API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 29th, 2018
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.93 KB | None | 0 0
raw download clone embed print report
  1. const express = require("express"),
  2. app = express(),
  3. http = require("http").createServer(app),
  4. io = require("socket.io")(http),
  5. cookieParser = require("cookie-parser"),
  6. session = require("express-session"),
  7. OathRestClient = require("oauth-rest-client"),
  8. bodyParser = require("body-parser"),
  9. fpmcAPI = require("request"),
  10. ftdRequest = require("request"),
  11. _ = require("lodash"),
  12. username = "api",
  13. password = "admin123",
  14. port = process.env.PORT || 8080;
  15.  
  16. app.use(express.static(__dirname + "/public"));
  17. app.use(cookieParser());
  18.  
  19. app.set("view engine", "ejs");
  20.  
  21. app.get("/", function(req, res) {
  22. res.render("index");
  23. });
  24.  
  25. app.get("/fpmcapi", function(req, res) {
  26. res.render("fpmcapi");
  27. });
  28.  
  29. app.get("/unit", function(req, res, next) {
  30. res.render("unit");
  31. });
  32.  
  33. io.on("connection", function(socket){
  34.  
  35. socket.on("client-ready", function() {
  36. console.log(socket.id);
  37. fpwr.currentClient = socket.id;
  38. });
  39.  
  40. socket.on("fpmc-register", function(msg) {
  41. if (typeof msg !== undefined){
  42. fpwr.registerAPI(msg.fpmcip, msg.fpmcuser, msg.fpmcpass);
  43. }
  44. });
  45. });
  46.  
  47. // Basic workflow
  48. // Attempt to load auth tokens from file. Refresh if necessary
  49. // Create a basic ACPolicy (complete)
  50. // Add devices and record UUIDs
  51. // configure interfaces
  52. // configure zones
  53. // configure ha pairs/groups
  54. // deploy config changes
  55.  
  56. // advanced config:
  57. // Nat policies
  58. // amp file policies
  59. // create a standard URL filtering policy
  60.  
  61. http.listen(port, function() {
  62. console.log("listening on:", port);
  63. });
  64.  
  65. var fpwr = {
  66. servicesURL: {},
  67. fpmcTokenURL: "/api/fmc_platform/v1/auth/generatetoken",
  68. ftdTokenURL: "/api/fdm/v1/fdm/token",
  69. username: "automate",
  70. password: "automate",
  71. fpmcAuth: "Basic " + new Buffer(username + ":" + password).toString("base64"),
  72. authToken: "", // used in requests to the FPMC API
  73. authRefreshToken: "", // used in requests to refresh the FPMC token
  74. domain_uuid: "", // used in all FPMC REST requests
  75. ftd_token_opts: {
  76. "grant_type": "password",
  77. "username": "automate",
  78. "password": "automate"
  79. } // used to request a token from the FTD API
  80. };
  81.  
  82. fpwr.registerAPI = function(server, username, password){
  83. fpwr.fpmc_server = "https://" + server;
  84. fpwr.username = username;
  85. fpwr.password = password;
  86. fpwr.fpmcAuth = "Basic " + new Buffer(username + ":" + password).toString("base64");
  87. fpmcAPI.post({
  88. url: fpwr.fpmc_server + fpwr.fpmcTokenURL,
  89. headers: { "Authorization": fpwr.fpmcAuth },
  90. rejectUnauthorized: false,
  91. requestCert: true,
  92. }, function(error, response, body) {
  93. if (error) {
  94. console.log(error);
  95. } else if (response.statusCode === 204) {
  96. fpwr.authToken = response.headers["x-auth-access-token"];
  97. fpwr.authRefreshToken = response.headers["x-auth-refresh-token"];
  98. fpwr.domain_uuid = response.headers["domain_uuid"];
  99. fpwr.methods(response.headers["domain_uuid"]);
  100. console.log(response.statusCode, "successfully registered");
  101. fpwr.registered(response);
  102. } else {
  103. console.log(response.statusCode, response.statusMessage);
  104. }
  105. });
  106. }
  107.  
