Display fake sensitive information for guest users.

master
Tudor Stanciu 2023-04-18 02:19:15 +03:00
parent f1a7056f18
commit d00b96c341
10 changed files with 240 additions and 167 deletions

View File

@ -179,6 +179,7 @@
• The "Netmash.Security.Authentication.Tuitio" nuget package has been upgraded in backend.
• Added cache and authorization policies.
• Added authorization rules based on permissions.
• Display fake sensitive information for guest users.
</Content>
</Note>
</ReleaseNotes>

View File

@ -12,6 +12,7 @@ namespace NetworkResurrector.Api.Application
services.AddSingleton<INotificationService, NotificationService>();
services.AddScoped<IUserContext, UserContext>();
services.Decorate<IUserContext, UserContextCache>();
services.AddScoped<IUserService, UserService>();
}
}
}

View File

@ -0,0 +1,25 @@
using NetworkResurrector.Api.Application.Helpers;
using NetworkResurrector.Api.Application.Queries;
using System;
using System.Linq;
namespace NetworkResurrector.Api.Application.Extensions
{
internal static class ModelExtensions
{
public static void Fake(this GetMachines.Model[] models)
{
var count = models.Length;
var ips = DataFaker.GenerateIPv4AddressesInSubnet(count).ToArray();
foreach (var model in models)
{
model.MachineName = DataFaker.GenerateName();
model.FullMachineName = $"{model.MachineName}.DEMO.LAB";
model.IPv4Address = ips[Array.IndexOf(models, model)];
model.MACAddress = Randomizer.Randomize(model.MACAddress);
model.Description = $"{model.FullMachineName} description";
}
}
}
}

View File

@ -0,0 +1,38 @@
using System;
using System.Collections.Generic;
namespace NetworkResurrector.Api.Application.Helpers
{
internal static class DataFaker
{
private static readonly Random Random = new Random();
private static readonly string[] Names = { "Apollo", "Athena", "Cronus", "Diana", "Hermes", "Jupiter", "Mars", "Mercury", "Neptune", "Saturn", "Uranus", "Venus" };
private static readonly string[] Codes = { "Node", "Hypervisor", "Srv", "WebSrv", "SqlSrv", "Host", "Agent" };
public static string GenerateName()
{
var codeIndex = Random.Next(Codes.Length);
var nameIndex = Random.Next(Names.Length);
return $"{Names[nameIndex]}{Codes[codeIndex]}";
}
public static IEnumerable<string> GenerateIPv4AddressesInSubnet(int count)
{
Random random = new Random();
byte[] subnet = new byte[4];
random.NextBytes(subnet);
subnet[0] = (byte)((subnet[0] & 0xF0) | 0x0A); // set first octet to 10.x.x.x (private IP range)
var addresses = new List<string>();
for (int i = 0; i < count; i++)
{
byte[] ip = new byte[4];
random.NextBytes(ip);
ip[0] = subnet[0];
ip[1] = subnet[1];
addresses.Add(string.Join(".", ip));
}
return addresses;
}
}
}

View File

@ -0,0 +1,130 @@
using System;
using System.Reflection;
namespace NetworkResurrector.Api.Application.Helpers
{
internal static class Randomizer
{
private static readonly Random random = new Random();
public static string Randomize(string originalString)
{
var newString = new char[originalString.Length];
for (int i = 0; i < originalString.Length; i++)
{
if (char.IsLetter(originalString[i]))
{
if (char.IsUpper(originalString[i]))
{
newString[i] = GetRandomUpperLetter();
}
else
{
newString[i] = GetRandomLowerLetter();
}
}
else if (char.IsDigit(originalString[i]))
{
newString[i] = GetRandomDigit();
}
else
{
newString[i] = originalString[i];
}
}
var newStringValue = new string(newString);
return newStringValue;
}
public static void ReplaceStringProperties(object obj)
{
if (obj == null) return;
var objectType = obj.GetType();
var properties = objectType.GetProperties();
if (obj is string)
{
var originalString = (string)obj;
var newStringValue = Randomize(originalString);
if (newStringValue != originalString)
{
objectType.InvokeMember("value", BindingFlags.Instance | BindingFlags.Public | BindingFlags.SetProperty, Type.DefaultBinder, obj, new object[] { newStringValue });
}
}
else if (obj is Array array)
{
foreach (var item in array)
{
ReplaceStringProperties(item);
}
}
else
{
foreach (var property in properties)
{
if (property.PropertyType == typeof(string))
{
var originalString = (string)property.GetValue(obj);
var newString = new char[originalString.Length];
for (int i = 0; i < originalString.Length; i++)
{
if (char.IsLetter(originalString[i]))
{
if (char.IsUpper(originalString[i]))
{
newString[i] = GetRandomUpperLetter();
}
else
{
newString[i] = GetRandomLowerLetter();
}
}
else if (char.IsDigit(originalString[i]))
{
newString[i] = GetRandomDigit();
}
else
{
newString[i] = originalString[i];
}
}
var newStringValue = new string(newString);
if (newStringValue != originalString)
{
property.SetValue(obj, newStringValue);
}
}
else
{
ReplaceStringProperties(property.GetValue(obj));
}
}
}
}
private static char GetRandomUpperLetter()
{
const string chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
return chars[random.Next(chars.Length)];
}
private static char GetRandomLowerLetter()
{
const string chars = "abcdefghijklmnopqrstuvwxyz";
return chars[random.Next(chars.Length)];
}
private static char GetRandomDigit()
{
const string chars = "0123456789";
return chars[random.Next(chars.Length)];
}
}
}

