#1073 wip

LDO-CERT · May 20, 2024 · dd68e37 · dd68e37
1 parent f4296b2
commit dd68e37
Show file tree

Hide file tree

Showing 24 changed files with 512 additions and 281 deletions.
diff --git a/.envs/.local/.postgres b/.envs/.local/.postgres
@@ -5,3 +5,4 @@ POSTGRES_PORT=5432
 POSTGRES_DB=orochi
 POSTGRES_USER=debug
 POSTGRES_PASSWORD=debug
+DATABASE_URL=postgresql://debug:debug@posgtgres:5432/orochi
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -11,7 +11,7 @@ repos:
       - id: check-yaml
 
   - repo: https://github.com/psf/black
-    rev: 24.3.0
+    rev: 24.4.2
     hooks:
       - id: black
 

diff --git a/compose/local/dask/Dockerfile b/compose/local/dask/Dockerfile
@@ -1,4 +1,4 @@
-FROM daskdev/dask:2024.4.1-py3.12
+FROM daskdev/dask:2024.5.1-py3.12
 ENV DEBIAN_FRONTEND noninteractive
 
 ARG local_folder=/uploads
@@ -47,7 +47,7 @@ RUN python setup.py build \
 # Workers should have similar reqs as django
 WORKDIR /
 COPY ./requirements /requirements
-RUN pip install uv==0.1.29 -e git+https://github.com/volatilityfoundation/volatility3.git@a19dfb57a68cc7efc8926d9f6e7c24e5a2dbab9d#egg=volatility3 \
+RUN pip install uv==0.1.44 -e git+https://github.com/volatilityfoundation/volatility3.git@dc7a3878fa39156d89d567c3e823f1956675f192#egg=volatility3 \
   && uv pip install --no-cache --system -r /requirements/base.txt
 
 COPY ./compose/local/dask/prepare.sh /usr/bin/prepare.sh

diff --git a/compose/local/django/Dockerfile b/compose/local/django/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.12.2-slim-bookworm as common-base
+FROM python:3.12.3-slim-bookworm as common-base
 
 ENV DJANGO_SETTINGS_MODULE config.settings.local
 ENV PYTHONUNBUFFERED 1
@@ -65,7 +65,7 @@ RUN /usr/local/go/bin/go build
 FROM common-base
 WORKDIR /
 COPY ./requirements /requirements
-RUN pip install uv==0.1.29 -e git+https://github.com/volatilityfoundation/volatility3.git@a19dfb57a68cc7efc8926d9f6e7c24e5a2dbab9d#egg=volatility3 \
+RUN pip install uv==0.1.44 -e git+https://github.com/volatilityfoundation/volatility3.git@dc7a3878fa39156d89d567c3e823f1956675f192#egg=volatility3 \
   && uv pip install --no-cache --system -r /requirements/base.txt
 
 COPY ./compose/local/__init__.py /src/volatility3/volatility3/framework/constants/__init__.py

diff --git a/config/settings/base.py b/config/settings/base.py
@@ -91,18 +91,12 @@
 ]
 
 
-if use_ldap := env.bool("USE_LDAP", False):
-    AUTHENTICATION_BACKENDS = [
-        "django_auth_ldap.backend.LDAPBackend"
-        "django.contrib.auth.backends.ModelBackend",
-        "guardian.backends.ObjectPermissionBackend",
-    ]
-else:
-    AUTHENTICATION_BACKENDS = [
-        "django.contrib.auth.backends.ModelBackend",
-        "allauth.account.auth_backends.AuthenticationBackend",
-        "guardian.backends.ObjectPermissionBackend",
-    ]
+AUTHENTICATION_BACKENDS = [
+    "django_auth_ldap.backend.LDAPBackend",
+    "django.contrib.auth.backends.ModelBackend",
+    "guardian.backends.ObjectPermissionBackend",
+    "allauth.account.auth_backends.AuthenticationBackend",
+]
 
