External/domain-watchdog
1
0
Fork 0
mirror of https://github.com/maelgangloff/domain-watchdog.git synced 2025-12-17 17:55:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: merge master

Browse Source
This commit is contained in:
Maël Gangloff 2025-06-14 00:31:46 +02:00
commit 206ca602c9
No known key found for this signature in database
GPG Key ID: 11FDC81C24A7F629
16 changed files with 522 additions and 491 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
assets/components/tracking/watchlist/UpdateWatchlistButton.tsx
View File

@ -62,6 +62,7 @@ export function UpdateWatchlistButton({watchlist, onUpdateWatchlist, connectors}
}}
connectors={connectors}
isCreation={false}
watchList={watchlist}
/>
</Drawer>
</>

49
assets/components/tracking/watchlist/WatchlistForm.tsx
View File

@ -2,12 +2,13 @@ import type { FormInstance, SelectProps} from 'antd'
import {Button, Form, Input, Select, Space, Tag, Tooltip, Typography} from 'antd'
import {t} from 'ttag'
import {ApiOutlined, MinusCircleOutlined, PlusOutlined} from '@ant-design/icons'
import React from 'react'
import React, {useState} from 'react'
import type {Connector} from '../../../utils/api/connectors'
import {rdapEventDetailTranslation, rdapEventNameTranslation} from '../../../utils/functions/rdapTranslation'
import {actionToColor} from '../../../utils/functions/actionToColor'
import {actionToIcon} from '../../../utils/functions/actionToIcon'
import type {EventAction} from '../../../utils/api'
import type {EventAction, Watchlist} from '../../../utils/api'
import { createWatchlistTrigger, deleteWatchlistTrigger} from '../../../utils/api'
import {formItemLayoutWithOutLabel} from "../../../utils/providers"
type TagRender = SelectProps['tagRender']
@ -23,11 +24,12 @@ const formItemLayout = {
}
}
export function WatchlistForm({form, connectors, onFinish, isCreation}: {
export function WatchlistForm({form, connectors, onFinish, isCreation, watchList}: {
form: FormInstance
connectors: Array<Connector & { id: string }>
onFinish: (values: { domains: string[], triggers: string[], token: string }) => void
isCreation: boolean
isCreation: boolean,
watchList?: Watchlist,
}) {
const rdapEventNameTranslated = rdapEventNameTranslation()
const rdapEventDetailTranslated = rdapEventDetailTranslation()
@ -59,6 +61,42 @@ export function WatchlistForm({form, connectors, onFinish, isCreation}: {
)
}
const [triggersLoading, setTriggersLoading] = useState(false)
const createTrigger = async (event: string) => {
if (isCreation) return
setTriggersLoading(true)
await createWatchlistTrigger(watchList!.token, {
watchList: watchList!['@id'],
event,
action: 'email',
})
await createWatchlistTrigger(watchList!.token, {
watchList: watchList!['@id'],
event,
action: 'chat',
})
setTriggersLoading(false)
}
const removeTrigger = async (event: string) => {
if (isCreation) return
setTriggersLoading(true)
await deleteWatchlistTrigger(watchList!.token, {
watchList: watchList!['@id'],
event,
action: 'email',
})
await deleteWatchlistTrigger(watchList!.token, {
watchList: watchList!['@id'],
event,
action: 'chat',
})
setTriggersLoading(false)
}
return (
<Form
{...formItemLayoutWithOutLabel}
@ -169,6 +207,9 @@ export function WatchlistForm({form, connectors, onFinish, isCreation}: {
mode='multiple'
tagRender={triggerTagRenderer}
style={{width: '100%'}}
onSelect={createTrigger}
onDeselect={removeTrigger}
loading={triggersLoading}
options={Object.keys(rdapEventNameTranslated).map(e => ({
value: e,
title: rdapEventDetailTranslated[e as keyof typeof rdapEventDetailTranslated] || undefined,

27
assets/pages/tracking/WatchlistPage.tsx
View File

@ -1,6 +1,6 @@
import React, {useEffect, useState} from 'react'
import {Card, Divider, Flex, Form, message} from 'antd'
import type { Watchlist} from '../../utils/api'
import type {Watchlist, WatchlistTrigger} from '../../utils/api'
import {getWatchlists, postWatchlist, putWatchlist} from '../../utils/api'
import type {AxiosError} from 'axios'
import {t} from 'ttag'
@ -19,16 +19,17 @@ interface FormValuesType {
dsn?: string[]
}
const getRequestDataFromForm = (values: FormValuesType) => {
const getRequestDataFromFormCreation = (values: FormValuesType) => {
const domainsURI = values.domains.map(d => '/api/domains/' + d.toLowerCase())
let triggers = values.triggers.map(t => ({event: t, action: 'email'}))
let triggers: WatchlistTrigger[] = values.triggers.map(t => ({event: t, action: 'email'}))
if (values.dsn !== undefined) {
triggers = [...triggers, ...values.triggers.map(t => ({
triggers = [...triggers, ...values.triggers.map((t): WatchlistTrigger => ({
event: t,
action: 'chat'
}))]
}
return {
name: values.name,
domains: domainsURI,
@ -38,6 +39,17 @@ const getRequestDataFromForm = (values: FormValuesType) => {
}
}
const getRequestDataFromFormUpdate = (values: FormValuesType) => {
const domainsURI = values.domains.map(d => '/api/domains/' + d.toLowerCase())
return {
name: values.name,
domains: domainsURI,
connector: values.connector !== undefined ? ('/api/connectors/' + values.connector) : undefined,
dsn: values.dsn
}
}
export default function WatchlistPage() {
const [form] = Form.useForm()
const [messageApi, contextHolder] = message.useMessage()
@ -45,7 +57,7 @@ export default function WatchlistPage() {
const [connectors, setConnectors] = useState<Array<Connector & { id: string }>>()
const onCreateWatchlist = (values: FormValuesType) => {
postWatchlist(getRequestDataFromForm(values)).then(() => {
postWatchlist(getRequestDataFromFormCreation(values)).then(() => {
form.resetFields()
refreshWatchlists()
messageApi.success(t`Watchlist created !`)
@ -56,7 +68,7 @@ export default function WatchlistPage() {
const onUpdateWatchlist = async (values: FormValuesType & { token: string }) => await putWatchlist({
token: values.token,
...getRequestDataFromForm(values)
...getRequestDataFromFormUpdate(values)
}
).then(() => {
refreshWatchlists()
@ -91,7 +103,8 @@ export default function WatchlistPage() {
<Divider/>
{(connectors != null) && (watchlists != null) && watchlists.length > 0 &&
<WatchlistsList
watchlists={watchlists} onDelete={refreshWatchlists}
watchlists={watchlists}
onDelete={refreshWatchlists}
connectors={connectors}
onUpdateWatchlist={onUpdateWatchlist}
/>}

