diff options
| -rw-r--r-- | README.md | 34 |
1 files changed, 19 insertions, 15 deletions
@@ -52,18 +52,16 @@ Install dependencies (Debian). sudo apt install docker.io docker-compose -Start CouchDB and the collector. Make sure to give it a username and password: +Start the collector and JWT server, and generate certificates for JWT signing: - cd docker - export COUCHDB_USER=couchdb - export COUCHDB_PASSWORD=insecure - export COUCHDB_NAME=test - export COUCHDB_HOSTNAME=couchdb - export DOCKER_JWT_PUBKEY_PATH=/tmp/jwt_keys/ - docker-compose up + ./quickstart.sh Now the database and the API server should be running, now we can try -adding some observations: +adding some observations. First, get a JWT for the default user `usr`: + + JWT=$(curl http://localhost:8000/api/v1.0/auth -X POST -p -u usr:pwd | jq -r .access_token) + +Then we use the JWT to add an observation: echo '[{ "ip": "192.0.2.10", @@ -84,20 +82,26 @@ adding some observations: "cve_2021_21974": "CVE-2021-21974 patched", "cve_2021_21985": "CVE-2021-21985 not applicable" } - }]' | curl -s -u user3:pw3 --data-binary @- http://localhost:80/sc/v0/add + }]' | curl -s --data-binary @- -H "Authorization: Bearer $JWT" http://localhost:80/sc/v0/add -Try retreiving all observations for a user with read access to 'sunet.se': +Try retreiving all observations permitted by our JWT: - curl -s -u user1:pw1 http://localhost:80/sc/v0/get | json_pp -json_opt utf8,pretty + curl -s -H "Authorization: Bearer $JWT" http://localhost:80/sc/v0/get | json_pp -json_opt utf8,pretty We might also filter the data: - curl -s -u user1:pw1 http://localhost:80/sc/v0/get?port=111 | json_pp -json_opt utf8,pretty + curl -s -H "Authorization: Bearer $JWT" http://localhost:80/sc/v0/get?port=111 | json_pp -json_opt utf8,pretty Believe it or not, but we can also get a single observation by looking up its key (_id): - curl -s -u user1:pw1 http://localhost:80/sc/v0/get/1633633714355 | json_pp -json_opt utf8,pretty + curl -s -H "Authorization: Bearer $JWT" http://localhost:80/sc/v0/get/1633633714355 | json_pp -json_opt utf8,pretty We can also limit the number of results and skip N results forward with the parameters limit and skip: - curl -s -u user1:pw1 'http://localhost:80/sc/v0/get?limit=5&skip=2' | json_pp -json_opt utf8,pretty + curl -s -H "Authorization: Bearer $JWT" 'http://localhost:80/sc/v0/get?limit=5&skip=2' | json_pp -json_opt utf8,pretty + +## JWT mechanics (work in progress) + +2021-11-24: Currently no checks except that the JWT is valid are performed when +adding observations. When retrieving observations, the JWTs "domains" claim is +used. In auth-server-poc, domains is hard-coded to `["sunet.se"]` as an example. |