#1150 [UI] Layout and alignment after Angular 20 upgrade (Score gauge & Namespace list) and NVSHAS-10256: Add user validation on the APIs which does not communicate with controller

admin/src/main/scala/com/neu/api/device/DeviceApi.scala

@@ -277,7 +277,7 @@ class DeviceApi(resourceService: DeviceService) extends BaseApi {
             path("check") {
               get {
                 Utils.respondWithWebServerHeaders() {
-                  resourceService.checkDebugLog()
+                  resourceService.checkDebugLog(tokenId)
                 }
               }
             }

admin/src/main/scala/com/neu/api/notification/NotificationApi.scala

@@ -179,7 +179,7 @@ class NotificationApi(resourceService: NotificationService) extends BaseApi {
               post {
                 entity(as[UserGraphLayout]) { (graphLayout: UserGraphLayout) =>
                   Utils.respondWithWebServerHeaders() {
-                    resourceService.createNetworkGraph(graphLayout)
+                    resourceService.createNetworkGraph(graphLayout, tokenId)
                   }
                 }
               }
@@ -188,7 +188,7 @@ class NotificationApi(resourceService: NotificationService) extends BaseApi {
               get {
                 parameter(Symbol("user")) { user =>
                   Utils.respondWithWebServerHeaders() {
-                    resourceService.getNetworkGraphLayout(user)
+                    resourceService.getNetworkGraphLayout(user, tokenId)
                   }
                 }
               }
@@ -197,14 +197,14 @@ class NotificationApi(resourceService: NotificationService) extends BaseApi {
               get {
                 parameter(Symbol("user")) { user =>
                   Utils.respondWithWebServerHeaders() {
-                    resourceService.getNetworkGraphBlacklist(user)
+                    resourceService.getNetworkGraphBlacklist(user, tokenId)
                   }
                 }
               } ~
               post {
                 entity(as[UserBlacklist]) { (userBlacklist: UserBlacklist) =>
                   Utils.respondWithWebServerHeaders() {
-                    resourceService.createNetworkGraphBlacklist(userBlacklist)
+                    resourceService.createNetworkGraphBlacklist(userBlacklist, tokenId)
                   }
                 }
               }

admin/src/main/scala/com/neu/api/risk/RiskApi.scala

@@ -204,7 +204,7 @@ class RiskApi(resourceService: RiskService) extends BaseApi {
           path("complianceNIST") {
             post {
               entity(as[ComplianceNISTConfigData]) { complianceNISTConfigData =>
-                resourceService.queryNistCompliances(complianceNISTConfigData)
+                resourceService.queryNistCompliances(complianceNISTConfigData, tokenId)
               }
             }
           } ~

admin/src/main/scala/com/neu/core/AuthenticationManager.scala

@@ -9,6 +9,10 @@ import com.typesafe.scalalogging.LazyLogging
 import java.security.MessageDigest
 import java.text.SimpleDateFormat
 import scala.collection.mutable
+import com.neu.client.RestClient
+import com.neu.client.RestClient.*
+import org.apache.pekko.http.scaladsl.model.*
+import scala.concurrent.Future
 
 /**
  * Created by bxu on 3/25/16.
@@ -109,6 +113,14 @@ object AuthenticationManager extends LazyLogging {
   def putToken(id: String, userToken: UserTokenNew): Unit =
     tokenMap += id -> userToken
 
+  def validateToken(tokenId: String): Future[HttpResponse] =
+    RestClient.httpRequestWithHeader(
+      s"${baseClusterUri(tokenId)}/$auth",
+      HttpMethods.PATCH,
+      "",
+      tokenId
+    )
+
   private def getRolesDigit(
     global_role: String,
     role_domains: Option[Map[String, Array[String]]]

admin/src/main/scala/com/neu/service/authentication/SuseAuthService.scala

@@ -39,12 +39,7 @@ class SuseAuthService()(implicit
 
   override def validateToken(tokenId: Option[String], ip: Option[RemoteAddress]): Route =
     complete {
-      RestClient.httpRequestWithHeader(
-        s"${baseClusterUri(tokenId.get)}/$auth",
-        HttpMethods.PATCH,
-        "",
-        tokenId.get
-      )
+      AuthenticationManager.validateToken(tokenId.get)
     }
 
   override def login(ip: RemoteAddress, host: String, ctx: RequestContext): Route = {

admin/src/main/scala/com/neu/service/device/DeviceService.scala

@@ -629,15 +629,31 @@ class DeviceService extends Directives with DefaultJsonFormats with LazyLogging
     }
   }
 
