diff --git a/scripts/lua/rest/v1/add/ntopng/user.lua b/scripts/lua/rest/v1/add/ntopng/user.lua new file mode 100644 index 0000000000..5535ea85c2 --- /dev/null +++ b/scripts/lua/rest/v1/add/ntopng/user.lua @@ -0,0 +1,87 @@ +-- +-- (C) 2013-20 - ntop.org +-- + +local dirs = ntop.getDirs() +package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path +package.path = dirs.installdir .. "/scripts/lua/modules/pools/?.lua;" .. package.path + +require "lua_utils" +local json = require ("dkjson") +local rest_utils = require("rest_utils") +local tracker = require("tracker") + +-- +-- Add a new ntopng user +-- Example: curl -u admin:admin -d '{"username": "mario", "full_name": "Super Mario", "password": "strongpwd", "confirm_password": "strongpwd", "user_role": "unprivileged", "allowed_interface": "", "allowed_networks": "0.0.0.0/0,::/0", "user_language": "en"}' http://localhost:3000/lua/rest/v1/add/ntopng/user.lua +-- +-- NOTE: in case of invalid login, no error is returned but redirected to login +-- + +local rc = rest_utils.consts.success.ok +local res = {} + +if not haveAdminPrivileges() then + rest_utils.answer(rest_utils.consts.err.not_granted, res) + return +end + +local username = _POST["username"] +local full_name = _POST["full_name"] +local password = _POST["password"] +local confirm_password = _POST["confirm_password"] +local host_role = _POST["user_role"] +local networks = _POST["allowed_networks"] +local allowed_interface = _POST["allowed_interface"] +local language = _POST["user_language"] +local allow_pcap_download = _POST["allow_pcap_download"] +local host_pool_id = _POST["host_pool_id"] +local limited_lifetime = _POST["lifetime_limited"] +local lifetime_secs = tonumber((_POST["lifetime_secs"] or -1)) + +if username == nil or full_name == nil or password == nil or + confirm_password == nil or host_role == nil or networks == nil or + allowed_interface == nil then + rest_utils.answer(rest_utils.consts.err.invalid_args, res) + return +end + +if(password ~= confirm_password) then + -- "Passwords do not match: typo?" + rest_utils.answer(rest_utils.consts.err.password_mismatch, res) + return +end + +username = string.lower(username) + +local all_users = ntop.getUsers() + +if(all_users[username] ~= nil) then + -- User already existing + rest_utils.answer(rest_utils.consts.err.user_already_existing, res) + return +end + + +local allow_pcap_download_enabled = false +if _POST["allow_pcap_download"] and _POST["allow_pcap_download"] == "1" then + allow_pcap_download_enabled = true +end + +if not ntop.addUser(username, full_name, password, host_role, networks, + getInterfaceName(allowed_interface), host_pool_id, language, allow_pcap_download_enabled) then + rest_utils.answer(rest_utils.consts.err.add_user_failed, res) + return +end + +if limited_lifetime and not ntop.addUserLifetime(username, lifetime_secs) then + rest_utils.answer(rest_utils.consts.err.add_user_failed, res) + return +end + +rest_utils.answer(rc, res) + +-- TRACKER HOOK +-- Note: already tracked by ntop.addUser +-- tracker.log('add_ntopng_user', { username = username }) + diff --git a/scripts/lua/rest/v1/delete/ntopng/user.lua b/scripts/lua/rest/v1/delete/ntopng/user.lua new file mode 100644 index 0000000000..1cf951228a --- /dev/null +++ b/scripts/lua/rest/v1/delete/ntopng/user.lua @@ -0,0 +1,47 @@ +-- +-- (C) 2013-20 - ntop.org +-- + +local dirs = ntop.getDirs() +package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path +package.path = dirs.installdir .. "/scripts/lua/modules/pools/?.lua;" .. package.path + +require "lua_utils" +local json = require ("dkjson") +local rest_utils = require("rest_utils") +local tracker = require("tracker") + +-- +-- Remove a ntopng user +-- Example: curl -u admin:admin -d '{"username": "mario"}' http://localhost:3000/lua/rest/v1/delete/ntopng/user.lua +-- +-- NOTE: in case of invalid login, no error is returned but redirected to login +-- + +local rc = rest_utils.consts.success.ok +local res = {} + +if not haveAdminPrivileges() then + rest_utils.answer(rest_utils.consts.err.not_granted, res) + return +end + +local username = _POST["username"] + +if username == nil then + rest_utils.answer(rest_utils.consts.err.invalid_args, res) + return +end + +username = string.lower(username) + +if not ntop.deleteUser(username) then + rest_utils.answer(rest_utils.consts.err.delete_user_failed, res) + return +end + +rest_utils.answer(rc, res) + +-- TRACKER HOOK +-- Note: already tracked by ntop.deleteUser +-- tracker.log('delete_ntopng_user', { username = username }) diff --git a/scripts/lua/rest/v1/edit/ntopng/user.lua b/scripts/lua/rest/v1/edit/ntopng/user.lua new file mode 100644 index 0000000000..4ffa534761 --- /dev/null +++ b/scripts/lua/rest/v1/edit/ntopng/user.lua @@ -0,0 +1,131 @@ +-- +-- (C) 2013-20 - ntop.org +-- + +local dirs = ntop.getDirs() +package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path +package.path = dirs.installdir .. "/scripts/lua/modules/pools/?.lua;" .. package.path + +require "lua_utils" +local json = require ("dkjson") +local rest_utils = require("rest_utils") + +-- +-- Edit a ntopng user +-- Example: curl -u admin:admin -d '{"username": "mario", "full_name": "Mario Rossi", "user_role": "unprivileged", "allowed_interface": "", "allowed_networks": "0.0.0.0/0,::/0", "user_language": "en"}' http://localhost:3000/lua/rest/v1/edit/ntopng/user.lua +-- +-- NOTE: in case of invalid login, no error is returned but redirected to login +-- + +local rc = rest_utils.consts.success.ok +local res = {} + +if not haveAdminPrivileges() then + rest_utils.answer(rest_utils.consts.err.not_granted, res) + return +end + +local username = _POST["username"] +local full_name = _POST["full_name"] +local host_role = _POST["user_role"] +local host_pool_id = _POST["host_pool_id"] +local networks = _POST["allowed_networks"] +local allowed_interface = _POST["allowed_interface"] +local language = _POST["user_language"] +local allow_pcap_download = _POST["allow_pcap_download"] +local password = _POST["password"] +local confirm_password = _POST["confirm_password"] + +if username == nil then + rest_utils.answer(rest_utils.consts.err.invalid_args, res) + return +end + +if host_role == nil and + networks == nil and + allowed_interface == nil and + allow_pcap_download == nil and + language == nil and + full_name == nil and + (password == nil or confirm_password == nil) and + host_pool_id == nil then + rest_utils.answer(rest_utils.consts.err.invalid_args, res) + return +end + +username = string.lower(username) + +local all_users = ntop.getUsers() +if(all_users[username] == nil) then + -- User doesn't exist + rest_utils.answer(rest_utils.consts.err.user_does_not_exist, res) + return +end + +if(full_name ~= nil) then + if(not ntop.changeUserFullName(username, full_name)) then + rest_utils.answer(rest_utils.consts.err.edit_user_failed, res) + return + end +end + +if(host_role ~= nil) then + if(not ntop.changeUserRole(username, host_role)) then + rest_utils.answer(rest_utils.consts.err.edit_user_failed, res) + return + end +end + +if(networks ~= nil) then + if(not ntop.changeAllowedNets(username, networks)) then + rest_utils.answer(rest_utils.consts.err.edit_user_failed, res) + return + end +end + +if(host_pool_id ~= nil) then + if(not ntop.changeUserHostPool(username, host_pool_id)) then + rest_utils.answer(rest_utils.consts.err.edit_user_failed, res) + return + end +end + +if(allowed_interface ~= nil) then + if(not ntop.changeAllowedIfname(username, getInterfaceName(allowed_interface))) then + rest_utils.answer(rest_utils.consts.err.edit_user_failed, res) + return + end +end + +if(allow_pcap_download ~= nil) then + local allow_pcap_download_enabled = false + if(tonumber(allow_pcap_download) == 1) then + allow_pcap_download_enabled = true; + end + if(not