wazuh · Desvelao · Sep 27, 2024 · Nov 28, 2024 · Nov 28, 2024 · Nov 28, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Support for Wazuh 5.0.0
 - Added creation of report definition when creating dashboard by reference and the button to reset the report [#7091](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7091)
 - Added a frontend http client to core plugin [#7000](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7000)
+- Added serverSecurity service to core plugin [#7026](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7026)
 - Added an initilization service to core plugin to run the initilization tasks related to user scope [#7145](https://github.com/wazuh/wazuh-dashboard-plugins/pull/7145)
 
 ### Removed

diff --git a/...ts/overview/vulnerabilities/common/hocs/validate-vulnerabilities-states-index-pattern.tsx b/...ts/overview/vulnerabilities/common/hocs/validate-vulnerabilities-states-index-pattern.tsx
@@ -154,12 +154,10 @@ export const PromptCheckIndex = (props: {
   );
 };
 
-const mapStateToProps = state => {
-  return {
-    vulnerabilitiesStatesindexPatternID:
-      state.appConfig.data['vulnerabilities.pattern'],
-  };
-};
+const mapStateToProps = state => ({
+  vulnerabilitiesStatesindexPatternID:
+    state.appConfig.data['vulnerabilities.pattern'],
+});
 
 export const withVulnerabilitiesStateDataSource = compose(
   connect(mapStateToProps),

diff --git a/plugins/wazuh-core/common/services/initialization/constants.ts b/plugins/wazuh-core/common/services/initialization/constants.ts
@@ -1,4 +1,4 @@
-export const initializationTask = {
+export const INITIALIZATION_TASK = {
   RUN_STATUS: {
     NOT_STARTED: 'not_started',
     RUNNING: 'running',

diff --git a/plugins/wazuh-core/common/services/initialization/types.ts b/plugins/wazuh-core/common/services/initialization/types.ts
@@ -1,13 +1,13 @@
-import { initializationTask } from './constants';
+import { INITIALIZATION_TASK } from './constants';
 
-type RunStatusEnum = (typeof initializationTask)['RUN_STATUS'];
+type RunStatusEnum = (typeof INITIALIZATION_TASK)['RUN_STATUS'];
 
 export type InitializationTaskRunStatus = RunStatusEnum[keyof RunStatusEnum];
 
-type RunResultEnum = (typeof initializationTask)['RUN_RESULT'];
+type RunResultEnum = (typeof INITIALIZATION_TASK)['RUN_RESULT'];
 
 export type InitializationTaskRunResult = RunResultEnum[keyof RunResultEnum];
 
-type ContextEnum = (typeof initializationTask)['CONTEXT'];
+type ContextEnum = (typeof INITIALIZATION_TASK)['CONTEXT'];
 
 export type InitializationTaskContext = ContextEnum[keyof ContextEnum];
diff --git a/plugins/wazuh-core/docs/README.md b/plugins/wazuh-core/docs/README.md
@@ -15,6 +15,8 @@ This plugin provides some core services:
 
 ## Frontend
 
-- Configuration: manage the plugins configuration
-- Utils
 - Constants
+- Utils
+- Configuration: manage the plugins configuration
+- Dashboard Security: manage the security related to Wazuh dashboard
+- Server Security: manage the security related to Wazuh server
diff --git a/plugins/wazuh-core/public/plugin.ts b/plugins/wazuh-core/public/plugin.ts
@@ -1,4 +1,5 @@
 import { CoreSetup, CoreStart, Plugin } from 'opensearch-dashboards/public';
+import { BehaviorSubject } from 'rxjs';
 import { API_USER_STATUS_RUN_AS } from '../common/api-user-status-run-as';
 import { Configuration } from '../common/services/configuration';
 import {
@@ -12,14 +13,15 @@ import * as uiComponents from './components';
 import { ConfigurationStore } from './utils/configuration-store';
 import { DashboardSecurity } from './utils/dashboard-security';
 import * as hooks from './hooks';
+import { CoreServerSecurity } from './services';
 import { CoreHTTPClient } from './services/http/http-client';
 
 const noop = () => {};
 
 export class WazuhCorePlugin
   implements Plugin<WazuhCorePluginSetup, WazuhCorePluginStart>
 {
-  runtime = { setup: {} };
+  runtime: Record<string, any> = { setup: {} };
   internal: Record<string, any> = {};
   services: Record<string, any> = {};
 
@@ -55,6 +57,20 @@ export class WazuhCorePlugin
     // Create dashboardSecurity
     this.services.dashboardSecurity = new DashboardSecurity(logger, core.http);
 
