Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added certificate management #71

Merged
merged 27 commits into from
Jun 7, 2024
Merged

Added certificate management #71

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
8991d78
Fixed some token logic
djthorpe Jun 5, 2024
d4f61f0
Start of plugin loading
djthorpe Jun 5, 2024
424ae98
Updated plugins
djthorpe Jun 6, 2024
b7d216f
Updated some notes
djthorpe Jun 6, 2024
4e190d2
Uodated JSON
djthorpe Jun 6, 2024
ba68fb6
Added some cert methods
djthorpe Jun 6, 2024
fd065f0
Updated cert
djthorpe Jun 6, 2024
0bc65c4
Updated cert
djthorpe Jun 6, 2024
5bb11f4
Added NewFromBytes
djthorpe Jun 6, 2024
4cce08e
Updated cert
djthorpe Jun 6, 2024
24adb9c
Update interface.go
djthorpe Jun 6, 2024
40be27b
Updated certmanager
djthorpe Jun 7, 2024
6a4e4c2
Added CreateCA endpoint
djthorpe Jun 7, 2024
8417ef6
Added JSON response for a cert
djthorpe Jun 7, 2024
553d365
Updated CA testing
djthorpe Jun 7, 2024
3999abd
Updated endpoints
djthorpe Jun 7, 2024
0ce89a7
Updated error returned
djthorpe Jun 7, 2024
ab7dabf
Updated
djthorpe Jun 7, 2024
28416cf
Updated errors
djthorpe Jun 7, 2024
80960c4
Added certificate response
djthorpe Jun 7, 2024
0dd4728
Updated
djthorpe Jun 7, 2024
e378f0a
Updated endpoints
djthorpe Jun 7, 2024
2f84940
Updated
djthorpe Jun 7, 2024
2d99161
Reverse middleware
djthorpe Jun 7, 2024
da1e15f
Go back to previous
djthorpe Jun 7, 2024
f96dc97
Updated
djthorpe Jun 7, 2024
d9d7a64
Added validity response
djthorpe Jun 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/http-server/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@ import (
// Packages
server "github.com/mutablelogic/go-server"
ctx "github.com/mutablelogic/go-server/pkg/context"
logger "github.com/mutablelogic/go-server/pkg/handler/logger"
router "github.com/mutablelogic/go-server/pkg/handler/router"
static "github.com/mutablelogic/go-server/pkg/handler/static"
httpserver "github.com/mutablelogic/go-server/pkg/httpserver"
logger "github.com/mutablelogic/go-server/pkg/middleware/logger"
provider "github.com/mutablelogic/go-server/pkg/provider"
)

Expand Down
28 changes: 26 additions & 2 deletions cmd/nginx-server/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,13 @@ import (
server "github.com/mutablelogic/go-server"
ctx "github.com/mutablelogic/go-server/pkg/context"
auth "github.com/mutablelogic/go-server/pkg/handler/auth"
certmanager "github.com/mutablelogic/go-server/pkg/handler/certmanager"
certstore "github.com/mutablelogic/go-server/pkg/handler/certmanager/certstore"
logger "github.com/mutablelogic/go-server/pkg/handler/logger"
nginx "github.com/mutablelogic/go-server/pkg/handler/nginx"
router "github.com/mutablelogic/go-server/pkg/handler/router"
tokenjar "github.com/mutablelogic/go-server/pkg/handler/tokenjar"
httpserver "github.com/mutablelogic/go-server/pkg/httpserver"
logger "github.com/mutablelogic/go-server/pkg/middleware/logger"
provider "github.com/mutablelogic/go-server/pkg/provider"
)

Expand Down Expand Up @@ -68,6 +70,21 @@ func main() {
log.Fatal(err)
}

// Cert Storage
certstore, err := certstore.Config{
DataPath: filepath.Join(n.(nginx.Nginx).Config(), "cert"),
Group: *group,
}.New()
if err != nil {
log.Fatal(err)
}
certmanager, err := certmanager.Config{
CertStorage: certstore.(certmanager.CertStorage),
}.New()
if err != nil {
log.Fatal(err)
}

// Location of the FCGI unix socket
socket := filepath.Join(n.(nginx.Nginx).Config(), "run/go-server.sock")

Expand All @@ -88,6 +105,13 @@ func main() {
auth.(server.Middleware),
},
},
"cert": { // /api/cert/...
Service: certmanager.(server.ServiceEndpoints),
Middleware: []server.Middleware{
logger.(server.Middleware),
auth.(server.Middleware),
},
},
},
}.New()
if err != nil {
Expand All @@ -105,7 +129,7 @@ func main() {
}

// Run until we receive an interrupt
provider := provider.NewProvider(logger, n, jar, auth, router, httpserver)
provider := provider.NewProvider(logger, n, jar, auth, certstore, certmanager, router, httpserver)
provider.Print(ctx, "Press CTRL+C to exit")
if err := provider.Run(ctx); err != nil {
log.Fatal(err)
Expand Down
103 changes: 103 additions & 0 deletions cmd/run/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
package main

import (
"errors"
"flag"
"fmt"
"os"
"path/filepath"
"strings"

