From 147fd4eb7a76d387a4c23bcac399971b8b099232 Mon Sep 17 00:00:00 2001 From: Shulhan Date: Tue, 16 May 2023 13:42:56 +0700 Subject: all: implement HTTP API to run and cancel attack on HTTP target This endpoints similar that we have in the WebSocket. The idea is to replace the WebSocket endpoints with this one. --- http_server.go | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 113 insertions(+), 2 deletions(-) (limited to 'http_server.go') diff --git a/http_server.go b/http_server.go index 43d166d..d737352 100644 --- a/http_server.go +++ b/http_server.go @@ -21,15 +21,28 @@ var ( ResponseType: libhttp.ResponseTypeJSON, } + apiAttackHttp = libhttp.Endpoint{ + Method: libhttp.RequestMethodPost, + Path: `/_trunks/api/attack/http`, + RequestType: libhttp.RequestTypeJSON, + ResponseType: libhttp.ResponseTypeJSON, + } + apiAttackHttpCancel = libhttp.Endpoint{ + Method: libhttp.RequestMethodDelete, + Path: `/_trunks/api/attack/http`, + RequestType: libhttp.RequestTypeJSON, + ResponseType: libhttp.ResponseTypeJSON, + } + apiAttackResultDelete = &libhttp.Endpoint{ Method: libhttp.RequestMethodDelete, - Path: apiAttackResult, + Path: pathApiAttackResult, RequestType: libhttp.RequestTypeJSON, ResponseType: libhttp.ResponseTypeJSON, } apiAttackResultGet = &libhttp.Endpoint{ Method: libhttp.RequestMethodGet, - Path: apiAttackResult, + Path: pathApiAttackResult, RequestType: libhttp.RequestTypeQuery, ResponseType: libhttp.ResponseTypeJSON, } @@ -97,6 +110,18 @@ func (trunks *Trunks) initHttpServer(isDevelopment bool) (err error) { return fmt.Errorf("%s: %w", logp, err) } + apiAttackHttp.Call = trunks.apiAttackHttp + err = trunks.Httpd.RegisterEndpoint(&apiAttackHttp) + if err != nil { + return fmt.Errorf(`%s: %w`, logp, err) + } + + apiAttackHttpCancel.Call = trunks.apiAttackHttpCancel + err = trunks.Httpd.RegisterEndpoint(&apiAttackHttpCancel) + if err != nil { + return fmt.Errorf(`%s: %w`, logp, err) + } + apiAttackResultDelete.Call = trunks.apiAttackResultDelete err = trunks.Httpd.RegisterEndpoint(apiAttackResultDelete) if err != nil { @@ -142,6 +167,92 @@ func (trunks *Trunks) apiEnvironmentGet(epr *libhttp.EndpointRequest) (resbody [ return json.Marshal(&res) } +// apiAttackHttp request to attack HTTP target. +// +// Request format, +// +// POST /_trunks/api/attack/http +// Content-Type: application/json +// +// +// +// Response format, +// +// Content-Type: application/json +// +// {"data":} +// +// Response codes, +// - 200 OK: success. +// - 500 ERR_INTERNAL: internal server error. +func (trunks *Trunks) apiAttackHttp(epr *libhttp.EndpointRequest) (resbody []byte, err error) { + var ( + logp = `apiAttackHttp` + runRequest = &RunRequest{} + ) + + err = json.Unmarshal(epr.RequestBody, runRequest) + if err != nil { + return nil, fmt.Errorf(`%s: %w`, logp, err) + } + + err = trunks.AttackHttp(runRequest) + if err != nil { + return nil, fmt.Errorf(`%s: %w`, logp, err) + } + + var res = &libhttp.EndpointResponse{} + res.Code = http.StatusOK + res.Name = `OK_ATTACK_HTTP` + res.Data = runRequest + + resbody, err = json.Marshal(res) + if err != nil { + return nil, fmt.Errorf(`%s: %w`, logp, err) + } + return resbody, nil +} + +// apiAttackHttpCancel request to cancel the running attack on HTTP target. +// +// Request format, +// +// DELETE /_trunks/api/attack/http +// +// Response format, +// +// Content-Type: application/json +// +// {"data":} +// +// Response codes, +// - 200 OK: success, return the RunRequest object that has been cancelled. +// - 500 ERR_INTERNAL: internal server error. +func (trunks *Trunks) apiAttackHttpCancel(epr *libhttp.EndpointRequest) (resbody []byte, err error) { + var ( + logp = `apiAttackHttpCancel` + runRequest *RunRequest + ) + + runRequest, err = trunks.AttackHttpCancel() + if err != nil { + return nil, fmt.Errorf(`%s: %w`, logp, err) + } + + var res = &libhttp.EndpointResponse{} + res.Code = http.StatusOK + res.Name = `OK_ATTACK_HTTP_CANCEL` + res.Message = fmt.Sprintf(`Attack on target "%s/%s" has been canceled`, + runRequest.Target.Name, runRequest.HttpTarget.Name) + res.Data = runRequest + + resbody, err = json.Marshal(res) + if err != nil { + return nil, fmt.Errorf(`%s: %w`, logp, err) + } + return resbody, nil +} + func (trunks *Trunks) apiAttackResultDelete(epr *libhttp.EndpointRequest) (resbody []byte, err error) { name := epr.HttpRequest.Form.Get(paramNameName) if len(name) == 0 { -- cgit v1.3