admin/NewSmoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

created handlers for certificate manipulation in vault. Inserted device mTLS guards for public faced endpoints

Browse Source
This commit is contained in:
dtv
2025-10-04 23:12:03 +03:00
parent 35e59c4879
commit 6a5ddd66ba
8 changed files with 555 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/internal/router/router.go
View File

@@ -33,7 +33,8 @@ func Build(db *gorm.DB, minio *minio.Client, cfg *config.Config) *gin.Engine {
trackersH := handlers.NewTrackersHandler(db)
tasksH := handlers.NewTasksHandler(db)
certsH := handlers.NewCertsHandler(db, &cfg.PkiIot, "720h")
certsAdminH := handlers.NewCertsAdminHandler(db, &cfg.PkiIot)
// --- Public auth
r.POST("/auth/signup", authH.SignUp)
r.POST("/auth/signin", authH.SignIn)
@@ -52,15 +53,17 @@ func Build(db *gorm.DB, minio *minio.Client, cfg *config.Config) *gin.Engine {
r.DELETE("/users/:id", authMW, adminOnly, usersH.Delete)
r.GET("/devices", authMW, middleware.DeviceAccessFilter(), devH.List)
r.POST("/devices/create", authMW, devH.Create)
r.POST("/devices/create", authMW, adminOnly, devH.Create)
r.POST("/devices/:guid/rename", authMW, devH.Rename)
r.POST("/devices/:guid/add_to_user", authMW, devH.AddToUser)
r.POST("/devices/:guid/set_users", authMW, adminOnly, devH.SetUsers)
r.POST("/devices/:guid/remove_from_user", authMW, devH.RemoveFromUser)
r.POST("/device/:guid/task", authMW, middleware.DeviceAccessFilter(), tasksH.CreateTask)
r.GET("/device/:guid/tasks", authMW, middleware.DeviceAccessFilter(), tasksH.ListDeviceTasks)
r.GET("/device/:guid/certs", authMW, adminOnly, devH.ListCertsByDevice)
r.POST("/certs/revoke", authMW, adminOnly, certsAdminH.Revoke)
r.POST("/records/upload", recH.Upload)
r.POST("/records/upload", middleware.MTLSGuardUpload(db), recH.Upload)
r.GET("/records", authMW, recH.List)
r.GET("/records/:id/file", authMW, recH.File)
@@ -86,9 +89,11 @@ func Build(db *gorm.DB, minio *minio.Client, cfg *config.Config) *gin.Engine {
r.POST("/trackers/:guid/set_users", authMW, adminOnly, trackersH.SetUsers)
// --- Device Job/Task API
r.GET("/tasks/:guid", tasksH.DeviceNextTask) // heartbeat + fetch next task
r.POST("/tasks/:guid", tasksH.DevicePostResult) // device posts result
r.GET("/tasks/:guid", middleware.MTLSGuard(db), tasksH.DeviceNextTask) // heartbeat + fetch next task
r.POST("/tasks/:guid", middleware.MTLSGuard(db), tasksH.DevicePostResult) // device posts result
r.POST("/enroll/:guid", certsH.Enroll) // simple device-exists check is inside handler
r.POST("/renew/:guid", middleware.MTLSGuard(db), certsH.Renew)
// sensible defaults
r.MaxMultipartMemory = 64 << 20 // 64 MiB
_ = time.Now() // appease linters