Added first steps of hash event handler

Author: okynos

src/db.rs

@@ -1,3 +1,5 @@
+// Copyright (C) 2024, Achiefs.
+
 use crate::appconfig;
 use crate::utils;
 use crate::dbfile::*;
@@ -65,7 +67,7 @@ impl DB {
     pub fn is_empty(&self) -> bool {
         let connection = self.open();
         let result = connection.query_row("SELECT * FROM files LIMIT 1", [], |_row| Ok(0));
-        self.close(connection); 
+        self.close(connection);
         match result {
             Ok(_v) => false,
             Err(e) => {
@@ -76,7 +78,7 @@ impl DB {
                     true
                 }
             }
-        } 
+        }
     }
 
     // ------------------------------------------------------------------------
@@ -85,11 +87,13 @@ impl DB {
         let connection = self.open();
         let result = connection.execute(
             "CREATE TABLE IF NOT EXISTS files (
-                id INTEGER PRIMARY KEY,
+                dbid INTEGER PRIMARY KEY,
+                id TEXT PRIMARY KEY,
                 timestamp TEXT NOT NULL,
                 hash TEXT NOT NULL,
                 path TEXT NOT NULL UNIQUE,
-                size INTEGER)",
+                size INTEGER,
+                PRIMARY KEY(dbid, id) )",
             (),
         );
         match result {
@@ -122,14 +126,15 @@ impl DB {
             "SELECT * FROM files WHERE path = ?1 LIMIT 1",
             [path.clone()],
             |row| Ok(DBFile {
-                id: row.get(0).unwrap(),
-                timestamp: row.get(1).unwrap(),
-                hash: row.get(2).unwrap(),
-                path: row.get(3).unwrap(),
-                size: row.get(4).unwrap()
+                dbid: row.get(0).unwrap(),
+                id: row.get(1).unwrap(),
+                timestamp: row.get(2).unwrap(),
+                hash: row.get(3).unwrap(),
+                path: row.get(4).unwrap(),
+                size: row.get(5).unwrap()
             })
         );
-        
+
         let data = match result {
             Ok(d) => Ok(d),
             Err(e) => {
@@ -149,17 +154,18 @@ impl DB {
 
     // ------------------------------------------------------------------------
 
-    pub fn get_file_by_id(&self, id: u64) -> DBFile {
+    pub fn get_file_by_id(&self, dbid: u64) -> DBFile {
         let connection = self.open();
         let data = connection.query_row(
-            "SELECT * FROM files WHERE id = ?1 LIMIT 1",
-            [id],
+            "SELECT * FROM files WHERE dbid = ?1 LIMIT 1",
+            [dbid],
             |row| Ok(DBFile {
-                id: row.get(0).unwrap(),
-                timestamp: row.get(1).unwrap(),
-                hash: row.get(2).unwrap(),
-                path: row.get(3).unwrap(),
-                size: row.get(4).unwrap()
+                dbid: row.get(0).unwrap(),
+                id: row.get(1).unwrap(),
+                timestamp: row.get(2).unwrap(),
+                hash: row.get(3).unwrap(),
+                path: row.get(4).unwrap(),
+                size: row.get(5).unwrap()
             })
         ).unwrap();
 
@@ -185,8 +191,8 @@ impl DB {
             None => String::new()
         };
 
-        let query = format!("UPDATE files SET {}, {}, {} WHERE id = {}",
-            timestamp_str, hash_str, size_str, dbfile.id);
+        let query = format!("UPDATE files SET {}, {}, {} WHERE dbid = {}",
+            timestamp_str, hash_str, size_str, dbfile.dbid);
 
         let mut statement = connection.prepare(&query).unwrap();
         let result = statement.execute([]);
@@ -205,11 +211,12 @@ impl DB {
             "SELECT * from files").unwrap();
         let files = query.query_map([], |row|{
             Ok(DBFile {
-                id: row.get(0).unwrap(),
-                timestamp: row.get(1).unwrap(),
-                hash: row.get(2).unwrap(),
-                path: row.get(3).unwrap(),
-                size: row.get(4).unwrap(),
+                dbid: row.get(0).unwrap(),
+                id: row.get(1).unwrap(),
+                timestamp: row.get(2).unwrap(),
+                hash: row.get(3).unwrap(),
+                path: row.get(4).unwrap(),
+                size: row.get(5).unwrap(),
             })
         }).unwrap();
 

src/dbfile.rs

@@ -1,3 +1,5 @@
+// Copyright (C) 2024, Achiefs.
+
 use crate::utils;
 use crate::hash;
 use crate::appconfig::*;
@@ -13,7 +15,8 @@ pub struct DBFileError {
 }
 
 pub struct DBFile {
-    pub id: u64,
+    pub dbid: u64,
+    pub id: String,
     pub timestamp: String,
     pub hash: String,
     pub path: String,
@@ -64,6 +67,7 @@ impl fmt::Debug for DBFileError {
 impl fmt::Debug for DBFile {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result{
         f.debug_tuple("")
+        .field(&self.dbid)
         .field(&self.id)
         .field(&self.timestamp)
         .field(&self.hash)
@@ -98,7 +102,8 @@ impl DBFile {
         };
 
