certificates/authority/admin/api/handler.go

package api

import (
	"context"
	"net/http"

	"github.com/smallstep/certificates/api"
	"github.com/smallstep/certificates/authority"
)

var mustAuthority = func(ctx context.Context) adminAuthority {
	return authority.MustFromContext(ctx)
}

type router struct {
	acmeResponder    ACMEAdminResponder
	policyResponder  PolicyAdminResponder
	webhookResponder WebhookAdminResponder
}

type RouterOption func(*router)

func WithACMEResponder(acmeResponder ACMEAdminResponder) RouterOption {
	return func(r *router) {
		r.acmeResponder = acmeResponder
	}
}

func WithPolicyResponder(policyResponder PolicyAdminResponder) RouterOption {
	return func(r *router) {
		r.policyResponder = policyResponder
	}
}

func WithWebhookResponder(webhookResponder WebhookAdminResponder) RouterOption {
	return func(r *router) {
		r.webhookResponder = webhookResponder
	}
}

// Route traffic and implement the Router interface.
func Route(r api.Router, options ...RouterOption) {
	router := &router{}
	for _, fn := range options {
		fn(router)
	}

	authnz := func(next http.HandlerFunc) http.HandlerFunc {
		return extractAuthorizeTokenAdmin(requireAPIEnabled(next))
	}

	enabledInStandalone := func(next http.HandlerFunc) http.HandlerFunc {
		return checkAction(next, true)
	}

	disabledInStandalone := func(next http.HandlerFunc) http.HandlerFunc {
		return checkAction(next, false)
	}

	acmeEABMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
		return authnz(loadProvisionerByName(requireEABEnabled(next)))
	}

	authorityPolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
		return authnz(enabledInStandalone(next))
	}

	provisionerPolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
		return authnz(disabledInStandalone(loadProvisionerByName(next)))
	}

	acmePolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
		return authnz(disabledInStandalone(loadProvisionerByName(requireEABEnabled(loadExternalAccountKey(next)))))
	}

	webhookMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
		return authnz(loadProvisionerByName(next))
	}

	// Provisioners
	r.MethodFunc("GET", "/provisioners/{name}", authnz(GetProvisioner))
	r.MethodFunc("GET", "/provisioners", authnz(GetProvisioners))
	r.MethodFunc("POST", "/provisioners", authnz(CreateProvisioner))
	r.MethodFunc("PUT", "/provisioners/{name}", authnz(UpdateProvisioner))
	r.MethodFunc("DELETE", "/provisioners/{name}", authnz(DeleteProvisioner))

	// Admins
	r.MethodFunc("GET", "/admins/{id}", authnz(GetAdmin))
	r.MethodFunc("GET", "/admins", authnz(GetAdmins))
	r.MethodFunc("POST", "/admins", authnz(CreateAdmin))
	r.MethodFunc("PATCH", "/admins/{id}", authnz(UpdateAdmin))
	r.MethodFunc("DELETE", "/admins/{id}", authnz(DeleteAdmin))

	// ACME responder
	if router.acmeResponder != nil {
		// ACME External Account Binding Keys
		r.MethodFunc("GET", "/acme/eab/{provisionerName}/{reference}", acmeEABMiddleware(router.acmeResponder.GetExternalAccountKeys))
		r.MethodFunc("GET", "/acme/eab/{provisionerName}", acmeEABMiddleware(router.acmeResponder.GetExternalAccountKeys))
		r.MethodFunc("POST", "/acme/eab/{provisionerName}", acmeEABMiddleware(router.acmeResponder.CreateExternalAccountKey))
		r.MethodFunc("DELETE", "/acme/eab/{provisionerName}/{id}", acmeEABMiddleware(router.acmeResponder.DeleteExternalAccountKey))
	}

	// Policy responder
	if router.policyResponder != nil {
		// Policy - Authority
		r.MethodFunc("GET", "/policy", authorityPolicyMiddleware(router.policyResponder.GetAuthorityPolicy))
		r.MethodFunc("POST", "/policy", authorityPolicyMiddleware(router.policyResponder.CreateAuthorityPolicy))
		r.MethodFunc("PUT", "/policy", authorityPolicyMiddleware(router.policyResponder.UpdateAuthorityPolicy))
		r.MethodFunc("DELETE", "/policy", authorityPolicyMiddleware(router.policyResponder.DeleteAuthorityPolicy))

		// Policy - Provisioner
		r.MethodFunc("GET", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(router.policyResponder.GetProvisionerPolicy))
		r.MethodFunc("POST", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(router.policyResponder.CreateProvisionerPolicy))
		r.MethodFunc("PUT", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(router.policyResponder.UpdateProvisionerPolicy))
		r.MethodFunc("DELETE", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(router.policyResponder.DeleteProvisionerPolicy))

