server: expose ja4db update over the http api

jasonish · Jul 6, 2024 · 1ebdc8b · 1ebdc8b
1 parent 0dd7b17
commit 1ebdc8b
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 2 deletions.
diff --git a/src/lib.rs b/src/lib.rs
@@ -9,6 +9,7 @@ pub mod version;
 mod agent;
 mod bookmark;
 mod cert;
+mod commands;
 mod config;
 mod datetime;
 mod elastic;
@@ -25,7 +26,6 @@ mod resource;
 mod rules;
 mod sqlite;
 mod util;
-mod commands;
 
 #[macro_use]
 extern crate lazy_static;

diff --git a/src/server/api/admin.rs b/src/server/api/admin.rs
@@ -0,0 +1,26 @@
+// SPDX-FileCopyrightText: (C) 2024 Jason Ish <[email protected]>
+// SPDX-License-Identifier: MIT
+
+use std::sync::Arc;
+
+use axum::{Extension, Json};
+use tracing::info;
+
+use crate::server::{main::SessionExtractor, ServerContext};
+
+use super::ApiError;
+
+pub(super) async fn update_ja4db(
+    context: Extension<Arc<ServerContext>>,
+    _session: SessionExtractor,
+) -> Result<Json<serde_json::Value>, ApiError> {
+    let mut conn = context.config_repo.pool.begin().await?;
+    info!("Updating JA4db");
+    let n = crate::commands::ja4db::updatedb(&mut conn).await?;
+    conn.commit().await?;
+    let response = json!({
+        "entries": n,
+    });
+    info!("JA4db successfully updated: entries={n}");
+    Ok(Json(response))
+}
diff --git a/src/server/api/mod.rs b/src/server/api/mod.rs
@@ -25,6 +25,7 @@ use tracing::{error, info, warn};
 use self::genericquery::TimeRange;
 use self::util::parse_duration;
 
+pub(crate) mod admin;
 pub(crate) mod agg;
 pub(crate) mod eve2pcap;
 pub(crate) mod genericquery;
@@ -63,6 +64,7 @@ pub(crate) fn router() -> axum::Router<Arc<ServerContext>> {
         .route("/api/1/sqlite/fts/enable", post(sqlite::fts_enable))
         .route("/api/1/sqlite/fts/disable", post(sqlite::fts_disable))
         .route("/api/ja4db/:fingerprint", get(ja4db))
+        .route("/api/admin/update/ja4db", post(admin::update_ja4db))
         .nest("/api/1/stats", stats::router())
 }
 
@@ -434,7 +436,10 @@ async fn ja4db(
     if let Some(entry) = entry {
         Ok(Json(entry).into_response())
     } else {
-        Ok(StatusCode::NOT_FOUND.into_response())
+        let response = json!({
+            "message": "fingerprint not found",
+        });
+        Ok((StatusCode::NOT_FOUND, Json(response)).into_response())
     }
 }