13
assets/utils/api/index.ts
View File

@ -16,7 +16,7 @@ export type EventAction =
| 'enum validation expiration'
| string
export type TriggerAction = 'email' | string
export type TriggerAction = 'email' | 'chat'
export interface Event {
action: EventAction
@ -74,19 +74,26 @@ export interface User {
roles: string[]
}
export interface WatchlistTrigger {
event: EventAction
action: TriggerAction
watchList?: string
}
export interface WatchlistRequest {
name?: string
domains: string[]
triggers: Array<{ event: EventAction, action: TriggerAction }>
triggers?: Array<WatchlistTrigger>
connector?: string
dsn?: string[]
}
export interface Watchlist {
'@id': string
name?: string
token: string
domains: Domain[]
triggers?: Array<{ event: EventAction, action: string }>
triggers?: Array<WatchlistTrigger>
dsn?: string[]
connector?: {
id: string

19
assets/utils/api/watchlist.ts
View File

@ -1,4 +1,4 @@
import type { TrackedDomains, Watchlist, WatchlistRequest} from './index'
import type {TrackedDomains, Watchlist, WatchlistRequest, WatchlistTrigger} from './index'
import {request} from './index'
interface WatchlistList {
@ -56,3 +56,20 @@ export async function getTrackedDomainList(params: { page: number, itemsPerPage:
})
return response.data
}
export async function createWatchlistTrigger(watchListToken: string, watchListTrigger: WatchlistTrigger): Promise<WatchlistTrigger> {
const response = await request<WatchlistTrigger>({
method: 'POST',
url: `watchlist-triggers`,
data: watchListTrigger,
})
return response.data
}
export async function deleteWatchlistTrigger(watchListToken: string, watchListTrigger: WatchlistTrigger): Promise<void> {
await request<void>({
method: 'DELETE',
url: `watchlists/${watchListToken}/triggers/${watchListTrigger.action}/${watchListTrigger.event}`,
data: watchListTrigger
})
}

125
src/Controller/ConnectorController.php
View File

@ -2,34 +2,14 @@
namespace App\Controller;
use App\Config\ConnectorProvider;
use App\Entity\Connector;
use App\Entity\User;
use App\Service\Connector\AbstractProvider;
use App\Service\Connector\EppClientProvider;
use Doctrine\Common\Collections\Collection;
use Doctrine\ORM\EntityManagerInterface;
use Psr\Log\LoggerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\KernelInterface;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Serializer\Exception\ExceptionInterface;
class ConnectorController extends AbstractController
{
public function __construct(
private readonly EntityManagerInterface $em,
private readonly LoggerInterface $logger,
#[Autowire(service: 'service_container')]
private readonly ContainerInterface $locator,
private readonly KernelInterface $kernel,
) {
}
#[Route(
path: '/api/connectors',
name: 'connector_get_all_mine',
@ -46,109 +26,4 @@ class ConnectorController extends AbstractController
return $user->getConnectors();
}
/**
* @throws ExceptionInterface
* @throws \Throwable
*/
#[Route(
path: '/api/connectors',
name: 'connector_create',
defaults: [
'_api_resource_class' => Connector::class,
'_api_operation_name' => 'create',
],
methods: ['POST']
)]
public function createConnector(Connector $connector): Connector
{
/** @var User $user */
$user = $this->getUser();
$connector->setUser($user);
$provider = $connector->getProvider();
$this->logger->info('User {username} wants to register a connector from provider {provider}.', [
'username' => $user->getUserIdentifier(),
'provider' => $provider->value,
]);
if (null === $provider) {
throw new BadRequestHttpException('Provider not found');
}
$authData = $connector->getAuthData();
if (ConnectorProvider::EPP === $provider) {
$filesystem = new Filesystem();
$directory = EppClientProvider::buildEppCertificateFolder($this->kernel->getProjectDir(), $connector->getId());
unset($authData['file_certificate_pem'], $authData['file_certificate_key']); // Prevent alteration from user
if (isset($authData['certificate_pem'], $authData['certificate_key'])) {
$pemPath = $directory.'client.pem';
$keyPath = $directory.'client.key';
$filesystem->mkdir($directory, 0755);
$filesystem->dumpFile($pemPath, $authData['certificate_pem']);
$filesystem->dumpFile($keyPath, $authData['certificate_key']);
$connector->setAuthData([...$authData, 'file_certificate_pem' => $pemPath, 'file_certificate_key' => $keyPath]);
}
/** @var AbstractProvider $providerClient */
$providerClient = $this->locator->get($provider->getConnectorProvider());
try {
$connector->setAuthData($providerClient->authenticate($authData));
} catch (\Throwable $exception) {
$filesystem->remove($directory);
throw $exception;
}
} else {
/** @var AbstractProvider $providerClient */
$providerClient = $this->locator->get($provider->getConnectorProvider());
$connector->setAuthData($providerClient->authenticate($authData));
}
$this->logger->info('User {username} authentication data with the {provider} provider has been validated.', [
'username' => $user->getUserIdentifier(),
'provider' => $provider->value,
]);
$connector->setCreatedAt(new \DateTimeImmutable('now'));
$this->em->persist($connector);
$this->em->flush();
return $connector;
}
/**
* @throws \Exception
*/
#[Route(
path: '/api/connectors/{id}',
name: 'connector_delete',
defaults: [
'_api_resource_class' => Connector::class,
'_api_operation_name' => 'delete',
],
methods: ['DELETE']
)]
public function deleteConnector(Connector $connector): void
{
foreach ($connector->getWatchLists()->getIterator() as $watchlist) {
$watchlist->setConnector(null);
}
$provider = $connector->getProvider();
if (null === $provider) {
throw new BadRequestHttpException('Provider not found');
}
if (ConnectorProvider::EPP === $provider) {
(new Filesystem())->remove(EppClientProvider::buildEppCertificateFolder($this->kernel->getProjectDir(), $connector->getId()));
}
$this->em->remove($connector);
$this->em->flush();
}
}

