SHARE
TWEET

Untitled

a guest Jun 29th, 2018 97 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. const express = require("express"),
  2.     app = express(),
  3.     http = require("http").createServer(app),
  4.     io = require("socket.io")(http),
  5.     cookieParser = require("cookie-parser"),
  6.     session = require("express-session"),
  7.     OathRestClient = require("oauth-rest-client"),
  8.     bodyParser = require("body-parser"),
  9.     fpmcAPI = require("request"),
  10.     ftdRequest = require("request"),
  11.     _ = require("lodash"),
  12.     username = "api",
  13.     password = "admin123",
  14.     port = process.env.PORT || 8080;
  15.  
  16. app.use(express.static(__dirname + "/public"));
  17. app.use(cookieParser());
  18.  
  19. app.set("view engine", "ejs");
  20.  
  21. app.get("/", function(req, res) {
  22.     res.render("index");
  23. });
  24.  
  25. app.get("/fpmcapi", function(req, res) {
  26.     res.render("fpmcapi");
  27. });
  28.  
  29. app.get("/unit", function(req, res, next) {
  30.     res.render("unit");
  31. });
  32.  
  33. io.on("connection", function(socket){
  34.  
  35.     socket.on("client-ready", function() {
  36.         console.log(socket.id);
  37.         fpwr.currentClient = socket.id;
  38.     });
  39.  
  40.     socket.on("fpmc-register", function(msg) {
  41.         if (typeof msg !== undefined){
  42.             fpwr.registerAPI(msg.fpmcip, msg.fpmcuser, msg.fpmcpass);
  43.         }
  44.     });
  45. });
  46.  
  47. // Basic workflow
  48. // Attempt to load auth tokens from file.  Refresh if necessary
  49. // Create a basic ACPolicy (complete)
  50. // Add devices and record UUIDs
  51. // configure interfaces
  52. // configure zones
  53. // configure ha pairs/groups
  54. // deploy config changes
  55.  
  56. // advanced config:
  57. // Nat policies
  58. // amp file policies
  59. // create a standard URL filtering policy
  60.  
  61. http.listen(port, function() {
  62.     console.log("listening on:", port);
  63. });
  64.  
  65. var fpwr = {
  66.     servicesURL: {},
  67.     fpmcTokenURL: "/api/fmc_platform/v1/auth/generatetoken",
  68.     ftdTokenURL: "/api/fdm/v1/fdm/token",
  69.     username: "automate",
  70.     password: "automate",
  71.     fpmcAuth: "Basic " + new Buffer(username + ":" + password).toString("base64"),
  72.     authToken: "", // used in requests to the FPMC API
  73.     authRefreshToken: "", // used in requests to refresh the FPMC token
  74.     domain_uuid: "", // used in all FPMC REST requests
  75.     ftd_token_opts: {
  76.         "grant_type": "password",
  77.         "username": "automate",
  78.         "password": "automate"
  79.     } // used to request a token from the FTD API
  80. };
  81.  
  82. fpwr.registerAPI = function(server, username, password){
  83.     fpwr.fpmc_server = "https://" + server;
  84.     fpwr.username = username;
  85.     fpwr.password = password;
  86.     fpwr.fpmcAuth = "Basic " + new Buffer(username + ":" + password).toString("base64");
  87.     fpmcAPI.post({
  88.         url: fpwr.fpmc_server + fpwr.fpmcTokenURL,
  89.         headers: { "Authorization": fpwr.fpmcAuth },
  90.         rejectUnauthorized: false,
  91.         requestCert: true,
  92.     }, function(error, response, body) {
  93.         if (error) {
  94.             console.log(error);
  95.         } else if (response.statusCode === 204) {
  96.             fpwr.authToken = response.headers["x-auth-access-token"];
  97.             fpwr.authRefreshToken = response.headers["x-auth-refresh-token"];
  98.             fpwr.domain_uuid = response.headers["domain_uuid"];
  99.             fpwr.methods(response.headers["domain_uuid"]);
  100.             console.log(response.statusCode, "successfully registered");
  101.             fpwr.registered(response);
  102.         } else {
  103.             console.log(response.statusCode, response.statusMessage);
  104.         }
  105.     });
  106. }
  107.  
