smallstep-certificates/authority/admin/api/handler.go

package api

import (
	"context"
	"net/http"

	"github.com/smallstep/certificates/acme"
	"github.com/smallstep/certificates/api"
	"github.com/smallstep/certificates/authority"
	"github.com/smallstep/certificates/authority/admin"
)

// Handler is the Admin API request handler.
type Handler struct {
	acmeResponder   acmeAdminResponderInterface
	policyResponder PolicyAdminResponder
}

// Route traffic and implement the Router interface.
//
// Deprecated: use Route(r api.Router, acmeResponder acmeAdminResponderInterface)
func (h *Handler) Route(r api.Router) {
	Route(r, h.acmeResponder, h.policyResponder)
}

// NewHandler returns a new Authority Config Handler.
func NewHandler(auth adminAuthority, adminDB admin.DB, acmeDB acme.DB, acmeResponder acmeAdminResponderInterface, policyResponder PolicyAdminResponder) api.RouterHandler {
	return &Handler{
		acmeResponder:   acmeResponder,
		policyResponder: policyResponder,
	}
}

var mustAuthority = func(ctx context.Context) adminAuthority {
	return authority.MustFromContext(ctx)
}

// Route traffic and implement the Router interface.
func Route(r api.Router, acmeResponder acmeAdminResponderInterface, policyResponder PolicyAdminResponder) {
	authnz := func(next http.HandlerFunc) http.HandlerFunc {
		return extractAuthorizeTokenAdmin(requireAPIEnabled(next))
	}

	enabledInStandalone := func(next http.HandlerFunc) http.HandlerFunc {
		return checkAction(next, true)
	}

	disabledInStandalone := func(next http.HandlerFunc) http.HandlerFunc {
		return checkAction(next, false)
	}

	acmeEABMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
		return authnz(loadProvisionerByName(requireEABEnabled(next)))
	}

	authorityPolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
		return authnz(enabledInStandalone(next))
	}

	provisionerPolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
		return authnz(disabledInStandalone(loadProvisionerByName(next)))
	}

	acmePolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {
		return authnz(disabledInStandalone(loadProvisionerByName(requireEABEnabled(loadExternalAccountKey(next)))))
	}

	// Provisioners
	r.MethodFunc("GET", "/provisioners/{name}", authnz(GetProvisioner))
	r.MethodFunc("GET", "/provisioners", authnz(GetProvisioners))
	r.MethodFunc("POST", "/provisioners", authnz(CreateProvisioner))
	r.MethodFunc("PUT", "/provisioners/{name}", authnz(UpdateProvisioner))
	r.MethodFunc("DELETE", "/provisioners/{name}", authnz(DeleteProvisioner))

	// Admins
	r.MethodFunc("GET", "/admins/{id}", authnz(GetAdmin))
	r.MethodFunc("GET", "/admins", authnz(GetAdmins))
	r.MethodFunc("POST", "/admins", authnz(CreateAdmin))
	r.MethodFunc("PATCH", "/admins/{id}", authnz(UpdateAdmin))
	r.MethodFunc("DELETE", "/admins/{id}", authnz(DeleteAdmin))

	// ACME External Account Binding Keys
	r.MethodFunc("GET", "/acme/eab/{provisionerName}/{reference}", acmeEABMiddleware(acmeResponder.GetExternalAccountKeys))
	r.MethodFunc("GET", "/acme/eab/{provisionerName}", acmeEABMiddleware(acmeResponder.GetExternalAccountKeys))
	r.MethodFunc("POST", "/acme/eab/{provisionerName}", acmeEABMiddleware(acmeResponder.CreateExternalAccountKey))
	r.MethodFunc("DELETE", "/acme/eab/{provisionerName}/{id}", acmeEABMiddleware(acmeResponder.DeleteExternalAccountKey))

	// Policy - Authority
	r.MethodFunc("GET", "/policy", authorityPolicyMiddleware(policyResponder.GetAuthorityPolicy))
	r.MethodFunc("POST", "/policy", authorityPolicyMiddleware(policyResponder.CreateAuthorityPolicy))
	r.MethodFunc("PUT", "/policy", authorityPolicyMiddleware(policyResponder.UpdateAuthorityPolicy))
	r.MethodFunc("DELETE", "/policy", authorityPolicyMiddleware(policyResponder.DeleteAuthorityPolicy))

	// Policy - Provisioner
	r.MethodFunc("GET", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(policyResponder.GetProvisionerPolicy))
	r.MethodFunc("POST", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(policyResponder.CreateProvisionerPolicy))
	r.MethodFunc("PUT", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(policyResponder.UpdateProvisionerPolicy))
	r.MethodFunc("DELETE", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(policyResponder.DeleteProvisionerPolicy))

