mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
api: lease: drop usage of global authority import
This commit is contained in:
parent
937c81bd5f
commit
be454d7a65
@ -233,13 +233,13 @@ def certidude_app(log_handlers=[]):
|
|||||||
|
|
||||||
# API calls used by pushed events on the JS end
|
# API calls used by pushed events on the JS end
|
||||||
app.add_route("/api/signed/{cn}/tag/", TagResource())
|
app.add_route("/api/signed/{cn}/tag/", TagResource())
|
||||||
app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource())
|
app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource(authority))
|
||||||
|
|
||||||
# API call used to delete existing tags
|
# API call used to delete existing tags
|
||||||
app.add_route("/api/signed/{cn}/tag/{tag}/", TagDetailResource())
|
app.add_route("/api/signed/{cn}/tag/{tag}/", TagDetailResource())
|
||||||
|
|
||||||
# Gateways can submit leases via this API call
|
# Gateways can submit leases via this API call
|
||||||
app.add_route("/api/lease/", LeaseResource())
|
app.add_route("/api/lease/", LeaseResource(authority))
|
||||||
|
|
||||||
# Bootstrap resource
|
# Bootstrap resource
|
||||||
app.add_route("/api/bootstrap/", BootstrapResource(authority))
|
app.add_route("/api/bootstrap/", BootstrapResource(authority))
|
||||||
|
@ -5,7 +5,7 @@ import logging
|
|||||||
import os
|
import os
|
||||||
import xattr
|
import xattr
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from certidude import config, authority, push
|
from certidude import config, push
|
||||||
from certidude.auth import login_required, authorize_admin, authorize_server
|
from certidude.auth import login_required, authorize_admin, authorize_server
|
||||||
from certidude.decorators import serialize
|
from certidude.decorators import serialize
|
||||||
|
|
||||||
@ -14,12 +14,15 @@ logger = logging.getLogger(__name__)
|
|||||||
# TODO: lease namespacing (?)
|
# TODO: lease namespacing (?)
|
||||||
|
|
||||||
class LeaseDetailResource(object):
|
class LeaseDetailResource(object):
|
||||||
|
def __init__(self, authority):
|
||||||
|
self.authority = authority
|
||||||
|
|
||||||
@serialize
|
@serialize
|
||||||
@login_required
|
@login_required
|
||||||
@authorize_admin
|
@authorize_admin
|
||||||
def on_get(self, req, resp, cn):
|
def on_get(self, req, resp, cn):
|
||||||
try:
|
try:
|
||||||
path, buf, cert, signed, expires = authority.get_signed(cn)
|
path, buf, cert, signed, expires = self.authority.get_signed(cn)
|
||||||
return dict(
|
return dict(
|
||||||
last_seen = xattr.getxattr(path, "user.lease.last_seen").decode("ascii"),
|
last_seen = xattr.getxattr(path, "user.lease.last_seen").decode("ascii"),
|
||||||
inner_address = xattr.getxattr(path, "user.lease.inner_address").decode("ascii"),
|
inner_address = xattr.getxattr(path, "user.lease.inner_address").decode("ascii"),
|
||||||
@ -30,6 +33,9 @@ class LeaseDetailResource(object):
|
|||||||
|
|
||||||
|
|
||||||
class LeaseResource(object):
|
class LeaseResource(object):
|
||||||
|
def __init__(self, authority):
|
||||||
|
self.authority = authority
|
||||||
|
|
||||||
@authorize_server
|
@authorize_server
|
||||||
def on_post(self, req, resp):
|
def on_post(self, req, resp):
|
||||||
client_common_name = req.get_param("client", required=True)
|
client_common_name = req.get_param("client", required=True)
|
||||||
@ -38,7 +44,7 @@ class LeaseResource(object):
|
|||||||
if "," in client_common_name:
|
if "," in client_common_name:
|
||||||
client_common_name, _ = client_common_name.split(",", 1)
|
client_common_name, _ = client_common_name.split(",", 1)
|
||||||
|
|
||||||
path, buf, cert, signed, expires = authority.get_signed(client_common_name) # TODO: catch exceptions
|
path, buf, cert, signed, expires = self.authority.get_signed(client_common_name) # TODO: catch exceptions
|
||||||
if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
|
if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
|
||||||
raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
|
raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
|
||||||
now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"
|
now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"
|
||||||
|
Loading…
Reference in New Issue
Block a user