  108. fpwr.putAPI = function(url, postData, responseCode, callingFunction, successMessage) {
  109.  
  110. }
  111.  
  112. fpwr.postAPI = function(url, postData, responseCode, callingFunction, successMessage) {
  113.     fpmcAPI.post({
  114.         url: fpwr.fpmc_server + url,
  115.         headers: {
  116.             "X-auth-access-token": fpwr.authToken,
  117.             "Content-Type": "application/json"
  118.         },
  119.         rejectUnauthorized: false,
  120.         requestCert: true,
  121.         body: JSON.stringify(postData)
  122.     }, function(error, response, body) {
  123.         if (error) {
  124.             console.log(callingFunction, error);
  125.             return false;
  126.         } else if (response.statusCode === responseCode) {
  127.             console.log(response.statusCode, "success", successMessage);
  128.             let data = JSON.parse(response.body);
  129.             return data;
  130.         } else {
  131.             console.log(response.statusCode, response.statusMessage);
  132.             console.log(response.body.description);
  133.             return false;
  134.         }
  135.     });
  136. }
  137.  
  138. fpwr.getAPI = function(url, responseCode, callingFunction, successMessage, id) {
  139.     if (typeof id !== "undefined"){
  140.         url = url + "/" + id;
  141.     }
  142.     fpmcAPI.get({
  143.         url: fpwr.fpmc_server + url,
  144.         headers: { "X-auth-access-token": fpwr.authToken },
  145.         rejectUnauthorized: false,
  146.         requestCert: true,
  147.     }, function(error, response, body) {
  148.         if (error) {
  149.             console.log(error);
  150.         } else if (response.statusCode === responseCode) {
  151.             console.log(response.statusCode, callingFunction, successMessage);
  152.             let data = JSON.parse(response.body);
  153.             return data;
  154.         } else {
  155.             console.log(response.statusCode, response.statusMessage);
  156.         }
  157.     });
  158. }
  159.  
  160. fpwr.methods = function(uuid) {
  161.     fpwr.servicesURL = {
  162.         deployabledevices: "/api/fmc_config/v1/domain/" + uuid + "/deployment/deployabledevices",
  163.         devicegrouprecords: "/api/fmc_config/v1/domain/" + uuid + "/devicegroups/devicegrouprecords",
  164.         devicerecords: "/api/fmc_config/v1/domain/" + uuid + "/devices/devicerecords",
  165.         hosts: "/api/fmc_config/v1/domain/" + uuid + "/object/hosts/",
  166.         icmpv4objects: "/api/fmc_config/v1/domain/" + uuid + "/object/icmpv4objects",
  167.         isesecuritygrouptags: "/api/fmc_config/v1/domain/" + uuid + "/object/isesecuritygrouptags",
  168.         networkaddresses: "/api/fmc_config/v1/domain/" + uuid + "/object/networkaddresses",
  169.         networkgroups: "/api/fmc_config/v1/domain/" + uuid + "/object/networkgroups",
  170.         networks: "/api/fmc_config/v1/domain/" + uuid + "/object/networks",
  171.         ranges: "/api/fmc_config/v1/domain/" + uuid + "/object/ranges",
  172.         securityzones: "/api/fmc_config/v1/domain/" + uuid + "/object/securityzones",
  173.         variablesets: "/api/fmc_config/v1/domain/" + uuid + "/object/variablesets",
  174.         accesspolicies: "/api/fmc_config/v1/domain/" + uuid + "/policy/accesspolicies",
  175.         filepolicies: "/api/fmc_config/v1/domain/" + uuid + "/policy/filepolicies",
  176.         intrusionpolicies: "/api/fmc_config/v1/domain/" + uuid + "/policy/intrusionpolicies",
  177.         snmpalerts: "/api/fmc_config/v1/domain/" + uuid + "/policy/snmpalerts",
  178.         syslogalerts: "/api/fmc_config/v1/domain/" + uuid + "/policy/syslogalerts",
  179.         policyassignments: "/api/fmc_config/v1/domain/" + uuid + "/assignment/policyassignments",
  180.         taskstatuses: "/api/fmc_config/v1/domain/" + uuid + "/job/taskstatuses",
  181.         serverversion: "/api/fmc_platform/v1/info/serverversion"
  182.     }
  183. }
  184.  