	// Policy - ACME Account
	r.MethodFunc("GET", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(policyResponder.GetACMEAccountPolicy))
	r.MethodFunc("GET", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(policyResponder.GetACMEAccountPolicy))
	r.MethodFunc("POST", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(policyResponder.CreateACMEAccountPolicy))
	r.MethodFunc("POST", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(policyResponder.CreateACMEAccountPolicy))
	r.MethodFunc("PUT", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(policyResponder.UpdateACMEAccountPolicy))
	r.MethodFunc("PUT", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(policyResponder.UpdateACMEAccountPolicy))
	r.MethodFunc("DELETE", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(policyResponder.DeleteACMEAccountPolicy))
	r.MethodFunc("DELETE", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(policyResponder.DeleteACMEAccountPolicy))

}
Admin level API for provisioner mgmt v1 3 years ago			`package api`

			`import (`
Use contexts in admin api handlers 2 years ago			`"context"`
Add authority policy API 2 years ago			`"net/http"`
Use contexts in admin api handlers 2 years ago
Fix PR comments 3 years ago			`"github.com/smallstep/certificates/acme"`
Admin level API for provisioner mgmt v1 3 years ago			`"github.com/smallstep/certificates/api"`
Use contexts in admin api handlers 2 years ago			`"github.com/smallstep/certificates/authority"`
Admin level API for provisioner mgmt v1 3 years ago			`"github.com/smallstep/certificates/authority/admin"`
			`)`

Add tests for ACME EAB Admin Refactored some of the existing bits for testing the Authority API by creation of a new LinkedAuthority interface and changing visibility of the MockAuthority to be usable by other packages. At this time, not all of the functions of MockAuthority it usable yet. Will refactor when needed or requested. 2 years ago			`// Handler is the Admin API request handler.`
Admin level API for provisioner mgmt v1 3 years ago			`type Handler struct {`
Add API implementation for authority and provisioner policy 2 years ago			`acmeResponder acmeAdminResponderInterface`
Use contexts on the new PolicyAdminResponder 2 years ago			`policyResponder PolicyAdminResponder`
Admin level API for provisioner mgmt v1 3 years ago			`}`

Use contexts in admin api handlers 2 years ago			`// Route traffic and implement the Router interface.`
			`//`
			`// Deprecated: use Route(r api.Router, acmeResponder acmeAdminResponderInterface)`
			`func (h *Handler) Route(r api.Router) {`
Merge branch 'master' into context-authority 2 years ago			`Route(r, h.acmeResponder, h.policyResponder)`
Use contexts in admin api handlers 2 years ago			`}`

Admin level API for provisioner mgmt v1 3 years ago			`// NewHandler returns a new Authority Config Handler.`
Use contexts on the new PolicyAdminResponder 2 years ago			`func NewHandler(auth adminAuthority, adminDB admin.DB, acmeDB acme.DB, acmeResponder acmeAdminResponderInterface, policyResponder PolicyAdminResponder) api.RouterHandler {`
Fix PR comments 3 years ago			`return &Handler{`
Add API implementation for authority and provisioner policy 2 years ago			`acmeResponder: acmeResponder,`
			`policyResponder: policyResponder,`
Fix PR comments 3 years ago			`}`
Admin level API for provisioner mgmt v1 3 years ago			`}`

Use contexts in admin api handlers 2 years ago			`var mustAuthority = func(ctx context.Context) adminAuthority {`
			`return authority.MustFromContext(ctx)`
			`}`

Admin level API for provisioner mgmt v1 3 years ago			`// Route traffic and implement the Router interface.`
Use contexts on the new PolicyAdminResponder 2 years ago			`func Route(r api.Router, acmeResponder acmeAdminResponderInterface, policyResponder PolicyAdminResponder) {`
Add authority policy API 2 years ago			`authnz := func(next http.HandlerFunc) http.HandlerFunc {`
Use contexts in admin api handlers 2 years ago			`return extractAuthorizeTokenAdmin(requireAPIEnabled(next))`
Admin level API for provisioner mgmt v1 3 years ago			`}`

Add authority policy API 2 years ago			`enabledInStandalone := func(next http.HandlerFunc) http.HandlerFunc {`
Merge branch 'master' into context-authority 2 years ago			`return checkAction(next, true)`
Add API implementation for authority and provisioner policy 2 years ago			`}`

Add authority policy API 2 years ago			`disabledInStandalone := func(next http.HandlerFunc) http.HandlerFunc {`
Merge branch 'master' into context-authority 2 years ago			`return checkAction(next, false)`
Add API implementation for authority and provisioner policy 2 years ago			`}`

Fix (most) PR comments 2 years ago			`acmeEABMiddleware := func(next http.HandlerFunc) http.HandlerFunc {`
Merge branch 'master' into context-authority 2 years ago			`return authnz(loadProvisionerByName(requireEABEnabled(next)))`
Fix (most) PR comments 2 years ago			`}`

			`authorityPolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {`
			`return authnz(enabledInStandalone(next))`
			`}`

			`provisionerPolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {`
Merge branch 'master' into context-authority 2 years ago			`return authnz(disabledInStandalone(loadProvisionerByName(next)))`
Fix (most) PR comments 2 years ago			`}`

