diff --git a/src/index.ts b/src/index.ts index 82c2a73..fface9a 100755 --- a/src/index.ts +++ b/src/index.ts @@ -1,6 +1,7 @@ import got from 'got' import { v4 as uuidv4 } from 'uuid' import { + CreateWebContentFilterPayload, CustomFact, CustomProfilePayload, Extension, @@ -15,8 +16,11 @@ import { PPPCInput, PPPCPayload, PPPCService, + ServiceManagementPayload, + ServiceManagementPayloadRule, SupportedOsVersions, SystemExtensionPayload, + WebContentFilterPayload, } from './types' import plist from '@expo/plist' @@ -1009,6 +1013,116 @@ export class Addigy { } } + async createServiceManagementPolicy( + authObject: IAddigyInternalAuthObject, + name: string, + rules: ServiceManagementPayloadRule[], + priority = 9, + ): Promise { + const groupUUID = uuidv4() + + const payload: ServiceManagementPayload = { + addigy_payload_type: 'com.addigy.servicemanagement.com.apple.servicemanagement', + addigy_payload_version: 0, + has_manifest: false, + payload_display_name: name, + payload_enabled: false, + payload_group_id: groupUUID, + payload_identifier: `com.addigy.servicemanagement.com.apple.servicemanagement.${groupUUID}`, + payload_priority: priority, + payload_type: 'com.apple.servicemanagement', + payload_uuid: uuidv4(), + payload_version: 1, + policy_restricted: false, + requires_device_supervision: false, + requires_mdm_profile_approved: false, + supported_os_versions: null, + rules, + } + + try { + let res = await this._addigyRequest( + 'https://app-prod.addigy.com/api/mdm/user/profiles/configurations', + { + headers: { + Cookie: `auth_token=${authObject.authToken};`, + origin: 'https://app-prod.addigy.com', + }, + method: 'POST', + json: { payloads: [payload] }, + }, + ) + return JSON.parse(res.body) + } catch (err) { + throw err + } + } + + /* + @param {string} payloadName - Name of the profile + @param {string} userDefinedName - Name of the filter to be displayed in the User + @param {string} pluginBundleId - Bundle ID of the plugin to be used for filtering + + + */ + async createWebContentFilterPolicy( + authObject: IAddigyInternalAuthObject, + payloadName: string, + webContentPayload: CreateWebContentFilterPayload, + priority = 9, + ) { + const groupUUID = uuidv4() + const payload: WebContentFilterPayload = { + addigy_payload_type: 'com.addigy.webcontent-filter.com.apple.webcontent-filter', + addigy_payload_version: 2, + auto_filter_enabled: null, + blacklisted_urls: null, + content_filter_uuid: null, + filter_browsers: null, + filter_data_provider_bundle_identifier: null, + filter_data_provider_designated_requirement: null, + filter_packet_provider_bundle_identifier: null, + filter_packet_provider_designated_requirement: null, + filter_packets: null, + filter_sockets: true, + filter_type: 'Plugin', + has_manifest: false, + organization: null, + password: null, + payload_display_name: payloadName, + payload_enabled: true, + payload_group_id: groupUUID, + payload_identifier: `com.addigy.webcontent-filter.com.apple.webcontent-filter.${groupUUID}`, + payload_priority: priority, + payload_type: 'com.apple.webcontent-filter', + payload_uuid: uuidv4(), + payload_version: 1, + permitted_urls: null, + policy_restricted: false, + requires_device_supervision: false, + requires_mdm_profile_approved: false, + server_address: null, + supported_os_versions: null, + user_name: null, + vendor_config: null, + white_listed_bookmarks: null, + ...webContentPayload, + } + + let res = await this._addigyRequest( + 'https://app-prod.addigy.com/api/mdm/user/profiles/configurations', + { + headers: { + Cookie: `auth_token=${authObject.authToken};`, + origin: 'https://app-prod.addigy.com', + }, + method: 'POST', + json: { payloads: [payload] }, + }, + ) + return JSON.parse(res.body) + } + async createFilevaultPolicy( authObject: IAddigyInternalAuthObject, name: string, diff --git a/src/types.ts b/src/types.ts index f7a6c2f..bc98269 100644 --- a/src/types.ts +++ b/src/types.ts @@ -36,6 +36,8 @@ export interface Payload { | 'com.addigy.securityAndPrivacy.com.apple.security.pkcs1' | 'com.addigy.securityAndPrivacy.com.apple.security.FDERecoveryKeyEscrow' | 'com.addigy.securityAndPrivacy.com.apple.security.FDERecoveryRedirect' + | 'com.addigy.servicemanagement.com.apple.servicemanagement' + | 'com.addigy.webcontent-filter.com.apple.webcontent-filter' payload_type: | 'com.apple.system-extension-policy' | 'com.apple.syspolicy.kernel-extension-policy' @@ -47,6 +49,8 @@ export interface Payload { | 'com.apple.security.pkcs1' | 'com.apple.security.FDERecoveryKeyEscrow' | 'com.apple.security.FDERecoveryRedirect' + | 'com.apple.servicemanagement' + | 'com.apple.webcontent-filter' payload_version: number payload_identifier: string @@ -302,3 +306,79 @@ export interface PoliciesMdmPayload { configuration_id: string policy_id: string } + +export interface ServiceManagementPayload extends Payload { + addigy_payload_version: number + has_manifest: boolean + payload_enabled: boolean + payload_priority: number + policy_restricted: boolean + requires_device_supervision: boolean + requires_mdm_profile_approved: boolean + rules: ServiceManagementPayloadRule[] + supported_os_versions: SupportedOsVersions | null +} + +export interface ServiceManagementPayloadRule { + comment: string + rule_type: string + rule_value: string +} + +export interface WebContentFilterPayload extends Payload { + addigy_payload_version: number + auto_filter_enabled: null | boolean + blacklisted_urls: null | string[] + content_filter_uuid: null | string + filter_browsers: null | boolean + filter_data_provider_bundle_identifier: string | null + filter_data_provider_designated_requirement: string | null + filter_grade: 'firewall' | 'inspector' + filter_packet_provider_bundle_identifier: null | string + filter_packet_provider_designated_requirement: null | string + filter_packets: null | boolean + filter_sockets: boolean + filter_type: string + has_manifest: boolean + organization: null | string + password: null | string + payload_enabled: boolean + payload_priority: number + permitted_urls: null | string[] + plugin_bundle_id: string | null + policy_restricted: boolean + requires_device_supervision: boolean + requires_mdm_profile_approved: boolean + server_address: null | string + supported_os_versions: null | SupportedOsVersions + user_defined_name: string + user_name: null | string + vendor_config: Record | null + white_listed_bookmarks: null | string[] +} + +export interface CreateWebContentFilterPayload { + user_defined_name: string + plugin_bundle_id: string + filter_grade: 'firewall' | 'inspector' + vendor_config?: Record + content_filter_uuid?: string + server_address?: string + organization?: string + user_name?: string + password?: string + filter_browsers?: boolean + filter_sockets?: boolean + filter_data_provider_bundle_identifier?: string + filter_data_provider_designated_requirement?: string + filter_packets?: boolean + filter_packet_provider_bundle_identifier?: string + filter_packet_provider_designated_requirement?: string + auto_filter_enabled?: null + permitted_urls?: string[] + blacklisted_urls?: string[] + white_listed_bookmarks?: string[] + policy_restricted?: boolean + requires_device_supervision?: boolean + requires_mdm_profile_approved?: boolean +}