2016-03-21 21:42:39 +00:00
|
|
|
# encoding: utf-8
|
|
|
|
|
2015-12-12 22:34:08 +00:00
|
|
|
import falcon
|
2018-05-04 08:54:55 +00:00
|
|
|
import ipaddress
|
2015-12-12 22:34:08 +00:00
|
|
|
import os
|
2018-05-04 08:54:55 +00:00
|
|
|
from certidude import config
|
|
|
|
from user_agents import parse
|
2017-12-30 13:57:48 +00:00
|
|
|
|
2016-03-21 21:42:39 +00:00
|
|
|
|
|
|
|
class NormalizeMiddleware(object):
|
|
|
|
def process_request(self, req, resp, *args):
|
2017-12-30 13:57:48 +00:00
|
|
|
req.context["remote_addr"] = ipaddress.ip_address(req.access_route[0])
|
2018-05-04 08:54:55 +00:00
|
|
|
if req.user_agent:
|
|
|
|
req.context["user_agent"] = parse(req.user_agent)
|
|
|
|
else:
|
|
|
|
req.context["user_agent"] = "Unknown user agent"
|
2016-03-21 21:42:39 +00:00
|
|
|
|
2017-04-25 21:10:12 +00:00
|
|
|
def certidude_app(log_handlers=[]):
|
2018-02-03 10:39:49 +00:00
|
|
|
from certidude import authority, config
|
2017-03-13 11:42:58 +00:00
|
|
|
from .signed import SignedCertificateDetailResource
|
2015-12-12 22:34:08 +00:00
|
|
|
from .request import RequestListResource, RequestDetailResource
|
2017-03-26 00:10:09 +00:00
|
|
|
from .lease import LeaseResource, LeaseDetailResource
|
2017-05-04 17:56:53 +00:00
|
|
|
from .script import ScriptResource
|
2017-03-26 00:10:09 +00:00
|
|
|
from .tag import TagResource, TagDetailResource
|
|
|
|
from .attrib import AttributeResource
|
2017-04-12 13:21:49 +00:00
|
|
|
from .bootstrap import BootstrapResource
|
2017-04-21 21:22:08 +00:00
|
|
|
from .token import TokenResource
|
2018-01-03 22:12:02 +00:00
|
|
|
from .builder import ImageBuilderResource
|
2018-05-04 08:54:55 +00:00
|
|
|
from .session import SessionResource, CertificateAuthorityResource
|
2015-12-12 22:34:08 +00:00
|
|
|
|
2016-03-21 21:42:39 +00:00
|
|
|
app = falcon.API(middleware=NormalizeMiddleware())
|
2017-03-26 00:10:09 +00:00
|
|
|
app.req_options.auto_parse_form_urlencoded = True
|
2015-12-12 22:34:08 +00:00
|
|
|
|
|
|
|
# Certificate authority API calls
|
|
|
|
app.add_route("/api/certificate/", CertificateAuthorityResource())
|
2018-02-03 10:55:42 +00:00
|
|
|
app.add_route("/api/signed/{cn}/", SignedCertificateDetailResource(authority))
|
2018-02-03 10:49:46 +00:00
|
|
|
app.add_route("/api/request/{cn}/", RequestDetailResource(authority))
|
|
|
|
app.add_route("/api/request/", RequestListResource(authority))
|
2018-02-03 11:09:59 +00:00
|
|
|
app.add_route("/api/", SessionResource(authority))
|
2017-04-21 21:22:08 +00:00
|
|
|
|
2017-12-30 13:57:48 +00:00
|
|
|
if config.USER_ENROLLMENT_ALLOWED: # TODO: add token enable/disable flag for config
|
2018-02-03 11:00:23 +00:00
|
|
|
app.add_route("/api/token/", TokenResource(authority))