-  def checkDebugLog(): Route = complete {
-    val isFileReady = Files.exists(Paths.get(logFile)) && Files.isReadable(
-      Paths.get(logFile)
-    )
-    logger.info(s"Log file $logFile  is ready: $isFileReady")
-    if (isFileReady) {
-      HttpResponse(StatusCodes.OK, entity = "Ready")
-    } else {
-      HttpResponse(StatusCodes.PartialContent, entity = "In progress")
+  def checkDebugLog(tokenId: String): Route = complete {
+    try {
+      val resultPromise = AuthenticationManager.validateToken(tokenId)
+      Await.result(resultPromise, RestClient.waitingLimit.seconds)
+      if (SupportLogAuthCacheManager.getSupportLogAuth(tokenId).isDefined) {
+        val isFileReady = Files.exists(Paths.get(logFile)) && Files.isReadable(
+          Paths.get(logFile)
+        )
+        logger.info(s"Log file $logFile is ready: $isFileReady")
+        if (isFileReady) {
+          HttpResponse(StatusCodes.OK, entity = "Ready")
+        } else {
+          HttpResponse(StatusCodes.PartialContent, entity = "In progress")
+        }
+      } else {
+        (StatusCodes.Forbidden, "File can not be accessed.")
+      }
+    } catch {
+      case NonFatal(e) =>
+        RestClient.handleError(
+          timeOutStatus,
+          authenticationFailedStatus,
+          serverErrorStatus,
+          e
+        )
     }
   }
 

admin/src/main/scala/com/neu/service/notification/NotificationService.scala

@@ -5,6 +5,7 @@ import com.neu.cache.GraphCacheManager
 import com.neu.cache.paginationCacheManager
 import com.neu.client.RestClient
 import com.neu.client.RestClient.*
+import com.neu.core.AuthenticationManager
 import com.neu.core.IpGeoManager
 import com.neu.model.AlertJsonProtocol.{ *, given }
 import com.neu.model.DashboardJsonProtocol.{ *, given }
@@ -16,10 +17,9 @@ import com.neu.model.*
 import com.neu.service.BaseService
 import com.neu.utils.EnumUtils
 import com.typesafe.scalalogging.LazyLogging
-import org.apache.pekko.http.scaladsl.model.HttpEntity
 import org.apache.pekko.http.scaladsl.model.HttpMethods.*
-import org.apache.pekko.http.scaladsl.model.StatusCodes
 import org.apache.pekko.http.scaladsl.server.Route
+import org.apache.pekko.http.scaladsl.model.*
 import org.joda.time.DateTime
 import org.json4s.*
 import org.json4s.native.JsonMethods.*
@@ -39,8 +39,9 @@ class NotificationService()(implicit
     with DefaultJsonFormats
     with LazyLogging {
 
-  val topLimit = 5
-  val client   = "client"
+  final val serverErrorStatus = "Status: 503"
+  val topLimit                = 5
+  val client                  = "client"
 
   def getIpLocations(ipList: Array[String]): Route = complete {
     logger.info("Getting ip locations")
@@ -162,27 +163,39 @@ class NotificationService()(implicit
         }
 
