2021-05-03 19:48:20 +00:00
package api
import (
2021-07-22 21:48:41 +00:00
"github.com/smallstep/certificates/acme"
2021-05-03 19:48:20 +00:00
"github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority/admin"
)
2021-12-08 14:19:38 +00:00
// Handler is the Admin API request handler.
2021-05-03 19:48:20 +00:00
type Handler struct {
2022-03-15 14:51:45 +00:00
adminDB admin . DB
auth adminAuthority
acmeDB acme . DB
acmeResponder acmeAdminResponderInterface
policyResponder policyAdminResponderInterface
2021-05-03 19:48:20 +00:00
}
// NewHandler returns a new Authority Config Handler.
2022-03-15 14:51:45 +00:00
func NewHandler ( auth adminAuthority , adminDB admin . DB , acmeDB acme . DB , acmeResponder acmeAdminResponderInterface , policyResponder policyAdminResponderInterface ) api . RouterHandler {
2021-07-22 21:48:41 +00:00
return & Handler {
2022-03-15 14:51:45 +00:00
auth : auth ,
adminDB : adminDB ,
acmeDB : acmeDB ,
acmeResponder : acmeResponder ,
policyResponder : policyResponder ,
2021-07-22 21:48:41 +00:00
}
2021-05-03 19:48:20 +00:00
}
// Route traffic and implement the Router interface.
func ( h * Handler ) Route ( r api . Router ) {
2022-03-15 14:51:45 +00:00
2021-05-03 19:48:20 +00:00
authnz := func ( next nextHTTP ) nextHTTP {
2022-03-15 14:51:45 +00:00
//return h.extractAuthorizeTokenAdmin(h.requireAPIEnabled(next))
return h . requireAPIEnabled ( next ) // TODO(hs): remove this; temporarily no auth checks for simple testing...
2021-05-03 19:48:20 +00:00
}
2021-10-08 12:29:44 +00:00
requireEABEnabled := func ( next nextHTTP ) nextHTTP {
return h . requireEABEnabled ( next )
}
2022-03-15 14:51:45 +00:00
enabledInStandalone := func ( next nextHTTP ) nextHTTP {
return h . checkAction ( next , true )
}
disabledInStandalone := func ( next nextHTTP ) nextHTTP {
return h . checkAction ( next , false )
}
2021-05-03 19:48:20 +00:00
// Provisioners
r . MethodFunc ( "GET" , "/provisioners/{name}" , authnz ( h . GetProvisioner ) )
r . MethodFunc ( "GET" , "/provisioners" , authnz ( h . GetProvisioners ) )
r . MethodFunc ( "POST" , "/provisioners" , authnz ( h . CreateProvisioner ) )
r . MethodFunc ( "PUT" , "/provisioners/{name}" , authnz ( h . UpdateProvisioner ) )
r . MethodFunc ( "DELETE" , "/provisioners/{name}" , authnz ( h . DeleteProvisioner ) )
// Admins
r . MethodFunc ( "GET" , "/admins/{id}" , authnz ( h . GetAdmin ) )
r . MethodFunc ( "GET" , "/admins" , authnz ( h . GetAdmins ) )
r . MethodFunc ( "POST" , "/admins" , authnz ( h . CreateAdmin ) )
r . MethodFunc ( "PATCH" , "/admins/{id}" , authnz ( h . UpdateAdmin ) )
r . MethodFunc ( "DELETE" , "/admins/{id}" , authnz ( h . DeleteAdmin ) )
2021-07-17 15:35:44 +00:00
2021-07-23 13:16:11 +00:00
// ACME External Account Binding Keys
2022-02-08 12:26:30 +00:00
r . MethodFunc ( "GET" , "/acme/eab/{provisionerName}/{reference}" , authnz ( requireEABEnabled ( h . acmeResponder . GetExternalAccountKeys ) ) )
r . MethodFunc ( "GET" , "/acme/eab/{provisionerName}" , authnz ( requireEABEnabled ( h . acmeResponder . GetExternalAccountKeys ) ) )
r . MethodFunc ( "POST" , "/acme/eab/{provisionerName}" , authnz ( requireEABEnabled ( h . acmeResponder . CreateExternalAccountKey ) ) )
r . MethodFunc ( "DELETE" , "/acme/eab/{provisionerName}/{id}" , authnz ( requireEABEnabled ( h . acmeResponder . DeleteExternalAccountKey ) ) )
2022-03-15 14:51:45 +00:00
// Policy - Authority
r . MethodFunc ( "GET" , "/policy" , authnz ( enabledInStandalone ( h . policyResponder . GetAuthorityPolicy ) ) )
r . MethodFunc ( "POST" , "/policy" , authnz ( enabledInStandalone ( h . policyResponder . CreateAuthorityPolicy ) ) )
r . MethodFunc ( "PUT" , "/policy" , authnz ( enabledInStandalone ( h . policyResponder . UpdateAuthorityPolicy ) ) )
r . MethodFunc ( "DELETE" , "/policy" , authnz ( enabledInStandalone ( h . policyResponder . DeleteAuthorityPolicy ) ) )
// Policy - Provisioner
//r.MethodFunc("GET", "/provisioners/{name}/policy", noauth(h.policyResponder.GetProvisionerPolicy))
r . MethodFunc ( "GET" , "/provisioners/{name}/policy" , authnz ( disabledInStandalone ( h . policyResponder . GetProvisionerPolicy ) ) )
r . MethodFunc ( "POST" , "/provisioners/{name}/policy" , authnz ( disabledInStandalone ( h . policyResponder . CreateProvisionerPolicy ) ) )
r . MethodFunc ( "PUT" , "/provisioners/{name}/policy" , authnz ( disabledInStandalone ( h . policyResponder . UpdateProvisionerPolicy ) ) )
r . MethodFunc ( "DELETE" , "/provisioners/{name}/policy" , authnz ( disabledInStandalone ( h . policyResponder . DeleteProvisionerPolicy ) ) )
// Policy - ACME Account
// TODO: ensure we don't clash with eab; might want to change eab paths slightly (as long as we don't have it released completely; needs changes in adminClient too)
r . MethodFunc ( "GET" , "/acme/{provisionerName}/{accountID}/policy" , authnz ( disabledInStandalone ( h . policyResponder . GetACMEAccountPolicy ) ) )
r . MethodFunc ( "POST" , "/acme/{provisionerName}/{accountID}/policy" , authnz ( disabledInStandalone ( h . policyResponder . CreateACMEAccountPolicy ) ) )
r . MethodFunc ( "PUT" , "/acme/{provisionerName}/{accountID}/policy" , authnz ( disabledInStandalone ( h . policyResponder . UpdateACMEAccountPolicy ) ) )
r . MethodFunc ( "DELETE" , "/acme/{provisionerName}/{accountID}/policy" , authnz ( disabledInStandalone ( h . policyResponder . DeleteACMEAccountPolicy ) ) )
2021-05-03 19:48:20 +00:00
}