mirror of
https://github.com/mainflux/mainflux.git
synced 2025-04-27 13:48:49 +08:00
b91024465c
* adding certificate issuing Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding cert endpoint Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update envs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update envs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move certs creation to sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move certs creation to sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move certs creation to sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix env vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add volumes Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix merge config for int Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove env Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix error handling Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cert test, change receiver to pointer Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add docs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix var naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * correct error naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding certs service Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * change func receiever Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add default cert issue method Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add config Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * small fix Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove some testing code Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cert issue Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add vault api client Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * additional endpoints Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add swagger for certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove certs from provision Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * clean provision from certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add list certificates endpoint Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add vault api in vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add revoke, fix bugs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix sdk for certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes, add env, doc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes, add env, doc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes, add env, doc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * small changes Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove CA for signing from provision Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add docker file for certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix mock sdk Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add line Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix RevokeCert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renam ENV Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove tests temporarily Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renam vars Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add cli for issue cert Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove not needed envs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix linter errors, add cli Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix linter errors, add cli, var rename Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix reviews, add viewcert, fix view all certs Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove view cert, as it will be retrieved from PKI Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * change endpoints Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add default env val Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove some errors Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix revoking Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor, make wrapper lib for vault Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add comments Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove unused Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove unused field Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki, update vendor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor pki Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor fix Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove methods, use fields Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comments and package desc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix comments and package desc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
175 lines
3.7 KiB
Go
175 lines
3.7 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package api
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"io"
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"github.com/mainflux/mainflux/certs"
|
|
"github.com/mainflux/mainflux/pkg/errors"
|
|
|
|
kithttp "github.com/go-kit/kit/transport/http"
|
|
"github.com/go-zoo/bone"
|
|
"github.com/mainflux/mainflux"
|
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
|
)
|
|
|
|
const (
|
|
contentType = "application/json"
|
|
offset = "offset"
|
|
limit = "limit"
|
|
|
|
defOffset = 0
|
|
defLimit = 10
|
|
)
|
|
|
|
var (
|
|
errUnsupportedContentType = errors.New("unsupported content type")
|
|
errUnauthorized = errors.New("missing or invalid credentials provided")
|
|
errInvalidQueryParams = errors.New("invalid query params")
|
|
errMalformedEntity = errors.New("malformed entity")
|
|
errConflict = errors.New("entity already exists")
|
|
)
|
|
|
|
// MakeHandler returns a HTTP handler for API endpoints.
|
|
func MakeHandler(svc certs.Service) http.Handler {
|
|
opts := []kithttp.ServerOption{
|
|
kithttp.ServerErrorEncoder(encodeError),
|
|
}
|
|
|
|
r := bone.New()
|
|
|
|
r.Post("/certs", kithttp.NewServer(
|
|
issueCert(svc),
|
|
decodeCerts,
|
|
encodeResponse,
|
|
opts...,
|
|
))
|
|
|
|
r.Get("/certs", kithttp.NewServer(
|
|
listCerts(svc),
|
|
decodeListCerts,
|
|
encodeResponse,
|
|
opts...,
|
|
))
|
|
|
|
r.Delete("/certs/revoke", kithttp.NewServer(
|
|
revokeCert(svc),
|
|
decodeRevokeCerts,
|
|
encodeResponse,
|
|
opts...,
|
|
))
|
|
|
|
r.Handle("/metrics", promhttp.Handler())
|
|
r.GetFunc("/version", mainflux.Version("certs"))
|
|
|
|
return r
|
|
}
|
|
|
|
func encodeResponse(_ context.Context, w http.ResponseWriter, response interface{}) error {
|
|
w.Header().Set("Content-Type", contentType)
|
|
|
|
if ar, ok := response.(mainflux.Response); ok {
|
|
for k, v := range ar.Headers() {
|
|
w.Header().Set(k, v)
|
|
}
|
|
|
|
w.WriteHeader(ar.Code())
|
|
|
|
if ar.Empty() {
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return json.NewEncoder(w).Encode(response)
|
|
}
|
|
|
|
func decodeListCerts(_ context.Context, r *http.Request) (interface{}, error) {
|
|
l, err := readUintQuery(r, limit, defLimit)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
o, err := readUintQuery(r, offset, defOffset)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
req := listReq{
|
|
token: r.Header.Get("Authorization"),
|
|
limit: l,
|
|
offset: o,
|
|
}
|
|
return req, nil
|
|
}
|
|
|
|
func readUintQuery(r *http.Request, key string, def uint64) (uint64, error) {
|
|
vals := bone.GetQuery(r, key)
|
|
if len(vals) > 1 {
|
|
return 0, errInvalidQueryParams
|
|
}
|
|
|
|
if len(vals) == 0 {
|
|
return def, nil
|
|
}
|
|
|
|
strval := vals[0]
|
|
val, err := strconv.ParseUint(strval, 10, 64)
|
|
if err != nil {
|
|
return 0, errInvalidQueryParams
|
|
}
|
|
|
|
return val, nil
|
|
}
|
|
|
|
func decodeCerts(_ context.Context, r *http.Request) (interface{}, error) {
|
|
if r.Header.Get("Content-Type") != contentType {
|
|
return nil, errUnsupportedContentType
|
|
}
|
|
|
|
req := addCertsReq{token: r.Header.Get("Authorization")}
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return req, nil
|
|
}
|
|
|
|
func decodeRevokeCerts(_ context.Context, r *http.Request) (interface{}, error) {
|
|
if r.Header.Get("Content-Type") != contentType {
|
|
return nil, errUnsupportedContentType
|
|
}
|
|
|
|
req := revokeReq{token: r.Header.Get("Authorization")}
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return req, nil
|
|
}
|
|
|
|
func encodeError(_ context.Context, err error, w http.ResponseWriter) {
|
|
w.Header().Set("Content-Type", contentType)
|
|
|
|
switch err {
|
|
case errUnsupportedContentType:
|
|
w.WriteHeader(http.StatusUnsupportedMediaType)
|
|
case io.EOF, errMalformedEntity:
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
case errConflict:
|
|
w.WriteHeader(http.StatusConflict)
|
|
default:
|
|
switch err.(type) {
|
|
case *json.SyntaxError:
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
case *json.UnmarshalTypeError:
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
default:
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
}
|
|
}
|
|
}
|