			`acmePolicyMiddleware := func(next http.HandlerFunc) http.HandlerFunc {`
Merge branch 'master' into context-authority 2 years ago			`return authnz(disabledInStandalone(loadProvisionerByName(requireEABEnabled(loadExternalAccountKey(next)))))`
Fix (most) PR comments 2 years ago			`}`

Admin level API for provisioner mgmt v1 3 years ago			`// Provisioners`
Use contexts in admin api handlers 2 years ago			`r.MethodFunc("GET", "/provisioners/{name}", authnz(GetProvisioner))`
			`r.MethodFunc("GET", "/provisioners", authnz(GetProvisioners))`
			`r.MethodFunc("POST", "/provisioners", authnz(CreateProvisioner))`
			`r.MethodFunc("PUT", "/provisioners/{name}", authnz(UpdateProvisioner))`
			`r.MethodFunc("DELETE", "/provisioners/{name}", authnz(DeleteProvisioner))`
Admin level API for provisioner mgmt v1 3 years ago
			`// Admins`
Use contexts in admin api handlers 2 years ago			`r.MethodFunc("GET", "/admins/{id}", authnz(GetAdmin))`
			`r.MethodFunc("GET", "/admins", authnz(GetAdmins))`
			`r.MethodFunc("POST", "/admins", authnz(CreateAdmin))`
			`r.MethodFunc("PATCH", "/admins/{id}", authnz(UpdateAdmin))`
			`r.MethodFunc("DELETE", "/admins/{id}", authnz(DeleteAdmin))`
Add first working version of External Account Binding 3 years ago
Change ACME EAB endpoint 3 years ago			`// ACME External Account Binding Keys`
Merge branch 'master' into context-authority 2 years ago			`r.MethodFunc("GET", "/acme/eab/{provisionerName}/{reference}", acmeEABMiddleware(acmeResponder.GetExternalAccountKeys))`
			`r.MethodFunc("GET", "/acme/eab/{provisionerName}", acmeEABMiddleware(acmeResponder.GetExternalAccountKeys))`
			`r.MethodFunc("POST", "/acme/eab/{provisionerName}", acmeEABMiddleware(acmeResponder.CreateExternalAccountKey))`
			`r.MethodFunc("DELETE", "/acme/eab/{provisionerName}/{id}", acmeEABMiddleware(acmeResponder.DeleteExternalAccountKey))`
Add API implementation for authority and provisioner policy 2 years ago
			`// Policy - Authority`
Merge branch 'master' into context-authority 2 years ago			`r.MethodFunc("GET", "/policy", authorityPolicyMiddleware(policyResponder.GetAuthorityPolicy))`
			`r.MethodFunc("POST", "/policy", authorityPolicyMiddleware(policyResponder.CreateAuthorityPolicy))`
			`r.MethodFunc("PUT", "/policy", authorityPolicyMiddleware(policyResponder.UpdateAuthorityPolicy))`
			`r.MethodFunc("DELETE", "/policy", authorityPolicyMiddleware(policyResponder.DeleteAuthorityPolicy))`
Add API implementation for authority and provisioner policy 2 years ago
			`// Policy - Provisioner`
Merge branch 'master' into context-authority 2 years ago			`r.MethodFunc("GET", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(policyResponder.GetProvisionerPolicy))`
			`r.MethodFunc("POST", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(policyResponder.CreateProvisionerPolicy))`
			`r.MethodFunc("PUT", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(policyResponder.UpdateProvisionerPolicy))`
			`r.MethodFunc("DELETE", "/provisioners/{provisionerName}/policy", provisionerPolicyMiddleware(policyResponder.DeleteProvisionerPolicy))`
Add API implementation for authority and provisioner policy 2 years ago
			`// Policy - ACME Account`
Merge branch 'master' into context-authority 2 years ago			`r.MethodFunc("GET", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(policyResponder.GetACMEAccountPolicy))`
			`r.MethodFunc("GET", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(policyResponder.GetACMEAccountPolicy))`
			`r.MethodFunc("POST", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(policyResponder.CreateACMEAccountPolicy))`
			`r.MethodFunc("POST", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(policyResponder.CreateACMEAccountPolicy))`
			`r.MethodFunc("PUT", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(policyResponder.UpdateACMEAccountPolicy))`
			`r.MethodFunc("PUT", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(policyResponder.UpdateACMEAccountPolicy))`
			`r.MethodFunc("DELETE", "/acme/policy/{provisionerName}/reference/{reference}", acmePolicyMiddleware(policyResponder.DeleteACMEAccountPolicy))`
			`r.MethodFunc("DELETE", "/acme/policy/{provisionerName}/key/{keyID}", acmePolicyMiddleware(policyResponder.DeleteACMEAccountPolicy))`
Add ACME EAB policy 2 years ago
Admin level API for provisioner mgmt v1 3 years ago			`}`