My first Cpanel plugin

 
Hello bots!

Today, I present to you, PatchCat, my first Cpanel plugin. What does it do? Basically, it lets users login to Patchman’s portal automagically, which lets people see and patch malware and outdated software. It also allows users to send suspicious files to Patchman to review.

Unlike Patchman’s official plugin, our plugin (another buddy of mine at work is helping), uses application authentication:

Pathman’s plugin enduser authentication:

curl https://client-portal.patchman.co/api/v1/token/ \
    --cert license/patchman.crt \
    --key license/patchman.key \
    -d username=enduser1234

Our plugin’s enduser authentication:

curl https://portal.patchman.co/oauth2/token/ \
    -u '{CLIENT_ID}:{CLIENT_SECRET}' \
    -d grant_type=client_credentials

The CLIENT_ID and CLIENT_SECRET are setup in Patchman’s portal under Authorized Apps.


Which route is more suitable for this app? I’m not sure. Our route is oauth token based which allows us to call any API function. Their plugin does not return a token but rather, a URL to log the user into portal only. However, version 2 will be using the Patchman certificates to authenticate.

Leave a Reply