 AUTH_USER_MODEL = "users.User"
 LOGIN_REDIRECT_URL = "users:redirect"
@@ -244,15 +238,16 @@
     "root": {"level": DEBUG_LEVEL, "handlers": ["console"]},
     "loggers": {
         "distributed": {"level": DEBUG_LEVEL, "handlers": ["console"]},
+        "django_auth_ldap": {"level": DEBUG_LEVEL, "handlers": ["console"]},
     },
 }
 
 # django-allauth
 # ------------------------------------------------------------------------------
 ACCOUNT_ALLOW_REGISTRATION = env.bool("DJANGO_ACCOUNT_ALLOW_REGISTRATION", True)
 ACCOUNT_AUTHENTICATION_METHOD = "username"
-ACCOUNT_EMAIL_REQUIRED = True
-ACCOUNT_EMAIL_VERIFICATION = "mandatory"
+ACCOUNT_EMAIL_REQUIRED = False
+ACCOUNT_EMAIL_VERIFICATION = "optional"
 ACCOUNT_ADAPTER = "orochi.users.adapters.AccountAdapter"
 SOCIALACCOUNT_ADAPTER = "orochi.users.adapters.SocialAccountAdapter"
 
@@ -281,16 +276,15 @@
 
 # LDAP
 # ------------------------------------------------------------------------------
-if use_ldap:
-    AUTH_LDAP_SERVER_URI = env("AUTH_LDAP_SERVER_URI")
-    AUTH_LDAP_BIND_DN = env("AUTH_LDAP_BIND_DN")
-    AUTH_LDAP_BIND_PASSWORD = env("AUTH_LDAP_BIND_PASSWORD")
-    AUTH_LDAP_USER_SEARCH = LDAPSearch(
-        env("AUTH_LDAP_USER_SEARCH_DN"),
-        ldap.SCOPE_SUBTREE,
-        env("AUTH_LDAP_USER_SEARCH_ALIAS"),
-    )
-    AUTH_LDAP_USER_ATTR_MAP = env.dict("AUTH_LDAP_USER_ATTR_MAP")
+AUTH_LDAP_SERVER_URI = env("AUTH_LDAP_SERVER_URI")
+AUTH_LDAP_BIND_DN = env("AUTH_LDAP_BIND_DN")
+AUTH_LDAP_BIND_PASSWORD = env("AUTH_LDAP_BIND_PASSWORD")
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    env("AUTH_LDAP_USER_SEARCH_DN"),
+    ldap.SCOPE_SUBTREE,
+    env("AUTH_LDAP_USER_SEARCH_ALIAS"),
+)
+AUTH_LDAP_USER_ATTR_MAP = env.dict("AUTH_LDAP_USER_ATTR_MAP")
 
 # django-cors-headers - https://github.com/adamchainz/django-cors-headers#setup
 CORS_URLS_REGEX = r"^/api/.*$"

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -121,7 +121,7 @@ services:
       - "6379:6379"
 
   es01:
-    image: elasticsearch:8.9.0
+    image: elasticsearch:8.13.0
     container_name: orochi_es01
     environment:
       - discovery.type=single-node
@@ -144,7 +144,7 @@ services:
       - 9200:9200
 
   kib01:
-    image: kibana:8.9.0
+    image: kibana:8.13.0
     container_name: orochi_kib01
     ports:
       - 5601:5601

diff --git a/orochi/api/api.py b/orochi/api/api.py
@@ -15,4 +15,4 @@
 api.add_router("/dumps/", dumps_router, tags=["Dumps"])
 api.add_router("/plugins/", plugins_router, tags=["Plugins"])
 api.add_router("/utils/", utils_router, tags=["Utils"])
-api.add_router("/bookmars/", bookmarks_router, tags=["Bookmars"])
+api.add_router("/bookmarks/", bookmarks_router, tags=["Bookmarks"])
diff --git a/orochi/api/models.py b/orochi/api/models.py
@@ -6,7 +6,7 @@
 from ninja.orm import create_schema
 
 from orochi.website.defaults import OSEnum
-from orochi.website.models import Bookmark, Dump, Folder, Plugin, Result
+from orochi.website.models import Bookmark, Dump, Folder, Plugin
 
