mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
119 lines
4.4 KiB
JavaScript
Vendored
119 lines
4.4 KiB
JavaScript
Vendored
module.exports = {
|
|
|
|
|
|
friendlyName: 'Create android webApp',
|
|
|
|
|
|
description: 'Creates a new webApp for an android enterprise.',
|
|
|
|
|
|
inputs: {
|
|
androidEnterpriseId: {
|
|
type: 'string',
|
|
required: true,
|
|
},
|
|
title: {
|
|
type: 'string',
|
|
},
|
|
startUrl: {
|
|
type: 'string',
|
|
},
|
|
icons: {
|
|
type: [{}],
|
|
},
|
|
displayMode: {
|
|
type: 'string',
|
|
},
|
|
versionCode: {
|
|
type: 'string',
|
|
},
|
|
},
|
|
|
|
|
|
exits: {
|
|
success: { description: 'The webApp of an Android enterprise was successfully created.' },
|
|
missingAuthHeader: { description: 'This request was missing an authorization header.', responseType: 'unauthorized'},
|
|
unauthorized: { description: 'Invalid authentication token.', responseType: 'unauthorized'},
|
|
notFound: { description: 'No Android enterprise found for this Fleet server.', responseType: 'notFound' },
|
|
invalidWebApp: { description: 'Invalid post webApp request', responseType: 'badRequest' },
|
|
},
|
|
|
|
|
|
fn: async function ({ androidEnterpriseId, title, startUrl, icons, displayMode, versionCode }) {
|
|
|
|
// Extract fleetServerSecret from the Authorization header
|
|
let authHeader = this.req.get('authorization');
|
|
let fleetServerSecret;
|
|
|
|
if (authHeader && authHeader.startsWith('Bearer')) {
|
|
fleetServerSecret = authHeader.replace('Bearer', '').trim();
|
|
} else {
|
|
throw 'missingAuthHeader';
|
|
}
|
|
|
|
// Authenticate this request
|
|
let thisAndroidEnterprise = await AndroidEnterprise.findOne({
|
|
androidEnterpriseId: androidEnterpriseId
|
|
});
|
|
|
|
// Return a 404 response if no records are found.
|
|
if (!thisAndroidEnterprise) {
|
|
throw 'notFound';
|
|
}
|
|
// Return an unauthorized response if the provided secret does not match.
|
|
if (thisAndroidEnterprise.fleetServerSecret !== fleetServerSecret) {
|
|
throw 'unauthorized';
|
|
}
|
|
|
|
// Check the list of Android Enterprises managed by Fleet to see if this Android Enterprise is still managed.
|
|
let isEnterpriseManagedByFleet = await sails.helpers.androidProxy.getIsEnterpriseManagedByFleet(androidEnterpriseId);
|
|
// Return a 404 response if this Android enterprise is no longer managed by Fleet.
|
|
if(!isEnterpriseManagedByFleet) {
|
|
throw 'notFound';
|
|
}
|
|
|
|
// Create the webApp.
|
|
// Note: We're using sails.helpers.flow.build here to handle any errors that occur using google's node library.
|
|
let createWebAppResponse = await sails.helpers.flow.build(async () => {
|
|
let { google } = require('googleapis');
|
|
let androidmanagement = google.androidmanagement('v1');
|
|
let googleAuth = new google.auth.GoogleAuth({
|
|
scopes: ['https://www.googleapis.com/auth/androidmanagement'],
|
|
credentials: {
|
|
client_email: sails.config.custom.androidEnterpriseServiceAccountEmailAddress,// eslint-disable-line camelcase
|
|
private_key: sails.config.custom.androidEnterpriseServiceAccountPrivateKey,// eslint-disable-line camelcase
|
|
},
|
|
});
|
|
// Acquire the google auth client, and bind it to all future calls
|
|
let authClient = await googleAuth.getClient();
|
|
google.options({ auth: authClient });
|
|
// [?]: https://googleapis.dev/nodejs/googleapis/latest/androidmanagement/classes/Resource$Enterprises$Webapps.html#create
|
|
let createWebAppResponse = await androidmanagement.enterprises.webApps.create({
|
|
parent: `enterprises/${androidEnterpriseId}`,
|
|
requestBody: {
|
|
title,
|
|
startUrl,
|
|
icons,
|
|
displayMode,
|
|
versionCode,
|
|
},
|
|
});
|
|
return createWebAppResponse.data;
|
|
}).intercept({status: 429}, (err)=>{
|
|
// If the Android management API returns a 429 response, log an additional warning that will trigger a help-p1 alert.
|
|
sails.log.warn(`p1: Android management API rate limit exceeded!`);
|
|
return new Error(`When attempting to create a webapp for an Android enterprise (${androidEnterpriseId}), an error occurred. Error: ${err}`);
|
|
}).intercept({ status: 400 }, (err) => {
|
|
return {'invalidWebApp': `Attempted to create a webApp with an invalid value for an Android enterprise (${androidEnterpriseId}): ${err}`};
|
|
}).intercept((err)=>{
|
|
return new Error(`When attempting to create a webapp for an Android enterprise (${androidEnterpriseId}), an error occurred. Error: ${require('util').inspect(err)}`);
|
|
});
|
|
|
|
|
|
// Return the created webApp back to the Fleet server.
|
|
return createWebAppResponse;
|
|
|
|
}
|
|
|
|
|
|
};
|