313
src/Controller/WatchListController.php
View File

@ -2,158 +2,34 @@
namespace App\Controller;
use App\Entity\Connector;
use App\Entity\Domain;
use App\Entity\DomainEvent;
use App\Entity\DomainStatus;
use App\Entity\User;
use App\Entity\WatchList;
use App\Notifier\TestChatNotification;
use App\Repository\DomainRepository;
use App\Repository\WatchListRepository;
use App\Service\ChatNotificationService;
use App\Service\Connector\AbstractProvider;
use App\Service\RDAPService;
use Doctrine\Common\Collections\Collection;
use Doctrine\DBAL\LockMode;
use Doctrine\ORM\EntityManagerInterface;
use Doctrine\ORM\Exception\ORMException;
use Doctrine\ORM\OptimisticLockException;
use Eluceo\iCal\Domain\Entity\Calendar;
use Eluceo\iCal\Presentation\Component\Property;
use Eluceo\iCal\Presentation\Component\Property\Value\TextValue;
use Eluceo\iCal\Presentation\Factory\CalendarFactory;
use Laminas\Feed\Writer\Entry;
use Laminas\Feed\Writer\Feed;
use Psr\Log\LoggerInterface;
use Sabre\VObject\EofException;
use Sabre\VObject\InvalidDataException;
use Sabre\VObject\ParseException;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
use Symfony\Component\HttpKernel\KernelInterface;
use Symfony\Component\RateLimiter\RateLimiterFactory;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Serializer\Encoder\DecoderInterface;
use Symfony\Component\Serializer\Exception\ExceptionInterface;
use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
use Symfony\Component\Serializer\SerializerInterface;
use Symfony\Contracts\HttpClient\Exception\ClientExceptionInterface;
use Symfony\Contracts\HttpClient\Exception\DecodingExceptionInterface;
use Symfony\Contracts\HttpClient\Exception\RedirectionExceptionInterface;
use Symfony\Contracts\HttpClient\Exception\ServerExceptionInterface;
use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
class WatchListController extends AbstractController
{
public function __construct(
private readonly SerializerInterface&DecoderInterface&DenormalizerInterface $serializer,
private readonly EntityManagerInterface $em,
private readonly WatchListRepository $watchListRepository,
private readonly LoggerInterface $logger,
private readonly ChatNotificationService $chatNotificationService,
private readonly DomainRepository $domainRepository,
private readonly RDAPService $RDAPService,
private readonly RateLimiterFactory $rdapRequestsLimiter,
private readonly KernelInterface $kernel,
#[Autowire(service: 'service_container')]
private readonly ContainerInterface $locator,
) {
}
/**
* @throws TransportExceptionInterface
* @throws ServerExceptionInterface
* @throws RedirectionExceptionInterface
* @throws ExceptionInterface
* @throws DecodingExceptionInterface
* @throws ClientExceptionInterface
* @throws \JsonException
* @throws \Exception
*/
#[Route(
path: '/api/watchlists',
name: 'watchlist_create',
defaults: [
'_api_resource_class' => WatchList::class,
'_api_operation_name' => 'create',
],
methods: ['POST']
)]
public function createWatchList(Request $request): WatchList
{
$watchList = $this->registerDomainsInWatchlist($request->getContent(), ['watchlist:create']);
/** @var User $user */
$user = $this->getUser();
$watchList->setUser($user);
/*
* In the limited version, we do not want a user to be able to register the same domain more than once in their watchlists.
* This policy guarantees the equal probability of obtaining a domain name if it is requested by several users.
*/
if ($this->getParameter('limited_features')) {
if ($watchList->getDomains()->count() > (int) $this->getParameter('limit_max_watchlist_domains')) {
$this->logger->notice('User {username} tried to create a Watchlist. The maximum number of domains has been reached.', [
'username' => $user->getUserIdentifier(),
]);
throw new AccessDeniedHttpException('You have exceeded the maximum number of domain names allowed in this Watchlist');
}
$userWatchLists = $user->getWatchLists();
if ($userWatchLists->count() >= (int) $this->getParameter('limit_max_watchlist')) {
$this->logger->notice('User {username} tried to create a Watchlist. The maximum number of Watchlists has been reached', [
'username' => $user->getUserIdentifier(),
]);
throw new AccessDeniedHttpException('You have exceeded the maximum number of Watchlists allowed');
}
/** @var Domain[] $trackedDomains */
$trackedDomains = $userWatchLists->reduce(fn (array $acc, WatchList $watchList) => [...$acc, ...$watchList->getDomains()->toArray()], []);
/** @var Domain $domain */
foreach ($watchList->getDomains()->getIterator() as $domain) {
if (in_array($domain, $trackedDomains)) {
$ldhName = $domain->getLdhName();
$this->logger->notice('User {username} tried to create a watchlist with domain name {ldhName}. It is forbidden to register the same domain name twice with limited mode', [
'username' => $user->getUserIdentifier(),
'ldhName' => $ldhName,
]);
throw new AccessDeniedHttpException("It is forbidden to register the same domain name twice in your watchlists with limited mode ($ldhName)");
}
}
if (null !== $watchList->getWebhookDsn() && count($watchList->getWebhookDsn()) > (int) $this->getParameter('limit_max_watchlist_webhooks')) {
$this->logger->notice('User {username} tried to create a Watchlist. The maximum number of webhooks has been reached.', [
'username' => $user->getUserIdentifier(),
]);
throw new AccessDeniedHttpException('You have exceeded the maximum number of webhooks allowed in this Watchlist');
}
}
$this->chatNotificationService->sendChatNotification($watchList, new TestChatNotification());
$this->verifyConnector($watchList, $watchList->getConnector());
$this->logger->info('User {username} registers a Watchlist ({token}).', [
'username' => $user->getUserIdentifier(),
'token' => $watchList->getToken(),
]);
$this->em->persist($watchList);
$this->em->flush();
return $watchList;
}
#[Route(
path: '/api/watchlists',
name: 'watchlist_get_all_mine',
@ -171,140 +47,6 @@ class WatchListController extends AbstractController
return $user->getWatchLists();
}
/**
* @throws \Exception
* @throws ExceptionInterface
*/
private function verifyConnector(WatchList $watchList, ?Connector $connector): void
{
/** @var User $user */
$user = $this->getUser();
if (null === $connector) {
return;
}
