mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-22 16:25:17 +00:00
api: lease: drop usage of global authority import
This commit is contained in:
parent
937c81bd5f
commit
be454d7a65
@ -233,13 +233,13 @@ def certidude_app(log_handlers=[]):
|
||||
|
||||
# API calls used by pushed events on the JS end
|
||||
app.add_route("/api/signed/{cn}/tag/", TagResource())
|
||||
app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource())
|
||||
app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource(authority))
|
||||
|
||||
# API call used to delete existing tags
|
||||
app.add_route("/api/signed/{cn}/tag/{tag}/", TagDetailResource())
|
||||
|
||||
# Gateways can submit leases via this API call
|
||||
app.add_route("/api/lease/", LeaseResource())
|
||||
app.add_route("/api/lease/", LeaseResource(authority))
|
||||
|
||||
# Bootstrap resource
|
||||
app.add_route("/api/bootstrap/", BootstrapResource(authority))
|
||||
|
@ -5,7 +5,7 @@ import logging
|
||||
import os
|
||||
import xattr
|
||||
from datetime import datetime
|
||||
from certidude import config, authority, push
|
||||
from certidude import config, push
|
||||
from certidude.auth import login_required, authorize_admin, authorize_server
|
||||
from certidude.decorators import serialize
|
||||
|
||||
@ -14,12 +14,15 @@ logger = logging.getLogger(__name__)
|
||||
# TODO: lease namespacing (?)
|
||||
|
||||
class LeaseDetailResource(object):
|
||||
def __init__(self, authority):
|
||||
self.authority = authority
|
||||
|
||||
@serialize
|
||||
@login_required
|
||||
@authorize_admin
|
||||
def on_get(self, req, resp, cn):
|
||||
try:
|
||||
path, buf, cert, signed, expires = authority.get_signed(cn)
|
||||
path, buf, cert, signed, expires = self.authority.get_signed(cn)
|
||||
return dict(
|
||||
last_seen = xattr.getxattr(path, "user.lease.last_seen").decode("ascii"),
|
||||
inner_address = xattr.getxattr(path, "user.lease.inner_address").decode("ascii"),
|
||||
@ -30,6 +33,9 @@ class LeaseDetailResource(object):
|
||||
|
||||
|
||||
class LeaseResource(object):
|
||||
def __init__(self, authority):
|
||||
self.authority = authority
|
||||
|
||||
@authorize_server
|
||||
def on_post(self, req, resp):
|
||||
client_common_name = req.get_param("client", required=True)
|
||||
@ -38,7 +44,7 @@ class LeaseResource(object):
|
||||
if "," in client_common_name:
|
||||
client_common_name, _ = client_common_name.split(",", 1)
|
||||
|
||||
path, buf, cert, signed, expires = authority.get_signed(client_common_name) # TODO: catch exceptions
|
||||
path, buf, cert, signed, expires = self.authority.get_signed(client_common_name) # TODO: catch exceptions
|
||||
if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
|
||||
raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
|
||||
now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"
|
||||
|
Loading…
Reference in New Issue
Block a user