def start_box() -> Tuple[Response, int]:
try:
json_schema_manager.validate(request.json, "box_create.json")
config_id = dig(request.json, "data/relationships/config/data/id")
ssh_key = dig(request.json, "data/attributes/sshKey")
current_user = User.query.filter_by(uuid=get_jwt_identity()).first_or_404()
try:
box_info = BoxCreationService(current_user, config_id, ssh_key).create()
except ConfigLimitReached:
return json_api(ConfigLimitReached, ErrorSchema), 403
except BoxLimitReached:
return json_api(BoxLimitReached, ErrorSchema), 403
except BoxError:
rollbar.report_exc_info(sys.exc_info())
return json_api(BoxError, ErrorSchema), 500
return json_api(box_info, BoxSchema), 201
except ValidationError as e:
return json_api(BadRequest(detail=e.message), ErrorSchema), 400
except AccessDenied:
return json_api(AccessDenied, ErrorSchema), 403
except ConfigInUse:
return json_api(ConfigInUse, ErrorSchema), 403
def start_tunnel() -> Tuple[Response, int]:
try:
json_schema_manager.validate(request.json, "tunnel_create.json")
subdomain_id = dig(request.json, "data/relationships/subdomain/data/id")
port_types = dig(request.json, "data/attributes/port")
ssh_key = dig(request.json, "data/attributes/sshKey")
current_user = User.query.filter_by(uuid=get_jwt_identity()).first_or_404()
try:
tunnel_info = TunnelCreationService(
current_user, subdomain_id, port_types, ssh_key
).create()
except SubdomainLimitReached:
return json_api(SubdomainLimitReached, ErrorSchema), 403
except TunnelLimitReached:
return json_api(TunnelLimitReached, ErrorSchema), 403
except TunnelError:
return json_api(TunnelError, ErrorSchema), 500
return json_api(tunnel_info, TunnelSchema), 201
except ValidationError as e:
return json_api(BadRequest(detail=e.message), ErrorSchema), 400
except AccessDenied:
return json_api(AccessDenied, ErrorSchema), 403
except SubdomainInUse:
return json_api(SubdomainInUse, ErrorSchema), 403
def tunnel_admin() -> Tuple[Response, int]:
"""
Stop any currently running tunnel if you are an admin
"""
current_user = User.query.filter_by(uuid=get_jwt_identity()).first_or_404()
if current_user.tier != "admin":
return json_api(NotFoundError, ErrorSchema), 404
try:
json_schema_manager.validate(request.json, "admin_tunnel.json")
subdomain_name = dig(request.json, "data/attributes/subdomainName")
reason = dig(request.json, "data/attributes/reason")
except ValidationError as e:
return json_api(BadRequest(source=e.message), ErrorSchema), 400
subdomain = Subdomain.query.filter_by(name=subdomain_name).first_or_404()
tunnel = Tunnel.query.filter_by(subdomain_id=subdomain.id).first_or_404()
try:
TunnelDeletionService(current_user, tunnel).delete()
logger.info(
"%s deleted %s.holepunch.io for reason %s",
current_user.email,
subdomain_name,
reason,
)
return make_response(""), 204
except TunnelError:
return json_api(TunnelError, ErrorSchema), 500
def register_user():
""" Create a new User Record"""
try:
json_schema_manager.validate(request.json, "user_create.json")
user = UserCreation(
email=dig(request.json, "data/attributes/email"),
password=dig(request.json, "data/attributes/password"),
).create()
return json_api(user, UserSchema), 204
except UserError as e:
return json_api(e, ErrorSchema), 422
except ValidationError as e:
return json_api(BadRequest(source=e.message), ErrorSchema), 400
def get_tunnel_details(self, job_id: str) -> Tuple[str, str]:
"""Get details of ssh container"""
# FIXME: nasty blocking loops should be asynced or something
# Add error handling to this
status = None
trys = 0
while status != "running":
trys += 1
status = self.nomad_client.job[job_id]["Status"]
if trys > 1000:
raise TunnelError(detail="The tunnel failed to start.")
