feat(web): attacker artifacts endpoint + UI drawer

Adds the server-side wiring and frontend UI to surface files captured by the SSH honeypot for a given attacker. - New repository method get_attacker_artifacts (abstract + SQLModel impl) that joins the attacker's IP to `file_captured` log rows. - New route GET /attackers/{uuid}/artifacts. - New router /artifacts/{decky}/{service}/{stored_as} that streams a quarantined file back to an authenticated viewer. - AttackerDetail grows an ArtifactDrawer panel with per-file metadata (sha256, size, orig_path) and a download action. - ssh service fragment now sets NODE_NAME=decky_name so logs and the host-side artifacts bind-mount share the same decky identifier.
2026-04-18 05:36:48 -04:00
parent 39dafaf384
commit 41fd496128
13 changed files with 638 additions and 2 deletions
--- a/decnet/web/router/init.py
+++ b/decnet/web/router/init.py
@@ -14,11 +14,13 @@ from .stream.api_stream_events import router as stream_router
 from .attackers.api_get_attackers import router as attackers_router
 from .attackers.api_get_attacker_detail import router as attacker_detail_router
 from .attackers.api_get_attacker_commands import router as attacker_commands_router
+from .attackers.api_get_attacker_artifacts import router as attacker_artifacts_router
 from .config.api_get_config import router as config_get_router
 from .config.api_update_config import router as config_update_router
 from .config.api_manage_users import router as config_users_router
 from .config.api_reinit import router as config_reinit_router
 from .health.api_get_health import router as health_router
+from .artifacts.api_get_artifact import router as artifacts_router

 api_router = APIRouter()

@@ -43,6 +45,7 @@ api_router.include_router(deploy_deckies_router)
 api_router.include_router(attackers_router)
 api_router.include_router(attacker_detail_router)
 api_router.include_router(attacker_commands_router)
+api_router.include_router(attacker_artifacts_router)

 # Observability
 api_router.include_router(stats_router)
@@ -54,3 +57,6 @@ api_router.include_router(config_get_router)
 api_router.include_router(config_update_router)
 api_router.include_router(config_users_router)
 api_router.include_router(config_reinit_router)
+
+# Artifacts (captured attacker file drops)
+api_router.include_router(artifacts_router)