52 lines
1.2 KiB
Go
52 lines
1.2 KiB
Go
package handlers
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"gorm.io/gorm"
|
|
|
|
"smoop-api/internal/models"
|
|
"smoop-api/internal/vault"
|
|
)
|
|
|
|
type CertsAdminHandler struct {
|
|
db *gorm.DB
|
|
pki *vault.PKIClient
|
|
}
|
|
|
|
func NewCertsAdminHandler(db *gorm.DB, pki *vault.PKIClient) *CertsAdminHandler {
|
|
return &CertsAdminHandler{db: db, pki: pki}
|
|
}
|
|
|
|
type RevokeReq struct {
|
|
Serial string `json:"serial" binding:"required"` // hex
|
|
Reason string `json:"reason"`
|
|
}
|
|
|
|
func (h *CertsAdminHandler) Revoke(c *gin.Context) {
|
|
var req RevokeReq
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return
|
|
}
|
|
serial := strings.ToUpper(strings.TrimSpace(req.Serial))
|
|
if serial == "" {
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "serial required"})
|
|
return
|
|
}
|
|
|
|
// store locally (instant kill)
|
|
if err := h.db.Create(&models.RevokedSerial{SerialHex: serial, Reason: req.Reason}).Error; err != nil {
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "db save failed"})
|
|
return
|
|
}
|
|
|
|
// trigger CRL refresh in Vault (best-effort)
|
|
_ = h.pki.RebuildCRL(context.Background())
|
|
|
|
c.JSON(http.StatusOK, gin.H{"revoked": serial})
|
|
}
|