         if (start.isDefined && limit.isDefined) {
-          if (elements == null) {
-            elements = paginationCacheManager[List[org.json4s.JsonAST.JValue]]
+          try {
+            val resultPromise = AuthenticationManager.validateToken(tokenId)
+            Await.result(resultPromise, RestClient.waitingLimit.seconds)
+            if (elements == null) {
+              elements = paginationCacheManager[List[org.json4s.JsonAST.JValue]]
+                .getPagedData(s"$cacheKey-audit")
+                .getOrElse(List[org.json4s.JsonAST.JValue]())
+            }
+            val output        =
+              elements.slice(start.get.toInt, start.get.toInt + limit.get.toInt)
+            if (output.length < limit.get.toInt) {
+              paginationCacheManager[List[org.json4s.JsonAST.JValue]]
+                .removePagedData(s"$cacheKey-audit")
+            }
+            val pagedRes      = compact(render(JArray(output)))
+            val cachedData    = paginationCacheManager[List[org.json4s.JsonAST.JValue]]
               .getPagedData(s"$cacheKey-audit")
               .getOrElse(List[org.json4s.JsonAST.JValue]())
+            logger.info("Cached data size: {}", cachedData.size)
+            logger.info(
+              "Paged response size: {}",
+              compact(render(JArray(output))).length
+            )
+            pagedRes
+          } catch {
+            case NonFatal(e) =>
+              RestClient.handleError(
+                timeOutStatus,
+                authenticationFailedStatus,
+                serverErrorStatus,
+                e
+              )
           }
-          val output     =
-            elements.slice(start.get.toInt, start.get.toInt + limit.get.toInt)
-          if (output.length < limit.get.toInt) {
-            paginationCacheManager[List[org.json4s.JsonAST.JValue]]
-              .removePagedData(s"$cacheKey-audit")
-          }
-          val pagedRes   = compact(render(JArray(output)))
-          val cachedData = paginationCacheManager[List[org.json4s.JsonAST.JValue]]
-            .getPagedData(s"$cacheKey-audit")
-            .getOrElse(List[org.json4s.JsonAST.JValue]())
-          logger.info("Cached data size: {}", cachedData.size)
-          logger.info(
-            "Paged response size: {}",
-            compact(render(JArray(output))).length
-          )
-          pagedRes
         } else {
           auditStr
         }
@@ -382,12 +395,12 @@ class NotificationService()(implicit
       val (edges: Array[Edge], markedNodes: Array[Node]) = getDataSet(graphData)
 
       logger.info("Sending data")
-      logger.info("blacklist:  {}", BlacklistCacheManager.getBlacklist(user))
+      logger.info("blacklist:  {}", BlacklistCacheManager.getBlacklist(user, tokenId))
 
       NetworkGraph(
         markedNodes,
         edges,
-        BlacklistCacheManager.getBlacklist(user),
+        BlacklistCacheManager.getBlacklist(user, tokenId),
         enableGPU == "true"
       )
 
@@ -400,26 +413,75 @@ class NotificationService()(implicit
     }
   }
 
-  def createNetworkGraph(graphLayout: UserGraphLayout): Route = {
-    logger.info("saving positions for user: {}", graphLayout.user)
-    GraphCacheManager.saveNodeLayout(graphLayout)
-    logger.debug(layoutToJson(graphLayout))
+  def createNetworkGraph(graphLayout: UserGraphLayout, tokenId: String): Route = complete {
+    try {
+      val resultPromise = AuthenticationManager.validateToken(tokenId)
+      Await.result(resultPromise, RestClient.waitingLimit.seconds)
+
+      logger.info("saving positions for user: {}", graphLayout.user)
+      GraphCacheManager.saveNodeLayout(graphLayout, tokenId)
+      logger.debug(layoutToJson(graphLayout))
 
-    complete(HttpEntity.Empty)
+      HttpEntity.Empty
+    } catch {
+      case NonFatal(e) =>
+        RestClient.handleError(
+          timeOutStatus,
+          authenticationFailedStatus,
+          serverErrorStatus,
+          e
+        )
+    }
   }
 
-  def getNetworkGraphLayout(user: String): Route = complete {
-    UserGraphLayout(user, GraphCacheManager.getNodeLayout(user))
+  def getNetworkGraphLayout(user: String, tokenId: String): Route = complete {
+    try {
+      val resultPromise = AuthenticationManager.validateToken(tokenId)
+      Await.result(resultPromise, RestClient.waitingLimit.seconds)
+      UserGraphLayout(user, GraphCacheManager.getNodeLayout(user, tokenId))
+    } catch {
+      case NonFatal(e) =>
+        RestClient.handleError(
+          timeOutStatus,
+          authenticationFailedStatus,
+          serverErrorStatus,
+          e
+        )
+    }
   }
 
