# colnod-connector Acces Management System of Colsys: [Product info](http://produkty.colsys.cz/colnod/) ## TODO - [x] Dry Run Mode (0.1v) - [x] Logs (0.1v) - Timestamp - Id of record - Destination - Report - Token `action` to `subject_id` - Sbject `action` - `action` - updated, deleted, added - [x] App output (0.1v) - To Colnod - Number of tokens added/deleted/updated - To DB - Number of subjects added/deleted/updated - Number of tokens added/deleted/updated ## Requirements - QPSQL driver must be installed (PostgreSQL) - running on Qt 5.9 ### Qt 5 ``` sudo apt-get install -y build-essential sudo apt-get install -y qt5-default ``` ### PostgreSQL ( devel libs ) ``` sudo apt-get install -y libpq-dev sudo apt install libqt5sql5-psql # psql driver for Qt ``` ## Endpoints - POST `/AaaManager/authSession` - Header: Authorization: Basic =4589022lj3..... - password: spaceti1 -> sha512 `echo spaceti1 | sha512sum` ```bash E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0 ``` - body: ```json { "password": "E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0", "username": "spaceti" } ``` 1. POST request - `/SubjectManager/getSubjects` - get subjects 2. POST request - `/SubjectManager/getSubjectsUpdated` - get tokens updated after `time` 3. POST request - `/SubjectManager/getSubjectsDeleted` - get tokens deleted after `time` 4. POST request - `/TokenManager/getTokens` - get tokens 5. POST request - `/TokenManager/getTokensUpdated` - get tokens updated after `time` 6. POST request - `/TokenManager/getTokensDeleted` - get tokens deleted after `time` 7. POST request - `/TokenManager/setTokens` - set tokens defined as `JSON` 8. POST request - `/TokenManager/deleteTokens` - delete tokens define as `JSON2` 9. POST request - `/AccessManager/getAccessGroups` - get access groups 10. POST request - `/AccessManager/getAccessGroupsUpdated` 11. POST request - `/AccessManager/getAccessGroupsDeleted` 12. POST request - `/AccessManager/getAccessGroupMembership` 13. POST request - `/AccessManager/getAccessGroupMembershipUpdated` 14. POST request - `/AccessManager/getAccessGroupMembershipDeleted` - `time` = epoch time im miliseconds ```time { "timestamp": 1568646217767 } ``` - `JSON` ```json { "items": [ { "id": "cf5cb80e-e6dd-45db-8edd-c9655447821c", "name": "Testovaci pokus", "description": "mobile", "tokenType": "Token", "tokenBits}": 32, "tokenData": "7B9D31", "timeToLive": 255, "authErrors": 255, "flags": [ "Enabled", "NoValidity" ], "subjectId": "72b37f7e-5761-4e6c-8e87-20c0bed0d904" } ] } ``` - `JSON2` ```json2 { "items": [ "7272bcf6-b5ad-46dd-99a9-0c56faddf14c" ] } ``` ## RestAPI definitions - `openapi.yaml` ( editor `VSCode` with `Swagger Viewer` extension - ⌘+⇧+P `Preview Swagger` ) ## Colnod Test server [Colnod server: confluence](https://spaceti.atlassian.net/wiki/spaces/IN/pages/97320961/Colsys+-+Colnod) - URL: `192.168.1.3:8843` - `!!! No license!!!` - server will shutdown after 8 hours. - restart: `sudo service cndserver start` - check `nmap -p8443 192.168.1.3` or `nc -zvw3 192.168.1.3 8443` - user: `spaceti` - password: `` - sha512: `E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0` ```bash curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.1.3:8443/AaaManager/authSession ``` ## Colnod Penta server - Acces through: `penta-master` IP: `172.16.4.4` - URL: `192.168.254.11:8443` - Port forwarding: `ssh -L 8443:192.168.254.11:8443 penta-master` ```bash curl -k --user "spaceti:E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0" -d '{"password":"E7FEA07DBC82FB9BA34B2E453E2EFE89F0583E7187543507EF11E84726071FE428445372F2E46B455EB0C79747C51E362F403CE39473A2A8C2DFA0CE5C9826C0","username":"spaceti"}' -H "Content-Type: application/json" https://192.168.254.11:8443/AaaManager/authSession ``` ## Insomnia Rest client [Insomnia Rest](https://insomnia.rest/) It is possible to chain requests: [see doc](https://support.insomnia.rest/article/43-chaining-requests) - use token from login response as an Authorization header - use id from POST /item in PUT /items/ - use entire body from one response to upload to another ### Import workspace - import: [Insomnia file on GitLab](https://gitlab.com/spaceti-app/integrations/acs/colnod-connector/blob/master/Insomnia_2019-10-15.yaml) ## Testing Blueprint API ### Snowboard #### Necesarry to allow - Self signed certificate: [Stack overflow](https://superuser.com/a/1235250) - Enable CORS: - Safari: Develop->Disable cross origin restrictions `snowboard http -c snowboard.yml --playground colnod.apib` [Colnod API snowboard documentation](http://localhost:8088) #### Install snowboard `npm install -g snowboard`