  185. fpwr.devicerecordsURL = function(domainUUID, containerUUID) {
  186.     this.fpphysicalinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/fpphysicalinterfaces",
  187.     this.fplogicalinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/fplogicalinterfaces",
  188.     this.inlinesets = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/inlinesets",
  189.     this.virtualswitches = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/virtualswitches",
  190.     this.physicalinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/physicalinterfaces",
  191.     this.redundantinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/redundantinterfaces",
  192.     this.etherchannelinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/etherchannelinterfaces",
  193.     this.subinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/subinterfaces",
  194.     this.staticroutes = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/routing/staticroutes",
  195.     this.ipv4staticroutes = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/routing/ipv4staticroutes",
  196.     this.ipv6staticroutes = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/routing/ipv6staticroutes"
  197. }
  198.  
  199. fpwr.ACPolicy = function(name, description, iName, iuuid, vName, vuuid, logBegin, logEnd, send) {
  200.     this.type = "AccessPolicy",
  201.     this.name = name,
  202.     this.description = description,
  203.     this.defaultAction = {
  204.         intrusionPolicy: {
  205.             name: iName || "Balanced Security and Connectivity",
  206.             id: iuuid || "abba00a0-cf29-425c-9d75-49699aadc898",
  207.             type: "IntrusionPolicy"
  208.         },
  209.         variableSet: {
  210.             name: vName || "Default Set",
  211.             id: vuuid || "76fa83ea-c972-11e2-8be8-8e45bb1343c0",
  212.             type: "VariableSet"
  213.         },
  214.         type: "AccessPolicyDefaultAction",
  215.         logBegin: true,
  216.         logEnd: false,
  217.         sendEventsToFMC: true
  218.     }
  219. }
  220.  
  221. fpwr.deviceRecord = function(name, hostname, natID, key, licArray, accessPolicyUUID) {
  222.     this.name = name,
  223.     this.hostName = hostname,
  224.     this.natID = natID || "cisco123",
  225.     this.regKey = key,
  226.     this.type = "Device",
  227.     this.license_caps = licArray || ["BASE", "THREAT"],
  228.     this.accessPolicy = {
  229.         id: accessPolicyUUID,
  230.         type: "AccessPolicy"
  231.     }
  232. }
  233.  
  234. fpwr.ngipsPhysicalIntf = function(name, id, enabled, type) {
  235.     this.name = "s1p4",
  236.     this.type = "FPPhysicalInterface",
  237.     this.id = "fpphysicalinterfaceUUID2",
  238.     this.enabled = 1,
  239.     this.interfaceType = "INLINE"
  240. }
  241.  
  242. fpwr.ngfwPhysicalIntf = function(mode, duplex, speed, enabled, MTU, ifname, ipv4method, ipv4, ipv4mask, name, uuid) {
  243.     // update this to include zones afterwards
  244.     this.type = "PhysicalInterface",
  245.     this.mode = mode,
  246.     this.hardware = {
  247.         duplex: duplex,
  248.         speed: speed
  249.     },
  250.     this.enabled = enabled,
  251.     this.MTU = MTU,
  252.     this.managementOnly = false,
  253.     this.ifname = ifname,
  254.     this.name = name,
  255.     this.id = uuid
  256.     if (ipv4method === "dhcp") {
  257.         this.ipv4 = {
  258.             dhcp: {
  259.                 enableDefaultRouteDHCP: true,
  260.                 dhcpRouteMetric: 1
  261.             }
  262.         }
  263.     } else {
  264.         this.ipv4 = {
  265.             "static": {
  266.                 address: ipv4,
  267.                 netmask: ipv4mask
  268.             }
  269.         }
  270.     }
  271. }
  272.  
