This is a private Node.js Express server that hosts the Admin dashboard at https://admin.[domain]. It initializes the database, generates the source and client certificates, and other admin actions. Every day at midnight, it creates a snapshot of Partner referrals. Its Security Group restricts its access to one specific whitelisted IP. Most actions are logged and many actions, such as signin or signup, send email alerts to the administrator.
- Prerequisites
- Database Initialization
- Sign In
- Create Admin User
- Admin
- Source Management
- User Tools
- Suricata
- Client - Upload/Modify Clients
- Partners
- Database - Postgres Command
- Redis - Redis Brute Force
- Other APIs
- Feedback
- License
- Contact
- Run the Admin CloudFormation and all its prerequisites
Before running anything, you must initialize the database:
GET /?initialize=true The POST /signin API returns a session cookie. Use the cookie on requests that require authentication. Usually, your HTTP request framework will automatically save this cookie. If the cookie expires or server returns 401, request a new cookie.
Request
GET /signin Request
POST /signin | Name | Type | Description |
|---|---|---|
email | string | Required User email. |
password | string | Required User password. |
Response
Set-Cookie: <Cookie with Expiration Time> Request
GET /logout Response
Redirects to /signin Request
GET /signup Request
POST /signup | Name | Type | Description |
|---|---|---|
email | string | Required Email to use to create the user. |
password | string | Required User password. |
Response
Redirect to /signup-success Request
GET /confirm-email | Name | Type | Description |
|---|---|---|
code | string | Required Code that confirms a user is the owner of an email address to complete email signup. |
Response
Redirect to /signin Request
GET /resend-confirm-code Request
POST /resend-confirm-code | Name | Type | Description |
|---|---|---|
email | string | Required Email to resend confirmation code to. |
Response
Redirect to /signin Request
Authentication Required
GET /admin Request
Authentication Required
GET /clients Request
Authentication Required
GET /sources Request
Authentication Required
GET /suricata Request
Authentication Required
GET /database Request
Authentication Required
GET /partners Request
Authentication Required
GET /change-password Request
Authentication Required
POST /change-password | Name | Type | Description |
|---|---|---|
currentPassword | string | Required User's current password. |
newPassword | string | Required User's new password. |
Response
Redirect to /admin Request
Authentication Required
POST /toggle-secret Response
Certificate Secret API toggled. Request
Authentication by CERT_ACCESS_SECRET Required
toggle-secret must be used to ensure that secret access is allowed.
IP address must be internal network 172.16.0.0/12.
POST /get-server-certificate | Name | Type | Description |
|---|---|---|
secret | string | Required CERT_ACCESS_SECRET from CloudFormation bringup. |
id | string | Required The ID of the source you want to download the certificates for. |
Response
{cacert: <utf-8>, servercert: <utf-8>, serverkey: <utf-8>} Request
Authentication Required
POST /new-source | Name | Type | Description |
|---|---|---|
id | string | Required The ID of the source you want to create. |
Response
Source created successfully Request
Authentication Required
POST /set-current-source | Name | Type | Description |
|---|---|---|
id | string | Required The ID of the source you want to set as current source. |
Response
Current source set successfully. Request
Authentication Required
POST /get-unassigned-certificates | Name | Type | Description |
|---|---|---|
id | string | Required The ID of the source you want to get the number of unassigned certificates for. |
Response
{count: [number of unassigned certs for this source] } Request
Authentication Required
POST /get-unassigned-certificates | Name | Type | Description |
|---|---|---|
id | string | Required The ID of the source you want to generate certificates for. |
num | number | Required The number of certificates you want to generate. |
Response
Certificate generation started. Request
Authentication Required
POST /delete-user-with-email | Name | Type | Description |
|---|---|---|
email | string | Required User's email. |
reason | string | Required Reason for deletion. |
banned | boolean | Mark user as banned (abusive behavior). Defaults to false. |
Response
{message: "Deleted user successfully" } Request
Authentication Required
POST /delete-user-with-email | Name | Type | Description |
|---|---|---|
id | string | Required User's id. |
reason | string | Required Reason for deletion. |
banned | boolean | Mark user as banned (abusive behavior). Defaults to false. |
Response
{message: "Deleted user successfully" } Request
Authentication Required
POST /save-rule | Name | Type | Description |
|---|---|---|
ruleFile | string | Required Name of suricata rulefile (e.g, "disabled.conf") |
ruleContent | string | Required Contents of rulefile. |
Response
Rule file saved successfully. Request
Authentication Required
POST /upload-client | Name | Type | Description |
|---|---|---|
type | string | Requiredmac-app, mac-update, windows-app, or windows-update |
file | file | Required The file being uploaded. |
Response
Redirect to /admin with message "Upload Successful". Request
Authentication Required
POST /modify-percent Key-Value pairs where Key is the S3 Key (full path) and Value is the Percent. Percents must add up to 100. For example:
{"mac-app/affeefff1/30/mac-app-1.zip" : 40, "mac-app/affeefff1/70/mac-app-2.zip" : 60 } Response
Redirect to /admin with message "Percent change successful". Request
Authentication Required
POST /new-partner | Name | Type | Description |
|---|---|---|
newPartnerTitle | string | Required Name of partner to create (e.g, ACME Inc.) |
newPartnerCode | string | Required Code of partner to create (e.g, acme) |
newPartnerPercentageShare | integer | Required Integer between 0 and 100. This is the percentage share that the partner gets after Apple's 15% or 30% cut. |
Response
Redirects to /partners Request
Authentication Required
POST /delete-partner | Name | Type | Description |
|---|---|---|
id | string | Required ID of Partner to delete. |
Response
Redirects to /partners Request
Authentication Required
POST /new-partner-user | Name | Type | Description |
|---|---|---|
newPartnerUserEmail | string | Required Email address of Partner user to create. |
newPartnerUserPassword | string | Required Password of Partner user to create. |
newPartnerUserCode | string | Required Code of Partner user to create. |
Response
Redirects to /partners Request
Authentication Required
POST /delete-partner-user | Name | Type | Description |
|---|---|---|
id | string | Required ID of Partner User to delete. |
Response
Redirects to /partners Request
Authentication Required
POST /current-snapshot | Name | Type | Description |
|---|---|---|
partnerCode | string | Required Code of Partner to get snapshot of. |
Response
Returns the current Partner Snapshot for the specified partner code. Request
Authentication Required
POST /save-snapshot | Name | Type | Description |
|---|---|---|
partnerCode | string | Required Code of Partner to save current snapshot of. |
Response
{success: true } Request
Authentication Required
POST /save-snapshot | Name | Type | Description |
|---|---|---|
id | string | Required ID of the partner snapshot to delete. |
Response
Redirects to /partners The query itself will be logged to a CloudWatch Log Group called PostgresQueries. The result is not logged.
Request
Authentication Required
POST /postgres-command | Name | Type | Description |
|---|---|---|
command | string | Required Postgres query to run. |
Response
Displays the query result onscreen. Request
Authentication Required
POST /get-brute | Name | Type | Description |
|---|---|---|
ip | string | Required IP address to look up |
Response
Brute force counts Request
Authentication Required
POST /clear-brute | Name | Type | Description |
|---|---|---|
ip | string | Required IP address to clear |
Response
# Brute Entries Cleared Request
GET /error-test Request
GET /health Response
Status 200{message: "OK from admin." + DOMAIN } If you have any questions, concerns, or other feedback, please let us know any feedback in Github issues or by e-mail.
We also have a bug bounty program -- please email [email protected] for details.
This project is licensed under the GPL License - see the LICENSE.md file for details