From 60bbfd0d2eed008f15552c75017af8da2b9f3b2b Mon Sep 17 00:00:00 2001
From: BNWEIN <bweinberg@prime-networks.co.uk>
Date: Thu, 2 Jan 2025 16:27:39 +0000
Subject: [PATCH] Added Connection Filter Functions

Added Connection Filter Functions:

RemoveConnectionfilterTemplate
ListConnectionFilterTemplates
ListConnectionFilter
AddConnectionFilterTemplate
AddConnectionFilter
---
 .../Invoke-AddConnectionFilter.ps1            | 39 ++++++++++++++
 .../Invoke-AddConnectionFilterTemplate.ps1    | 54 +++++++++++++++++++
 .../Invoke-ListConnectionFilter.ps1           | 36 +++++++++++++
 .../Invoke-ListConnectionFilterTemplates.ps1  | 36 +++++++++++++
 .../Invoke-RemoveConnectionfilterTemplate.ps1 | 39 ++++++++++++++
 5 files changed, 204 insertions(+)
 create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1
 create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1
 create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1
 create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1
 create mode 100644 Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1

diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1
new file mode 100644
index 000000000000..1f0edd5c5999
--- /dev/null
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1	
@@ -0,0 +1,39 @@
+using namespace System.Net
+
+Function Invoke-AddConnectionFilter {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.SpamFilter.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    $RequestParams = $Request.Body.PowerShellCommand | 
+    ConvertFrom-Json | 
+    Select-Object -Property *, @{Name='identity'; Expression={$_.name}} -ExcludeProperty GUID, comments, name
+
+    $Tenants = ($Request.body.selectedTenants).value
+    $Result = foreach ($Tenantfilter in $tenants) {
+        try {
+            $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Set-HostedConnectionFilterPolicy' -cmdParams $RequestParams
+            "Successfully created Connectionfilter for $tenantfilter."
+            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Updated Connection filter rule for $($tenantfilter)" -sev Info
+        } catch {
+            "Could not create create Connection Filter rule for $($tenantfilter): $($_.Exception.message)"
+            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Could not create create connection filter rule for $($tenantfilter): $($_.Exception.message)" -sev Error
+        }
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @{Results = @($Result) }
+        })
+
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1
new file mode 100644
index 000000000000..6246cf8e1069
--- /dev/null
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1	
@@ -0,0 +1,54 @@
+using namespace System.Net
+
+Function Invoke-AddConnectionFilterTemplate {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Spamfilter.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+    Write-Host ($request | ConvertTo-Json -Compress)
+
+    try {
+        $GUID = (New-Guid).GUID
+        $JSON = if ($request.body.PowerShellCommand) {
+            Write-Host 'PowerShellCommand'
+            $request.body.PowerShellCommand | ConvertFrom-Json
+        }
+        else {
+            $GUID = (New-Guid).GUID
+        ([pscustomobject]$Request.body | Select-Object Name, EnableSafeList, IPAllowList , IPBlockList ) | ForEach-Object {
+                $NonEmptyProperties = $_.psobject.Properties | Where-Object { $null -ne $_.Value } | Select-Object -ExpandProperty Name
+                $_ | Select-Object -Property $NonEmptyProperties
+            }
+        }
+        $JSON = ($JSON | Select-Object @{n = 'name'; e = { $_.name } }, @{n = 'comments'; e = { $_.comments } }, * | ConvertTo-Json -Depth 10)
+        $Table = Get-CippTable -tablename 'templates'
+        $Table.Force = $true
+        Add-CIPPAzDataTableEntity @Table -Entity @{
+            JSON         = "$json"
+            RowKey       = "$GUID"
+            PartitionKey = 'ConnectionfilterTemplate'
+        }
+        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created Connection Filter Template $($Request.body.name) with GUID $GUID" -Sev 'Debug'
+        $body = [pscustomobject]@{'Results' = 'Successfully added template' }
+
+    }
+    catch {
+        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create Connection Filter Template: $($_.Exception.Message)" -Sev 'Error'
+        $body = [pscustomobject]@{'Results' = "ConnectionFilter Template Deployment failed: $($_.Exception.Message)" }
+    }
+
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $body
+        })
+
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1
new file mode 100644
index 000000000000..ce2740708283
--- /dev/null
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1	
@@ -0,0 +1,36 @@
+using namespace System.Net
+
+Function Invoke-ListConnectionFilter {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.SpamFilter.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+    $Tenantfilter = $request.Query.tenantfilter
+
+    try {
+        $Policies = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-HostedConnectionFilterPolicy' | Select-Object * -ExcludeProperty *odata*, *data.type*
+        #$RuleState = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-HostedContentFilterRule' | Select-Object * -ExcludeProperty *odata*, *data.type*
+        #$GraphRequest = $Policies | Select-Object *, @{l = 'ruleState'; e = { $name = $_.name; ($RuleState | Where-Object name -EQ $name).State } }, @{l = 'rulePrio'; e = { $name = $_.name; ($RuleState | Where-Object name -EQ $name).Priority } }
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+        $StatusCode = [HttpStatusCode]::Forbidden
+        #$GraphRequest = $ErrorMessage
+        $Policies = $ErrorMessage
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            #Body       = @($GraphRequest)
+            Body       = @($Policies)
+        })
+
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1
new file mode 100644
index 000000000000..36ffdbf69e5d
--- /dev/null
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1	
@@ -0,0 +1,36 @@
+using namespace System.Net
+
+Function Invoke-ListConnectionFilterTemplates {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.SpamFilter.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+    $Table = Get-CippTable -tablename 'templates'
+
+    #List new policies
+    $Table = Get-CippTable -tablename 'templates'
+    $Filter = "PartitionKey eq 'ConnectionfilterTemplate'"
+    $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object {
+        $GUID = $_.RowKey
+        $data = $_.JSON | ConvertFrom-Json
+        $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $GUID
+        $data
+    }
+
+    if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property RowKey -EQ $Request.query.id }
+
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @($Templates)
+        })
+
+}
diff --git a/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1
new file mode 100644
index 000000000000..5d4a13cca820
--- /dev/null
+++ b/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1
@@ -0,0 +1,39 @@
+using namespace System.Net
+
+Function Invoke-RemoveConnectionfilterTemplate {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Exchange.Spamfilter.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    $User = $request.headers.'x-ms-client-principal'
+    Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    $ID = $request.body.id
+    try {
+        $Table = Get-CippTable -tablename 'templates'
+        $Filter = "PartitionKey eq 'ConnectionfilterTemplate' and RowKey eq '$id'"
+        $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey
+        Remove-AzDataTableEntity -Force @Table -Entity $clearRow
+        Write-LogMessage -user $User -API $APINAME -message "Removed Connection Filter Template with ID $ID." -Sev 'Info'
+        $body = [pscustomobject]@{'Results' = 'Successfully removed Connection Filter Template' }
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -user $User -API $APINAME -message "Failed to remove Connection Filter template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage
+        $body = [pscustomobject]@{'Results' = "Failed to remove template: $($ErrorMessage.NormalizedError)" }
+    }
+
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $body
+        })
+
+
+}