forked from ondra/colnod-connector
This branch is 2 commits behind ondra/colnod-connector:master
colnod-connector
Acces Management System of Colsys: Product info
TODO
- Dry Run Mode (0.1v)
- Logs (0.1v)
- Timestamp
- Id of record
- Destination
- Report
- Token
actiontosubject_id - Sbject
actionaction- updated, deleted, added
- Token
- App output (0.1v)
- To Colnod
- Number of tokens added/deleted/updated
- To DB
- Number of subjects added/deleted/updated
- Number of tokens added/deleted/updated
- To Colnod
Requirements
- QPSQL driver must be installed (PostgreSQL)
- running on Qt 5.9
Qt 5
sudo apt-get install -y build-essential
sudo apt-get install -y qt5-default
PostgreSQL ( devel libs )
sudo apt-get install -y libpq-dev
sudo apt install libqt5sql5-psql # psql driver for Qt
Endpoints
-
POST
/AaaManager/authSession- Header: Authorization: Basic =4589022lj3.....
- password: spaceti1 -> sha512
echo spaceti1 | sha512sum
E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0- body:
{ "password": "E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0", "username": "spaceti" }
- POST request -
/SubjectManager/getSubjects- get subjects - POST request -
/SubjectManager/getSubjectsUpdated- get tokens updated aftertime - POST request -
/SubjectManager/getSubjectsDeleted- get tokens deleted aftertime - POST request -
/TokenManager/getTokens- get tokens - POST request -
/TokenManager/getTokensUpdated- get tokens updated aftertime - POST request -
/TokenManager/getTokensDeleted- get tokens deleted aftertime - POST request -
/TokenManager/setTokens- set tokens defined asJSON - POST request -
/TokenManager/deleteTokens- delete tokens define asJSON2 - POST request -
/AccessManager/getAccessGroups- get access groups - POST request -
/AccessManager/getAccessGroupsUpdated - POST request -
/AccessManager/getAccessGroupsDeleted - POST request -
/AccessManager/getAccessGroupMembership - POST request -
/AccessManager/getAccessGroupMembershipUpdated - POST request -
/AccessManager/getAccessGroupMembershipDeleted
time= epoch time im miliseconds{ "timestamp": 1568646217767 }JSON{ "items": [ { "id": "cf5cb80e-e6dd-45db-8edd-c9655447821c", "name": "Testovaci pokus", "description": "mobile", "tokenType": "Token", "tokenBits}": 32, "tokenData": "7B9D31", "timeToLive": 255, "authErrors": 255, "flags": [ "Enabled", "NoValidity" ], "subjectId": "72b37f7e-5761-4e6c-8e87-20c0bed0d904" } ] }JSON2{ "items": [ "7272bcf6-b5ad-46dd-99a9-0c56faddf14c" ] }
RestAPI definitions
openapi.yaml( editorVSCodewithSwagger Viewerextension - ⌘+⇧+PPreview Swagger)
Colnod Test server
- URL:
192.168.1.3:8843 !!! No license!!!- server will shutdown after 8 hours.- restart:
sudo service cndserver start - check
nmap -p8443 192.168.1.3ornc -zvw3 192.168.1.3 8443 - user:
spaceti - password: ``
- sha512:
E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0
- restart:
curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.1.3:8443/AaaManager/authSession
Colnod Penta server
- Acces through:
penta-masterIP:172.16.4.4 - URL:
192.168.254.11:8443 - Port forwarding:
ssh -L 8443:192.168.254.11:8443 penta-master
curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.254.11:8443/AaaManager/authSession
Insomnia Rest client
It is possible to chain requests: see doc
- use token from login response as an Authorization header
- use id from POST /item in PUT /items/
- use entire body from one response to upload to another
Import workspace
- import: Insomnia file on GitLab
Testing Blueprint API
Snowboard
Necesarry to allow
- Self signed certificate: Stack overflow
- Enable CORS:
