"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.registerResponseActionRoutes = registerResponseActionRoutes; var _endpoint = require("../../../../common/api/endpoint"); var _constants = require("../../../../common/endpoint/constants"); var _with_endpoint_authz = require("../with_endpoint_authz"); var _file_upload_handler = require("./file_upload_handler"); var _update_cases = require("../../services/actions/create/update_cases"); /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ function registerResponseActionRoutes(router, endpointContext) { const logger = endpointContext.logFactory.get('hostIsolation'); /** * @deprecated use ISOLATE_HOST_ROUTE_V2 instead */ router.versioned.post({ access: 'public', path: _constants.ISOLATE_HOST_ROUTE, options: { authRequired: true, tags: ['access:securitySolution'] } }).addVersion({ version: '2023-10-31', validate: { request: _endpoint.IsolateRouteRequestSchema } }, (0, _with_endpoint_authz.withEndpointAuthz)({ all: ['canIsolateHost'] }, logger, redirectHandler(_constants.ISOLATE_HOST_ROUTE_V2))); /** * @deprecated use RELEASE_HOST_ROUTE instead */ router.versioned.post({ access: 'public', path: _constants.UNISOLATE_HOST_ROUTE, options: { authRequired: true, tags: ['access:securitySolution'] } }).addVersion({ version: '2023-10-31', validate: { request: _endpoint.UnisolateRouteRequestSchema } }, (0, _with_endpoint_authz.withEndpointAuthz)({ all: ['canUnIsolateHost'] }, logger, redirectHandler(_constants.UNISOLATE_HOST_ROUTE_V2))); router.versioned.post({ access: 'public', path: _constants.ISOLATE_HOST_ROUTE_V2, options: { authRequired: true, tags: ['access:securitySolution'] } }).addVersion({ version: '2023-10-31', validate: { request: _endpoint.IsolateRouteRequestSchema } }, (0, _with_endpoint_authz.withEndpointAuthz)({ all: ['canIsolateHost'] }, logger, responseActionRequestHandler(endpointContext, 'isolate'))); router.versioned.post({ access: 'public', path: _constants.UNISOLATE_HOST_ROUTE_V2, options: { authRequired: true, tags: ['access:securitySolution'] } }).addVersion({ version: '2023-10-31', validate: { request: _endpoint.UnisolateRouteRequestSchema } }, (0, _with_endpoint_authz.withEndpointAuthz)({ all: ['canUnIsolateHost'] }, logger, responseActionRequestHandler(endpointContext, 'unisolate'))); router.versioned.post({ access: 'public', path: _constants.KILL_PROCESS_ROUTE, options: { authRequired: true, tags: ['access:securitySolution'] } }).addVersion({ version: '2023-10-31', validate: { request: _endpoint.KillProcessRouteRequestSchema } }, (0, _with_endpoint_authz.withEndpointAuthz)({ all: ['canKillProcess'] }, logger, responseActionRequestHandler(endpointContext, 'kill-process'))); router.versioned.post({ access: 'public', path: _constants.SUSPEND_PROCESS_ROUTE, options: { authRequired: true, tags: ['access:securitySolution'] } }).addVersion({ version: '2023-10-31', validate: { request: _endpoint.SuspendProcessRouteRequestSchema } }, (0, _with_endpoint_authz.withEndpointAuthz)({ all: ['canSuspendProcess'] }, logger, responseActionRequestHandler(endpointContext, 'suspend-process'))); router.versioned.post({ access: 'public', path: _constants.GET_PROCESSES_ROUTE, options: { authRequired: true, tags: ['access:securitySolution'] } }).addVersion({ version: '2023-10-31', validate: { request: _endpoint.GetProcessesRouteRequestSchema } }, (0, _with_endpoint_authz.withEndpointAuthz)({ all: ['canGetRunningProcesses'] }, logger, responseActionRequestHandler(endpointContext, 'running-processes'))); router.versioned.post({ access: 'public', path: _constants.GET_FILE_ROUTE, options: { authRequired: true, tags: ['access:securitySolution'] } }).addVersion({ version: '2023-10-31', validate: { request: _endpoint.EndpointActionGetFileSchema } }, (0, _with_endpoint_authz.withEndpointAuthz)({ all: ['canWriteFileOperations'] }, logger, responseActionRequestHandler(endpointContext, 'get-file'))); router.versioned.post({ access: 'public', path: _constants.EXECUTE_ROUTE, options: { authRequired: true, tags: ['access:securitySolution'] } }).addVersion({ version: '2023-10-31', validate: { request: _endpoint.ExecuteActionRequestSchema } }, (0, _with_endpoint_authz.withEndpointAuthz)({ all: ['canWriteExecuteOperations'] }, logger, responseActionRequestHandler(endpointContext, 'execute'))); (0, _file_upload_handler.registerActionFileUploadRoute)(router, endpointContext); } function responseActionRequestHandler(endpointContext, command) { return async (context, req, res) => { var _endpointContext$serv; const user = (_endpointContext$serv = endpointContext.service.security) === null || _endpointContext$serv === void 0 ? void 0 : _endpointContext$serv.authc.getCurrentUser(req); const esClient = (await context.core).elasticsearch.client.asInternalUser; let action; try { const createActionPayload = { ...req.body, command, user }; const endpointData = await endpointContext.service.getEndpointMetadataService().getMetadataForEndpoints(esClient, [...new Set(createActionPayload.endpoint_ids)]); const agentIds = endpointData.map(endpoint => endpoint.elastic.agent.id); action = await endpointContext.service.getActionCreateService().createAction(createActionPayload, agentIds); // update cases const casesClient = await endpointContext.service.getCasesClient(req); await (0, _update_cases.updateCases)({ casesClient, createActionPayload, endpointData }); } catch (err) { return res.customError({ statusCode: 500, body: err }); } const { action: actionId, ...data } = action; return res.ok({ body: { action: actionId, data } }); }; } function redirectHandler(location) { return async (context, _req, res) => { const basePath = (await context.securitySolution).getServerBasePath(); return res.custom({ statusCode: 308, headers: { location: `${basePath}${location}` } }); }; }