if (!$user->getConnectors()->contains($connector)) {
$this->logger->notice('The Connector ({connector}) does not belong to the user.', [
'username' => $user->getUserIdentifier(),
'connector' => $connector->getId(),
]);
throw new AccessDeniedHttpException('You cannot create a Watchlist with a connector that does not belong to you');
}
/** @var Domain $domain */
foreach ($watchList->getDomains()->getIterator() as $domain) {
if ($domain->getDeleted()) {
$ldhName = $domain->getLdhName();
throw new BadRequestHttpException("To add a connector, no domain in this Watchlist must have already expired ($ldhName)");
}
}
$connectorProviderClass = $connector->getProvider()->getConnectorProvider();
/** @var AbstractProvider $connectorProvider */
$connectorProvider = $this->locator->get($connectorProviderClass);
$connectorProvider->authenticate($connector->getAuthData());
$supported = $connectorProvider->isSupported(...$watchList->getDomains()->toArray());
if (!$supported) {
$this->logger->notice('The Connector ({connector}) does not support all TLDs in this Watchlist', [
'username' => $user->getUserIdentifier(),
'connector' => $connector->getId(),
]);
throw new BadRequestHttpException('This connector does not support all TLDs in this Watchlist');
}
}
/**
* @throws ORMException
* @throws RedirectionExceptionInterface
* @throws DecodingExceptionInterface
* @throws ClientExceptionInterface
* @throws \JsonException
* @throws OptimisticLockException
* @throws TransportExceptionInterface
* @throws ServerExceptionInterface
* @throws ExceptionInterface
* @throws \Exception
*/
#[Route(
path: '/api/watchlists/{token}',
name: 'watchlist_update',
defaults: [
'_api_resource_class' => WatchList::class,
'_api_operation_name' => 'update',
],
methods: ['PUT']
)]
public function putWatchList(Request $request): WatchList
{
$watchList = $this->registerDomainsInWatchlist($request->getContent(), ['watchlist:create', 'watchlist:token']);
/** @var User $user */
$user = $this->getUser();
$watchList->setUser($user);
if ($this->getParameter('limited_features')) {
if ($watchList->getDomains()->count() > (int) $this->getParameter('limit_max_watchlist_domains')) {
$this->logger->notice('User {username} tried to update a Watchlist. The maximum number of domains has been reached for this Watchlist', [
'username' => $user->getUserIdentifier(),
]);
throw new AccessDeniedHttpException('You have exceeded the maximum number of domain names allowed in this Watchlist');
}
$userWatchLists = $user->getWatchLists();
/** @var Domain[] $trackedDomains */
$trackedDomains = $userWatchLists
->filter(fn (WatchList $wl) => $wl->getToken() !== $watchList->getToken())
->reduce(fn (array $acc, WatchList $wl) => [...$acc, ...$wl->getDomains()->toArray()], []);
/** @var Domain $domain */
foreach ($watchList->getDomains()->getIterator() as $domain) {
if (in_array($domain, $trackedDomains)) {
$ldhName = $domain->getLdhName();
$this->logger->notice('User {username} tried to update a watchlist with domain name {ldhName}. It is forbidden to register the same domain name twice with limited mode', [
'username' => $user->getUserIdentifier(),
'ldhName' => $ldhName,
]);
throw new AccessDeniedHttpException("It is forbidden to register the same domain name twice in your watchlists with limited mode ($ldhName)");
}
}
if (null !== $watchList->getWebhookDsn() && count($watchList->getWebhookDsn()) > (int) $this->getParameter('limit_max_watchlist_webhooks')) {
$this->logger->notice('User {username} tried to update a Watchlist. The maximum number of webhooks has been reached.', [
'username' => $user->getUserIdentifier(),
]);
throw new AccessDeniedHttpException('You have exceeded the maximum number of webhooks allowed in this Watchlist');
}
}
$this->chatNotificationService->sendChatNotification($watchList, new TestChatNotification());
$this->verifyConnector($watchList, $watchList->getConnector());
$this->logger->info('User {username} updates a Watchlist ({token}).', [
'username' => $user->getUserIdentifier(),
'token' => $watchList->getToken(),
]);
$this->em->beginTransaction();
/** @var WatchList $oldWatchlist */
$oldWatchlist = $this->em->getReference(WatchList::class, $watchList->getToken());
$this->em->lock($oldWatchlist, LockMode::PESSIMISTIC_WRITE);
$this->em->remove($oldWatchlist);
$this->em->flush();
$this->em->persist($watchList);
$this->em->flush();
$this->em->commit();
return $watchList;
}
/**
* @throws ParseException
* @throws EofException
@ -379,61 +121,6 @@ class WatchListController extends AbstractController
return $domains;
}
/**
* @throws TransportExceptionInterface
* @throws ServerExceptionInterface
* @throws RedirectionExceptionInterface
* @throws DecodingExceptionInterface
* @throws ClientExceptionInterface
* @throws \JsonException
*/
private function registerDomainsInWatchlist(string $content, array $groups): WatchList
{
/** @var WatchList $watchList */
$watchList = $this->serializer->deserialize($content, WatchList::class, 'json', ['groups' => $groups]);
$data = json_decode($content, true, 512, JSON_THROW_ON_ERROR);
if (!is_array($data) || !isset($data['domains']) || !is_array($data['domains'])) {
throw new BadRequestHttpException('Invalid payload: missing or invalid "domains" field.');
}
$domains = array_map(fn (string $d) => str_replace('/api/domains/', '', $d), $data['domains']);
foreach ($domains as $ldhName) {
/** @var ?Domain $domain */
$domain = $this->domainRepository->findOneBy(['ldhName' => RDAPService::convertToIdn($ldhName)]);
if (null === $domain) {
try {
$domain = $this->RDAPService->registerDomain($ldhName);
} catch (NotFoundHttpException) {
$domain = (new Domain())
->setLdhName($ldhName)
->setTld($this->RDAPService->getTld($ldhName))
->setDelegationSigned(false)
->setDeleted(true);
$this->em->persist($domain);
$this->em->flush();
}
if (false === $this->kernel->isDebug() && true === $this->getParameter('limited_features')) {
$limiter = $this->rdapRequestsLimiter->create($this->getUser()->getUserIdentifier());
$limit = $limiter->consume();
if (!$limit->isAccepted()) {
throw new TooManyRequestsHttpException($limit->getRetryAfter()->getTimestamp() - time());
}
}
}
$watchList->addDomain($domain);
}
return $watchList;
}
/**
* @throws \Exception
*/

