131 lines
3.1 KiB
Go
131 lines
3.1 KiB
Go
package handlers
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"crowdsec-dashy/internal/crowdsec"
|
|
)
|
|
|
|
// AlertsHandler manages the alerts page and its POST actions.
|
|
type AlertsHandler struct {
|
|
deps Deps
|
|
}
|
|
|
|
func NewAlertsHandler(deps Deps) *AlertsHandler {
|
|
return &AlertsHandler{deps: deps}
|
|
}
|
|
|
|
const alertsPerPage = 50
|
|
|
|
// AlertsData is passed to the alerts template.
|
|
type AlertsData struct {
|
|
PageData
|
|
Alerts []crowdsec.Alert
|
|
Filter crowdsec.AlertFilter
|
|
Page int
|
|
HasNext bool
|
|
ShowUpdates bool
|
|
}
|
|
|
|
// List renders the paginated alerts list.
|
|
func (h *AlertsHandler) List(w http.ResponseWriter, r *http.Request) {
|
|
ctx, cancel := context.WithTimeout(r.Context(), 15*time.Second)
|
|
defer cancel()
|
|
|
|
page, _ := strconv.Atoi(r.URL.Query().Get("page"))
|
|
if page < 1 {
|
|
page = 1
|
|
}
|
|
showUpdates := r.URL.Query().Get("show_updates") == "1"
|
|
|
|
filter := crowdsec.AlertFilter{
|
|
Limit: alertsPerPage + 1,
|
|
Offset: (page - 1) * alertsPerPage,
|
|
Scenario: r.URL.Query().Get("scenario"),
|
|
IP: r.URL.Query().Get("ip"),
|
|
Since: r.URL.Query().Get("since"),
|
|
}
|
|
|
|
alerts, err := h.deps.LAPI.ListAlerts(ctx, filter)
|
|
if err != nil {
|
|
log.Printf("alerts: LAPI error: %v", err)
|
|
pd := NewPageData(r, "Alerts", h.deps.CLIAvailable, h.deps.PollInterval)
|
|
if crowdsec.IsForbidden(err) {
|
|
pd = pd.WithFlash("error", "Access denied: re-register machine with admin rights: cscli machines delete crowdsec-dashy && cscli machines add crowdsec-dashy -a")
|
|
} else {
|
|
pd = pd.WithFlash("error", "Failed to fetch alerts from LAPI.")
|
|
}
|
|
h.deps.Renderer.Render(w, "alerts", AlertsData{PageData: pd})
|
|
return
|
|
}
|
|
|
|
hasNext := len(alerts) > alertsPerPage
|
|
if hasNext {
|
|
alerts = alerts[:alertsPerPage]
|
|
}
|
|
|
|
pd := NewPageData(r, "Alerts", h.deps.CLIAvailable, h.deps.PollInterval)
|
|
if f := readFlash(r); f.Message != "" {
|
|
pd.Flash = f
|
|
}
|
|
|
|
h.deps.Renderer.Render(w, "alerts", AlertsData{
|
|
PageData: pd,
|
|
Alerts: alerts,
|
|
Filter: filter,
|
|
Page: page,
|
|
HasNext: hasNext,
|
|
ShowUpdates: showUpdates,
|
|
})
|
|
}
|
|
|
|
// Delete processes alert deletion (POST; `id` field may repeat for bulk).
|
|
func (h *AlertsHandler) Delete(w http.ResponseWriter, r *http.Request) {
|
|
r.Body = http.MaxBytesReader(w, r.Body, 4096)
|
|
if err := r.ParseForm(); err != nil {
|
|
flashRedirect(w, r, "/alerts", "error", "invalid form data")
|
|
return
|
|
}
|
|
if !checkCSRF(r) {
|
|
http.Error(w, "forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
ids := r.Form["id"]
|
|
if len(ids) == 0 {
|
|
flashRedirect(w, r, "/alerts", "error", "no alert selected")
|
|
return
|
|
}
|
|
|
|
ctx, cancel := context.WithTimeout(r.Context(), 30*time.Second)
|
|
defer cancel()
|
|
|
|
var errs []string
|
|
deleted := 0
|
|
for _, s := range ids {
|
|
id, err := strconv.ParseInt(s, 10, 64)
|
|
if err != nil || id <= 0 {
|
|
errs = append(errs, fmt.Sprintf("invalid id: %q", s))
|
|
continue
|
|
}
|
|
if err := h.deps.LAPI.DeleteAlert(ctx, id); err != nil {
|
|
errs = append(errs, fmt.Sprintf("id %d: %v", id, err))
|
|
continue
|
|
}
|
|
deleted++
|
|
}
|
|
|
|
if len(errs) > 0 {
|
|
flashRedirect(w, r, "/alerts", "error", strings.Join(errs, "; "))
|
|
return
|
|
}
|
|
|
|
flashRedirect(w, r, "/alerts", "success", fmt.Sprintf("%d alert(s) deleted", deleted))
|
|
}
|