 ###################################################
 # Auth
@@ -210,10 +210,26 @@ class ResultSmallOutSchema(Schema):
 ###################################################
 # Bookmarks
 ###################################################
+class BookmarksEditInSchema(ModelSchema):
+
+    class Meta:
+        model = Bookmark
+        fields = ["name", "icon", "query"]
+
+
 class BookmarksSchema(ModelSchema):
     user: UserOutSchema = None
     indexes: List[DumpSchema] = []
 
     class Meta:
         model = Bookmark
         fields = ["id", "name", "icon", "star", "query"]
+
+
+class BookmarksInSchema(Schema):
+    selected_indexes: str = None
+    name: str = None
+    star: bool = False
+    icon: str = None
+    selected_plugin: str = None
+    query: Optional[str] = None
diff --git a/orochi/api/routers/bookmarks.py b/orochi/api/routers/bookmarks.py
@@ -1,15 +1,78 @@
 from typing import List
 
+import django
+import psycopg2
 from django.shortcuts import get_object_or_404
+from guardian.shortcuts import get_objects_for_user
 from ninja import Router
 from ninja.security import django_auth
 
-from orochi.api.models import BookmarksSchema, ErrorsOut, SuccessResponse
-from orochi.website.models import Bookmark
+from orochi.api.models import (
+    BookmarksEditInSchema,
+    BookmarksInSchema,
+    BookmarksSchema,
+    ErrorsOut,
+    SuccessResponse,
+)
+from orochi.website.models import Bookmark, Dump, Plugin
 
 router = Router()
 
 
+@router.post(
+    "/",
+    auth=django_auth,
+    response={201: BookmarksSchema, 400: ErrorsOut},
+    url_name="create_bookmark",
+)
+def create_bookmarks(request, bookmarks_in: BookmarksInSchema):
+    """
+    Create bookmarks for the user.
+
+    Args:
+        request: The request object.
+        bookmarks_in: Input data for creating bookmarks.
+
+    Returns:
+        Tuple[int, Bookmark]: A tuple containing the status code and the created bookmark.
+
+    Raises:
+        400: If an exception occurs during the bookmark creation process.
+    """
+    try:
+        indexes = []
+        ok_indexes = list(
+            get_objects_for_user(request.user, "website.can_see").values_list(
+                "index", flat=True
+            )
+        )
+        for index_id in bookmarks_in.selected_indexes.split(","):
+            index_id = str(index_id)
+            if index_id not in ok_indexes:
+                continue
+            index = get_object_or_404(Dump, index=index_id)
+            indexes.append(index)
+        if indexes:
+            plugin = get_object_or_404(Plugin, name=bookmarks_in.selected_plugin)
+            bookmark = Bookmark.objects.create(
+                user=request.user,
+                plugin=plugin,
+                star=bookmarks_in.star,
+                icon=bookmarks_in.icon,
+                name=bookmarks_in.name,
+                query=bookmarks_in.query,
+            )
+            bookmark.save()
+            for index in indexes:
+                bookmark.indexes.add(index)
+            return 201, bookmark
+        return 400, {"errors": "No valid indexes selected"}
+    except (psycopg2.errors.UniqueViolation, django.db.utils.IntegrityError):
+        return 400, {"errors": "Bookmark name already used"}
+    except Exception as excp:
+        return 400, {"errors": str(excp)}
+
+
 @router.get("/", auth=django_auth, response=List[BookmarksSchema])
 def list_bookmarks(request):
     """
@@ -21,6 +84,64 @@ def list_bookmarks(request):
     return Bookmark.objects.filter(user=request.user)
 
