }
 type APIErrorResponse struct {
 	Error string `json:"error"`
Author	SHA1	Message	Date
Torjus Håkestad	baa3990d38	Add server version header	2021-06-18 14:51:43 +02:00
Torjus Håkestad	248735710a	Add compiler version to version string	2021-06-18 14:48:59 +02:00
Torjus Håkestad	c1a1bf0b03	Fix unmarshalling of ip from postgres	2021-04-14 18:01:11 +02:00
Torjus Håkestad	82d07eaaf4	Fix postgres query for search	2021-04-14 17:55:44 +02:00
Torjus Håkestad	a2ffbad4a3	Fix makefile for updated version stuff	2021-04-14 17:32:31 +02:00
Torjus Håkestad	f4afd8df62	Add search	2021-04-14 17:27:03 +02:00
Torjus Håkestad	946bdd2a6a	Add query to api	2021-04-13 07:30:07 +02:00
Torjus Håkestad	6c20033bcc	Add func to return full version string	2021-04-12 08:58:39 +02:00