10
src/Entity/Connector.php
View File

@ -9,6 +9,8 @@ use ApiPlatform\Metadata\GetCollection;
use ApiPlatform\Metadata\Post;
use App\Config\ConnectorProvider;
use App\Repository\ConnectorRepository;
use App\State\ConnectorCreateProcessor;
use App\State\ConnectorDeleteProcessor;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Doctrine\ORM\Mapping as ORM;
@ -28,15 +30,15 @@ use Symfony\Component\Uid\Uuid;
security: 'object.user == user'
),
new Post(
routeName: 'connector_create',
normalizationContext: ['groups' => ['connector:create', 'connector:list']],
denormalizationContext: ['groups' => 'connector:create'],
name: 'create'
name: 'create',
processor: ConnectorCreateProcessor::class
),
new Delete(
routeName: 'connector_delete',
security: 'object.user == user',
name: 'delete'
name: 'delete',
processor: ConnectorDeleteProcessor::class
),
]
)]

4
src/Entity/Domain.php
View File

@ -8,6 +8,7 @@ use App\Config\EventAction;
use App\Controller\DomainRefreshController;
use App\Repository\DomainRepository;
use App\Service\RDAPService;
use App\State\AutoRegisterDomainProvider;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Doctrine\DBAL\Types\Types;
@ -54,7 +55,8 @@ use Symfony\Component\Serializer\Attribute\SerializedName;
],
read: false
),
]
],
provider: AutoRegisterDomainProvider::class
)]
class Domain
{

