from flask import Flask, request, jsonify
import requests
import json
from datetime import datetime

app = Flask(__name__)

# Define the endpoint and API token as variables
endpoint = "https://xxxxxx.abstractsecurity.app/v2/logs"  # Replace with your real endpoint
api_token = "yyyyyyy"  # Replace with your real API token

@app.route('/webhook', methods=['POST'])
def webhook():
    # Get JSON data from the webhook payload
    data = request.get_json()

    # Prepare raw JSON payload as expected by the YAML parser
    raw_payload = {
        "eventid": data.get("id", "default_id_value"),
        "host": data.get("clientIPs", ["unknown"])[0],
        "severity": data.get("severity", "medium"),
        "state": data.get("state", "unknown"),
        "nes": data.get("nes", []),
        "shares": [share.get("name", "unknown") for share in data.get("shares", [])],
        "detected": data.get("detectedTime", int(datetime.utcnow().timestamp())),
        "protocol": data.get("protocol", "unknown"),
        "files": data.get("files", []),
        "user": data.get("user", "unknown"),
        "userName": data.get("userName", "unknown")
    }

    # Output the raw payload to the console for verification
    print(json.dumps(raw_payload, indent=4))

    # Send the raw JSON payload to Abstract Security endpoint
    headers = {
        "Authorization": f"Bearer {api_token}",
        "Content-Type": "application/json"
    }

    response = requests.post(endpoint, headers=headers, json=raw_payload)

    if response.status_code == 200:
        return jsonify({"status": "success"}), 200
    else:
        return jsonify({"status": "error", "response": response.text}), response.status_code

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000, debug=True)