cisagov · schmelz21 · May 15, 2024 · Apr 4, 2024 · Apr 4, 2024 · Apr 4, 2024
@@ -8,6 +8,7 @@ import * as auth from './auth';
 import * as cpes from './cpes';
 import * as cves from './cves';
 import * as domains from './domains';
+import * as notifications from './notifications';
 import * as search from './search';
 import * as vulnerabilities from './vulnerabilities';
 import * as organizations from './organizations';
@@ -117,6 +118,8 @@ app.post('/auth/callback', handlerToExpress(auth.callback));
 app.post('/users/register', handlerToExpress(users.register));
 app.post('/readysetcyber/register', handlerToExpress(users.RSCRegister));
 
+app.get('/notifications', handlerToExpress(notifications.list));
+
 const checkUserLoggedIn = async (req, res, next) => {
   req.requestContext = {
     authorizer: await auth.authorize({
@@ -453,6 +456,20 @@ authenticatedRoute.put(
   handlerToExpress(users.registrationDenial)
 );
 
+authenticatedRoute.delete(
+  '/notifications/:notificationId',
+  handlerToExpress(notifications.del)
+);
+
+authenticatedRoute.post(
+  '/notifications',
+  handlerToExpress(notifications.create)
+);
+
+authenticatedRoute.put(
+  '/notifications/:notificationId',
+  handlerToExpress(notifications.update)
+);
 //Authenticated ReadySetCyber Routes
 authenticatedRoute.get('/assessments', handlerToExpress(assessments.list));
 

@@ -10,6 +10,7 @@ import * as jwt from 'jsonwebtoken';
 import { APIGatewayProxyEvent } from 'aws-lambda';
 import * as jwksClient from 'jwks-rsa';
 import { createHash } from 'crypto';
+import { shouldBlockLogin } from './helpers';
 
 export interface UserToken {
   email: string;
@@ -22,6 +23,7 @@ export interface UserToken {
   dateAcceptedTerms: Date | undefined;
   acceptedTermsVersion: string | undefined;
   lastLoggedIn: Date | undefined;
+  loginBlockedByMaintenance: boolean | false;
 }
 
 interface CognitoUserToken {
@@ -83,6 +85,7 @@ export const userTokenBody = (user): UserToken => ({
   dateAcceptedTerms: user.dateAcceptedTerms,
   acceptedTermsVersion: user.acceptedTermsVersion,
   lastLoggedIn: user.lastLoggedIn,
+  loginBlockedByMaintenance: user.loginBlockedByMaintenance,
   roles: user.roles
     .filter((role) => role.approved)
     .map((role) => ({
@@ -143,6 +146,16 @@ export const callback = async (event, context) => {
 
   const idKey = `${process.env.USE_COGNITO ? 'cognitoId' : 'loginGovId'}`;
 
+  // Check shouldBlockLogin due to maintenance
+  if (user) {
+    console.log('Checking if login should be blocked due to Maintenance...');
+    const loginBlocked = await shouldBlockLogin(user);
+    console.log('Login blocked response from callback: ', loginBlocked);
+    user.loginBlockedByMaintenance = loginBlocked;
+    user.save();
+  }
+  console.log(user);
+
   // If user does not exist, create it
   if (!user) {
     user = User.create({

@@ -6,10 +6,12 @@ import {
 } from 'aws-lambda';
 import { ValidationOptions, validateOrReject } from 'class-validator';
 import { ClassType } from 'class-transformer/ClassTransformer';
+import { LessThanOrEqual, MoreThanOrEqual } from 'typeorm';
 import { plainToClass } from 'class-transformer';
 import S3Client from '../tasks/s3-client';
 import { SES } from 'aws-sdk';
 import * as nodemailer from 'nodemailer';
+import { Notification, User, connectToDatabase } from '../models';
 import * as handlebars from 'handlebars';
 