61
src/Entity/WatchList.php
View File

@ -9,6 +9,7 @@ use ApiPlatform\Metadata\GetCollection;
use ApiPlatform\Metadata\Post;
use ApiPlatform\Metadata\Put;
use App\Repository\WatchListRepository;
use App\State\WatchListUpdateProcessor;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Doctrine\DBAL\Types\Types;
@ -23,35 +24,40 @@ use Symfony\Component\Uid\Uuid;
operations: [
new GetCollection(
routeName: 'watchlist_get_all_mine',
normalizationContext: ['groups' => [
'watchlist:list',
'domain:list',
'event:list',
]],
normalizationContext: [
'groups' => [
'watchlist:list',
'domain:list',
'event:list',
],
],
name: 'get_all_mine',
),
new GetCollection(
uriTemplate: '/tracked',
routeName: 'watchlist_get_tracked_domains',
normalizationContext: ['groups' => [
'domain:list',
'tld:list',
'event:list',
'domain:list',
'event:list',
]],
normalizationContext: [
'groups' => [
'domain:list',
'tld:list',
'event:list',
'domain:list',
'event:list',
],
],
name: 'get_tracked_domains'
),
new Get(
normalizationContext: ['groups' => [
'watchlist:item',
'domain:item',
'event:list',
'domain-entity:entity',
'nameserver-entity:nameserver',
'nameserver-entity:entity',
'tld:item',
],
normalizationContext: [
'groups' => [
'watchlist:item',
'domain:item',
'event:list',
'domain-entity:entity',
'nameserver-entity:nameserver',
'nameserver-entity:entity',
'tld:item',
],
],
security: 'object.user == user'
),
@ -78,16 +84,17 @@ use Symfony\Component\Uid\Uuid;
name: 'calendar'
),
new Post(
routeName: 'watchlist_create', normalizationContext: ['groups' => 'watchlist:list'],
normalizationContext: ['groups' => 'watchlist:list'],
denormalizationContext: ['groups' => 'watchlist:create'],
name: 'create'
name: 'create',
processor: WatchListUpdateProcessor::class,
),
new Put(
routeName: 'watchlist_update',
normalizationContext: ['groups' => 'watchlist:item'],
denormalizationContext: ['groups' => ['watchlist:create', 'watchlist:token']],
security: 'object.user == user',
name: 'update'
name: 'update',
processor: WatchListUpdateProcessor::class,
),
new Delete(
security: 'object.user == user'
@ -145,10 +152,12 @@ class WatchList
#[ORM\ManyToOne(targetEntity: User::class, inversedBy: 'watchLists')]
#[ORM\JoinColumn(nullable: false, onDelete: 'CASCADE')]
public ?User $user = null;
#[ORM\Id]
#[ORM\Column(type: 'uuid')]
#[Groups(['watchlist:item', 'watchlist:list', 'watchlist:token'])]
private string $token;
/**
* @var Collection<int, Domain>
*/
@ -156,7 +165,7 @@ class WatchList
#[ORM\JoinTable(name: 'watch_lists_domains',
joinColumns: [new ORM\JoinColumn(name: 'watch_list_token', referencedColumnName: 'token', onDelete: 'CASCADE')],
inverseJoinColumns: [new ORM\JoinColumn(name: 'domain_ldh_name', referencedColumnName: 'ldh_name', onDelete: 'CASCADE')])]
#[Groups(['watchlist:list', 'watchlist:item'])]
#[Groups(['watchlist:create', 'watchlist:list', 'watchlist:item'])]
private Collection $domains;
/**

42
src/Entity/WatchListTrigger.php
View File

@ -2,28 +2,58 @@
namespace App\Entity;
use ApiPlatform\Metadata\ApiResource;
use ApiPlatform\Metadata\Delete;
use ApiPlatform\Metadata\Get;
use ApiPlatform\Metadata\GetCollection;
use ApiPlatform\Metadata\Link;
use ApiPlatform\Metadata\Post;
use App\Config\TriggerAction;
use App\Repository\EventTriggerRepository;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Serializer\Attribute\Groups;
#[ORM\Entity(repositoryClass: EventTriggerRepository::class)]
#[ApiResource(
uriTemplate: '/watchlists/{watchListId}/triggers/{action}/{event}',
operations: [
new Get(),
new GetCollection(
uriTemplate: '/watchlists/{watchListId}/triggers',
uriVariables: [
'watchListId' => new Link(fromProperty: 'token', toProperty: 'watchList', fromClass: WatchList::class),
],
),
new Post(
uriTemplate: '/watchlist-triggers',
uriVariables: [],
security: 'true'
),
new Delete(),
],
uriVariables: [
'watchListId' => new Link(fromProperty: 'token', toProperty: 'watchList', fromClass: WatchList::class),
'action' => 'action',
'event' => 'event',
],
security: 'object.getWatchList().user == user',
)]
class WatchListTrigger
{
#[ORM\Id]
#[ORM\Column(length: 255)]
#[ORM\Column(length: 255, nullable: false)]
#[Groups(['watchlist:list', 'watchlist:item', 'watchlist:create'])]
private ?string $event = null;
private ?string $event;
#[ORM\Id]
#[ORM\ManyToOne(targetEntity: WatchList::class, cascade: ['persist'], inversedBy: 'watchListTriggers')]
#[ORM\ManyToOne(targetEntity: WatchList::class, inversedBy: 'watchListTriggers')]
#[ORM\JoinColumn(referencedColumnName: 'token', nullable: false, onDelete: 'CASCADE')]
private ?WatchList $watchList = null;
private ?WatchList $watchList;
#[ORM\Id]
#[ORM\Column(enumType: TriggerAction::class)]
#[ORM\Column(nullable: false, enumType: TriggerAction::class)]
#[Groups(['watchlist:list', 'watchlist:item', 'watchlist:create'])]
private ?TriggerAction $action = null;
private ?TriggerAction $action;
public function getEvent(): ?string
{

