Allow osquery external alert

PatBriPerso · PatBriPerso · commit 001a15f3ee9e · 2026-03-13T16:16:27.000+01:00
diff --git a/app/Models/YnhOsquery.php b/app/Models/YnhOsquery.php
@@ -457,6 +457,15 @@ public function message(): string
                 if ($this->isRemoved()) {
                     $msg = "Le paquet {$this->columns['name']} {$this->columns['version']} ({$type}) a été désinstallé.";
                 }
+            } else {
+                $msg = isset($this->columns['text']) ? $this->columns['text'] : "Un événement de type {$this->name} est arrivé.";
+                $msg = isset($this->columns['text'])
+                    ? $this->columns['text']
+                    : "Un événement de type {$this->name} est arrivé. Champs disponibles : " . implode(', ', array_map(
+                        fn($k, $v) => "$k=$v",
+                        array_keys($this->columns),
+                        $this->columns
+                    ));
             }
         }
         return $msg;
diff --git a/resources/themes/cywise/iframes/rules-editor.blade.php b/resources/themes/cywise/iframes/rules-editor.blade.php
@@ -105,7 +105,7 @@
   const editor = ace.edit("editor");
   editor.setTheme("ace/theme/monokai");
   editor.session.setMode("ace/mode/sql");
-  editor.setValue(@json($rule->query ?? ''));
+  editor.setValue(@json($rule->query ?? 'SELECT * FROM processes WHERE 1==0;'));
 
   const btnDelete = document.querySelector('#delete-rule');
   const btnCreate = document.querySelector('#create-rule');
diff --git a/routes/web.php b/routes/web.php
@@ -266,11 +266,31 @@
         $server = \App\Models\YnhServer::where('secret', $secret)->first();
 
         if (! $server) {
-            return new JsonResponse([
-                'status' => 'failure',
-                'message' => 'server not found',
-                'payload' => $payload,
-            ], 200, ['Access-Control-Allow-Origin' => '*']);
+            $apiToken = \Wave\ApiKey::query()->where('key', '=', $secret)->first();
+
+            if (! $apiToken) {
+                return new JsonResponse([
+                    'status' => 'failure',
+                    'message' => 'server not found',
+                    'payload' => $payload,
+                ], 200, ['Access-Control-Allow-Origin' => '*']);
+            }
+
+            /** @var \App\Models\User $user */
+            $user = $apiToken->user()->first();
+            $user->actAs();
+
+            $server = \App\Models\YnhServer::where('name', $payload['hostname'])
+                ->where('created_by', $user->id)
+                ->first();
+
+            if (! $server) {
+                return new JsonResponse([
+                    'status' => 'failure',
+                    'message' => 'server not found',
+                    'payload' => $payload,
+                ], 200, ['Access-Control-Allow-Origin' => '*']);
+            }
         }
 
         $events = collect($request->input('lines'))

Original file line number	Diff line number	Diff line change
`@@ -457,6 +457,15 @@ public function message(): string`
`457`	`457`	`if ($this->isRemoved()) {`
`458`	`458`	`$msg = "Le paquet {$this->columns['name']} {$this->columns['version']} ({$type}) a été désinstallé.";`
`459`	`459`	`}`
	`460`	`+ } else {`
	`461`	`+ $msg = isset($this->columns['text']) ? $this->columns['text'] : "Un événement de type {$this->name} est arrivé.";`
	`462`	`+ $msg = isset($this->columns['text'])`
	`463`	`+ ? $this->columns['text']`
	`464`	`+ : "Un événement de type {$this->name} est arrivé. Champs disponibles : " . implode(', ', array_map(`
	`465`	`+ fn($k, $v) => "$k=$v",`
	`466`	`+ array_keys($this->columns),`
	`467`	`+ $this->columns`
	`468`	`+ ));`
`460`	`469`	`}`
`461`	`470`	`}`
`462`	`471`	`return $msg;`