import { Request, Response, NextFunction } from "express"; import { z } from "zod"; import { db, olms } from "@server/db"; import { clients, currentFingerprint } from "@server/db"; import { eq, and } from "drizzle-orm"; import response from "@server/lib/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; import logger from "@server/logger"; import stoi from "@server/lib/stoi"; import { fromError } from "zod-validation-error"; import { OpenAPITags, registry } from "@server/openApi"; import { getUserDeviceName } from "@server/db/names"; import { build } from "@server/build"; const getClientSchema = z.strictObject({ clientId: z .string() .optional() .transform(stoi) .pipe(z.int().positive().optional()) .optional(), niceId: z.string().optional(), orgId: z.string().optional() }); async function query(clientId?: number, niceId?: string, orgId?: string) { if (clientId) { const [res] = await db .select() .from(clients) .where(eq(clients.clientId, clientId)) .leftJoin(olms, eq(clients.clientId, olms.clientId)) .leftJoin( currentFingerprint, eq(olms.olmId, currentFingerprint.olmId) ) .limit(1); return res; } else if (niceId && orgId) { const [res] = await db .select() .from(clients) .where(and(eq(clients.niceId, niceId), eq(clients.orgId, orgId))) .leftJoin(olms, eq(clients.clientId, olms.clientId)) .leftJoin( currentFingerprint, eq(olms.olmId, currentFingerprint.olmId) ) .limit(1); return res; } } type PostureData = { biometricsEnabled?: boolean | null; diskEncrypted?: boolean | null; firewallEnabled?: boolean | null; autoUpdatesEnabled?: boolean | null; tpmAvailable?: boolean | null; windowsAntivirusEnabled?: boolean | null; macosSipEnabled?: boolean | null; macosGatekeeperEnabled?: boolean | null; macosFirewallStealthMode?: boolean | null; linuxAppArmorEnabled?: boolean | null; linuxSELinuxEnabled?: boolean | null; }; function getPlatformPostureData( platform: string | null | undefined, fingerprint: typeof currentFingerprint.$inferSelect | null ): PostureData | null { if (!fingerprint) return null; const normalizedPlatform = platform?.toLowerCase() || "unknown"; const posture: PostureData = {}; // Windows: Hard drive encryption, Firewall, Auto updates, TPM availability, Windows Antivirus status if (normalizedPlatform === "windows") { if (fingerprint.diskEncrypted !== null && fingerprint.diskEncrypted !== undefined) { posture.diskEncrypted = fingerprint.diskEncrypted; } if (fingerprint.firewallEnabled !== null && fingerprint.firewallEnabled !== undefined) { posture.firewallEnabled = fingerprint.firewallEnabled; } if (fingerprint.tpmAvailable !== null && fingerprint.tpmAvailable !== undefined) { posture.tpmAvailable = fingerprint.tpmAvailable; } if (fingerprint.windowsAntivirusEnabled !== null && fingerprint.windowsAntivirusEnabled !== undefined) { posture.windowsAntivirusEnabled = fingerprint.windowsAntivirusEnabled; } } // macOS: Hard drive encryption, Biometric configuration, Firewall, System Integrity Protection (SIP), Gatekeeper, Firewall stealth mode else if (normalizedPlatform === "macos") { if (fingerprint.diskEncrypted !== null && fingerprint.diskEncrypted !== undefined) { posture.diskEncrypted = fingerprint.diskEncrypted; } if (fingerprint.biometricsEnabled !== null && fingerprint.biometricsEnabled !== undefined) { posture.biometricsEnabled = fingerprint.biometricsEnabled; } if (fingerprint.firewallEnabled !== null && fingerprint.firewallEnabled !== undefined) { posture.firewallEnabled = fingerprint.firewallEnabled; } if (fingerprint.macosSipEnabled !== null && fingerprint.macosSipEnabled !== undefined) { posture.macosSipEnabled = fingerprint.macosSipEnabled; } if (fingerprint.macosGatekeeperEnabled !== null && fingerprint.macosGatekeeperEnabled !== undefined) { posture.macosGatekeeperEnabled = fingerprint.macosGatekeeperEnabled; } if (fingerprint.macosFirewallStealthMode !== null && fingerprint.macosFirewallStealthMode !== undefined) { posture.macosFirewallStealthMode = fingerprint.macosFirewallStealthMode; } if (fingerprint.autoUpdatesEnabled !== null && fingerprint.autoUpdatesEnabled !== undefined) { posture.autoUpdatesEnabled = fingerprint.autoUpdatesEnabled; } } // Linux: Hard drive encryption, Firewall, AppArmor, SELinux, TPM availability else if (normalizedPlatform === "linux") { if (fingerprint.diskEncrypted !== null && fingerprint.diskEncrypted !== undefined) { posture.diskEncrypted = fingerprint.diskEncrypted; } if (fingerprint.firewallEnabled !