feat: add additional mdm metgods (#89)

pliancy · Feb 25, 2023 · 2792d9b · 2792d9b
1 parent e7efcfe
commit 2792d9b
Show file tree

Hide file tree

Showing 2 changed files with 194 additions and 0 deletions.
diff --git a/src/index.ts b/src/index.ts
@@ -1,6 +1,7 @@
 import got from 'got'
 import { v4 as uuidv4 } from 'uuid'
 import {
+    CreateWebContentFilterPayload,
     CustomFact,
     CustomProfilePayload,
     Extension,
@@ -15,8 +16,11 @@ import {
     PPPCInput,
     PPPCPayload,
     PPPCService,
+    ServiceManagementPayload,
+    ServiceManagementPayloadRule,
     SupportedOsVersions,
     SystemExtensionPayload,
+    WebContentFilterPayload,
 } from './types'
 import plist from '@expo/plist'
 
@@ -1009,6 +1013,116 @@ export class Addigy {
         }
     }
 
+    async createServiceManagementPolicy(
+        authObject: IAddigyInternalAuthObject,
+        name: string,
+        rules: ServiceManagementPayloadRule[],
+        priority = 9,
+    ): Promise<any> {
+        const groupUUID = uuidv4()
+
+        const payload: ServiceManagementPayload = {
+            addigy_payload_type: 'com.addigy.servicemanagement.com.apple.servicemanagement',
+            addigy_payload_version: 0,
+            has_manifest: false,
+            payload_display_name: name,
+            payload_enabled: false,
+            payload_group_id: groupUUID,
+            payload_identifier: `com.addigy.servicemanagement.com.apple.servicemanagement.${groupUUID}`,
+            payload_priority: priority,
+            payload_type: 'com.apple.servicemanagement',
+            payload_uuid: uuidv4(),
+            payload_version: 1,
+            policy_restricted: false,
+            requires_device_supervision: false,
+            requires_mdm_profile_approved: false,
+            supported_os_versions: null,
+            rules,
+        }
+
+        try {
+            let res = await this._addigyRequest(
+                'https://app-prod.addigy.com/api/mdm/user/profiles/configurations',
+                {
+                    headers: {
+                        Cookie: `auth_token=${authObject.authToken};`,
+                        origin: 'https://app-prod.addigy.com',
+                    },
+                    method: 'POST',
+                    json: { payloads: [payload] },
+                },
+            )
+            return JSON.parse(res.body)
+        } catch (err) {
+            throw err
+        }
+    }
+
+    /*
+         @param {string} payloadName - Name of the profile
+         @param {string} userDefinedName - Name of the filter to be displayed in the User
+        @param {string} pluginBundleId - Bundle ID of the plugin to be used for filtering
+    
+
+    */
+    async createWebContentFilterPolicy(
+        authObject: IAddigyInternalAuthObject,
+        payloadName: string,
+        webContentPayload: CreateWebContentFilterPayload,
+        priority = 9,
+    ) {
+        const groupUUID = uuidv4()
+        const payload: WebContentFilterPayload = {
+            addigy_payload_type: 'com.addigy.webcontent-filter.com.apple.webcontent-filter',
+            addigy_payload_version: 2,
+            auto_filter_enabled: null,
+            blacklisted_urls: null,
+            content_filter_uuid: null,
+            filter_browsers: null,
+            filter_data_provider_bundle_identifier: null,
+            filter_data_provider_designated_requirement: null,
+            filter_packet_provider_bundle_identifier: null,
+            filter_packet_provider_designated_requirement: null,
+            filter_packets: null,
+            filter_sockets: true,
+            filter_type: 'Plugin',
+            has_manifest: false,
+            organization: null,
+            password: null,
+            payload_display_name: payloadName,
+            payload_enabled: true,
+            payload_group_id: groupUUID,
+            payload_identifier: `com.addigy.webcontent-filter.com.apple.webcontent-filter.${groupUUID}`,
+            payload_priority: priority,
+            payload_type: 'com.apple.webcontent-filter',
+            payload_uuid: uuidv4(),
+            payload_version: 1,
+            permitted_urls: null,
+            policy_restricted: false,
+            requires_device_supervision: false,
+            requires_mdm_profile_approved: false,
+            server_address: null,
+            supported_os_versions: null,
+            user_name: null,
+            vendor_config: null,
+            white_listed_bookmarks: null,
+            ...webContentPayload,
+        }
+
+        let res = await this._addigyRequest(
+            'https://app-prod.addigy.com/api/mdm/user/profiles/configurations',
+            {
+                headers: {
+                    Cookie: `auth_token=${authObject.authToken};`,
+                    origin: 'https://app-prod.addigy.com',
+                },
+                method: 'POST',
+                json: { payloads: [payload] },
+            },
+        )
+        return JSON.parse(res.body)
+    }
+
     async createFilevaultPolicy(
         authObject: IAddigyInternalAuthObject,
         name: string,