  108. fpwr.putAPI = function(url, postData, responseCode, callingFunction, successMessage) {
  109.  
  110. }
  111.  
  112. fpwr.postAPI = function(url, postData, responseCode, callingFunction, successMessage) {
  113. fpmcAPI.post({
  114. url: fpwr.fpmc_server + url,
  115. headers: {
  116. "X-auth-access-token": fpwr.authToken,
  117. "Content-Type": "application/json"
  118. },
  119. rejectUnauthorized: false,
  120. requestCert: true,
  121. body: JSON.stringify(postData)
  122. }, function(error, response, body) {
  123. if (error) {
  124. console.log(callingFunction, error);
  125. return false;
  126. } else if (response.statusCode === responseCode) {
  127. console.log(response.statusCode, "success", successMessage);
  128. let data = JSON.parse(response.body);
  129. return data;
  130. } else {
  131. console.log(response.statusCode, response.statusMessage);
  132. console.log(response.body.description);
  133. return false;
  134. }
  135. });
  136. }
  137.  
  138. fpwr.getAPI = function(url, responseCode, callingFunction, successMessage, id) {
  139. if (typeof id !== "undefined"){
  140. url = url + "/" + id;
  141. }
  142. fpmcAPI.get({
  143. url: fpwr.fpmc_server + url,
  144. headers: { "X-auth-access-token": fpwr.authToken },
  145. rejectUnauthorized: false,
  146. requestCert: true,
  147. }, function(error, response, body) {
  148. if (error) {
  149. console.log(error);
  150. } else if (response.statusCode === responseCode) {
  151. console.log(response.statusCode, callingFunction, successMessage);
  152. let data = JSON.parse(response.body);
  153. return data;
  154. } else {
  155. console.log(response.statusCode, response.statusMessage);
  156. }
  157. });
  158. }
  159.  
  160. fpwr.methods = function(uuid) {
  161. fpwr.servicesURL = {
  162. deployabledevices: "/api/fmc_config/v1/domain/" + uuid + "/deployment/deployabledevices",
  163. devicegrouprecords: "/api/fmc_config/v1/domain/" + uuid + "/devicegroups/devicegrouprecords",
  164. devicerecords: "/api/fmc_config/v1/domain/" + uuid + "/devices/devicerecords",
  165. hosts: "/api/fmc_config/v1/domain/" + uuid + "/object/hosts/",
  166. icmpv4objects: "/api/fmc_config/v1/domain/" + uuid + "/object/icmpv4objects",
  167. isesecuritygrouptags: "/api/fmc_config/v1/domain/" + uuid + "/object/isesecuritygrouptags",
  168. networkaddresses: "/api/fmc_config/v1/domain/" + uuid + "/object/networkaddresses",
  169. networkgroups: "/api/fmc_config/v1/domain/" + uuid + "/object/networkgroups",
  170. networks: "/api/fmc_config/v1/domain/" + uuid + "/object/networks",
  171. ranges: "/api/fmc_config/v1/domain/" + uuid + "/object/ranges",
  172. securityzones: "/api/fmc_config/v1/domain/" + uuid + "/object/securityzones",
  173. variablesets: "/api/fmc_config/v1/domain/" + uuid + "/object/variablesets",
  174. accesspolicies: "/api/fmc_config/v1/domain/" + uuid + "/policy/accesspolicies",
  175. filepolicies: "/api/fmc_config/v1/domain/" + uuid + "/policy/filepolicies",
  176. intrusionpolicies: "/api/fmc_config/v1/domain/" + uuid + "/policy/intrusionpolicies",
  177. snmpalerts: "/api/fmc_config/v1/domain/" + uuid + "/policy/snmpalerts",
  178. syslogalerts: "/api/fmc_config/v1/domain/" + uuid + "/policy/syslogalerts",
  179. policyassignments: "/api/fmc_config/v1/domain/" + uuid + "/assignment/policyassignments",
  180. taskstatuses: "/api/fmc_config/v1/domain/" + uuid + "/job/taskstatuses",
  181. serverversion: "/api/fmc_platform/v1/info/serverversion"
  182. }
  183. }
  184.  