ntop.changeUserPermission(username, allow_pcap_download_enabled)) then + rest_utils.answer(rest_utils.consts.err.edit_user_failed, res) + return + end +end + +if(language ~= nil) then + if(not ntop.changeUserLanguage(username, language)) then + rest_utils.answer(rest_utils.consts.err.edit_user_failed, res) + return + end +end + +if(password ~= nil and confirm_password ~= nil) then + -- Note: the old password is not required here as the admin is doing the request + + if(password ~= confirm_password) then + rest_utils.answer(rest_utils.consts.err.password_mismatch, res) + return + end + + if(ntop.resetUserPassword(_SESSION["user"], username, "", password)) then + rest_utils.answer(rest_utils.consts.err.edit_user_failed, res) + end +end + +rest_utils.answer(rc, res) diff --git a/scripts/lua/rest/v1/get/ntopng/interfaces.lua b/scripts/lua/rest/v1/get/ntopng/interfaces.lua new file mode 100644 index 0000000000..3c9daa0feb --- /dev/null +++ b/scripts/lua/rest/v1/get/ntopng/interfaces.lua @@ -0,0 +1,27 @@ +-- +-- (C) 2013-20 - ntop.org +-- + +local dirs = ntop.getDirs() + +package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path + +require "lua_utils" +local json = require("dkjson") +local rest_utils = require("rest_utils") + +-- +-- Return all the actively monitored ntopng interfaces along with their ids +-- Example: curl -u admin:admin http://localhost:3000/lua/rest/v1/get/ntopng/interfaces.lua +-- +-- NOTE: in case of invalid login, no error is returned but redirected to login +-- + +local rc = rest_utils.consts.success.ok +local res = {} + +for ifid, ifname in pairs(interface.getIfNames()) do + res[#res + 1] = {ifid = tonumber(ifid), ifname = ifname} +end + +rest_utils.answer(rc, res) diff --git a/scripts/lua/rest/v1/get/ntopng/session.lua b/scripts/lua/rest/v1/get/ntopng/session.lua new file mode 100644 index 0000000000..ba0ed929b7 --- /dev/null +++ b/scripts/lua/rest/v1/get/ntopng/session.lua @@ -0,0 +1,39 @@ +-- +-- (C) 2013-20 - ntop.org +-- + +local dirs = ntop.getDirs() +package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path +package.path = dirs.installdir .. "/scripts/lua/modules/pools/?.lua;" .. package.path + +require "lua_utils" +local json = require ("dkjson") +local rest_utils = require("rest_utils") + +-- +-- Get a new ntopng user session (Cookie) +-- Example: curl -u admin:admin -d '{"username": "mario"}' http://localhost:3000/lua/rest/v1/get/ntopng/session.lua +-- +-- NOTE: in case of invalid login, no error is returned but redirected to login +-- + +local rc = rest_utils.consts.success.ok +local res = {} + +local username = _POST["username"] + +if username == nil then + rest_utils.answer(rest_utils.consts.err.invalid_args) + return +end + +username = string.lower(username) + +res.session = ntop.createUserSession(username) + +if isEmptyString(res.session) then + rest_utils.answer(rest_utils.consts.err.invalid_args) + return +end + +rest_utils.answer(rc, res) diff --git a/scripts/lua/rest/v1/get/ntopng/users.lua b/scripts/lua/rest/v1/get/ntopng/users.lua new file mode 100644 index 0000000000..15feb727ad --- /dev/null +++ b/scripts/lua/rest/v1/get/ntopng/users.lua @@ -0,0 +1,30 @@ +-- +-- (C) 2013-20 - ntop.org +-- + +local dirs = ntop.getDirs() +package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path +package.path = dirs.installdir .. "/scripts/lua/modules/pools/?.lua;" .. package.path + +require "lua_utils" +local json = require ("dkjson") +local rest_utils = require("rest_utils") + +-- +-- Get all available users +-- Example: curl -u admin:admin http://localhost:3000/lua/rest/v1/get/ntopng/users.lua +-- +-- NOTE: in case of invalid login, no error is returned but redirected to login +-- + +local rc = rest_utils.consts.success.ok + +if not haveAdminPrivileges() then + local res = {} + rest_utils.answer(rest_utils.consts.err.not_granted, res) + return +end + +local all_users = ntop.getUsers() + +rest_utils.answer(rc, all_users)