Merge pull request #183 from VKCOM/malzhanov/ios-refactor

Ios pre-prod refactor so everything works

Author: irdkwmnsb

.gitignore

@@ -11,3 +11,5 @@
 /temp/
 /tmp/
 .mypy_cache
+
+idb-applications

lib/types/nsyslog-parser.d.ts

@@ -0,0 +1,103 @@
+declare module "nsyslog-parser" {
+    /**
+     * Represents a single structured data entry, e.g. the objects within "structuredData".
+     * Each of these can have a mandatory "$id" key and then any additional properties.
+     */
+    export interface StructuredDataEntry {
+        $id: string;
+        [key: string]: string;
+    }
+
+    /**
+     * Represents the CEF (Common Event Format) details that can appear on some entries.
+     */
+    export interface CefExtension {
+        version: string; // e.g. "CEF:0"
+        deviceVendor: string; // e.g. "security"
+        deviceProduct: string; // e.g. "threatmanager"
+        deviceVersion: string; // e.g. "1.0"
+        deviceEventClassID: string; // e.g. "100"
+        name: string; // e.g. "detected a \\| in message"
+        severity: string; // e.g. "10"
+        extension: string; // Raw extension string (e.g. "src=10.0.0.1 act=blocked...")
+    }
+
+    /**
+     * Represents one syslog-like message object as found in the array.
+     * Optional fields are marked with "?". Note that some fields
+     * can be null or empty strings when absent or unknown.
+     */
+    export interface SyslogMessage {
+        /** The full, unmodified original log line. */
+        originalMessage: string;
+
+        /** Priority string if present (e.g. "<189>") or empty string. */
+        pri?: string; // can be "" if not present
+        /** Parsed numeric value from `pri` if present, or null if missing. */
+        prival?: number | null;
+
+        /** Syslog facility as numeric value, if known. */
+        facilityval?: number | null;
+        /** Syslog level (severity) as numeric value, if known. */
+        levelval?: number | null;
+        /** Parsed facility name, if known (e.g. "auth", "local7"). */
+        facility?: "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" | "lpr" | "news" | "uucp" | "cron" | "authpriv" | "ftp" | "ntp" | "security" | "console" | "solaris" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7" | string;
+        /** Parsed severity/level name, if known (e.g. "crit", "notice"). */
+        level?: "emerg" | "alert" | "crit" | "error" | "warn" | "notice" | "info" | "debug" | string;
+
+        /**
+         * Syslog version (used in RFC 5424). For BSD-type or unknown messages,
+         * this may be absent.
+         */
+        version?: number;
+
+        /**
+         * A string identifying the detected syslog "type". Examples: "BSD", "RFC5424", "CEF", "UNKNOWN".
+         * In practice, you may see additional or custom strings as well.
+         */
+        type: string;
+
+        /**
+         * Parsed timestamp in ISO8601 format, e.g. "2019-10-11T20:14:15.000Z".
+         * If the parser guessed one, it will be here; otherwise it may be a fallback or empty string.
+         */
+        ts: string;
+
+        /** Hostname or IP, if found. */
+        host?: string;
+        /** Application name/process name, if found. */
+        appName?: string;
+        /** Process ID (pid) if it was found in the header, e.g. "1334" in "pinger[1334]". */
+        pid?: string;
+        /** RFC5424 message ID if present, e.g. "ID47". */
+        messageid?: string;
+
+        /** The final extracted message portion (without the syslog header). */
+        message?: string;
+
+        /**
+         * Some log lines contain "chain"—for example, in RFC5424 with multiple hostnames
+         * or structured references. Often an empty array.
+         */
+        chain?: string[];
+
+        /** Free-form array for any extracted fields that did not have a dedicated property. */
+        fields?: any[];
+
+        /** Syslog header portion as originally parsed (if separated). */
+        header?: string;
+
+        /**
+         * StructuredData is typically an array of objects used in RFC5424 logs.
+         * Each object can have `$id` plus arbitrary key-value pairs.
+         */
+        structuredData?: StructuredDataEntry[];
+
+        /**
+         * Only present if the message is identified as CEF (Common Event Format).
+         * Holds the parsed CEF fields (deviceVendor, deviceProduct, etc.).
+         */
+        cef?: CefExtension;
+    }
+    export default function parse(line: string): SyslogMessage;
+}