3
src/Service/ChatNotificationService.php
View File

@ -22,7 +22,8 @@ readonly class ChatNotificationService
public function sendChatNotification(WatchList $watchList, DomainWatchdogNotification $notification): void
{
$webhookDsn = $watchList->getWebhookDsn();
if (null === $webhookDsn || 0 === count($webhookDsn)) {
if (empty($webhookDsn)) {
return;
}

65
src/State/AutoRegisterDomainProvider.php Normal file
View File

@ -0,0 +1,65 @@
<?php
namespace App\State;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProviderInterface;
use App\Entity\Domain;
use App\Service\RDAPService;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
use Symfony\Component\HttpKernel\KernelInterface;
use Symfony\Component\RateLimiter\RateLimiterFactory;
readonly class AutoRegisterDomainProvider implements ProviderInterface
{
public function __construct(
#[Autowire(service: 'api_platform.doctrine.orm.state.item_provider')]
private ProviderInterface $itemProvider,
private RDAPService $RDAPService,
private EntityManagerInterface $entityManager,
private KernelInterface $kernel,
private ParameterBagInterface $parameterBag,
private RateLimiterFactory $rdapRequestsLimiter, private Security $security,
) {
}
public function provide(Operation $operation, array $uriVariables = [], array $context = []): object|array|null
{
$domain = $this->itemProvider->provide($operation, $uriVariables, $context);
if (!is_null($domain)) {
return $domain;
}
if (false === $this->kernel->isDebug() && true === $this->parameterBag->get('limited_features')) {
$limiter = $this->rdapRequestsLimiter->create($this->security->getUser()->getUserIdentifier());
$limit = $limiter->consume();
if (!$limit->isAccepted()) {
throw new TooManyRequestsHttpException($limit->getRetryAfter()->getTimestamp() - time());
}
}
$ldhName = RDAPService::convertToIdn($uriVariables['ldhName']);
try {
$domain = $this->RDAPService->registerDomain($ldhName);
} catch (NotFoundHttpException) {
$domain = (new Domain())
->setLdhName($ldhName)
->setTld($this->RDAPService->getTld($ldhName))
->setDelegationSigned(false)
->setDeleted(true);
$this->entityManager->persist($domain);
$this->entityManager->flush();
}
return $domain;
}
}

100
src/State/ConnectorCreateProcessor.php Normal file
View File

@ -0,0 +1,100 @@
<?php
namespace App\State;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProcessorInterface;
use App\Config\ConnectorProvider;
use App\Entity\Connector;
use App\Entity\User;
use App\Service\Connector\AbstractProvider;
use App\Service\Connector\EppClientProvider;
use Psr\Log\LoggerInterface;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\KernelInterface;
use Symfony\Component\Serializer\Exception\ExceptionInterface;
readonly class ConnectorCreateProcessor implements ProcessorInterface
{
public function __construct(
private Security $security,
#[Autowire(service: 'api_platform.doctrine.orm.state.persist_processor')]
private ProcessorInterface $persistProcessor,
private LoggerInterface $logger,
#[Autowire(service: 'service_container')]
private ContainerInterface $locator,
private KernelInterface $kernel,
) {
}
/**
* @param Connector $data
*
* @return Connector
*
* @throws \Throwable
* @throws ExceptionInterface
*/
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): mixed
{
/** @var User $user */
$user = $this->security->getUser();
$data->setUser($user);
$provider = $data->getProvider();
$this->logger->info('User {username} wants to register a connector from provider {provider}.', [
'username' => $user->getUserIdentifier(),
'provider' => $provider->value,
]);
if (null === $provider) {
throw new BadRequestHttpException('Provider not found');
}
$authData = $data->getAuthData();
if (ConnectorProvider::EPP === $provider) {
$filesystem = new Filesystem();
$directory = EppClientProvider::buildEppCertificateFolder($this->kernel->getProjectDir(), $data->getId());
unset($authData['file_certificate_pem'], $authData['file_certificate_key']); // Prevent alteration from user
if (isset($authData['certificate_pem'], $authData['certificate_key'])) {
$pemPath = $directory.'client.pem';
$keyPath = $directory.'client.key';
$filesystem->mkdir($directory, 0755);
$filesystem->dumpFile($pemPath, $authData['certificate_pem']);
$filesystem->dumpFile($keyPath, $authData['certificate_key']);
$data->setAuthData([...$authData, 'file_certificate_pem' => $pemPath, 'file_certificate_key' => $keyPath]);
}
/** @var AbstractProvider $providerClient */
$providerClient = $this->locator->get($provider->getConnectorProvider());
try {
$data->setAuthData($providerClient->authenticate($authData));
} catch (\Throwable $exception) {
$filesystem->remove($directory);
throw $exception;
}
} else {
/** @var AbstractProvider $providerClient */
$providerClient = $this->locator->get($provider->getConnectorProvider());
$data->setAuthData($providerClient->authenticate($authData));
}
$this->logger->info('User {username} authentication data with the {provider} provider has been validated.', [
'username' => $user->getUserIdentifier(),
'provider' => $provider->value,
]);
$data->setCreatedAt(new \DateTimeImmutable('now'));
$this->persistProcessor->process($data, $operation, $uriVariables, $context);
return $data;
}
}

