1 /* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
2 
3 #include "remote/infohandler.hpp"
4 #include "remote/httputility.hpp"
5 #include "base/application.hpp"
6 
7 using namespace icinga;
8 
9 REGISTER_URLHANDLER("/", InfoHandler);
10 
HandleRequest(AsioTlsStream & stream,const ApiUser::Ptr & user,boost::beast::http::request<boost::beast::http::string_body> & request,const Url::Ptr & url,boost::beast::http::response<boost::beast::http::string_body> & response,const Dictionary::Ptr & params,boost::asio::yield_context & yc,HttpServerConnection & server)11 bool InfoHandler::HandleRequest(
12 	AsioTlsStream& stream,
13 	const ApiUser::Ptr& user,
14 	boost::beast::http::request<boost::beast::http::string_body>& request,
15 	const Url::Ptr& url,
16 	boost::beast::http::response<boost::beast::http::string_body>& response,
17 	const Dictionary::Ptr& params,
18 	boost::asio::yield_context& yc,
19 	HttpServerConnection& server
20 )
21 {
22 	namespace http = boost::beast::http;
23 
24 	if (url->GetPath().size() > 2)
25 		return false;
26 
27 	if (request.method() != http::verb::get)
28 		return false;
29 
30 	if (url->GetPath().empty()) {
31 		response.result(http::status::found);
32 		response.set(http::field::location, "/v1");
33 		return true;
34 	}
35 
36 	if (url->GetPath()[0] != "v1" || url->GetPath().size() != 1)
37 		return false;
38 
39 	response.result(http::status::ok);
40 
41 	std::vector<String> permInfo;
42 	Array::Ptr permissions = user->GetPermissions();
43 
44 	if (permissions) {
45 		ObjectLock olock(permissions);
46 		for (const Value& permission : permissions) {
47 			String name;
48 			bool hasFilter = false;
49 			if (permission.IsObjectType<Dictionary>()) {
50 				Dictionary::Ptr dpermission = permission;
51 				name = dpermission->Get("permission");
52 				hasFilter = dpermission->Contains("filter");
53 			} else
54 				name = permission;
55 
56 			if (hasFilter)
57 				name += " (filtered)";
58 
59 			permInfo.emplace_back(std::move(name));
60 		}
61 	}
62 
63 	if (request[http::field::accept] == "application/json") {
64 		Dictionary::Ptr result1 = new Dictionary({
65 			{ "user", user->GetName() },
66 			{ "permissions", Array::FromVector(permInfo) },
67 			{ "version", Application::GetAppVersion() },
68 			{ "info", "More information about API requests is available in the documentation at https://icinga.com/docs/icinga2/latest/" }
69 		});
70 
71 		Dictionary::Ptr result = new Dictionary({
72 			{ "results", new Array({ result1 }) }
73 		});
74 
75 		HttpUtility::SendJsonBody(response, params, result);
76 	} else {
77 		response.set(http::field::content_type, "text/html");
78 
79 		String body = "<html><head><title>Icinga 2</title></head><h1>Hello from Icinga 2 (Version: " + Application::GetAppVersion() + ")!</h1>";
80 		body += "<p>You are authenticated as <b>" + user->GetName() + "</b>. ";
81 
82 		if (!permInfo.empty()) {
83 			body += "Your user has the following permissions:</p> <ul>";
84 
85 			for (const String& perm : permInfo) {
86 				body += "<li>" + perm + "</li>";
87 			}
88 
89 			body += "</ul>";
90 		} else
91 			body += "Your user does not have any permissions.</p>";
92 
93 		body += R"(<p>More information about API requests is available in the <a href="https://icinga.com/docs/icinga2/latest/" target="_blank">documentation</a>.</p></html>)";
94 		response.body() = body;
95 		response.content_length(response.body().size());
96 	}
97 
98 	return true;
99 }
100 
101