diff --git a/src/types.ts b/src/types.ts
@@ -36,6 +36,8 @@ export interface Payload {
         | 'com.addigy.securityAndPrivacy.com.apple.security.pkcs1'
         | 'com.addigy.securityAndPrivacy.com.apple.security.FDERecoveryKeyEscrow'
         | 'com.addigy.securityAndPrivacy.com.apple.security.FDERecoveryRedirect'
+        | 'com.addigy.servicemanagement.com.apple.servicemanagement'
+        | 'com.addigy.webcontent-filter.com.apple.webcontent-filter'
     payload_type:
         | 'com.apple.system-extension-policy'
         | 'com.apple.syspolicy.kernel-extension-policy'
@@ -47,6 +49,8 @@ export interface Payload {
         | 'com.apple.security.pkcs1'
         | 'com.apple.security.FDERecoveryKeyEscrow'
         | 'com.apple.security.FDERecoveryRedirect'
+        | 'com.apple.servicemanagement'
+        | 'com.apple.webcontent-filter'
 
     payload_version: number
     payload_identifier: string
@@ -302,3 +306,79 @@ export interface PoliciesMdmPayload {
     configuration_id: string
     policy_id: string
 }
+
+export interface ServiceManagementPayload extends Payload {
+    addigy_payload_version: number
+    has_manifest: boolean
+    payload_enabled: boolean
+    payload_priority: number
+    policy_restricted: boolean
+    requires_device_supervision: boolean
+    requires_mdm_profile_approved: boolean
+    rules: ServiceManagementPayloadRule[]
+    supported_os_versions: SupportedOsVersions | null
+}
+
+export interface ServiceManagementPayloadRule {
+    comment: string
+    rule_type: string
+    rule_value: string
+}
+
+export interface WebContentFilterPayload extends Payload {
+    addigy_payload_version: number
+    auto_filter_enabled: null | boolean
+    blacklisted_urls: null | string[]
+    content_filter_uuid: null | string
+    filter_browsers: null | boolean
+    filter_data_provider_bundle_identifier: string | null
+    filter_data_provider_designated_requirement: string | null
+    filter_grade: 'firewall' | 'inspector'
+    filter_packet_provider_bundle_identifier: null | string
+    filter_packet_provider_designated_requirement: null | string
+    filter_packets: null | boolean
+    filter_sockets: boolean
+    filter_type: string
+    has_manifest: boolean
+    organization: null | string
+    password: null | string
+    payload_enabled: boolean
+    payload_priority: number
+    permitted_urls: null | string[]
+    plugin_bundle_id: string | null
+    policy_restricted: boolean
+    requires_device_supervision: boolean
+    requires_mdm_profile_approved: boolean
+    server_address: null | string
+    supported_os_versions: null | SupportedOsVersions
+    user_defined_name: string
+    user_name: null | string
+    vendor_config: Record<string, string> | null
+    white_listed_bookmarks: null | string[]
+}
+
+export interface CreateWebContentFilterPayload {
+    user_defined_name: string
+    plugin_bundle_id: string
+    filter_grade: 'firewall' | 'inspector'
+    vendor_config?: Record<string, string>
+    content_filter_uuid?: string
+    server_address?: string
+    organization?: string
+    user_name?: string
+    password?: string
+    filter_browsers?: boolean
+    filter_sockets?: boolean
+    filter_data_provider_bundle_identifier?: string
+    filter_data_provider_designated_requirement?: string
+    filter_packets?: boolean
+    filter_packet_provider_bundle_identifier?: string
+    filter_packet_provider_designated_requirement?: string
+    auto_filter_enabled?: null
+    permitted_urls?: string[]
+    blacklisted_urls?: string[]
+    white_listed_bookmarks?: string[]
+    policy_restricted?: boolean
+    requires_device_supervision?: boolean
+    requires_mdm_profile_approved?: boolean
+}