         DBFile {
-            id: 0,
+            dbid: 0,
+            id: utils::get_uuid(),
             timestamp: utils::get_current_time_millis(),
             hash,
             path: String::from(path),
@@ -110,7 +115,8 @@ impl DBFile {
 
     pub fn clone(&self) -> Self {
         DBFile {
-            id: self.id,
+            dbid: self.dbid,
+            id: self.id.clone(),
             timestamp: self.timestamp.clone(),
             hash: self.hash.clone(),
             path: self.path.clone(),

src/hashevent.rs

@@ -0,0 +1,123 @@
+// Copyright (C) 2024, Achiefs.
+
+use crate::appconfig;
+use crate::appconfig::*;
+use crate::dbfile::*;
+
+use log::*;
+use std::fs::OpenOptions;
+use serde_json::{json, to_string};
+use std::io::Write;
+use reqwest::Client;
+use std::time::Duration;
+
+pub struct HashEvent {
+    dbfile: DBFile
+}
+
+impl HashEvent {
+    pub fn new(dbfile: DBFile) -> Self {
+        HashEvent {
+            dbfile
+        }
+    }
+
+    // ------------------------------------------------------------------------
+
+    fn log(&self, file: String) {
+        let mut events_file = OpenOptions::new()
+            .create(true)
+            .append(true)
+            .open(file)
+            .expect("(hashevent::log) Unable to open events log file.");
+
+            match writeln!(events_file, "{}", self.format_json()) {
+                Ok(_d) => debug!("Hash event log written"),
+                Err(e) => error!("Hash event could not be written, Err: [{}]", e)
+            };
+    }
+
+    // ------------------------------------------------------------------------
+
+    async fn send(&self, cfg: AppConfig) {
+        use time::OffsetDateTime;
+
+        let event = self.get_json();
+        let current_date = OffsetDateTime::now_utc();
+        let index = format!("fim-{}-{}-{}", current_date.year(), current_date.month() as u8, current_date.day() );
+
+        // Splunk endpoint integration
+        if cfg.endpoint_type == "Splunk" {
+            let data = json!({
+                "source": cfg.node,
+                "sourcetype": "_json",
+                "event": event,
+                "index": "fim_events"
+            });
+            debug!("Sending received event to Splunk integration, event: {}", data);
+            let request_url = format!("{}/services/collector/event", cfg.endpoint_address);
+            let client = Client::builder()
+                .danger_accept_invalid_certs(cfg.insecure)
+                .timeout(Duration::from_secs(30))
+                .build().unwrap();
+            match client
+                .post(request_url)
+                .header("Authorization", format!("Splunk {}", cfg.endpoint_token))
+                .json(&data)
+                .send()
+                .await {
+                    Ok(response) => debug!("Response received: {:?}",
+                        response.text().await.unwrap()),
+                    Err(e) => debug!("Error on request: {:?}", e)
+            }
+        // Elastic endpoint integration
+        } else {
+            let request_url = format!("{}/{}/_doc/{}", cfg.endpoint_address, index, self.dbfile.id);
+            let client = Client::builder()
+                .danger_accept_invalid_certs(cfg.insecure)
+                .timeout(Duration::from_secs(30))
+                .build().unwrap();
+            match client
+                .post(request_url)
+                .basic_auth(cfg.endpoint_user, Some(cfg.endpoint_pass))
+                .json(&event)
+                .send()
+                .await {
+                    Ok(response) => debug!("Response received: {:?}",
+                        response.text().await.unwrap()),
+                    Err(e) => debug!("Error on request: {:?}", e)
+            }
+        }
+    }
+
+    // ------------------------------------------------------------------------
+
+    pub async fn process(&self, cfg: AppConfig) {
+        match cfg.get_events_destination().as_str() {
+            appconfig::BOTH_MODE => {
+                self.log(cfg.get_events_file());
+                self.send(cfg).await;
+            },
+            appconfig::NETWORK_MODE => {
+                self.send(cfg).await;
+            },
+            _ => self.log(cfg.get_events_file())
+        }
+    }
+
+    // ------------------------------------------------------------------------
+
+    fn format_json(&self) -> String { to_string(&self.get_json()).unwrap() }
+
+    // ------------------------------------------------------------------------
+
+    fn get_json(&self) -> serde_json::Value {
+        json!({
+            "dbfile.id": self.dbfile.id.clone(),
+            "dbfile.timestamp": self.dbfile.timestamp.clone(),
+            "dbfile.hash": self.dbfile.hash.clone(),
+            "dbfile.path": self.dbfile.path.clone(),
+            "dbfile.size": self.dbfile.size.clone()
+        })
+    }
+}

src/main.rs

@@ -39,6 +39,7 @@ mod init;
 mod db;
 mod dbfile;
 mod scanner;
+mod hashevent;
 
 // ----------------------------------------------------------------------------
 

src/scanner.rs

@@ -1,11 +1,17 @@
+// Copyright (C) 2024, Achiefs.
+
 use crate::db;
 use crate::dbfile::*;
 use crate::utils;
 use crate::appconfig::AppConfig;
+use crate::hashevent::HashEvent;
 
 use walkdir::WalkDir;
 use log::*;
 
+// Temporal
+use tokio::runtime::Runtime;
+
 pub fn scan_path(cfg: AppConfig, root: String) {
     let db = db::DB::new();
     for res in WalkDir::new(root) {
@@ -42,6 +48,9 @@ pub fn check_changes(cfg: AppConfig, root: String) {
                             Some(utils::get_current_time_millis()),
                             Some(hash),
                             Some(metadata.len()));
+                        let event = HashEvent::new(dbfile);
+                        let rt = Runtime::new().unwrap();
+                        rt.block_on(event.process(cfg.clone()));
                         // Trigger new event
                     }
                 },