		// Policy - ACME Account
		r.MethodFunc("GET", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(router.policyResponder.GetACMEAccountPolicy))
		r.MethodFunc("GET", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(router.policyResponder.GetACMEAccountPolicy))
		r.MethodFunc("POST", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(router.policyResponder.CreateACMEAccountPolicy))
		r.MethodFunc("POST", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(router.policyResponder.CreateACMEAccountPolicy))
		r.MethodFunc("PUT", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(router.policyResponder.UpdateACMEAccountPolicy))
		r.MethodFunc("PUT", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(router.policyResponder.UpdateACMEAccountPolicy))
		r.MethodFunc("DELETE", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(router.policyResponder.DeleteACMEAccountPolicy))
		r.MethodFunc("DELETE", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(router.policyResponder.DeleteACMEAccountPolicy))
	}

	if router.webhookResponder != nil {
		r.MethodFunc("POST", "/provisioners/{provisionerName}/webhooks", webhookMiddleware(router.webhookResponder.CreateProvisionerWebhook))
		r.MethodFunc("PUT", "/provisioners/{provisionerName}/webhooks/{webhookName}", webhookMiddleware(router.webhookResponder.UpdateProvisionerWebhook))
		r.MethodFunc("DELETE", "/provisioners/{provisionerName}/webhooks/{webhookName}", webhookMiddleware(router.webhookResponder.DeleteProvisionerWebhook))
	}
}
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`package api`

			`import (`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`"context"`
Add authority policy API 2022-03-30 12:21:39 +00:00			`"net/http"`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`"github.com/smallstep/certificates/api"`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`"github.com/smallstep/certificates/authority"`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`)`

Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`var mustAuthority = func(ctx context.Context) adminAuthority {`
			`return authority.MustFromContext(ctx)`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`}`

Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`type router struct {`
			`acmeResponder ACMEAdminResponder`
			`policyResponder PolicyAdminResponder`
			`webhookResponder WebhookAdminResponder`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`}`

Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`type RouterOption func(*router)`

			`func WithACMEResponder(acmeResponder ACMEAdminResponder) RouterOption {`
			`return func(r *router) {`
			`r.acmeResponder = acmeResponder`
Fix PR comments 2021-07-22 21:48:41 +00:00			`}`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`}`

Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`func WithPolicyResponder(policyResponder PolicyAdminResponder) RouterOption {`
			`return func(r *router) {`
			`r.policyResponder = policyResponder`
			`}`
			`}`

			`func WithWebhookResponder(webhookResponder WebhookAdminResponder) RouterOption {`
			`return func(r *router) {`
			`r.webhookResponder = webhookResponder`
			`}`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`}`

Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`// Route traffic and implement the Router interface.`
Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`func Route(r api.Router, options ...RouterOption) {`
			`router := &router{}`
			`for _, fn := range options {`
			`fn(router)`
			`}`

Add authority policy API 2022-03-30 12:21:39 +00:00			`authnz := func(next http.HandlerFunc) http.HandlerFunc {`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`return extractAuthorizeTokenAdmin(requireAPIEnabled(next))`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`}`

Add authority policy API 2022-03-30 12:21:39 +00:00			`enabledInStandalone := func(next http.HandlerFunc) http.HandlerFunc {`
Merge branch 'master' into context-authority 2022-05-06 20:21:41 +00:00			`return checkAction(next, true)`
Add API implementation for authority and provisioner policy 2022-03-15 14:51:45 +00:00			`}`

Add authority policy API 2022-03-30 12:21:39 +00:00			`disabledInStandalone := func(next http.HandlerFunc) http.HandlerFunc {`
Merge branch 'master' into context-authority 2022-05-06 20:21:41 +00:00			`return checkAction(next, false)`
Add API implementation for authority and provisioner policy 2022-03-15 14:51:45 +00:00			`}`

Fix (most) PR comments 2022-03-31 14:12:29 +00:00			`acmeEABMiddleware := func(next http.HandlerFunc) http.HandlerFunc {`
Merge branch 'master' into context-authority 2022-05-06 20:21:41 +00:00			`return authnz(loadProvisionerByName(requireEABEnabled(next)))`
Fix (most) PR comments 2022-03-31 14:12:29 +00:00			`}`

			`authorityPolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {`
			`return authnz(enabledInStandalone(next))`
			`}`

			`provisionerPolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {`
Merge branch 'master' into context-authority 2022-05-06 20:21:41 +00:00			`return authnz(disabledInStandalone(loadProvisionerByName(next)))`
Fix (most) PR comments 2022-03-31 14:12:29 +00:00			`}`

			`acmePolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {`
Merge branch 'master' into context-authority 2022-05-06 20:21:41 +00:00			`return authnz(disabledInStandalone(loadProvisionerByName(requireEABEnabled(loadExternalAccountKey(next)))))`
Fix (most) PR comments 2022-03-31 14:12:29 +00:00			`}`

Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`webhookMiddleware := func(next http.HandlerFunc) http.HandlerFunc {`
			`return authnz(loadProvisionerByName(next))`
			`}`

Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`// Provisioners`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`r.MethodFunc("GET", "/provisioners/{name}", authnz(GetProvisioner))`
			`r.MethodFunc("GET", "/provisioners", authnz(GetProvisioners))`
			`r.MethodFunc("POST", "/provisioners", authnz(CreateProvisioner))`
			`r.MethodFunc("PUT", "/provisioners/{name}", authnz(UpdateProvisioner))`
			`r.MethodFunc("DELETE", "/provisioners/{name}", authnz(DeleteProvisioner))`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00
			`// Admins`
Use contexts in admin api handlers 2022-04-27 18:59:32 +00:00			`r.MethodFunc("GET", "/admins/{id}", authnz(GetAdmin))`
			`r.MethodFunc("GET", "/admins", authnz(GetAdmins))`
			`r.MethodFunc("POST", "/admins", authnz(CreateAdmin))`
			`r.MethodFunc("PATCH", "/admins/{id}", authnz(UpdateAdmin))`
			`r.MethodFunc("DELETE", "/admins/{id}", authnz(DeleteAdmin))`
Add first working version of External Account Binding 2021-07-17 15:35:44 +00:00
Change types in the ACMEAdminResponder 2022-05-06 21:11:10 +00:00			`// ACME responder`
Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`if router.acmeResponder != nil {`
Change types in the ACMEAdminResponder 2022-05-06 21:11:10 +00:00			`// ACME External Account Binding Keys`
Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`r.MethodFunc("GET", "/acme/eab/{provisionerName}/{reference}", acmeEABMiddleware(router.acmeResponder.GetExternalAccountKeys))`
			`r.MethodFunc("GET", "/acme/eab/{provisionerName}", acmeEABMiddleware(router.acmeResponder.GetExternalAccountKeys))`
			`r.MethodFunc("POST", "/acme/eab/{provisionerName}", acmeEABMiddleware(router.acmeResponder.CreateExternalAccountKey))`
			`r.MethodFunc("DELETE", "/acme/eab/{provisionerName}/{id}", acmeEABMiddleware(router.acmeResponder.DeleteExternalAccountKey))`
Change types in the ACMEAdminResponder 2022-05-06 21:11:10 +00:00			`}`
Add ACME EAB policy 2022-04-07 12:11:53 +00:00
Change types in the ACMEAdminResponder 2022-05-06 21:11:10 +00:00			`// Policy responder`
Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`if router.policyResponder != nil {`
Change types in the ACMEAdminResponder 2022-05-06 21:11:10 +00:00			`// Policy - Authority`
Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`r.MethodFunc("GET", "/policy", authorityPolicyMiddleware(router.policyResponder.GetAuthorityPolicy))`
			`r.MethodFunc("POST", "/policy", authorityPolicyMiddleware(router.policyResponder.CreateAuthorityPolicy))`
			`r.MethodFunc("PUT", "/policy", authorityPolicyMiddleware(router.policyResponder.UpdateAuthorityPolicy))`
			`r.MethodFunc("DELETE", "/policy", authorityPolicyMiddleware(router.policyResponder.DeleteAuthorityPolicy))`
Change types in the ACMEAdminResponder 2022-05-06 21:11:10 +00:00
			`// Policy - Provisioner`
Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`r.MethodFunc("GET", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(router.policyResponder.GetProvisionerPolicy))`
			`r.MethodFunc("POST", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(router.policyResponder.CreateProvisionerPolicy))`
			`r.MethodFunc("PUT", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(router.policyResponder.UpdateProvisionerPolicy))`
			`r.MethodFunc("DELETE", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(router.policyResponder.DeleteProvisionerPolicy))`
Change types in the ACMEAdminResponder 2022-05-06 21:11:10 +00:00
			`// Policy - ACME Account`
Provisioner webhooks (#1001) 2022-09-30 00:16:26 +00:00			`r.MethodFunc("GET", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(router.policyResponder.GetACMEAccountPolicy))`
			`r.MethodFunc("GET", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(router.policyResponder.GetACMEAccountPolicy))`
			`r.MethodFunc("POST", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(router.policyResponder.CreateACMEAccountPolicy))`
			`r.MethodFunc("POST", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(router.policyResponder.CreateACMEAccountPolicy))`
			`r.MethodFunc("PUT", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(router.policyResponder.UpdateACMEAccountPolicy))`
			`r.MethodFunc("PUT", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(router.policyResponder.UpdateACMEAccountPolicy))`
			`r.MethodFunc("DELETE", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(router.policyResponder.DeleteACMEAccountPolicy))`
			`r.MethodFunc("DELETE", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(router.policyResponder.DeleteACMEAccountPolicy))`
			`}`

			`if router.webhookResponder != nil {`
			`r.MethodFunc("POST", "/provisioners/{provisionerName}/webhooks", webhookMiddleware(router.webhookResponder.CreateProvisionerWebhook))`
			`r.MethodFunc("PUT", "/provisioners/{provisionerName}/webhooks/{webhookName}", webhookMiddleware(router.webhookResponder.UpdateProvisionerWebhook))`
			`r.MethodFunc("DELETE", "/provisioners/{provisionerName}/webhooks/{webhookName}", webhookMiddleware(router.webhookResponder.DeleteProvisionerWebhook))`
Change types in the ACMEAdminResponder 2022-05-06 21:11:10 +00:00			`}`
Admin level API for provisioner mgmt v1 2021-05-03 19:48:20 +00:00			`}`