 export const REGION_STATE_MAP = {
@@ -303,3 +305,63 @@ export const sendRegistrationApprovedEmail = async (
     console.log('Email error: ', errorMessage);
   }
 };
+
+/**
+ * Function to find notifications that are currently active based on the current datetime.
+ * @returns A promise containing an array of active `Notification` entities.
+ */
+async function isMajorActiveMaintenance(): Promise<boolean> {
+  const now = new Date();
+  console.log(now);
+  try {
+    // DB connection
+    await connectToDatabase();
+
+    // Query major/active notifications with startDatetime <= now and endDatetime >= now
+    const notifications = await Notification.find({
+      where: [
+        {
+          startDatetime: LessThanOrEqual(now),
+          endDatetime: MoreThanOrEqual(now),
+          status: 'active',
+          maintenanceType: 'major'
+        }
+      ],
+      order: {
+        startDatetime: 'DESC',
+        id: 'DESC'
+      }
+    });
+
+    // Log notifications
+    console.log('Current notifications check Result: ', notifications);
+
+    // Return True if Notifcations exist
+    // if (notifications.length > 0) {
+    if (notifications) {
+      console.log('isMajorActiveMaintenance is returning True.');
+      return true;
+    } else {
+      console.log('isMajorActiveMaintenance is returning False.');
+      return false;
+    }
+  } catch (err) {
+    console.error('Error:', err);
+    // Catch-All return false on error
+    return false;
+  }
+}
+
+export async function shouldBlockLogin(user: User): Promise<boolean> {
+  // Check if there's active maintenance
+  const activeMaintenance = await isMajorActiveMaintenance();
+
+  // Block login for non-globalAdmin users during active maintenance
+  if (activeMaintenance && user.userType !== 'globalAdmin') {
+    console.log('Login should be blocked.');
+    return true; // Return true to indicate that login should be blocked
+  } else {
+    console.log('Login should not be blocked.');
+    return false; // Return false to indicate that login should not be blocked
+  }
+}
@@ -0,0 +1,158 @@
+import { IsString, isUUID, IsOptional, IsDateString } from 'class-validator';
+import { Notification, connectToDatabase } from '../models';
+import { validateBody, wrapHandler, NotFound, Unauthorized } from './helpers';
+import { isGlobalWriteAdmin } from './auth';
+
+class NewNotification {
+  @IsDateString()
+  startDatetime?: string;
+
+  @IsDateString()
+  endDatetime?: string;
+
+  @IsString()
+  maintenanceType?: string;
+
+  @IsString()
+  @IsOptional()
+  status: string;
+
+  @IsString()
+  @IsOptional()
+  message: string;
+
+  @IsString()
+  @IsOptional()
+  updatedBy: string;
+}
+/**
+ * @swagger
+ *
+ * /notifications:
+ *  post:
+ *    description: Create a new notification.
+ *    tags:
+ *    - Notifications
+ */
+export const create = wrapHandler(async (event) => {
+  if (!isGlobalWriteAdmin(event)) return Unauthorized;
+  const body = await validateBody(NewNotification, event.body);
+  await connectToDatabase();
+
+  const notification = await Notification.create({
+    ...body
+  });
+  const res = await notification.save();
+  return {
+    statusCode: 200,
+    body: JSON.stringify(res)
+  };
+});
+
+/**
+ * @swagger
+ *
+ * /notifications/{id}:
+ *  delete:
+ *    description: Delete a particular notification.
+ *    parameters:
+ *      - in: path
+ *        name: id
+ *        description: Notification id
+ *    tags:
+ *    - Notifications
+ */
+export const del = wrapHandler(async (event) => {
+  if (!isGlobalWriteAdmin(event)) return Unauthorized;
+  await connectToDatabase();
+  const id = event.pathParameters?.notificationId;
+  if (!id || !isUUID(id)) {
+    return NotFound;
+  }
+  const result = await Notification.delete(id);
+  return {
+    statusCode: 200,
+    body: JSON.stringify(result)
+  };
+});
+
+/**
+ * @swagger
+ *
+ * /notifications:
+ *  get:
+ *    description: List all notifications.
+ *    tags:
+ *    - Notifications
+ */
+export const list = wrapHandler(async (event) => {
+  console.log('list function called with event: ', event);
+
+  // if (!isGlobalWriteAdmin(event)) {
+  //   return {
+  //     //TODO: Should we return a 403?
+  //     statusCode: 200,
+  //     body: JSON.stringify([])
+  //   };
+  // }
+  await connectToDatabase();
+  console.log('Database connected');
+
+  const result = await Notification.find({
+    order: {
+      startDatetime: 'DESC',
+      id: 'DESC'
+    }
+  });
+
+  console.log('Notification.find result: ', result);
+
+  return {
+    statusCode: 200,
+    body: JSON.stringify(result)
+  };
+});
+
+/**
+ * @swagger
+ *
+ * /notifications/{id}:
+ *  put:
+ *    description: Update a particular notification.
+ *    parameters:
+ *      - in: path
+ *        name: id
+ *        description: notification id
+ *    tags:
+ *    - Notifications
+ */
+
+export const update = wrapHandler(async (event) => {
+  if (!isGlobalWriteAdmin(event)) return Unauthorized;
+  // Get the notification id from the path
+  const id = event.pathParameters?.notificationId;
+
+  // confirm that the id is a valid UUID
+  if (!id || !isUUID(id)) {
+    return NotFound;
+  }
+
+  // Validate the body
+  const validatedBody = await validateBody(NewNotification, event.body);
+
+  // Connect to the database
+  await connectToDatabase();
+
+  // Update the organization
+  const updateResp = await Notification.update(id, validatedBody);
+
+  // Handle response
+  if (updateResp) {
+    const updatedNot = await Notification.findOne(id);
+    return {
+      statusCode: 200,
+      body: JSON.stringify(updatedNot)
+    };
+  }
+  return NotFound;
+});
@@ -156,6 +156,10 @@ class UpdateUser {
   @IsString()
   @IsOptional()
   role: string;
+
+  @IsBoolean()
+  @IsOptional()
+  loginBlockedByMaintenance: boolean;
 }
 
 /**

@@ -2,6 +2,7 @@ import { createConnection, Connection } from 'typeorm';
 import {
   // Models for the Crossfeed database
   ApiKey,
+  Notification,
   Assessment,
   Category,
   Cpe,
@@ -135,6 +136,8 @@ const connectDb = async (logging?: boolean) => {
       Response,
       Role,
       SavedSearch,
+      OrganizationTag,
+      Notification,
       Scan,
       ScanTask,
       Service,

@@ -7,6 +7,7 @@ export * from './cve';
 export * from './domain';
 export * from './organization';
 export * from './organization-tag';
+export * from './notification';
 export * from './question';
 export * from './resource';
 export * from './response';