lib/types/syrup.d.ts

@@ -0,0 +1,57 @@
+declare module "@devicefarmer/stf-syrup" {
+    import Bluebird from "bluebird";
+    type extractDesRet<RetT> = RetT extends SyrupI<never, never, infer RetX>
+        ? RetX
+        : unknown;
+    type extractBluebirdReturnR<RetT> = RetT extends Bluebird<infer RetX>
+        ? RetX
+        : RetT;
+    export class SyrupI<
+        OptionsT extends object = any, // TODO: find a way to remove any. Maybe we union all the options that are needed for each dependency?
+        DepsT extends SyrupI[] = [],
+        RetT = unknown | void,
+        DepsRetsT extends (unknown | void)[] = [] // TODO: maybe we can extract DepsRetsT somehow?
+    > {
+        constructor(options: OptionsT | null);
+        define<
+            BodyT extends (options: OptionsT, ...deps: DepsRetsT) => unknown
+        >(
+            body: BodyT
+        ): SyrupI<
+            OptionsT,
+            DepsT,
+            extractBluebirdReturnR<ReturnType<typeof body>>,
+            DepsRetsT
+        >;
+        dependency<DepT extends SyrupI<never, never>>(
+            dep: DepT
+        ): SyrupI<
+            OptionsT,
+            [...DepsT, DepT],
+            RetT,
+            [...DepsRetsT, extractDesRet<DepT>]
+        >;
+        consume<NewOptionsT extends OptionsT>(
+            overrides: NewOptionsT
+        ): Bluebird<RetT>;
+        invoke(overrides: OptionsT, ...args: DepsT[]): RetT;
+    }
+    export type ParallelSyrup = <OptionsT extends object>(
+        options?: OptionsT
+    ) => SyrupI;
+    export namespace ParallelSyrup {
+        const Syrup: SyrupI;
+    }
+
+    export type SerialSyrup = ParallelSyrup;
+    export namespace SerialSyrup {
+        const Syrup: SyrupI;
+    }
+
+    export type Syrup = ParallelSyrup;
+    export namespace Syrup {
+        const serial: SerialSyrup;
+    }
+
+    export default Syrup;
+}

lib/units/api/auth.js

@@ -18,9 +18,7 @@ export function auth(options) {
                 })
         }
         else {
-            // No session, forward to auth client
-            res.redirect(options.authUrl) // TODO: remove this
-            // res.redirect('/')
+            res.redirect('/')
         }
     }
 }

lib/units/api/controllers/autotests.js

@@ -4,7 +4,7 @@ import * as dbapi from '../../../db/api.js'
 import datautil from '../../../util/datautil.js'
 import deviceutil from '../../../util/deviceutil.js'
 import wireutil from '../../../wire/util.js'
-import wirerouter from '../../../wire/router.js'
+import {WireRouter} from '../../../wire/router.js'
 import wire from '../../../wire/index.js'
 import {v4 as uuidv4} from 'uuid'
 import logger from '../../../util/logger.js'
@@ -165,7 +165,7 @@ function installOnDevice(req, res) {
             log.info('Installation result: Device is not responding')
             return apiutil.respond(res, 504, 'Device is not responding')
         }, apiutil.INSTALL_APK_WAIT)
-        let messageListener = wirerouter()
+        let messageListener = new WireRouter()
             .on(wire.InstallResultMessage, function(channel, message) {
                 if (message.serial === serial) {
                     clearTimeout(timer)
@@ -225,7 +225,7 @@ function useAndConnectDevice(req, res) {
                 Sentry.captureMessage('504: Device is not responding (failed to join group)')
                 return apiutil.respond(res, 504, 'Device is not responding (failed to join group)')
             }, apiutil.GRPC_WAIT_TIMEOUT)
-            let useDeviceMessageListener = wirerouter()
+            let useDeviceMessageListener = new WireRouter() // wtf?
                 .on(wire.JoinGroupMessage, function(channel, message) {
                     log.info(device.serial + ' added to user group ' + req.user)
                     if (message.serial === serial && message.owner.email === req.user.email) {
@@ -240,7 +240,7 @@ function useAndConnectDevice(req, res) {
                             Sentry.captureMessage('504: Device is not responding (failed to connect to device)')
                             return apiutil.respond(res, 504, 'Device is not responding (failed to connect to device)')
                         }, apiutil.GRPC_WAIT_TIMEOUT)
-                        let messageListener = wirerouter()
+                        let messageListener = new WireRouter()
                             .on(wire.ConnectStartedMessage, function(channel, message) {
                                 if (message.serial === serial) {
                                     clearTimeout(timer)