 
+@router.get(
+    "/{int:id}",
+    auth=django_auth,
+    response={200: BookmarksSchema, 400: ErrorsOut},
+    url_name="get_bookmark",
+)
+def get_bookmark(request, id: int):
+    """
+    Retrieves a bookmark by its ID.
+
+    Args:
+        request: The request object.
+        id: The ID of the bookmark to retrieve.
+
+    Returns:
+        dict: A dictionary containing the bookmark data.
+
+    Raises:
+        400: If an exception occurs during the process.
+    """
+    try:
+        bookmark = get_object_or_404(Bookmark, pk=id, user=request.user)
+        return 200, bookmark
+    except Exception as excp:
+        return 400, {"errors": str(excp)}
+
+
+@router.patch(
+    "/{int:id}",
+    response={201: BookmarksSchema, 400: ErrorsOut},
+    auth=django_auth,
+    url_name="edit_bookmark",
+)
+def edit_bookmark(request, id: int, data: BookmarksEditInSchema):
+    """
+    Edit bookmark.
+
+    Args:
+        request: The request object.
+        id: The ID of the bookmark to edit.
+        data: Input data for editing bookmarks.
+
+    Returns:
+        Bookmark: The edited bookmark object.
+
+    Raises:
+        400: If an exception occurs during the process.
+    """
+    try:
+        bookmark = get_object_or_404(Bookmark, pk=id, user=request.user)
+        for attr, value in data.dict(exclude_unset=True).items():
+            setattr(bookmark, attr, value)
+        bookmark.save()
+        return 201, bookmark
+    except Exception as excp:
+        return 400, {"errors": str(excp)}
+
+
 @router.delete(
     "/{int:id}",
     auth=django_auth,

diff --git a/orochi/static/README.txt b/orochi/static/README.txt
@@ -41,7 +41,7 @@
 
 # Keyrune [MTG icons]
 --> https://github.com/andrewgioia/keyrune
---> version 3.12.2
+--> version 3.14.0
 
 # Marked [Changelog with MD]
 --> https://github.com/markedjs/marked

diff --git a/orochi/static/fonts/keyrune.ttf b/orochi/static/fonts/keyrune.ttf
diff --git a/orochi/static/fonts/keyrune.woff b/orochi/static/fonts/keyrune.woff
diff --git a/orochi/static/fonts/keyrune.woff2 b/orochi/static/fonts/keyrune.woff2
diff --git a/orochi/templates/users/user_bookmarks.html b/orochi/templates/users/user_bookmarks.html
@@ -105,34 +105,45 @@
     $(document).on("submit", "#edit-bookmark", function (e) {
       e.preventDefault();
       var form = $(this);
+
+      let formData = form.serializeArray();
+      let obj = {};
+      formData.forEach(item => {
+        if (item.name != 'csrfmiddlewaretoken') {
+          obj[item.name] = item.value;
+        }
+      });
+      $.ajaxSetup({
+        headers: { 'X-CSRFToken': $('input[name="csrfmiddlewaretoken"]').val() }
+      });
+
       $.ajax({
         url: form.attr("action"),
-        data: form.serialize(),
-        type: form.attr("method"),
+        data: JSON.stringify(obj),
+        type: 'PATCH',
         dataType: 'json',
         success: function (data) {
-          if (data.form_is_valid) {
-            $("#modal-update").modal('hide');
-            var d = table.row(row).data();
-            d[0] = `<i class="ss ss-rna ${data.data.icon} ss-foil ss-grad ss-3x"></i>`;
-            d[1] = data.data.name;
-            d[4] = data.data.query;
-            table.row(row).data(d).draw();
-            $.toast({
-              title: 'Bookmark status!',
-              content: 'Bookmark updated.',
-              type: 'success',
-              delay: 5000
-            });
-          } else {
-            $("#modal-update .modal-content").html(data.html_form);
-            $.toast({
-              title: 'Bookmark status!',
-              content: 'Error during submission.',
-              type: 'error',
-              delay: 5000
-            });
-          }
+          var d = table.row(row).data();
+          d[0] = `<i class="ss ss-rna ${data.icon} ss-foil ss-grad ss-3x"></i>`;
+          d[1] = data.name;
+          d[4] = data.query;
+          table.row(row).data(d).draw();
+          $.toast({
+            title: 'Bookmark status!',
+            content: 'Bookmark updated.',
+            type: 'success',
+            delay: 5000
+          });
+          $("#modal-update").modal('hide');
+        },
+        error: function () {
+          $.toast({
+            title: 'Bookmark status!',
+            content: 'Error during submission.',
+            type: 'error',
+            delay: 5000
+          });
+          $("#modal-update").modal('hide');
         }
       });
     });