|
2015-12-12 22:34:08 +00:00
|
|
|
|
2017-03-26 00:10:09 +00:00
|
|
|
# Extended attributes for scripting etc.
|
2018-02-03 10:37:06 +00:00
|
|
|
app.add_route("/api/signed/{cn}/attr/", AttributeResource(authority, namespace="machine"))
|
2018-02-03 10:54:36 +00:00
|
|
|
app.add_route("/api/signed/{cn}/script/", ScriptResource(authority))
|
2017-03-26 00:10:09 +00:00
|
|
|
|
|
|
|
# API calls used by pushed events on the JS end
|
2018-02-03 10:57:27 +00:00
|
|
|
app.add_route("/api/signed/{cn}/tag/", TagResource(authority))
|
2018-02-03 10:43:21 +00:00
|
|
|
app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource(authority))
|
2017-03-26 00:10:09 +00:00
|
|
|
|
|
|
|
# API call used to delete existing tags
|
2018-02-03 10:57:27 +00:00
|
|
|
app.add_route("/api/signed/{cn}/tag/{tag}/", TagDetailResource(authority))
|
2017-03-26 00:10:09 +00:00
|
|
|
|
|
|
|
# Gateways can submit leases via this API call
|
2018-02-03 10:43:21 +00:00
|
|
|
app.add_route("/api/lease/", LeaseResource(authority))
|
2015-12-12 22:34:08 +00:00
|
|
|
|
2017-04-21 21:22:08 +00:00
|
|
|
# Bootstrap resource
|
2018-02-03 10:39:49 +00:00
|
|
|
app.add_route("/api/bootstrap/", BootstrapResource(authority))
|
2016-03-31 22:55:51 +00:00
|
|
|
|
2018-01-03 22:12:02 +00:00
|
|
|
# LEDE image builder resource
|
|
|
|
app.add_route("/api/build/{profile}/{suggested_filename}", ImageBuilderResource())
|
|
|
|
|
2017-07-07 21:07:25 +00:00
|
|
|
# Add CRL handler if we have any whitelisted subnets
|
|
|
|
if config.CRL_SUBNETS:
|
|
|
|
from .revoked import RevocationListResource
|
2018-02-03 10:51:27 +00:00
|
|
|
app.add_route("/api/revoked/", RevocationListResource(authority))
|
2017-07-07 21:07:25 +00:00
|
|
|
|
2017-05-18 19:29:49 +00:00
|
|
|
# Add SCEP handler if we have any whitelisted subnets
|
|
|
|
if config.SCEP_SUBNETS:
|
|
|
|
from .scep import SCEPResource
|
2018-02-03 10:53:19 +00:00
|
|
|
app.add_route("/api/scep/", SCEPResource(authority))
|
2017-05-18 19:29:49 +00:00
|
|
|
|
2017-07-05 15:22:03 +00:00
|
|
|
if config.OCSP_SUBNETS:
|
|
|
|
from .ocsp import OCSPResource
|
2018-02-03 10:45:07 +00:00
|
|
|
app.add_sink(OCSPResource(authority), prefix="/api/ocsp")
|
2017-05-07 19:11:24 +00:00
|
|
|
|
2017-04-25 21:10:12 +00:00
|
|
|
# Set up log handlers
|
|
|
|
if config.LOGGING_BACKEND == "sql":
|
|
|
|
from certidude.mysqllog import LogHandler
|
|
|
|
from certidude.api.log import LogResource
|
|
|
|
uri = config.cp.get("logging", "database")
|
|
|
|
log_handlers.append(LogHandler(uri))
|
|
|
|
app.add_route("/api/log/", LogResource(uri))
|
|
|
|
elif config.LOGGING_BACKEND == "syslog":
|
2018-04-27 07:48:15 +00:00
|
|
|
from logging.handlers import SysLogHandler
|
|
|
|
log_handlers.append(SysLogHandler())
|
2017-04-25 21:10:12 +00:00
|
|
|
# Browsing syslog via HTTP is obviously not possible out of the box
|
|
|
|
elif config.LOGGING_BACKEND:
|
|
|
|
raise ValueError("Invalid logging.backend = %s" % config.LOGGING_BACKEND)
|
|
|
|
|
2015-12-12 22:34:08 +00:00
|
|
|
return app
|