lib/units/api/controllers/devices.js

@@ -9,7 +9,7 @@ import datautil from '../../../util/datautil.js'
 import {v4 as uuidv4} from 'uuid'
 import wire from '../../../wire/index.js'
 import wireutil from '../../../wire/util.js'
-import wirerouter from '../../../wire/router.js'
+import {WireRouter} from '../../../wire/router.js'
 var log = logger.createLogger('api:controllers:devices')
 
 /* ------------------------------------ PRIVATE FUNCTIONS ------------------------------- */
@@ -355,7 +355,7 @@ function addOriginGroupDevices(req, res) {
                 apiutil.respond(res, 504, 'Gateway Time-out')
                 reject('timeout')
             }, apiutil.GRPC_WAIT_TIMEOUT)
-            messageListener = wirerouter()
+            messageListener = new WireRouter()
                 .on(wire.DeviceOriginGroupMessage, function(channel, message) {
                     if (message.signature === signature) {
                         clearTimeout(responseTimer)

lib/units/api/controllers/user.js

@@ -8,7 +8,7 @@ import datautil from '../../../util/datautil.js'
 import deviceutil from '../../../util/deviceutil.js'
 import wire from '../../../wire/index.js'
 import wireutil from '../../../wire/util.js'
-import wirerouter from '../../../wire/router.js'
+import {WireRouter} from '../../../wire/router.js'
 import * as apiutil from '../../../util/apiutil.js'
 import * as jwtutil from '../../../util/jwtutil.js'
 import * as lockutil from '../../../util/lockutil.js'
@@ -125,7 +125,7 @@ function addUserDevice(req, res) {
                     req.options.channelRouter.removeListener(wireutil.global, messageListener)
                     return apiutil.respond(res, 504, 'Device is not responding')
                 }, apiutil.GRPC_WAIT_TIMEOUT)
-                let messageListener = wirerouter()
+                let messageListener = new WireRouter()
                     .on(wire.JoinGroupMessage, function(channel, message) {
                         log.info(device.serial + ' added to user group ' + req.user)
                         if (message.serial === serial && message.owner.email === req.user.email) {
@@ -211,7 +211,7 @@ function deleteUserDeviceBySerial(req, res) {
                     return apiutil.respond(res, 504, 'Device is not responding')
                 }
             }, apiutil.GRPC_WAIT_TIMEOUT)
-            var messageListener = wirerouter()
+            var messageListener = new WireRouter()
                 .on(wire.LeaveGroupMessage, function(channel, message) {
                     if (message.serial === serial &&
                 (message.owner.email === req.user.email || req.user.privilege === 'admin')) {
@@ -283,7 +283,7 @@ function remoteConnectUserDeviceBySerial(req, res) {
                 req.options.sub.unsubscribe(responseChannel)
                 return apiutil.respond(res, 504, 'Device is not responding')
             }, apiutil.GRPC_WAIT_TIMEOUT)
-            let messageListener = wirerouter()
+            let messageListener = new WireRouter()
                 .on(wire.ConnectStartedMessage, function(channel, message) {
                     if (message.serial === serial) {
                         clearTimeout(timer)
@@ -356,7 +356,7 @@ function remoteDisconnectUserDeviceBySerial(req, res) {
                     return apiutil.respond(res, 504, 'Device is not responding')
                 }
             }, apiutil.GRPC_WAIT_TIMEOUT)
-            var messageListener = wirerouter()
+            var messageListener = new WireRouter()
                 .on(wire.ConnectStoppedMessage, function(channel, message) {
                     if (message.serial === serial) {
                         clearTimeout(timer)