// Packages
"github.com/mutablelogic/go-server/pkg/provider"
)

func main() {
var pluginPath string
name := filepath.Base(os.Args[0])
flags := flag.NewFlagSet(name, flag.ContinueOnError)
flags.StringVar(&pluginPath, "plugin", "*.plugin", "Path to plugins")
if err := flags.Parse(os.Args[1:]); err != nil {
os.Exit(1)
}

// If the path is relative, then make it absolute to either the binary path
// or the current working directory
if !filepath.IsAbs(pluginPath) {
if strings.HasPrefix(pluginPath, ".") || strings.HasPrefix(pluginPath, "..") {
if wd, err := os.Getwd(); err == nil {
pluginPath = filepath.Clean(filepath.Join(wd, pluginPath))
}
} else if exec, err := os.Executable(); err == nil {
pluginPath = filepath.Clean(filepath.Join(filepath.Dir(exec), pluginPath))
}
}

// Create a new provider, load plugins
provider, err := provider.New()
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}
if err := provider.LoadPluginsForPattern(pluginPath); err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}

// Create configurations
var result error
for _, plugin := range []string{"logger", "httpserver", "router", "nginx-handler", "auth-handler", "tokenjar-handler"} {
if _, err := provider.New(plugin); err != nil {
result = errors.Join(result, err)
}
}
if result != nil {
fmt.Fprintln(os.Stderr, result)
os.Exit(1)
}

// TODO: Set parameters from a JSON file
provider.Set("logger.flags", []string{"default", "prefix"})
}

/*
{
"logger": {
"flags": ["default", "prefix"]
},
"nginx": {
"binary": "/usr/local/bin/nginx",
"data": "/var/run/nginx",
"group": "www-data",
},
httpserver": {
"listen": "run/go-server.sock",
"group": "www-data",
"router": "${ router }",
},
"router": {
"services": {
"nginx": {
"service": "${ nginx }",
"middleware": ["logger", "auth"]
},
"auth": {
"service": "${ auth }",
"middleware": ["logger", "auth"]
},
"router": {
"service": "${ router }",
"middleware": ["logger", "auth"]
},
},
"auth": {
"tokenjar": "${ tokenjar }",
"tokenbytes": 16,
"bearer": true,
},
"tokenjar": {
"data": "run",
"writeinterval": "30s",
},
}
*/
5 changes: 5 additions & 0 deletions etc/json/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@

# JSON configuration files

Examples of JSON configuration files for the run command. This is not yet
implemented, but will be in the future.
52 changes: 52 additions & 0 deletions etc/json/nginx-proxy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"logger": {
"flags": [
"default",
"prefix"
]
},
"nginx": {
"binary": "/usr/local/bin/nginx",
"data": "/var/run/nginx",
"group": "nginx"
},
"tokenjar": {
"data": "run",
"writeinterval": "30s"
},
"auth": {
"tokenjar": "${ tokenjar }",
"tokenbytes": 16,
"bearer": true
},
"router": {
"services": {
"nginx": {
"service": "${ nginx }",
"middleware": [
"logger",
"auth"
]
},
"auth": {
"service": "${ auth }",
"middleware": [
"logger",
"auth"
]
},
"router": {
"service": "${ router }",
"middleware": [
"logger",
"auth"
]
}
}
},
"httpserver": {
"listen": "run/go-server.sock",
"group": "nginx",
"router": "${ router }"
}
}
14 changes: 4 additions & 10 deletions pkg/handler/auth/middleware.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,25 +47,19 @@ func (middleware *auth) Wrap(ctx context.Context, next http.HandlerFunc) http.Ha

// Get token from the jar - check it is found and valid
token := middleware.jar.GetWithValue(tokenValue)
authorized := true
if token.IsZero() {
authorized = false
httpresponse.Error(w, http.StatusUnauthorized, "invalid or missing token")
return
} else if !token.IsValid() {
authorized = false
httpresponse.Error(w, http.StatusUnauthorized, "invalid or missing token")
httpresponse.Error(w, http.StatusUnauthorized, "invalid token")
return
} else if token.IsScope(ScopeRoot) {
// Allow - token is a super-user token
} else if allowedScopes := router.Scope(r.Context()); len(allowedScopes) == 0 {
// Allow - no scopes have been defined on this endpoint
} else if !token.IsScope(allowedScopes...) {
// Deny - token does not have the required scopes
authorized = false
httpresponse.Error(w, http.StatusUnauthorized, "required scope: ", strings.Join(allowedScopes, ","))
}

// Return unauthorized if token is not found or not valid
if !authorized {
httpresponse.Error(w, http.StatusUnauthorized, "required scope "+strings.Join(allowedScopes, ", "))
return
}

Expand Down
Loading
Loading