Skip to content

Commit

Permalink
Implemented better uploads UI for notebooks (Velocidex#2816)
Browse files Browse the repository at this point in the history
* See uploads within the notebook
* The UI allows downloading the uploads
* Uploads can be removed with the GUI
* Implemented a sparse uploader for notebooks and server artifacts
  • Loading branch information
scudette authored Jul 18, 2023
1 parent 85e0bb2 commit 11a5486
Show file tree
Hide file tree
Showing 32 changed files with 870 additions and 384 deletions.
11 changes: 10 additions & 1 deletion api/builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -741,12 +741,21 @@ func getTLSConfig(config_obj *config_proto.Config, in *tls.Config) error {
expected_clients = config_obj.Frontend.Resources.ExpectedClients
}

in.Certificates = certs

// If the user requested it we loosen the TLS restrictions to
// accept default protocols.
if config_obj.Client != nil && config_obj.Client.Crypto != nil &&
config_obj.Client.Crypto.AllowWeakTlsServer {
return nil
}

in.MinVersion = tls.VersionTLS13
in.CurvePreferences = []tls.CurveID{
tls.CurveP521, tls.CurveP384, tls.CurveP256}
in.ClientSessionCache = tls.NewLRUClientSessionCache(int(expected_clients))
in.PreferServerCipherSuites = true
in.Certificates = certs

in.CipherSuites = []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
Expand Down
20 changes: 20 additions & 0 deletions api/mock/api_mock.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

47 changes: 43 additions & 4 deletions api/notebooks.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ import (
"www.velocidex.com/golang/velociraptor/utils"
)

const (
SKIP_UPLOADS = false
)

// Get all the current user's notebooks and those notebooks shared
// with them.
func (self *ApiServer) GetNotebooks(
Expand Down Expand Up @@ -58,7 +62,7 @@ func (self *ApiServer) GetNotebooks(

// We want a single notebook metadata.
if in.NotebookId != "" {
notebook_metadata, err := notebook_manager.GetNotebook(ctx, in.NotebookId)
notebook_metadata, err := notebook_manager.GetNotebook(ctx, in.NotebookId, in.IncludeUploads)
// Handle the EOF especially: it means there is no such
// notebook and return an empty result set.
if errors.Is(err, os.ErrNotExist) ||
Expand Down Expand Up @@ -190,7 +194,7 @@ func (self *ApiServer) UpdateNotebook(
return nil, Status(self.verbose, err)
}

old_notebook, err := notebook_manager.GetNotebook(ctx, in.NotebookId)
old_notebook, err := notebook_manager.GetNotebook(ctx, in.NotebookId, SKIP_UPLOADS)
if err != nil {
return nil, Status(self.verbose, err)
}
Expand Down Expand Up @@ -256,7 +260,7 @@ func (self *ApiServer) GetNotebookCell(
return nil, Status(self.verbose, err)
}

notebook_metadata, err := notebook_manager.GetNotebook(ctx, in.NotebookId)
notebook_metadata, err := notebook_manager.GetNotebook(ctx, in.NotebookId, SKIP_UPLOADS)
if err != nil {
return nil, Status(self.verbose, err)
}
Expand Down Expand Up @@ -302,7 +306,7 @@ func (self *ApiServer) UpdateNotebookCell(
}

// Check that the user has access to this notebook.
notebook_metadata, err := notebook_manager.GetNotebook(ctx, in.NotebookId)
notebook_metadata, err := notebook_manager.GetNotebook(ctx, in.NotebookId, SKIP_UPLOADS)
if err != nil {
return nil, Status(self.verbose, err)
}
Expand Down Expand Up @@ -538,3 +542,38 @@ func exportHTMLNotebook(config_obj *config_proto.Config,

return nil
}

func (self *ApiServer) RemoveNotebookAttachment(
ctx context.Context,
in *api_proto.NotebookFileUploadRequest) (*emptypb.Empty, error) {
users := services.GetUserManager()
user_record, org_config_obj, err := users.GetUserFromContext(ctx)
if err != nil {
return nil, Status(self.verbose, err)
}
principal := user_record.Name

permissions := acls.PREPARE_RESULTS
perm, err := services.CheckAccess(org_config_obj, principal, permissions)
if !perm || err != nil {
return nil, PermissionDenied(err,
"User is not allowed to update notebooks.")
}

notebook_manager, err := services.GetNotebookManager(org_config_obj)
if err != nil {
return nil, Status(self.verbose, err)
}

notebook, err := notebook_manager.GetNotebook(ctx, in.NotebookId, SKIP_UPLOADS)
if err != nil {
return nil, Status(self.verbose, err)
}

if !notebook_manager.CheckNotebookAccess(notebook, principal) {
return nil, InvalidStatus("Notebook is not shared with user.")
}

return &emptypb.Empty{}, notebook_manager.RemoveNotebookAttachment(ctx,
in.NotebookId, in.Components)
}
Loading

0 comments on commit 11a5486

Please sign in to comment.