API
This document provides an overview and documentation for the API implemented in the provided code. The API allows clients to interact with a server for managing agents and uploading files.
Base URL
The API create its own nodejs server at this address
http://localhost:5000/
Endpoints
Create a New Agent
- URL: /api/agent/new
- Method: POST
- Description: Create a new agent and store its information in a MySQL database.
-
Request Body:
- versionOS (required): The version of the operating system running on the agent.
- host (required): The host name or IP address of the agent.
- hookUser (required): The hook user of the agent.
-
Response:
- Status Code: 200 OK on success, 400 Bad Request if parameters are missing or invalid, 500 Internal Server Error if an error occurs during database insertion.
- Response Body:
{
"data": {
"id": "<agentId>",
"publicKey": "<publicKey>"
},
"error": {}
}
- Example:
POST /api/agent/new HTTP/1.1
Host: localhost:5000
Content-Type: application/json
{
"versionOS": "1.0",
"host": "example.com",
"hookUser": "john.doe"
}
Upload a File
- URL: /api/file/upload/:user_folder
- Method: POST
- Description: Upload a file and save it in the specified user folder.
-
Request Parameters:
- user_folder (required): The user folder to which the file should be uploaded.
-
Request Body:
- The file to be uploaded should be sent as multipart/form-data with the file field name set to file.
-
Response:
- Status Code: 200 OK on success, 400 Bad Request if no file is uploaded.
- Response Body:
{
"data": {
"success": "<filename> uploaded successfully."
},
"error": {}
}
- Example:
POST /api/file/upload/123 HTTP/1.1
Host: localhost:5000
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="file"; filename="example.txt"
Content-Type: text/plain
This is the content of the file.
------WebKitFormBoundary7MA4YWxkTrZu0gW--
Database Connection
The API connects to a MySQL database for storing agent information. The database connection details are specified using environment variables:
- DB_HOST: The host name or IP address of the MySQL database.
- DB_USER: The username for accessing the MySQL database.
- DB_PASS: The password for accessing the MySQL database.
- DB_MAIN: The name of the main database.
User Folder Creation
The API creates a folder named /CTHULHU/users
if it doesn't already exist. Additionally, for each agent created, a user-specific folder is created within /CTHULHU/users
.
Folder Structure
The folder structure is as follows:
-
/CTHULHU
-
/users
-
/<agentId_1>
-
/<agentId_2>
- ...
-
/<agentId_n>
-
-
Folder Creation Process
When a new agent is created, the API performs the following steps:
- Checks if the
/CTHULHU/users
folder exists. - If the folder doesn't exist, it is created.
- Creates a user-specific folder within
/CTHULHU/users
for the agent using the agent's ID.
Example
Let's assume that the API receives a request to create a new agent with the ID 123
. Here's the folder creation process:
- The API checks if the
/CTHULHU/users
folder exists. - If the folder doesn't exist, it creates the
/CTHULHU/users
folder. - The API creates a user-specific folder named
/CTHULHU/users/123
for the agent with ID123
.
The created folder structure would be:
-
/CTHULHU
-
/users
-
/123
-
-
RSA Key Pair Generation and Storage
For each agent created, the API generates an RSA key pair consisting of a public key and a private key. The key pair is generated using a modulus length of 4096 bits. The generated keys are stored in the MySQL database along with other agent information.
Key Generation Process
When a new agent is created, the API performs the following steps to generate the RSA key pair:
- Generates an RSA key pair using the
crypto.generateKeyPairSync
method with the following options:- Algorithm: RSA
- Modulus Length: 4096 bits
- Public Key Encoding: PKCS#1 format in PEM encoding
- Private Key Encoding: PKCS#1 format in PEM encoding
- The generated public key and private key are converted to string representations.
- The public key string is stored in the
pubKey
field of the agent's record in the MySQL database. - The private key string is stored in the
privKey
field of the agent's record in the MySQL database.
Example
When a new agent is created, the API generates an RSA key pair. Let's assume the key generation process produces the following keys:
-
Public Key:
-----BEGIN RSA PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyDRa5PEVYl2T3EzvG1on ... d8Ou9azXQIDAQAB -----END RSA PUBLIC KEY-----
-
Private Key:
-----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEAyDRa5PEVYl2T3EzvG1onC4vPwL... ... 8RTgJ8SPaHv/SmB2DhYO98C6HpU= -----END RSA PRIVATE KEY-----
The generated keys are then stored in the agent's record in the MySQL database.