knacky/mimic-big
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
12d131c82693cbb3bed54fb655a33a5af7003563
mimic-big/backend/src/mimic/api/hosts.py

77 lines
2.5 KiB
Python
Raw Normal View History

feat(backend): add Flask app factory, audit writer, flat CRUD + CLI (B0.7) - Flask app factory wires SQLAlchemy / Migrate / Login / SocketIO and registers every blueprint. /healthz smoke endpoint included. - Pydantic 2 DTOs (request/response) for engagement / host / TTP / scenario aggregates with from_attributes=True conversion. - Flat CRUD blueprints under /api/v1/: * engagements (list / create / get / put / delete-as-archive) * hosts (engagement-scoped CRUD) * library/ttps (CRUD; promote requires the lead-only TTP_PROMOTE) * scenarios + steps (F3 invariant enforced: host.c2_type must match scenario.c2_type at compose time, 400 otherwise). - @require_perm guards every endpoint per the F11 matrix. - audit/ writer is hash-chained from v1 (SHA-256 of canonical record plus previous hash). The SQL-level write-only role enforcement ships in the deploy playbook (idempotent grants run at migration time). - mimic-cli (click): user create (seeds RT operator/lead with group membership), db dump / db restore (manual pg_dump/pg_restore, R-O1). No orchestrator, no WebSocket, no report generation — those land after PR1/PR2/PR3.
2026-05-21 20:33:45 +02:00
"""Host CRUD endpoints (scoped under an engagement)."""
from __future__ import annotations
from flask import Blueprint, abort, jsonify
from sqlalchemy import select
from mimic.api._helpers import jsonify_model, parse_body, parse_uuid
from mimic.db.models import Engagement, Host
from mimic.db.types import HostStatus
from mimic.extensions import db
from mimic.rbac import Permission, require_perm
from mimic.schemas import HostCreate, HostRead, HostUpdate
bp = Blueprint("hosts", __name__)
def _engagement_or_404(eid: str) -> Engagement:
engagement = db.session.get(Engagement, parse_uuid(eid, field="engagement id"))
if engagement is None:
abort(404)
return engagement
@bp.get("/engagements/<eid>/hosts")
@require_perm(Permission.HOST_CRUD)
def list_hosts(eid: str):
engagement = _engagement_or_404(eid)
stmt = select(Host).where(Host.engagement_id == engagement.id).order_by(Host.hostname)
rows = db.session.execute(stmt).scalars().all()
return jsonify([HostRead.model_validate(row).model_dump(mode="json") for row in rows])
@bp.post("/engagements/<eid>/hosts")
@require_perm(Permission.HOST_CRUD)
def create_host(eid: str):
engagement = _engagement_or_404(eid)
payload = parse_body(HostCreate)
host = Host(
engagement_id=engagement.id,
hostname=payload.hostname,
ip=payload.ip,
os=payload.os,
c2_session_id=payload.c2_session_id,
c2_type=payload.c2_type,
status=HostStatus.UNKNOWN,
)
db.session.add(host)
db.session.commit()
return jsonify_model(HostRead.model_validate(host), status=201)
@bp.put("/engagements/<eid>/hosts/<hid>")
@require_perm(Permission.HOST_CRUD)
def update_host(eid: str, hid: str):
engagement = _engagement_or_404(eid)
host = db.session.get(Host, parse_uuid(hid, field="host id"))
if host is None or host.engagement_id != engagement.id:
abort(404)
payload = parse_body(HostUpdate)
for field, value in payload.model_dump(exclude_unset=True).items():
setattr(host, field, value)
db.session.commit()
return jsonify_model(HostRead.model_validate(host))
@bp.delete("/engagements/<eid>/hosts/<hid>")
@require_perm(Permission.HOST_CRUD)
def delete_host(eid: str, hid: str):
engagement = _engagement_or_404(eid)
host = db.session.get(Host, parse_uuid(hid, field="host id"))
if host is None or host.engagement_id != engagement.id:
abort(404)
db.session.delete(host)
db.session.commit()
return "", 204
Reference in New Issue Copy Permalink