+    // TODO: replace by the current session data
+    const userSessionData = {
+      account: {
+        administrator: false,
+        administrator_requirements: '',
+      },
+      policies: { rbac_mode: 'white' },
+    };
+    const userSession$ = new BehaviorSubject(userSessionData);
+
+    this.services.serverSecurity = new CoreServerSecurity(logger, {
+      getUserPermissions: () => {}, // TODO: implement
+    });
+
     // Create http
     this.services.http = new CoreHTTPClient(logger, {
       getTimeout: async () =>
@@ -69,13 +85,39 @@ export class WazuhCorePlugin
     await this.services.dashboardSecurity.setup();
     this.runtime.setup.http = await this.services.http.setup({ core });
 
+    this.runtime.securityServer = this.services.serverSecurity.setup({
+      userSession$: userSession$, // TODO: replace
+      getUserSession: () => userSessionData, // TODO: replace
+      useLoadingLogo: () => {
+        // TODO: implement
+        // const {
+        //   ['customization.logo.app']: customlogoApp,
+        //   ['customization.enabled']: customizationEnabled,
+        // } = useConfiguration();
+        // const customImage = customizationEnabled && customlogoApp;
+        // const imageSrc = getHttp().basePath.prepend(
+        //   customImage
+        //     ? getAssetURL(customImage)
+        //     : getThemeAssetURL('logo.svg'),
+        // );
+      },
+    });
+
     return {
       ...this.services,
       utils,
       API_USER_STATUS_RUN_AS,
+      hooks: {
+        ...hooks,
+        ...this.runtime.setup.securityServer.hooks,
+      },
+      hocs: {
+        ...this.runtime.setup.securityServer.hocs,
+      },
       ui: {
         ...uiComponents,
         ...this.runtime.setup.http.ui,
+        ...this.runtime.setup.securityServer.ui,
       },
     };
   }
@@ -94,10 +136,17 @@ export class WazuhCorePlugin
       ...this.services,
       utils,
       API_USER_STATUS_RUN_AS,
-      hooks,
+      hooks: {
+        ...hooks,
+        ...this.runtime.setup.securityServer.hooks,
+      },
+      hocs: {
+        ...this.runtime.setup.securityServer.hocs,
+      },
       ui: {
         ...uiComponents,
         ...this.runtime.setup.http.ui,
+        ...this.runtime.setup.securityServer.ui,
       },
     };
   }