  185. fpwr.devicerecordsURL = function(domainUUID, containerUUID) {
  186. this.fpphysicalinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/fpphysicalinterfaces",
  187. this.fplogicalinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/fplogicalinterfaces",
  188. this.inlinesets = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/inlinesets",
  189. this.virtualswitches = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/virtualswitches",
  190. this.physicalinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/physicalinterfaces",
  191. this.redundantinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/redundantinterfaces",
  192. this.etherchannelinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/etherchannelinterfaces",
  193. this.subinterfaces = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/subinterfaces",
  194. this.staticroutes = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/routing/staticroutes",
  195. this.ipv4staticroutes = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/routing/ipv4staticroutes",
  196. this.ipv6staticroutes = "/api/fmc_config/v1/domain/" + domainUUID + "/devices/devicerecords/" + containerUUID + "/routing/ipv6staticroutes"
  197. }
  198.  
  199. fpwr.ACPolicy = function(name, description, iName, iuuid, vName, vuuid, logBegin, logEnd, send) {
  200. this.type = "AccessPolicy",
  201. this.name = name,
  202. this.description = description,
  203. this.defaultAction = {
  204. intrusionPolicy: {
  205. name: iName || "Balanced Security and Connectivity",
  206. id: iuuid || "abba00a0-cf29-425c-9d75-49699aadc898",
  207. type: "IntrusionPolicy"
  208. },
  209. variableSet: {
  210. name: vName || "Default Set",
  211. id: vuuid || "76fa83ea-c972-11e2-8be8-8e45bb1343c0",
  212. type: "VariableSet"
  213. },
  214. type: "AccessPolicyDefaultAction",
  215. logBegin: true,
  216. logEnd: false,
  217. sendEventsToFMC: true
  218. }
  219. }
  220.  
  221. fpwr.deviceRecord = function(name, hostname, natID, key, licArray, accessPolicyUUID) {
  222. this.name = name,
  223. this.hostName = hostname,
  224. this.natID = natID || "cisco123",
  225. this.regKey = key,
  226. this.type = "Device",
  227. this.license_caps = licArray || ["BASE", "THREAT"],
  228. this.accessPolicy = {
  229. id: accessPolicyUUID,
  230. type: "AccessPolicy"
  231. }
  232. }
  233.  
  234. fpwr.ngipsPhysicalIntf = function(name, id, enabled, type) {
  235. this.name = "s1p4",
  236. this.type = "FPPhysicalInterface",
  237. this.id = "fpphysicalinterfaceUUID2",
  238. this.enabled = 1,
  239. this.interfaceType = "INLINE"
  240. }
  241.  
  242. fpwr.ngfwPhysicalIntf = function(mode, duplex, speed, enabled, MTU, ifname, ipv4method, ipv4, ipv4mask, name, uuid) {
  243. // update this to include zones afterwards
  244. this.type = "PhysicalInterface",
  245. this.mode = mode,
  246. this.hardware = {
  247. duplex: duplex,
  248. speed: speed
  249. },
  250. this.enabled = enabled,
  251. this.MTU = MTU,
  252. this.managementOnly = false,
  253. this.ifname = ifname,
  254. this.name = name,
  255. this.id = uuid
  256. if (ipv4method === "dhcp") {
  257. this.ipv4 = {
  258. dhcp: {
  259. enableDefaultRouteDHCP: true,
  260. dhcpRouteMetric: 1
  261. }
  262. }
  263. } else {
  264. this.ipv4 = {
  265. "static": {
  266. address: ipv4,
  267. netmask: ipv4mask
  268. }
  269. }
  270. }
  271. }
  272.  
