2021-05-03 19:48:20 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"net/http"
|
|
|
|
|
2022-03-30 08:22:22 +00:00
|
|
|
"github.com/smallstep/certificates/api/render"
|
2021-05-03 19:48:20 +00:00
|
|
|
"github.com/smallstep/certificates/authority/admin"
|
|
|
|
)
|
|
|
|
|
|
|
|
type nextHTTP = func(http.ResponseWriter, *http.Request)
|
|
|
|
|
|
|
|
// requireAPIEnabled is a middleware that ensures the Administration API
|
|
|
|
// is enabled before servicing requests.
|
|
|
|
func (h *Handler) requireAPIEnabled(next nextHTTP) nextHTTP {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
2021-07-07 00:14:13 +00:00
|
|
|
if !h.auth.IsAdminAPIEnabled() {
|
2022-03-30 08:22:22 +00:00
|
|
|
render.Error(w, admin.NewError(admin.ErrorNotImplementedType,
|
2021-05-03 19:48:20 +00:00
|
|
|
"administration API not enabled"))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
next(w, r)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// extractAuthorizeTokenAdmin is a middleware that extracts and caches the bearer token.
|
|
|
|
func (h *Handler) extractAuthorizeTokenAdmin(next nextHTTP) nextHTTP {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
tok := r.Header.Get("Authorization")
|
2021-10-08 18:59:57 +00:00
|
|
|
if tok == "" {
|
2022-03-30 08:22:22 +00:00
|
|
|
render.Error(w, admin.NewError(admin.ErrorUnauthorizedType,
|
2021-05-03 19:48:20 +00:00
|
|
|
"missing authorization header token"))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
adm, err := h.auth.AuthorizeAdminToken(r, tok)
|
|
|
|
if err != nil {
|
2022-03-30 08:22:22 +00:00
|
|
|
render.Error(w, err)
|
2021-05-03 19:48:20 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx := context.WithValue(r.Context(), adminContextKey, adm)
|
|
|
|
next(w, r.WithContext(ctx))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// ContextKey is the key type for storing and searching for ACME request
|
|
|
|
// essentials in the context of a request.
|
|
|
|
type ContextKey string
|
|
|
|
|
|
|
|
const (
|
|
|
|
// adminContextKey account key
|
|
|
|
adminContextKey = ContextKey("admin")
|
|
|
|
)
|