lib/units/api/helpers/securityHandlers.js

@@ -28,7 +28,7 @@ async function accessTokenAuth(req) {
             log.error('Bad Access Token Header or missed cookie')
             throw {
                 status: 401
-                , message: 'Bad Credentials'
+                , message: 'No Credentials'
             }
         }
         try {
@@ -47,6 +47,12 @@ async function accessTokenAuth(req) {
                 }
                 data = jwtutil.decode(token.jwt, req.options.secret)
             }
+            if (data === null) {
+                throw {
+                    status: 401
+                    , message: 'Bad token'
+                }
+            }
             const user = await dbapi.loadUser(data.email)
             if (user) {
                 if (user.privilege === apiutil.USER && operationTag.indexOf('admin') > -1) {

lib/units/base-device/support/router.js

@@ -1,12 +1,12 @@
 import syrup from '@devicefarmer/stf-syrup'
-import wirerouter from '../../../wire/router.js'
+import {WireRouter} from '../../../wire/router.js'
 import sub from './sub.js'
 import channels from './channels.js'
 export default syrup.serial()
     .dependency(sub)
     .dependency(channels)
     .define((options, sub, channels) => {
-        let router = wirerouter()
+        let router = new WireRouter()
         sub.on('message', router.handler())
         // Special case, we're hooking into a message that's not actually routed.
         router.on({$code: 'message'}, channel => {

lib/units/base-device/support/storage.js

@@ -7,39 +7,41 @@ import logger from '../../../util/logger.js'
 export default syrup.serial()
     .define(options => {
         const log = logger.createLogger('device:support:storage')
-        let plugin = Object.create(null)
-        plugin.store = function(type, stream, meta) {
-            let resolver = Promise.defer()
-            let args = {
-                url: url.resolve(options.storageUrl, util.format('s/upload/%s', type))
-                , headers: {
-                    internal: 'Internal ' + meta.jwt
-                }
-            }
-            let req = request.post(args, function(err, res, body) {
-                if (err) {
-                    log.error('Upload to "%s" failed', args.url, err.stack)
-                    resolver.reject(err)
-                }
-                else if (res.statusCode !== 201) {
-                    log.error('Upload to "%s" failed: HTTP %d', args.url, res.statusCode)
-                    resolver.reject(new Error(util.format('Upload to "%s" failed: HTTP %d', args.url, res.statusCode)))
-                }
-                else {
-                    try {
-                        let result = JSON.parse(body)
-                        log.info('Uploaded to "%s"', result.resources.file.href)
-                        resolver.resolve(result.resources.file)
+        let plugin = {
+            store: function(type, stream, meta) {
+                let resolver = Promise.defer()
+                let args = {
+                    url: url.resolve(options.storageUrl, util.format('s/upload/%s', type))
+                    , headers: {
+                        internal: 'Internal ' + meta.jwt
                     }
-                    catch (err) {
-                        log.error('Invalid JSON in response', err.stack, body)
+                }
+                let req = request.post(args, function(err, res, body) {
+                    if (err) {
+                        log.error('Upload to "%s" failed', args.url, err.stack)
                         resolver.reject(err)
                     }
-                }
-            })
-            req.form()
-                .append('file', stream, meta)
-            return resolver.promise
+                    else if (res.statusCode !== 201) {
+                        log.error('Upload to "%s" failed: HTTP %d', args.url, res.statusCode)
+                        log.debug(body)
+                        resolver.reject(new Error(util.format('Upload to "%s" failed: HTTP %d', args.url, res.statusCode)))
+                    }
+                    else {
+                        try {
+                            let result = JSON.parse(body)
+                            log.info('Uploaded to "%s"', result.resources.file.href)
+                            resolver.resolve(result.resources.file)
+                        }
+                        catch (err) {
+                            log.error('Invalid JSON in response', err.stack, body)
+                            resolver.reject(err)
+                        }
+                    }
+                })
+                req.form()
+                    .append('file', stream, meta)
+                return resolver.promise
+            }
         }
         return plugin
     })