rmm2/backend/api/wau.go
cynfo3000 bf51ed8569 feat: WAU-Integration + Windows Software-Inventar (v1.1.0)
Windows Agent (v1.1.0):
- Software-Inventar aus Windows-Registry (64-bit + 32-bit)
  Sammelt Name, Version, Hersteller, InstallDate aller installierten Apps
  Filtert SystemComponent-Einträge heraus, sortiert alphabetisch
  Funktioniert unter SYSTEM-Account (kein winget nötig)
- Version auf 1.1.0 gehoben

Backend:
- customer_wau_rules Tabelle (Migration automatisch)
- WAU-Regeln pro Kunde (allow/block, winget-ID + Anzeigename)
- GET/POST/DELETE /api/v1/customers/{id}/wau/rules
- GET /api/v1/customers/{id}/wau/inventory  (SQL-Aggregation aus Agenten-Daten)
- GET /api/v1/customers/{id}/wau/included   (Plaintext für WAU)
- GET /api/v1/customers/{id}/wau/excluded   (Plaintext für WAU)

Frontend:
- Kunden-Seite: Tab-Navigation (Agents | API-Keys | WAU)
- WAU-Tab pro Kunde: Allowlist + Blocklist mit Inline-Assign aus Inventar
  Allow/Block-Buttons direkt in Inventar-Zeile, winget-ID vorgeschlagen
  Installationsbefehl mit externer Backend-URL aus Systemeinstellungen
- Windows-Panel Software-Tab: Installiert-Liste aus Registry-Daten
- Windows-Panel WAU-Tab: Status (installiert/Task/letzter Lauf)
  WAU installieren via MSI-Download + msiexec (synchron)
  Jetzt ausführen, Log anzeigen
  Gewünschten Zustand herstellen (Allowlist auf Client installieren)
2026-03-10 08:46:00 +01:00

152 lines
4.6 KiB
Go

package api
import (
"encoding/json"
"net/http"
"strconv"
"strings"
)
// setupWAURoutes registriert alle WAU-Endpunkte
func (h *Handler) setupWAURoutes(mux *http.ServeMux) {
// Authentifizierte Endpunkte (API-Key oder JWT)
mux.HandleFunc("GET /api/v1/customers/{id}/wau/rules", h.listWAURules)
mux.HandleFunc("POST /api/v1/customers/{id}/wau/rules", h.addWAURule)
mux.HandleFunc("DELETE /api/v1/customers/{id}/wau/rules/{rid}", h.deleteWAURule)
mux.HandleFunc("GET /api/v1/customers/{id}/wau/inventory", h.getWAUInventory)
// Plaintext-Endpunkte für WAU (kein Auth nötig — enthält nur App-IDs)
mux.HandleFunc("GET /api/v1/customers/{id}/wau/included", h.wauIncludedList)
mux.HandleFunc("GET /api/v1/customers/{id}/wau/excluded", h.wauExcludedList)
}
// GET /api/v1/customers/{id}/wau/rules
func (h *Handler) listWAURules(w http.ResponseWriter, r *http.Request) {
customerID, err := strconv.Atoi(r.PathValue("id"))
if err != nil {
writeError(w, http.StatusBadRequest, "Ungültige Kunden-ID")
return
}
rules, err := h.db.ListWAURules(customerID)
if err != nil {
writeError(w, http.StatusInternalServerError, "Fehler beim Laden")
return
}
writeJSON(w, http.StatusOK, rules)
}
// POST /api/v1/customers/{id}/wau/rules
func (h *Handler) addWAURule(w http.ResponseWriter, r *http.Request) {
customerID, err := strconv.Atoi(r.PathValue("id"))
if err != nil {
writeError(w, http.StatusBadRequest, "Ungültige Kunden-ID")
return
}
var req struct {
WingetID string `json:"winget_id"`
DisplayName string `json:"display_name"`
RuleType string `json:"rule_type"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeError(w, http.StatusBadRequest, "Ungültige Anfrage")
return
}
req.WingetID = strings.TrimSpace(req.WingetID)
req.DisplayName = strings.TrimSpace(req.DisplayName)
if req.WingetID == "" {
writeError(w, http.StatusBadRequest, "winget_id erforderlich")
return
}
if req.RuleType != "allow" && req.RuleType != "block" {
writeError(w, http.StatusBadRequest, "rule_type muss 'allow' oder 'block' sein")
return
}
if req.DisplayName == "" {
req.DisplayName = req.WingetID
}
rule, err := h.db.AddWAURule(customerID, req.WingetID, req.DisplayName, req.RuleType)
if err != nil {
writeError(w, http.StatusInternalServerError, "Fehler beim Speichern")
return
}
h.auditLog(r, "wau.rule.add", "customer", strconv.Itoa(customerID), "",
req.RuleType+": "+req.WingetID)
writeJSON(w, http.StatusCreated, rule)
}
// DELETE /api/v1/customers/{id}/wau/rules/{rid}
func (h *Handler) deleteWAURule(w http.ResponseWriter, r *http.Request) {
customerID, err := strconv.Atoi(r.PathValue("id"))
if err != nil {
writeError(w, http.StatusBadRequest, "Ungültige Kunden-ID")
return
}
ruleID, err := strconv.Atoi(r.PathValue("rid"))
if err != nil {
writeError(w, http.StatusBadRequest, "Ungültige Regel-ID")
return
}
ok, err := h.db.DeleteWAURule(customerID, ruleID)
if err != nil {
writeError(w, http.StatusInternalServerError, "Fehler beim Löschen")
return
}
if !ok {
writeError(w, http.StatusNotFound, "Regel nicht gefunden")
return
}
h.auditLog(r, "wau.rule.delete", "customer", strconv.Itoa(customerID), "", strconv.Itoa(ruleID))
writeJSON(w, http.StatusOK, map[string]string{"message": "Regel gelöscht"})
}
// GET /api/v1/customers/{id}/wau/inventory
func (h *Handler) getWAUInventory(w http.ResponseWriter, r *http.Request) {
customerID, err := strconv.Atoi(r.PathValue("id"))
if err != nil {
writeError(w, http.StatusBadRequest, "Ungültige Kunden-ID")
return
}
entries, err := h.db.GetWAUSoftwareInventory(customerID)
if err != nil {
writeError(w, http.StatusInternalServerError, "Fehler beim Laden des Inventars")
return
}
writeJSON(w, http.StatusOK, entries)
}
// GET /api/v1/customers/{id}/wau/included → Plaintext für WAU
func (h *Handler) wauIncludedList(w http.ResponseWriter, r *http.Request) {
h.serveWAUList(w, r, "allow")
}
// GET /api/v1/customers/{id}/wau/excluded → Plaintext für WAU
func (h *Handler) wauExcludedList(w http.ResponseWriter, r *http.Request) {
h.serveWAUList(w, r, "block")
}
func (h *Handler) serveWAUList(w http.ResponseWriter, r *http.Request, ruleType string) {
customerID, err := strconv.Atoi(r.PathValue("id"))
if err != nil {
http.Error(w, "Ungültige Kunden-ID", http.StatusBadRequest)
return
}
ids, err := h.db.GetWAUList(customerID, ruleType)
if err != nil {
http.Error(w, "Fehler", http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
w.WriteHeader(http.StatusOK)
w.Write([]byte(strings.Join(ids, "\r\n")))
if len(ids) > 0 {
w.Write([]byte("\r\n"))
}
}