== null && fingerprint.firewallEnabled !== undefined) { posture.firewallEnabled = fingerprint.firewallEnabled; } if (fingerprint.linuxAppArmorEnabled !== null && fingerprint.linuxAppArmorEnabled !== undefined) { posture.linuxAppArmorEnabled = fingerprint.linuxAppArmorEnabled; } if (fingerprint.linuxSELinuxEnabled !== null && fingerprint.linuxSELinuxEnabled !== undefined) { posture.linuxSELinuxEnabled = fingerprint.linuxSELinuxEnabled; } if (fingerprint.tpmAvailable !== null && fingerprint.tpmAvailable !== undefined) { posture.tpmAvailable = fingerprint.tpmAvailable; } } // iOS: Biometric configuration else if (normalizedPlatform === "ios") { if (fingerprint.biometricsEnabled !== null && fingerprint.biometricsEnabled !== undefined) { posture.biometricsEnabled = fingerprint.biometricsEnabled; } } // Android: Screen lock, Biometric configuration, Hard drive encryption else if (normalizedPlatform === "android") { if (fingerprint.diskEncrypted !== null && fingerprint.diskEncrypted !== undefined) { posture.diskEncrypted = fingerprint.diskEncrypted; } } // Only return if we have at least one posture field return Object.keys(posture).length > 0 ? posture : null; } export type GetClientResponse = NonNullable< Awaited> >["clients"] & { olmId: string | null; agent: string | null; olmVersion: string | null; fingerprint: { username: string | null; hostname: string | null; platform: string | null; osVersion: string | null; kernelVersion: string | null; arch: string | null; deviceModel: string | null; serialNumber: string | null; firstSeen: number | null; lastSeen: number | null; } | null; posture: PostureData | null; }; registry.registerPath({ method: "get", path: "/org/{orgId}/client/{niceId}", description: "Get a client by orgId and niceId. NiceId is a readable ID for the site and unique on a per org basis.", tags: [OpenAPITags.Org, OpenAPITags.Site], request: { params: z.object({ orgId: z.string(), niceId: z.string() }) }, responses: {} }); registry.registerPath({ method: "get", path: "/client/{clientId}", description: "Get a client by its client ID.", tags: [OpenAPITags.Client], request: { params: z.object({ clientId: z.number() }) }, responses: {} }); export async function getClient( req: Request, res: Response, next: NextFunction ): Promise { try { const parsedParams = getClientSchema.safeParse(req.params); if (!parsedParams.success) { logger.error( `Error parsing params: ${fromError(parsedParams.error).toString()}` ); return next( createHttpError( HttpCode.BAD_REQUEST, fromError(parsedParams.error).toString() ) ); } const { clientId, niceId, orgId } = parsedParams.data; const client = await query(clientId, niceId, orgId); if (!client) { return next( createHttpError(HttpCode.NOT_FOUND, "Client not found") ); } // Replace name with device name if OLM exists let clientName = client.clients.name; if (client.olms) { const model = client.currentFingerprint?.deviceModel || null; clientName = getUserDeviceName(model, client.clients.name); } // Build fingerprint data if available const fingerprintData = client.currentFingerprint ? { username: client.currentFingerprint.username || null, hostname: client.currentFingerprint.hostname || null, platform: client.currentFingerprint.platform || null, osVersion: client.currentFingerprint.osVersion || null, kernelVersion: client.currentFingerprint.kernelVersion || null, arch: client.currentFingerprint.arch || null, deviceModel: client.currentFingerprint.deviceModel || null, serialNumber: client.currentFingerprint.serialNumber || null, firstSeen: client.currentFingerprint.firstSeen || null, lastSeen: client.currentFingerprint.lastSeen || null } : null; // Build posture data if available (platform-specific) let postureData: PostureData | null = null; if (build !== "oss") { postureData = getPlatformPostureData( client.currentFingerprint?.platform || null, client.currentFingerprint ); } const data: GetClientResponse = { ...client.clients, name: clientName, olmId: client.olms ? client.olms.olmId : null, agent: client.olms?.agent || null, olmVersion: client.olms?.version || null, fingerprint: fingerprintData, posture: postureData }; return response(res, { data, success: true, error: false, message: "Client retrieved successfully", status: HttpCode.OK }); } catch (error) { logger.error(error); return next( createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } }