Merge pull request #791 from akto-api-security/feature/postman-har-files

Added changes to save files

apps/dashboard/src/main/java/com/akto/action/HarAction.java

@@ -3,11 +3,14 @@
 import com.akto.dao.ApiCollectionsDao;
 import com.akto.dao.BurpPluginInfoDao;
 import com.akto.dao.context.Context;
+import com.akto.dao.file.FilesDao;
 import com.akto.dto.ApiCollection;
+import com.akto.dto.HttpResponseParams;
 import com.akto.har.HAR;
 import com.akto.log.LoggerMaker;
 import com.akto.dto.ApiToken.Utility;
 import com.akto.util.DashboardMode;
+import com.akto.utils.GzipUtils;
 import com.akto.utils.Utils;
 import com.mongodb.BasicDBObject;
 import com.mongodb.client.model.Filters;
@@ -95,6 +98,9 @@ public String execute() throws IOException {
         try {
             HAR har = new HAR();
             loggerMaker.infoAndAddToDb("Har file upload processing for collectionId:" + apiCollectionId, LoggerMaker.LogDb.DASHBOARD);
+            String zippedString = GzipUtils.zipString(harString);
+            com.akto.dto.files.File file = new com.akto.dto.files.File(HttpResponseParams.Source.HAR,zippedString);
+            FilesDao.instance.insertOne(file);
             List<String> messages = har.getMessages(harString, apiCollectionId, Context.accountId.get());
             harErrors = har.getErrors();
             Utils.pushDataToKafka(apiCollectionId, topic, messages, harErrors, skipKafka);

apps/dashboard/src/main/java/com/akto/action/PostmanAction.java

@@ -3,8 +3,10 @@
 import com.akto.ApiRequest;
 import com.akto.dao.*;
 import com.akto.dao.context.Context;
+import com.akto.dao.file.FilesDao;
 import com.akto.dao.loaders.LoadersDao;
 import com.akto.dto.*;
+import com.akto.dto.files.File;
 import com.akto.dto.loaders.PostmanUploadLoader;
 import com.akto.dto.third_party_access.Credential;
 import com.akto.dto.third_party_access.PostmanCredential;
@@ -15,6 +17,7 @@
 import com.akto.log.LoggerMaker.LogDb;
 import com.akto.postman.Main;
 import com.akto.util.DashboardMode;
+import com.akto.utils.GzipUtils;
 import com.akto.utils.SampleDataToSTI;
 import com.akto.utils.Utils;
 import com.fasterxml.jackson.core.JsonProcessingException;
@@ -368,7 +371,9 @@ public String importDataFromPostmanFile() {
         JsonNode collectionDetailsObj;
         try {
             collectionDetailsObj = mapper.readTree(postmanCollectionFile);
-            loggerMaker.errorAndAddToDb("Postman file:" + postmanCollectionFile, LogDb.DASHBOARD);
+            String zipped = GzipUtils.zipString(postmanCollectionFile);
+            File file = new File(HttpResponseParams.Source.POSTMAN, zipped);
+            FilesDao.instance.insertOne(file);
         } catch (Exception e) {
             loggerMaker.errorAndAddToDb(e,"Error parsing postman collection file: " + e.getMessage(), LogDb.DASHBOARD);
             addActionError("Error while parsing the file");

apps/dashboard/src/main/java/com/akto/utils/GzipUtils.java

@@ -0,0 +1,49 @@
+package com.akto.utils;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.zip.GZIPInputStream;
+import java.util.zip.GZIPOutputStream;
+
+public class GzipUtils {
+
+    public static String zipString(String input) {
+        if (input == null || input.isEmpty()) {
+            return input;
+        }
+
+        try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+             GZIPOutputStream gzipOutputStream = new GZIPOutputStream(byteArrayOutputStream)) {
+            gzipOutputStream.write(input.getBytes(StandardCharsets.UTF_8));
+            gzipOutputStream.close();
+            return Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray());
+        } catch (IOException e) {
+            throw new RuntimeException("Failed to zip content", e);
+        }
+    }
+
+    public static String unzipString(String zippedBase64Str) {
+        if (zippedBase64Str == null || zippedBase64Str.isEmpty()) {
+            return zippedBase64Str;
+        }
+
+        byte[] decodedBytes = Base64.getDecoder().decode(zippedBase64Str);
+
+        try (ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decodedBytes);
+             GZIPInputStream gzipInputStream = new GZIPInputStream(byteArrayInputStream);
+             ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) {
+
+            byte[] buffer = new byte[1024];
+            int len;
+            while ((len = gzipInputStream.read(buffer)) != -1) {
+                byteArrayOutputStream.write(buffer, 0, len);
+            }
+            return byteArrayOutputStream.toString(StandardCharsets.UTF_8.name());
+        } catch (IOException e) {
+            throw new RuntimeException("Failed to unzip content", e);
+        }
+    }
+}

libs/dao/src/main/java/com/akto/dao/file/FilesDao.java

@@ -0,0 +1,21 @@
+package com.akto.dao.file;
+
+import com.akto.dao.AccountsContextDao;
+import com.akto.dto.files.File;
+
+public class FilesDao extends AccountsContextDao<File> {
+
+    private FilesDao() {
+    }
+
+    public static final FilesDao instance = new FilesDao();
+    @Override
+    public String getCollName() {
+        return "files";
+    }
+
+    @Override
+    public Class<File> getClassT() {
+        return File.class;
+    }
+}

libs/dao/src/main/java/com/akto/dto/files/File.java

@@ -0,0 +1,63 @@
+package com.akto.dto.files;
+
+import com.akto.dao.context.Context;
+import com.akto.dto.HttpResponseParams;
+import org.bson.codecs.pojo.annotations.BsonId;
+import org.bson.types.ObjectId;
+
+public class File {
+
+    @BsonId
+    private ObjectId id;
+
+    private HttpResponseParams.Source source;
+
+    private int uploadTimestamp;
+
+    private String compressedContent;
+
+    public File(HttpResponseParams.Source source, String compressedContent) {
+        this.source = source;
+        this.compressedContent = compressedContent;
+        this.uploadTimestamp = Context.now();
+    }
+
+    public File(ObjectId id, HttpResponseParams.Source source, int uploadTimestamp, String compressedContent) {
+        this.id = id;
+        this.source = source;
+        this.uploadTimestamp = uploadTimestamp;
+        this.compressedContent = compressedContent;
+    }
+
+    public ObjectId getId() {
+        return id;
+    }
+
+    public void setId(ObjectId id) {
+        this.id = id;
+    }
+
+    public int getUploadTimestamp() {
+        return uploadTimestamp;
+    }
+
+    public void setUploadTimestamp(int uploadTimestamp) {
+        this.uploadTimestamp = uploadTimestamp;
+    }
+
+    public String getCompressedContent() {
+        return compressedContent;
+    }
+
+    public void setCompressedContent(String compressedContent) {
+        this.compressedContent = compressedContent;
+    }
+
+    public HttpResponseParams.Source getSource() {
+        return source;
+    }
+
+    public void setSource(HttpResponseParams.Source source) {
+        this.source = source;
+    }
+}