-  def getNetworkGraphBlacklist(user: String): Route = complete {
-    BlacklistCacheManager.getBlacklist(user)
+  def getNetworkGraphBlacklist(user: String, tokenId: String): Route = complete {
+    try {
+      val resultPromise = AuthenticationManager.validateToken(tokenId)
+      Await.result(resultPromise, RestClient.waitingLimit.seconds)
+      BlacklistCacheManager.getBlacklist(user, tokenId)
+    } catch {
+      case NonFatal(e) =>
+        RestClient.handleError(
+          timeOutStatus,
+          authenticationFailedStatus,
+          serverErrorStatus,
+          e
+        )
+    }
   }
 
-  def createNetworkGraphBlacklist(userBlacklist: UserBlacklist): Route = {
-    logger.info("saving blacklist for user: {}", userBlacklist.user)
-    BlacklistCacheManager.saveBlacklist(userBlacklist)
-    complete(HttpEntity.Empty)
+  def createNetworkGraphBlacklist(userBlacklist: UserBlacklist, tokenId: String): Route = complete {
+    try {
+      val resultPromise = AuthenticationManager.validateToken(tokenId)
+      Await.result(resultPromise, RestClient.waitingLimit.seconds)
+      logger.info("saving blacklist for user: {}", userBlacklist.user)
+      BlacklistCacheManager.saveBlacklist(userBlacklist, tokenId)
+      HttpEntity.Empty
+    } catch {
+      case NonFatal(e) =>
+        RestClient.handleError(
+          timeOutStatus,
+          authenticationFailedStatus,
+          serverErrorStatus,
+          e
+        )
+    }
   }
 
   def getSecurityEvents(tokenId: String): Route = complete {

admin/src/main/scala/com/neu/service/risk/RiskService.scala

@@ -20,6 +20,8 @@ import scala.concurrent.TimeoutException
 import scala.util.control.NonFatal
 import java.net.URLEncoder
 import java.nio.charset.StandardCharsets
+import scala.concurrent.Await
+import scala.concurrent.duration.DurationInt
 
 class RiskService extends BaseService with DefaultJsonFormats with LazyLogging {
 
@@ -317,9 +319,24 @@ class RiskService extends BaseService with DefaultJsonFormats with LazyLogging {
       }
     }
 
-  def queryNistCompliances(complianceNISTConfigData: ComplianceNISTConfigData): Route = complete {
-    logger.info("Get NIST compliances: {}", complianceNISTConfigData.config.names)
-    CisNISTManager.getCompliancesNIST(complianceNISTConfigData.config.names)
+  def queryNistCompliances(
+    complianceNISTConfigData: ComplianceNISTConfigData,
+    tokenId: String
+  ): Route = complete {
+    try {
+      val resultPromise = AuthenticationManager.validateToken(tokenId)
+      Await.result(resultPromise, RestClient.waitingLimit.seconds)
+      logger.info("Get NIST compliances: {}", complianceNISTConfigData.config.names)
+      CisNISTManager.getCompliancesNIST(complianceNISTConfigData.config.names)
+    } catch {
+      case NonFatal(e) =>
+        RestClient.handleError(
+          timeOutStatus,
+          authenticationFailedStatus,
+          serverErrorStatus,
+          e
+        )
+    }
   }
 
   def getCompliances(tokenId: String): Route = complete {

admin/webapp/websrc/app/routes/components/score-improvement-modal/partial/score-improvement-completed-view/score-improvement-completed-view.component.html

@@ -12,8 +12,6 @@
           [foregroundColor]="gaugeColor"
           [thick]="10"
           cap="round"
-          [thick]="10"
-          cap="round"
           [size]="120">
         </ngx-gauge>
         <div class="score-label" [ngStyle]="{ color: gaugeLabelColor }">
@@ -35,7 +33,9 @@
           [animate]="true"
           [duration]="1"
           [foregroundColor]="gaugeLabelColorFixed"
-          [size]="40">
+          [thick]="10"
+          cap="round"
+          [size]="120">
         </ngx-gauge>
         <div class="score-label" [ngStyle]="{ color: gaugeLabelColorFixed }">
           {{ gaugeLabelFixed }}