package com.hiveops.aria.controller; import com.hiveops.aria.dto.PostureReportRequest; import com.hiveops.aria.entity.DeviceSecurityPosture; import com.hiveops.aria.repository.DeviceSecurityPostureRepository; import com.hiveops.aria.service.DevicePostureService; import jakarta.servlet.http.HttpServletRequest; import lombok.RequiredArgsConstructor; import org.springframework.beans.factory.annotation.Value; import org.springframework.data.domain.Page; import org.springframework.data.domain.PageRequest; import org.springframework.data.domain.Pageable; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; @RestController @RequestMapping("/api/aria/posture") @RequiredArgsConstructor public class DevicePostureController { private final DevicePostureService postureService; private final DeviceSecurityPostureRepository postureRepository; @Value("${aria.internal.service-secret:}") private String serviceSecret; @PostMapping("/report") public ResponseEntity report( @RequestBody PostureReportRequest request, HttpServletRequest httpRequest) { String header = httpRequest.getHeader("X-Service-Secret"); if (serviceSecret.isBlank() || !serviceSecret.equals(header)) { return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); } if (request.getDeviceAgentId() == null || request.getDeviceAgentId().isBlank()) { return ResponseEntity.badRequest().build(); } return ResponseEntity.ok(postureService.report(request)); } @GetMapping @PreAuthorize("hasAnyRole('MSP_ADMIN','BCOS_ADMIN')") public Page getPostures( @RequestParam(required = false) DeviceSecurityPosture.OsEolStatus osEolStatus, @RequestParam(required = false) String scoreFilter, @RequestParam(defaultValue = "0") int page, @RequestParam(defaultValue = "25") int size) { Pageable pageable = PageRequest.of(page, size); if (osEolStatus != null) { return postureRepository.findByOsEolStatusOrderByPostureScoreAsc(osEolStatus, pageable); } if ("low".equals(scoreFilter)) { return postureRepository.findByPostureScoreLessThanOrderByPostureScoreAsc(50, pageable); } if ("medium".equals(scoreFilter)) { return postureRepository.findByPostureScoreLessThanOrderByPostureScoreAsc(80, pageable); } return postureRepository.findAllByOrderByPostureScoreAsc(pageable); } @GetMapping("/{deviceId}") @PreAuthorize("hasAnyRole('MSP_ADMIN','BCOS_ADMIN')") public ResponseEntity getPosture(@PathVariable Long deviceId) { return postureRepository.findByDeviceId(deviceId) .map(ResponseEntity::ok) .orElse(ResponseEntity.notFound().build()); } }