51
src/State/ConnectorDeleteProcessor.php Normal file
View File

@ -0,0 +1,51 @@
<?php
namespace App\State;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProcessorInterface;
use App\Config\ConnectorProvider;
use App\Entity\Connector;
use App\Service\Connector\EppClientProvider;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\KernelInterface;
readonly class ConnectorDeleteProcessor implements ProcessorInterface
{
public function __construct(
#[Autowire(service: 'api_platform.doctrine.orm.state.remove_processor')]
private ProcessorInterface $removeProcessor,
private KernelInterface $kernel,
) {
}
/**
* @param Connector $data
*
* @return Connector
*
* @throws \Throwable
*/
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): mixed
{
foreach ($data->getWatchLists()->getIterator() as $watchlist) {
$watchlist->setConnector(null);
}
$provider = $data->getProvider();
if (null === $provider) {
throw new BadRequestHttpException('Provider not found');
}
if (ConnectorProvider::EPP === $provider) {
(new Filesystem())->remove(EppClientProvider::buildEppCertificateFolder($this->kernel->getProjectDir(), $data->getId()));
}
$this->removeProcessor->process($data, $operation, $uriVariables, $context);
return $data;
}
}

130
src/State/WatchListUpdateProcessor.php Normal file
View File

@ -0,0 +1,130 @@
<?php
namespace App\State;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProcessorInterface;
use App\Entity\Domain;
use App\Entity\User;
use App\Entity\WatchList;
use App\Notifier\TestChatNotification;
use App\Service\ChatNotificationService;
use App\Service\Connector\AbstractProvider;
use Psr\Log\LoggerInterface;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\Serializer\Exception\ExceptionInterface;
readonly class WatchListUpdateProcessor implements ProcessorInterface
{
public function __construct(
private Security $security,
private ParameterBagInterface $parameterBag,
#[Autowire(service: 'api_platform.doctrine.orm.state.persist_processor')]
private ProcessorInterface $persistProcessor,
private LoggerInterface $logger,
private ChatNotificationService $chatNotificationService,
#[Autowire(service: 'service_container')]
private ContainerInterface $locator,
) {
}
/**
* @param WatchList $data
*
* @return WatchList
*
* @throws ExceptionInterface
* @throws \Exception
*/
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): mixed
{
/** @var User $user */
$user = $this->security->getUser();
$data->setUser($user);
if ($this->parameterBag->get('limited_features')) {
if ($data->getDomains()->count() > (int) $this->parameterBag->get('limit_max_watchlist_domains')) {
$this->logger->notice('User {username} tried to update a Watchlist. The maximum number of domains has been reached for this Watchlist', [
'username' => $user->getUserIdentifier(),
]);
throw new AccessDeniedHttpException('You have exceeded the maximum number of domain names allowed in this Watchlist');
}
$userWatchLists = $user->getWatchLists();
/** @var Domain[] $trackedDomains */
$trackedDomains = $userWatchLists
->filter(fn (WatchList $wl) => $wl->getToken() !== $data->getToken())
->reduce(fn (array $acc, WatchList $wl) => [...$acc, ...$wl->getDomains()->toArray()], []);
/** @var Domain $domain */
foreach ($data->getDomains()->getIterator() as $domain) {
if (in_array($domain, $trackedDomains)) {
$ldhName = $domain->getLdhName();
$this->logger->notice('User {username} tried to update a watchlist with domain name {ldhName}. It is forbidden to register the same domain name twice with limited mode', [
'username' => $user->getUserIdentifier(),
'ldhName' => $ldhName,
]);
throw new AccessDeniedHttpException("It is forbidden to register the same domain name twice in your watchlists with limited mode ($ldhName)");
}
}
if (null !== $data->getWebhookDsn() && count($data->getWebhookDsn()) > (int) $this->parameterBag->get('limit_max_watchlist_webhooks')) {
$this->logger->notice('User {username} tried to update a Watchlist. The maximum number of webhooks has been reached.', [
'username' => $user->getUserIdentifier(),
]);
throw new AccessDeniedHttpException('You have exceeded the maximum number of webhooks allowed in this Watchlist');
}
}
$this->chatNotificationService->sendChatNotification($data, new TestChatNotification());
if ($connector = $data->getConnector()) {
if (!$user->getConnectors()->contains($connector)) {
$this->logger->notice('The Connector ({connector}) does not belong to the user.', [
'username' => $user->getUserIdentifier(),
'connector' => $connector->getId(),
]);
throw new AccessDeniedHttpException('You cannot create a Watchlist with a connector that does not belong to you');
}
/** @var Domain $domain */
foreach ($data->getDomains()->getIterator() as $domain) {
if ($domain->getDeleted()) {
$ldhName = $domain->getLdhName();
throw new BadRequestHttpException("To add a connector, no domain in this Watchlist must have already expired ($ldhName)");
}
}
$connectorProviderClass = $connector->getProvider()->getConnectorProvider();
/** @var AbstractProvider $connectorProvider */
$connectorProvider = $this->locator->get($connectorProviderClass);
$connectorProvider->authenticate($connector->getAuthData());
$supported = $connectorProvider->isSupported(...$data->getDomains()->toArray());
if (!$supported) {
$this->logger->notice('The Connector ({connector}) does not support all TLDs in this Watchlist', [
'username' => $user->getUserIdentifier(),
'connector' => $connector->getId(),
]);
throw new BadRequestHttpException('This connector does not support all TLDs in this Watchlist');
}
}
$this->persistProcessor->process($data, $operation, $uriVariables, $context);
return $data;
}
}