feat(desktop-agent,admin/inventory): secure token storage via keyring; extended inventory collectors per OS; new /api/machines/inventory endpoint; posture rules + tickets; Admin UI inventory with filters, search and export; docs + CI desktop release

2025-10-09 22:08:20 -03:00 · 2025-10-09 22:08:20 -03:00 · 479c66d52c
commit 479c66d52c
parent c2050f311a
18 changed files with 1205 additions and 38 deletions
--- a/src/app/api/machines/inventory/route.ts
+++ b/src/app/api/machines/inventory/route.ts
@ -0,0 +1,111 @@
+import { z } from "zod"
+import { ConvexHttpClient } from "convex/browser"
+
+import { api } from "@/convex/_generated/api"
+import { env } from "@/lib/env"
+import { DEFAULT_TENANT_ID } from "@/lib/constants"
+import { createCorsPreflight, jsonWithCors } from "@/server/cors"
+
+const tokenModeSchema = z.object({
+  machineToken: z.string().min(1),
+  hostname: z.string().optional(),
+  os: z
+    .object({
+      name: z.string(),
+      version: z.string().optional(),
+      architecture: z.string().optional(),
+    })
+    .optional(),
+  metrics: z.record(z.string(), z.unknown()).optional(),
+  inventory: z.record(z.string(), z.unknown()).optional(),
+})
+
+const provisioningModeSchema = z.object({
+  provisioningSecret: z.string().min(1),
+  tenantId: z.string().optional(),
+  companySlug: z.string().optional(),
+  hostname: z.string().min(1),
+  os: z.object({
+    name: z.string().min(1),
+    version: z.string().optional(),
+    architecture: z.string().optional(),
+  }),
+  macAddresses: z.array(z.string()).default([]),
+  serialNumbers: z.array(z.string()).default([]),
+  inventory: z.record(z.string(), z.unknown()).optional(),
+  metrics: z.record(z.string(), z.unknown()).optional(),
+  registeredBy: z.string().optional(),
+})
+
+const CORS_METHODS = "POST, OPTIONS"
+
+export async function OPTIONS(request: Request) {
+  return createCorsPreflight(request.headers.get("origin"), CORS_METHODS)
+}
+
+export async function POST(request: Request) {
+  const convexUrl = env.NEXT_PUBLIC_CONVEX_URL
+  if (!convexUrl) {
+    return jsonWithCors({ error: "Convex não configurado" }, 500, request.headers.get("origin"), CORS_METHODS)
+  }
+
+  let raw: unknown
+  try {
+    raw = await request.json()
+  } catch (error) {
+    return jsonWithCors(
+      { error: "Payload inválido", details: error instanceof Error ? error.message : String(error) },
+      400,
+      request.headers.get("origin"),
+      CORS_METHODS
+    )
+  }
+
+  const client = new ConvexHttpClient(convexUrl)
+
+  // Modo A: com token da máquina (usa heartbeat para juntar inventário)
+  const tokenParsed = tokenModeSchema.safeParse(raw)
+  if (tokenParsed.success) {
+    try {
+      const result = await client.mutation(api.machines.heartbeat, {
+        machineToken: tokenParsed.data.machineToken,
+        hostname: tokenParsed.data.hostname,
+        os: tokenParsed.data.os,
+        metrics: tokenParsed.data.metrics,
+        inventory: tokenParsed.data.inventory,
+      })
+      return jsonWithCors({ ok: true, machineId: result.machineId, expiresAt: result.expiresAt }, 200, request.headers.get("origin"), CORS_METHODS)
+    } catch (error) {
+      console.error("[machines.inventory:token] Falha ao atualizar inventário", error)
+      const details = error instanceof Error ? error.message : String(error)
+      return jsonWithCors({ error: "Falha ao atualizar inventário", details }, 500, request.headers.get("origin"), CORS_METHODS)
+    }
+  }
+
+  // Modo B: com segredo de provisionamento (upsert sem token)
+  const provParsed = provisioningModeSchema.safeParse(raw)
+  if (provParsed.success) {
+    try {
+      const result = await client.mutation(api.machines.upsertInventory, {
+        provisioningSecret: provParsed.data.provisioningSecret,
+        tenantId: provParsed.data.tenantId ?? DEFAULT_TENANT_ID,
+        companySlug: provParsed.data.companySlug ?? undefined,
+        hostname: provParsed.data.hostname,
+        os: provParsed.data.os,
+        macAddresses: provParsed.data.macAddresses,
+        serialNumbers: provParsed.data.serialNumbers,
+        inventory: provParsed.data.inventory,
+        metrics: provParsed.data.metrics,
+        registeredBy: provParsed.data.registeredBy ?? "agent:inventory",
+      })
+      return jsonWithCors({ ok: true, machineId: result.machineId, status: result.status }, 200, request.headers.get("origin"), CORS_METHODS)
+    } catch (error) {
+      console.error("[machines.inventory:prov] Falha ao fazer upsert de inventário", error)
+      const details = error instanceof Error ? error.message : String(error)
+      return jsonWithCors({ error: "Falha ao fazer upsert de inventário", details }, 500, request.headers.get("origin"), CORS_METHODS)
+    }
+  }
+
+  return jsonWithCors({ error: "Formato de payload não suportado" }, 400, request.headers.get("origin"), CORS_METHODS)
+}
+