View File

@ -1,5 +1,7 @@
using AutoMapper;
using MediatR;
using NetworkResurrector.Api.Application.Extensions;
using NetworkResurrector.Api.Application.Services.Abstractions;
using NetworkResurrector.Api.Domain.Repositories;
using System.Threading;
using System.Threading.Tasks;
@ -24,18 +26,24 @@ namespace NetworkResurrector.Api.Application.Queries
{
private readonly INetworkRepository _repository;
private readonly IMapper _mapper;
private readonly IUserService _userService;
public QueryHandler(INetworkRepository repository, IMapper mapper)
public QueryHandler(INetworkRepository repository, IMapper mapper, IUserService userService)
{
_repository=repository;
_mapper=mapper;
_userService=userService;
}
public async Task<Model[]> Handle(Query request, CancellationToken cancellationToken)
{
var isGuest = await _userService.GetIsGuest();
var machines = await _repository.GetMachines();
var result = _mapper.Map<Model[]>(machines);
if (isGuest)
result.Fake();
return result;
}
}

View File

@ -0,0 +1,9 @@
using System.Threading.Tasks;
namespace NetworkResurrector.Api.Application.Services.Abstractions
{
public interface IUserService
{
Task<bool> GetIsGuest();
}
}

View File

@ -0,0 +1,24 @@
using NetworkResurrector.Api.Application.Services.Abstractions;
using NetworkResurrector.Api.Domain.Constants;
using System.Linq;
using System.Threading.Tasks;
namespace NetworkResurrector.Api.Application.Services
{
internal class UserService : IUserService
{
private readonly IUserContext _userContext;
public UserService(IUserContext userContext)
{
_userContext=userContext;
}
public async Task<bool> GetIsGuest()
{
var permissions = await _userContext.GetUserPermissions();
var isGuest = permissions == null || permissions.Contains(PermissionCodes.GUEST_ACCESS);
return isGuest;
}
}
}

View File

@ -6,9 +6,7 @@
</PropertyGroup>
<ItemGroup>
<Content Include="..\..\..\ReleaseNotes.xml" Link="ReleaseNotes.xml">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</Content>
<Content Include="..\..\..\ReleaseNotes.xml" Link="ReleaseNotes.xml" />
</ItemGroup>
<ItemGroup>