  273. fpwr.securityzone = function(name, description, interfaceMode, intfid, intfname) {
  274.     //Passive, Inline, Switched, Routed, ASA
  275.     this.type = "SecurityZone",
  276.     this.name = name,
  277.     this.interfaceMode = interfaceMode,
  278.     this.interfaces = [
  279.         {
  280.             type: "PhysicalInterface",
  281.             id: intfid,
  282.             name: intfname
  283.         }
  284.     ]
  285. }
  286.  
  287. fpwr.getDeviceIDByName = function(deviceName) {
  288.     var allDevices = fpwr.getAPI(fpwr_servicesURL.devicerecords, 200, "getDeviceIDByName", "success");
  289.     if (typeof allDevices !== "undefined") {
  290.         var foundID = _.forEach(allDevices.items, function(value, key) {
  291.                 if (value.name === deviceName) {
  292.                     return value.id;
  293.                 }
  294.         });
  295.         return foundID;
  296.     }
  297. }
  298.  
  299. fpwr.getInterfaceIDbyName = function(intfName, deviceName) {
  300.     var tmpDevice = new fpwr.devicerecordsURL(fpwr.domain_uuid, fpwr.getAPI(fpwr_servicesURL.devicerecords, deviceName, 200));
  301.     var deviceID = fpwr.getAPI(fpwr_servicesURL.devicerecords, id, 200);
  302.     var interfaceID = fpwr.getAPI(url, intfName, 200);
  303. }
  304.  
  305. fpwr.postACPolicy = function() {
  306.     var policy = new fpwr.ACPolicy("API Post 2", "It worked!!!");
  307.     fpmcAPI.post({
  308.         url: fpwr.fpmc_server + fpwr_servicesURL.accesspolicies,
  309.         headers: {
  310.             "X-auth-access-token": fpwr.authToken,
  311.             "Content-Type": "application/json"
  312.         },
  313.         rejectUnauthorized: false,
  314.         requestCert: true,
  315.         body: JSON.stringify(policy)
  316.     }, function(error, response, body) {
  317.         if (error) {
  318.             console.log("postACPolicy", error);
  319.         } else if (response.statusCode === 201) {
  320.             console.log(response.statusCode, "success", "postACPolicy");
  321.             let data = JSON.parse(response.body);
  322.             fpwr.ACPolicybase = { name: data.name, id: data.id }
  323.             fpwr.postDeviceRecord();
  324.         } else {
  325.             let data = JSON.parse(response.body);
  326.             console.log(response.statusCode, response.statusMessage);
  327.             console.log(data.description);
  328.         }
  329.     });
  330. }
  331.  
  332. fpwr.postDeviceRecord = function() {
  333.     if (typeof fpwr.ACPolicybase.id !== "undefined") {
  334.         var device = new fpwr.deviceRecord("FTDv-EDGE2", "10.255.0.11", "cisco123", "cisco123", ["BASE", "THREAT"], fpwr.ACPolicybase.id),
  335.             url = fpwr_servicesURL.devicerecords,
  336.             responseCode = 202,
  337.             successMessage = "Device successfully registered";
  338.         fpwr.postAPI(url, device, responseCode, "postDeviceRecord", successMessage);
  339.     } else {
  340.         console.log("AC Policy is missing");
  341.     }
  342. }
  343.  
  344. fpwr.getACPolicyByAPI = function(id) {
  345.     if (typeof id !== "undefined") {
  346.         fpmcRequest.get({
  347.             url: fpwr.fpmc_server + fpwr_servicesURL.accesspolicies + "/" + id,
  348.             headers: { "X-auth-access-token": fpwr.authToken },
  349.             rejectUnauthorized: false,
  350.             requestCert: true,
  351.         }, function(error, response, body) {
  352.             if (error) {
  353.                 console.log(error);
  354.             } else if (response.statusCode === 200) {
  355.                 console.log(response.statusCode, "success");
  356.                 console.log(JSON.parse(response.body));
  357.             } else {
  358.                 console.log(response.statusCode, response.statusMessage);
  359.             }
  360.         });
  361.     }
  362. }
  363.  
  364. fpwr.registered = function() {
  365.     io.to(fpwr.currentClient).emit("register-success", fpwr);
  366. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top