diff --git a/plugins/wazuh-core/public/services/index.ts b/plugins/wazuh-core/public/services/index.ts
@@ -0,0 +1 @@
+export * from './server-security';
diff --git a/plugins/wazuh-core/public/services/server-security/README.md b/plugins/wazuh-core/public/services/server-security/README.md
@@ -0,0 +1,55 @@
+# Server security
+
+The `serverSecurity` service is created in the core plugin and manage the security related to the Wazuh server.
+
+- Permissions
+
+## Features
+
+### Service
+
+- Expose methods to check the missing permission for the current user or a generic method
+
+### Others
+
+The service creates in the `setup` lifecycle method the following resources:
+
+- hooks
+  - useServerUserPermissions: the permissions of the logged user
+  ```tsx
+  const userPermissions = useServerUserPermissions();
+  ```
+  - useServerUserPermissionsRequirements: the missing permissions of the required permissions for the logged user
+  ```tsx
+  const [missingPermissions, userPermissions] =
+    useServerUserPermissionsRequirements(requiredPermissions);
+  ```
+  - useServerUserPermissionsIsAdminRequirements: the missing requirements for "administrator users"
+  ```tsx
+  const [administratorRequirements, userSession] =
+    useServerUserPermissionsIsAdminRequirements();
+  ```
+  - useServerUserLogged: user is logged status
+  ```tsx
+  const useIsLogged = useServerUserLogged();
+  ```
+- HOCs
+  - withServerUserAuthorizationPromptChanged:
+  ```tsx
+  withServerUserAuthorizationPromptChanged(permissions, {
+    isAdmininistrator: true,
+  })(WrappedComponent);
+  ```
+  - withServerUserLogged: when the user is not logged, display a loading
+  ```tsx
+  withServerUserLogged(WrappedComponent);
+  ```
+  - withServerUserAuthorizationPrompt:
+  ```tsx
+  withServerUserAuthorizationPrompt(permissions, { isAdmininistrator: true })(
+    WrappedComponent,
+  );
+  ```
+- UI components
+  - ServerButtonPermissions
+  - ServerElementPermissions
diff --git a/plugins/wazuh-core/public/services/server-security/index.ts b/plugins/wazuh-core/public/services/server-security/index.ts
@@ -0,0 +1,2 @@
+export * from './types';
+export { CoreServerSecurity } from './server-security';
diff --git a/plugins/wazuh-core/public/services/server-security/server-security.ts b/plugins/wazuh-core/public/services/server-security/server-security.ts
@@ -0,0 +1,82 @@
+import { Logger } from '../../../common/services/configuration';
+import { checkMissingUserPermissions } from './wz-user-permissions';
+import {
+  ServerSecurity,
+  ServerSecurityCombinedPermission,
+  ServerSecuritySetupDeps,
+  ServerSecuritySetupReturn,
+} from './types';
+import { createServerSecurityHooks } from './ui/hooks/creator';
+import { createServerSecurityHOCS } from './ui/hocs/creator';
+import { createServerSecurityUI } from './ui/components/creator';
+import { LoadingServerUserLogging } from './ui/components/loading';
+import { WzEmptyPromptNoPermissions } from './ui/components/prompt';
+
+export class CoreServerSecurity implements ServerSecurity {
+  private readonly getUserPermissions: any;
+
+  constructor(
+    private readonly logger: Logger,
+    { getUserPermissions },
+  ) {
+    this.getUserPermissions = getUserPermissions;
+  }
+
+  setup(deps: ServerSecuritySetupDeps): ServerSecuritySetupReturn {
+    this.logger.debug('Setup');
+
+    this.logger.debug('Creating runtime hooks');
+
+    const hooks = createServerSecurityHooks({
+      ...deps,
+      checkMissingUserPermissions: this.checkMissingUserPermissions,
+    });
+
+    this.logger.debug('Created runtime hooks');
+
+    this.logger.debug('Creating runtime HOCs');
+
+    const hocs = createServerSecurityHOCS({
+      ...deps,
+      ...hooks,
+      LoadingServerUserLogging,
+      PromptNoPermissions: WzEmptyPromptNoPermissions,
+    });
+
+    this.logger.debug('Created runtime HOCs');
+
+    this.logger.debug('Creating UI components');
+
+    const ui = createServerSecurityUI(hooks);
+
+    this.logger.debug('Creating UI components');
+
+    this.logger.debug('Setup finished');
+
+    return {
+      hooks,
+      hocs,
+      ui,
+    };
+  }
+
+  start() {}
+
+  stop() {}
+
+  checkMissingUserPermissions(
+    requiredPermissions: ServerSecurityCombinedPermission[],
+    userPermissions: any,
+  ) {
+    return checkMissingUserPermissions(requiredPermissions, userPermissions);
+  }
+
+  getMissingUserPermissions(
+    requiredPermissions: ServerSecurityCombinedPermission[],
+  ) {
+    return checkMissingUserPermissions(
+      requiredPermissions,
+      this.getUserPermissions(),
+    );
+  }
+}
diff --git a/plugins/wazuh-core/public/services/server-security/types.ts b/plugins/wazuh-core/public/services/server-security/types.ts
@@ -0,0 +1,62 @@
+import React from 'react';
+
+export interface ServerSecurityPermission {
+  action: string;
+  resource: string;
+}
+
+export type ServerSecurityCombinedPermission =
+  | ServerSecurityPermission
+  | ServerSecurityPermission[];
+
+export type ServerSecurityCombinedPermissionWithFunction =
+  | ServerSecurityCombinedPermission
+  | ((props: any) => ServerSecurityPermission);
+
+export interface ServerSecuritySetupDeps {
+  userSession$: any;
+  getUserSession: any;
+  useLoadingLogo: any;
+}
+
+export interface ServerSecuritySetupReturn {
+  hooks: {
+    useServerUserLogged: () => boolean;
+    useServerUserPermissions: () => any;
+    useServerUserPermissionsRequirements: (
+      permissions: ServerSecurityCombinedPermissionWithFunction,
+    ) => [ServerSecurityCombinedPermission, any];
+    useServerUserPermissionsIsAdminRequirements: () => [string, any];
+  };
+  hocs: {
+    withServerUserAuthorizationPrompt: (
+      permissions: ServerSecurityCombinedPermissionWithFunction | null,
+      otherPermissions: { isAdmininistrator: boolean | null },
+    ) => (WrappedComponent: React.Component) => React.ReactElement;
+    withServerUserLogged: (
+      WrappedComponent: React.Component,
+    ) => React.ReactElement;
+  };
+  ui: {
+    ServerButtonPermissions: React.Component;
+    ServerElementPermissions: React.Component;
+  };
+}
+
+export interface ServerSecurity {
+  setup: (deps: ServerSecuritySetupDeps) => ServerSecuritySetupReturn;
+  start: () => void;
+  stop: () => void;
+  checkMissingUserPermissions: (
+    requiredPermissions: ServerSecurityCombinedPermission[],
+    userPermissions: any,
+  ) => ServerSecurityCombinedPermission[] | false;
+  getMissingUserPermissions: (
+    requiredPermissions: ServerSecurityCombinedPermission[],
+  ) => ServerSecurityCombinedPermission[] | false;
+}
+
+export interface ServerSecurityUserSession {
+  logged: boolean;
+  policies: any;
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		export * from './types';
		export { CoreServerSecurity } from './server-security';