View File

@ -1,161 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<ReleaseNotes>
<Note>
<Version>1.0.0</Version>
<Date>2020-11-28 18:15</Date>
<Content>
System initialization
Simple .net core 3.1 console application that serve as an REST API through witch a user can execute wake or shutdown commands on machines from his network.
Has been added Wake on LAN support and "wake" route in the API controller.
</Content>
</Note>
<Note>
<Version>1.0.1</Version>
<Date>2020-11-29 22:14</Date>
<Content>
New functionalities added
Has been added "ping" and "shutdown" support. Routes with same names have also been added to the controller.
</Content>
</Note>
<Note>
<Version>1.0.2</Version>
<Date>2020-12-20 23:00</Date>
<Content>
Changes in the system structure
Replaced Swagger and MediatR implementations with inhouse nuget packages.
Integration with Tuitio.
</Content>
</Note>
<Note>
<Version>1.0.3</Version>
<Date>2022-01-03 08:52</Date>
<Content>
Added NetworkResurrector.Agent service
Upgrade all services to net5.0
NetworkResurrector.Agent is a service that will be installed on a host machine with the scope to execute operations like shutdown, restart, etc directly.
The system will be able to execute these operations in multiple ways. This is just the first one and all of them are handled by the NetworkResurrector.Api. For example, if the user wants to shutdown a clean Windows machine, he can use the agent and configure the API to call it, but in case of a proxmox machine, the API can be configured to execute a http request directly to the OS with the shutdown action (without the need for the agent).
</Content>
</Note>
<Note>
<Version>1.0.4</Version>
<Date>2022-01-14 01:22</Date>
<Content>
NetworkResurrector.Agent improvements
• Multiple operations were implemented in the agent: Shutdown, Restart, Sleep, LockLogout and Cancel. The "Cancel" action can cancel one of the previously operations programmed with a delay.
• Added NetworkResurrector.Agent.Wrapper nuget package. It provides an easy and efficient method for a developer to connect another system written in .NET to this agent.
</Content>
</Note>
<Note>
<Version>1.0.5</Version>
<Date>2022-01-18 21:43</Date>
<Content>
NetworkResurrector.Server.Wrapper nuget package
• Added NetworkResurrector.Server.Wrapper nuget package. It provides an easy and efficient method for a developer to connect another system written in .NET to NetworkResurrector.Server.
• Added logic where the http headers from the caller's request are automatically passed to the request sent to this server.
</Content>
</Note>
<Note>
<Version>1.0.6</Version>
<Date>2022-06-19 08:18</Date>
<Content>
Implemented Netmash.Infrastructure.DatabaseMigration
• Through this nuget package, support was added for the automatic running of new sql scripts at system startup.
• The current sql scripts have been corrected or updated to meet the migrator rules.
</Content>
</Note>
<Note>
<Version>1.0.7</Version>
<Date>2022-11-30 23:21</Date>
<Content>
Code cleanup and refactoring
• Preparing to make the project open source on my Gitea instance.
• Removed secrets from source code and from git history
• Exposing two new methods "/ping" and "/version" in a new controller "/system".
</Content>
</Note>
<Note>
<Version>1.1.0</Version>
<Date>2023-01-29 00:31</Date>
<Content>
Massive improvements
• .NET 6 upgrade
• Nuget packages upgrade
• Added Seq logging
• Added messaging and published notifications from command handlers
• Refactoring and code cleanup
• Added README.md file
</Content>
</Note>
<Note>
<Version>1.1.1</Version>
<Date>2023-02-02 19:03</Date>
<Content>
Retouches after the last upgrade
• Nuget packages upgrade
• Small fixes
</Content>
</Note>
<Note>
<Version>1.1.2</Version>
<Date>2023-02-04 11:14</Date>
<Content>
Tuitio latest updates
• Tuitio nuget packages upgrade
• Tuitio configuration changes
• Many frontend developments
• Tuitio client NPM package integration: @flare/tuitio-react-client
• Added license file
• Login with enter key
</Content>
</Note>
<Note>
<Version>1.1.3</Version>
<Date>2023-03-18 02:49</Date>
<Content>
Tuitio latest changes
• Account logout method and the latest changes published by Tuitio were implemented
• Netmash.Security.Authentication.Tuitio nuget package upgrade
</Content>
</Note>
<Note>
<Version>1.2.0</Version>
<Date>2023-03-19 14:56</Date>
<Content>
Massive frontend developments
• Complete UI refactoring
• A complete menu has been added to the application.
• The theme and the switch between dark and light mode have been implemented.
• Axios upgrade.
• The ugly and useless stepper has been removed from the machines page.
</Content>
</Note>
<Note>
<Version>1.2.1</Version>
<Date>2023-03-19 20:11</Date>
<Content>
Frontend developments
• Added sensitive info toggle.
• Apply mask on sensitive information.
• Mask machine logs.
</Content>
</Note>
<Note>
<Version>1.2.2</Version>
<Date>2023-03-19 23:14</Date>
<Content>
Added user profile page
• The data on the page is extracted from the Tuitio token.
</Content>
</Note>
<Note>
<Version>1.2.3</Version>
<Date>2023-03-25 02:26</Date>
<Content>
Important developments in frontend
• Machines view modes
• New menu entries: About, Administration and System
• About page. It contains information about the system and the release notes.
• New methods have been added to the API for reading the system version and release notes.
</Content>
</Note>
</ReleaseNotes>