job_info = self.nomad_client.job.get_allocations(job_id)
allocation_info = self.nomad_client.allocation.get_allocation(
dig(job_info, "0/ID")
)
allocation_node = values(allocation_info, "NodeID")
nodes = self.nomad_client.nodes.get_nodes()
ip_address = next(x["Address"] for x in nodes if x["ID"] in allocation_node)
allocated_ports = values(allocation_info, "Resources/Networks/0/DynamicPorts/*")
ssh_port = next(x for x in allocated_ports if x["Label"] == "ssh")["Value"]
if current_app.config["ENV"] == "development":
ip_address = current_app.config["SEA_HOST"]
return (ssh_port, ip_address)
def start_box() -> Tuple[Response, int]:
try:
json_schema_manager.validate(request.json, "box_create.json")
config_id = dig(request.json, "data/relationships/config/data/id")
ssh_key = dig(request.json, "data/attributes/sshKey")
image = dig(request.json, "data/attributes/image", "ubuntu")
#right now there is only one valid choice
#in the future there will be multiple choices and customer snapshots
#we will want to throw an error in the future for an invalid choice
if image == "ubuntu":
image = "cypherpunkarmory/ubuntu:0.0.1"
elif image == "debian":
image = "cypherpunkarmory/debian:0.0.1"
elif image == "kali":
image = "cypherpunkarmory/kali:0.0.1"
elif image == "alpine":
image = "cypherpunkarmory/alpine:0.0.1"
elif image == "arch":
image = "cypherpunkarmory/arch:0.0.1"
else:
image = "cypherpunkarmory/ubuntu:0.0.1"
current_user = User.query.filter_by(
uuid=get_jwt_identity()).first_or_404()
try:
box_info = BoxCreationService(current_user, config_id, ssh_key,
image).create()
except ConfigLimitReached:
return json_api(ConfigLimitReached, ErrorSchema), 403
except BoxLimitReached:
return json_api(BoxLimitReached, ErrorSchema), 403
except BoxError:
rollbar.report_exc_info(sys.exc_info())
return json_api(BoxError, ErrorSchema), 500
return json_api(box_info, BoxSchema), 201
except ValidationError as e:
return json_api(BadRequest(detail=e.message), ErrorSchema), 400
except AccessDenied:
return json_api(AccessDenied, ErrorSchema), 403
except ConfigInUse:
return json_api(ConfigInUse, ErrorSchema), 403
def subdomain_index():
subdomains = User.query.filter_by(uuid=get_jwt_identity()).first_or_404().subdomains
name = dig(request.query_params, "filter/name")
if name:
subdomains = subdomains.filter_by(name=name)
if subdomains:
return json_api(subdomains, SubdomainSchema, many=True)
def create_token():
try:
json_schema_manager.validate(request.json, "token.json")
email = dig(request.json, "data/attributes/email", None)
token_type = dig(request.json, "data/type", None)
user = User.query.filter_by(email=email).first_or_404()
uns = UserNotification(user)
if token_type == "email_confirm":
uns.activation_emails()
elif token_type == "password_reset":
uns.password_reset_email()
except ValidationError as e:
return json_api(BadRequest(source=e.message), ErrorSchema), 400
except NotFound:
return "", 200
return "", 200
def config_index():
configs = User.query.filter_by(
uuid=get_jwt_identity()).first_or_404().configs
name = dig(request.query_params, "filter/name")
if name:
configs = configs.filter_by(name=name)
if configs:
return json_api(configs, ConfigSchema, many=True)
def box_index() -> Tuple[Response, int]:
"""
Fetch index of a users current boxes
"""
boxes = User.query.filter_by(uuid=get_jwt_identity()).first_or_404().boxes
name = dig(request.query_params, "filter/config/name")
if name:
boxes = boxes.join(Config).filter(Config.name == name)
return json_api(boxes, BoxSchema, many=True), 200
def tunnel_index() -> Tuple[Response, int]:
"""
Fetch index of a users current tunnels
"""
tunnels = User.query.filter_by(uuid=get_jwt_identity()).first_or_404().tunnels
name = dig(request.query_params, "filter/subdomain/name")
if name:
tunnels = tunnels.join(Subdomain).filter(Subdomain.name == name)
return json_api(tunnels, TunnelSchema, many=True), 200
def update_user():
""" Update an existing User Record"""
try:
json_schema_manager.validate(request.json, "user_update.json")
current_user = User.query.filter_by(uuid=get_jwt_identity()).first_or_404()
service = UserUpdate(
current_user,
scopes=authentication.jwt_scopes(),
attrs=dig(request.json, "data/attributes", {}),
rels=dig(request.json, "data/relationships", {}),
)
updated_user = service.update()
return json_api(updated_user, UserSchema), 200
except UserError as e:
return json_api(e, ErrorSchema), 422
except AccessDenied as e:
return json_api(e, ErrorSchema), 403
except ValidationError as e:
return json_api(BadRequest(source=e.message), ErrorSchema), 400
def delete_user():
""" Delete an existing User Record"""
try:
json_schema_manager.validate(request.json, "user_delete.json")
current_user = User.query.filter_by(uuid=get_jwt_identity()).first_or_404()
attributes = dig(request.json, "data/attributes", None)
service = UserDeletion(
current_user, scopes=authentication.jwt_scopes(), **attributes
)
entries_deleted = service.delete()
return json_api(entries_deleted, UserSchema), 200
except UserError:
return json_api(UnprocessableEntity, ErrorSchema), 422
except AccessDenied as e:
return json_api(e, ErrorSchema), 403
def subdomain_reserve():
try:
json_schema_manager.validate(request.json, "subdomain_create.json")
current_user = User.query.filter_by(uuid=get_jwt_identity()).first_or_404()
subdomain = SubdomainCreationService(
current_user, dig(request.json, "data/attributes/name")
).reserve(True)
return json_api(subdomain, SubdomainSchema), 200
except ValidationError:
return (
json_api(BadRequest(detail="Request does not match schema."), ErrorSchema),
400,
)
except SubdomainLimitReached:
return json_api(SubdomainLimitReached, ErrorSchema), 403
except SubdomainTaken:
return json_api(SubdomainTaken, ErrorSchema), 400
except SubdomainError:
return json_api(SubdomainError, ErrorSchema), 500
def config_create():
try:
json_schema_manager.validate(request.json, "config_create.json")
current_user = User.query.filter_by(
uuid=get_jwt_identity()).first_or_404()
config = ConfigCreationService(
current_user, dig(request.json,
"data/attributes/name")).create(True)
return json_api(config, ConfigSchema), 200
except ValidationError:
return (
json_api(BadRequest(detail="Request does not match schema."),
ErrorSchema),
400,
)
except ConfigLimitReached:
return json_api(ConfigLimitReached, ErrorSchema), 403
except ConfigTaken:
return json_api(ConfigTaken, ErrorSchema), 400
except ConfigError:
return json_api(ConfigError, ErrorSchema), 500