knacky/mimic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: sprint 1 — auth + CRUD engagements

Browse Source 
Ship the first feature end-to-end on the UI: users log in with JWT,
admins manage user accounts, and any authenticated user (per RBAC)
can create, list, view, edit, and delete engagements.

Backend (Flask + SQLAlchemy + SQLite, 63 pytest)
- User / Engagement models, Alembic 0001 initial schema
- argon2 password hashing, JWT bearer (60-min TTL), @login_required
  and @role_required decorators
- 13 API endpoints under /api/*, including last-admin protection on
  DELETE/PATCH user and JSON 404 on unknown /api/* paths
- `flask create-admin` CLI with duplicate / short-password handling

Frontend (React + Vite + Tailwind + TanStack Query, 20 vitest)
- Inter font bundled locally (no CDN), DESIGN.md tokens in Tailwind
- LoginPage / EngagementsList / EngagementForm / EngagementDetail /
  UsersAdmin pages with role-aware UI
- Layout, ProtectedRoute, StatusBadge, FormField, LoadingState,
  ErrorState, EmptyState, Toast + provider
- Axios client: Bearer interceptor, 401 → purge + /login + "Session
  expirée" toast, 403 → "Accès refusé" toast (declarative <Navigate>
  for already-authed users, Fragment-keyed admin user rows)

Deployment
- Single multistage Dockerfile (node:20-alpine → python:3.12-slim)
- docker/entrypoint.sh runs `flask db upgrade` before `flask run`
- Makefile: build/start/stop/restart/update/logs/create-admin/
  update-mitre/test-{backend,frontend,e2e}/clean
- .env.example documenting MIMIC_JWT_SECRET / MIMIC_DB_PATH / MIMIC_PORT
- SQLite at /data/mimic.sqlite on named volume mimic-data

Acceptance suite (Playwright, 36 tests, all 27 ACs)
- e2e/ scaffold with playwright.config + auth/api fixtures
- One spec per user story (us1-bootstrap through us6-deployment)
- Portable via MIMIC_CONTAINER_CMD / MIMIC_BASE_URL (docker or podman)

Docs
- README.md with quick-start and architecture overview
- CHANGELOG.md updated with Sprint 1 deliverables
- pyrightconfig.json so the Python LSP sees backend/.venv and
  resolves the `backend.app.*` absolute imports

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Knacky
2026-05-26 09:37:53 +02:00
parent be266d4879
commit 5104f7c429
95 changed files with 13801 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
frontend/src/api/auth.ts Normal file
View File

@@ -0,0 +1,16 @@
import { apiClient } from './client';
import type { LoginResponse, User } from './types';
export async function login(username: string, password: string): Promise<LoginResponse> {
const { data } = await apiClient.post<LoginResponse>('/auth/login', { username, password });
return data;
}
export async function logout(): Promise<void> {
await apiClient.post('/auth/logout');
}
export async function fetchMe(): Promise<User> {
const { data } = await apiClient.get<User>('/auth/me');
return data;
}

69
frontend/src/api/client.ts Normal file
View File

@@ -0,0 +1,69 @@
import axios, { AxiosError } from 'axios';
const TOKEN_STORAGE_KEY = 'mimic.token';
let memoryToken: string | null = null;
export function setToken(token: string | null): void {
memoryToken = token;
if (token) {
localStorage.setItem(TOKEN_STORAGE_KEY, token);
} else {
localStorage.removeItem(TOKEN_STORAGE_KEY);
}
}
export function getToken(): string | null {
if (memoryToken) return memoryToken;
memoryToken = localStorage.getItem(TOKEN_STORAGE_KEY);
return memoryToken;
}
/**
* Callbacks the auth/toast layer registers so the interceptor can react
* to 401 (purge + redirect to /login + toast).
*/
type UnauthorizedHandler = () => void;
let onUnauthorized: UnauthorizedHandler | null = null;
export function registerUnauthorizedHandler(handler: UnauthorizedHandler): void {
onUnauthorized = handler;
}
export const apiClient = axios.create({
baseURL: '/api',
headers: { 'Content-Type': 'application/json' },
});
apiClient.interceptors.request.use((config) => {
const token = getToken();
if (token) {
config.headers.Authorization = `Bearer ${token}`;
}
return config;
});
apiClient.interceptors.response.use(
(response) => response,
(error: AxiosError) => {
if (error.response?.status === 401) {
setToken(null);
onUnauthorized?.();
}
return Promise.reject(error);
},
);
/**
* Extract a user-facing message from a thrown axios error.
* Backend uses {error: "<message>"} shape.
*/
export function extractApiError(err: unknown, fallback = 'Une erreur est survenue'): string {
if (axios.isAxiosError(err)) {
const data = err.response?.data as { error?: string } | undefined;
if (data?.error) return data.error;
if (err.message) return err.message;
}
if (err instanceof Error) return err.message;
return fallback;
}

29
frontend/src/api/engagements.ts Normal file
View File

@@ -0,0 +1,29 @@
import { apiClient } from './client';
import type { Engagement, EngagementInput } from './types';
export async function listEngagements(): Promise<Engagement[]> {
const { data } = await apiClient.get<Engagement[]>('/engagements');
return data;
}
export async function fetchEngagement(id: number): Promise<Engagement> {
const { data } = await apiClient.get<Engagement>(`/engagements/${id}`);
return data;
}
export async function createEngagement(input: EngagementInput): Promise<Engagement> {
const { data } = await apiClient.post<Engagement>('/engagements', input);
return data;
}
export async function patchEngagement(
id: number,
input: Partial<EngagementInput>,
): Promise<Engagement> {
const { data } = await apiClient.patch<Engagement>(`/engagements/${id}`, input);
return data;
}
export async function deleteEngagement(id: number): Promise<void> {
await apiClient.delete(`/engagements/${id}`);
}

54
frontend/src/api/types.ts Normal file
View File

@@ -0,0 +1,54 @@
export type Role = 'admin' | 'redteam' | 'soc';
export type EngagementStatus = 'planned' | 'active' | 'closed';
export interface User {
id: number;
username: string;
role: Role;
created_at: string;
}
export interface LoginResponse {
access_token: string;
user: Pick<User, 'id' | 'username' | 'role'>;
}
export interface EngagementCreatedBy {
id: number;
username: string;
}
export interface Engagement {
id: number;
name: string;
description: string | null;
start_date: string;
end_date: string | null;
status: EngagementStatus;
created_at: string;
created_by: EngagementCreatedBy;
}
export interface EngagementInput {
name: string;
description?: string;
start_date: string;
end_date?: string | null;
status?: EngagementStatus;
}
export interface UserCreateInput {
username: string;
password: string;
role: Role;
}
export interface UserPatchInput {
role?: Role;
password?: string;
}
export interface ApiError {
error: string;
}

21
frontend/src/api/users.ts Normal file
View File

@@ -0,0 +1,21 @@
import { apiClient } from './client';
import type { User, UserCreateInput, UserPatchInput } from './types';
export async function listUsers(): Promise<User[]> {
const { data } = await apiClient.get<User[]>('/users');
return data;
}
export async function createUser(input: UserCreateInput): Promise<User> {
const { data } = await apiClient.post<User>('/users', input);
return data;
}
export async function patchUser(id: number, input: UserPatchInput): Promise<User> {
const { data } = await apiClient.patch<User>(`/users/${id}`, input);
return data;
}
export async function deleteUser(id: number): Promise<void> {
await apiClient.delete(`/users/${id}`);
}