- Safari: Develop->Disable cross origin restrictions
snowboard http -c snowboard.yml --playground colnod.apib
Colnod API snowboard documentation
Install snowboard
npm install -g snowboard
Tests made
Changes on colnod are made by Colnod client
Changes on db can be made by sql commands directly or by pgAdmin
- add token to db/colnod (2 tests)
- edit token in db/colnod (2 tests)
- delete token from db/colnod (2 tests)
- add subject to colnod
- edit subject in colnod
- delete subject from colnod
- edit same token on both db/colnod (diffrent time)
First sync expected results
- 2892 tokens updated
- 173 tokens deleted
- 2894 subjects updated
- 117 subjects deleted
Database inicialization
- Token table
-- Table: public.colnod_token
-- DROP TABLE public.colnod_token;
CREATE TABLE public.colnod_token
(
id character(36) COLLATE pg_catalog."default" NOT NULL,
auth_errors integer DEFAULT 255,
description character varying(255) COLLATE pg_catalog."default",
enabled boolean DEFAULT true,
last_update timestamp without time zone DEFAULT '1970-01-01 00:00:00.001'::timestamp without time zone,
name character varying(255) COLLATE pg_catalog."default",
no_validity boolean DEFAULT true,
time_to_live integer DEFAULT 255,
token_bits integer DEFAULT 32,
token_data character varying(255) COLLATE pg_catalog."default",
token_type character varying(255) COLLATE pg_catalog."default" DEFAULT 'Token'::character varying,
subject_id character(36) COLLATE pg_catalog."default",
last_modified timestamp without time zone NOT NULL,
deleted boolean DEFAULT false,
CONSTRAINT colnod_token_pkey PRIMARY KEY (id)
)
WITH (
OIDS = FALSE
)
TABLESPACE pg_default;
ALTER TABLE public.colnod_token
OWNER to postgres;
- Subject table
-- Table: public.colnod_subject
-- DROP TABLE public.colnod_subject;
CREATE TABLE public.colnod_subject
(
id character(36) COLLATE pg_catalog."default" NOT NULL,
description character varying(255) COLLATE pg_catalog."default",
last_update timestamp without time zone NOT NULL,
name character varying(255) COLLATE pg_catalog."default",
pin character varying(255) COLLATE pg_catalog."default",
last_modified timestamp without time zone,
deleted boolean,
CONSTRAINT colnod_subject_pkey PRIMARY KEY (id)
)
WITH (
OIDS = FALSE
)
TABLESPACE pg_default;
ALTER TABLE public.colnod_subject
OWNER to postgres;
- Subject attributes table
-- Table: public.colnod_subject_attribute
-- DROP TABLE public.colnod_subject_attribute;
CREATE TABLE public.colnod_subject_attribute
(
id character varying(255) COLLATE pg_catalog."default" NOT NULL,
attribute_key character varying(255) COLLATE pg_catalog."default",
attribute_value character varying(255) COLLATE pg_catalog."default",
subject_id character(36) COLLATE pg_catalog."default",
CONSTRAINT colnod_subject_attribute_pkey PRIMARY KEY (id)
)
WITH (
OIDS = FALSE
)
TABLESPACE pg_default;
ALTER TABLE public.colnod_subject_attribute
OWNER to postgres;
- Config
-- Table: public.config
-- DROP TABLE public.config;
CREATE TABLE public.config
(
last_sync bigint NOT NULL DEFAULT 0,
CONSTRAINT config_pkey PRIMARY KEY (last_sync)
)
WITH (
OIDS = FALSE
)
TABLESPACE pg_default;
ALTER TABLE public.config
OWNER to postgres;
Possible checks
Bugs and improvments for Colsys
Bugs
- It is possible to add token with token ID (tokenData) which already exists
- No error message, when request data are invalid in login
- getUpdated returns valid data for invalid time (negative)
Improvements
- it would be nice to get response messages on calling enpoints
- setToken -> successful edit/insert
- deleteToken -> successful
Description
Languages
C++
86.8%
Shell
9.4%
QMake
2.4%
API Blueprint
1.4%