  273. fpwr.securityzone = function(name, description, interfaceMode, intfid, intfname) {
  274. //Passive, Inline, Switched, Routed, ASA
  275. this.type = "SecurityZone",
  276. this.name = name,
  277. this.interfaceMode = interfaceMode,
  278. this.interfaces = [
  279. {
  280. type: "PhysicalInterface",
  281. id: intfid,
  282. name: intfname
  283. }
  284. ]
  285. }
  286.  
  287. fpwr.getDeviceIDByName = function(deviceName) {
  288. var allDevices = fpwr.getAPI(fpwr_servicesURL.devicerecords, 200, "getDeviceIDByName", "success");
  289. if (typeof allDevices !== "undefined") {
  290. var foundID = _.forEach(allDevices.items, function(value, key) {
  291. if (value.name === deviceName) {
  292. return value.id;
  293. }
  294. });
  295. return foundID;
  296. }
  297. }
  298.  
  299. fpwr.getInterfaceIDbyName = function(intfName, deviceName) {
  300. var tmpDevice = new fpwr.devicerecordsURL(fpwr.domain_uuid, fpwr.getAPI(fpwr_servicesURL.devicerecords, deviceName, 200));
  301. var deviceID = fpwr.getAPI(fpwr_servicesURL.devicerecords, id, 200);
  302. var interfaceID = fpwr.getAPI(url, intfName, 200);
  303. }
  304.  
  305. fpwr.postACPolicy = function() {
  306. var policy = new fpwr.ACPolicy("API Post 2", "It worked!!!");
  307. fpmcAPI.post({
  308. url: fpwr.fpmc_server + fpwr_servicesURL.accesspolicies,
  309. headers: {
  310. "X-auth-access-token": fpwr.authToken,
  311. "Content-Type": "application/json"
  312. },
  313. rejectUnauthorized: false,
  314. requestCert: true,
  315. body: JSON.stringify(policy)
  316. }, function(error, response, body) {
  317. if (error) {
  318. console.log("postACPolicy", error);
  319. } else if (response.statusCode === 201) {
  320. console.log(response.statusCode, "success", "postACPolicy");
  321. let data = JSON.parse(response.body);
  322. fpwr.ACPolicybase = { name: data.name, id: data.id }
  323. fpwr.postDeviceRecord();
  324. } else {
  325. let data = JSON.parse(response.body);
  326. console.log(response.statusCode, response.statusMessage);
  327. console.log(data.description);
  328. }
  329. });
  330. }
  331.  
  332. fpwr.postDeviceRecord = function() {
  333. if (typeof fpwr.ACPolicybase.id !== "undefined") {
  334. var device = new fpwr.deviceRecord("FTDv-EDGE2", "10.255.0.11", "cisco123", "cisco123", ["BASE", "THREAT"], fpwr.ACPolicybase.id),
  335. url = fpwr_servicesURL.devicerecords,
  336. responseCode = 202,
  337. successMessage = "Device successfully registered";
  338. fpwr.postAPI(url, device, responseCode, "postDeviceRecord", successMessage);
  339. } else {
  340. console.log("AC Policy is missing");
  341. }
  342. }
  343.  
  344. fpwr.getACPolicyByAPI = function(id) {
  345. if (typeof id !== "undefined") {
  346. fpmcRequest.get({
  347. url: fpwr.fpmc_server + fpwr_servicesURL.accesspolicies + "/" + id,
  348. headers: { "X-auth-access-token": fpwr.authToken },
  349. rejectUnauthorized: false,
  350. requestCert: true,
  351. }, function(error, response, body) {
  352. if (error) {
  353. console.log(error);
  354. } else if (response.statusCode === 200) {
  355. console.log(response.statusCode, "success");
  356. console.log(JSON.parse(response.body));
  357. } else {
  358. console.log(response.statusCode, response.statusMessage);
  359. }
  360. });
  361. }
  362. }
  363.  
  364. fpwr.registered = function() {
  365. io.to(fpwr.currentClient).emit("register-success", fpwr);
  366. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!