add more reqs - WIP WILL NOT BUILD

This commit is contained in:
c0repwn3r 2023-03-01 14:35:13 -05:00
parent 597ab081f6
commit 85cee5fb4e
Signed by: core
GPG Key ID: FDBF740DADDCEECF
6 changed files with 101 additions and 3 deletions

4
Cargo.lock generated
View File

@ -1022,6 +1022,9 @@ name = "ipnet"
version = "2.7.1" version = "2.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "30e22bd8629359895450b59ea7a776c850561b96a3b1d31321c1949d9e6c9146" checksum = "30e22bd8629359895450b59ea7a776c850561b96a3b1d31321c1949d9e6c9146"
dependencies = [
"serde",
]
[[package]] [[package]]
name = "itertools" name = "itertools"
@ -2403,6 +2406,7 @@ dependencies = [
"chrono", "chrono",
"dotenvy", "dotenvy",
"hex", "hex",
"ipnet",
"log", "log",
"paste", "paste",
"rand", "rand",

View File

@ -25,3 +25,4 @@ hex = "0.4.3"
rand = "0.8.5" rand = "0.8.5"
trifid-pki = { version = "0.1.3", path = "../trifid-pki" } trifid-pki = { version = "0.1.3", path = "../trifid-pki" }
sha2 = "0.10.6" sha2 = "0.10.6"
ipnet = { version = "2.7.1", features = ["serde"] }

View File

@ -180,7 +180,8 @@ async fn main() -> Result<(), Box<dyn Error>> {
crate::routes::v1::organization::orglist_req, crate::routes::v1::organization::orglist_req,
crate::routes::v1::organization::create_org, crate::routes::v1::organization::create_org,
crate::routes::v1::user::get_user, crate::routes::v1::user::get_user,
crate::routes::v1::user::options crate::routes::v1::user::options,
crate::routes::v1::organization::createorgoptions,
]) ])
.register("/", catchers![ .register("/", catchers![
crate::routes::handler_400, crate::routes::handler_400,

View File

@ -0,0 +1,89 @@
// trifid-api, an open source reimplementation of the Defined Networking nebula management server.
// Copyright (C) 2023 c0repwn3r
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
use ipnet::Ipv4Net;
use rocket::{post, options, get, State};
use rocket::http::{ContentType, Status};
use rocket::serde::json::Json;
use sqlx::PgPool;
use crate::config::TFConfig;
use serde::{Serialize, Deserialize};
use crate::auth::TOTPAuthenticatedUserInfo;
use crate::org::get_org_ca_pool;
#[options("/v1/org/<_id>/ca")]
pub fn options(_id: i32) -> &'static str {
""
}
#[derive(Serialize, Deserialize)]
#[serde(crate = "rocket::serde")]
pub struct CaList {
pub trusted_cas: Vec<CA>,
pub blocklisted_certs: Vec<String>
}
#[derive(Serialize, Deserialize)]
#[serde(crate = "rocket::serde")]
pub struct CA {
pub fingerprint: String,
pub cert: String
}
#[get("/v1/org/<id>/ca")]
pub async fn get_cas_for_org(id: i32, user: TOTPAuthenticatedUserInfo, db: &State<PgPool>) -> Result<(ContentType, Json<CaList>), (Status, String)> {
let ca_pool = match get_org_ca_pool(id, db.inner()).await {
Ok(pool) => pool,
Err(e) => {
return Err((Status::InternalServerError, format!("{{\"errors\":[{{\"code\":\"ERR_QL_QUERY_FAILED\",\"message\":\"unable to load certificates from database - {}\"}}]}}", e)));
}
};
let mut trusted_cas = vec![];
for (fingerprint, cert) in ca_pool.cas {
trusted_cas.push(CA {
fingerprint,
cert: match cert.serialize_to_pem() {
Ok(pem) => match String::from_utf8(pem) {
Ok(str) => str,
Err(e) => return Err((Status::InternalServerError, format!("{{\"errors\":[{{\"code\":\"ERR_QL_QUERY_FAILED\",\"message\":\"unable to encode one of the serialized certificates - {}\"}}]}}", e)))
},
Err(e) => {
return Err((Status::InternalServerError, format!("{{\"errors\":[{{\"code\":\"ERR_QL_QUERY_FAILED\",\"message\":\"unable to serialize one of the certificates - {}\"}}]}}", e)));
}
}
})
}
Ok((ContentType::JSON, Json(CaList {
trusted_cas,
blocklisted_certs: ca_pool.cert_blocklist,
})))
}
#[derive(Serialize, Deserialize)]
#[serde(crate = "rocket::serde")]
pub struct CreateCARequest {
pub ip_ranges: Vec<Ipv4Net>,
pub subnet_ranges: Vec<Ipv4Net>,
pub groups: Vec<String>
}
#[post("/v1/org/<id>/ca", data = "<data>")]
pub async fn create_signing_ca_req(id: i32, data: Json<CreateCARequest>, user: TOTPAuthenticatedUserInfo, config: &State<TFConfig>, db: &State<PgPool>) {
}

View File

@ -21,3 +21,4 @@ pub mod totp_authenticators;
pub mod verify_totp_authenticator; pub mod verify_totp_authenticator;
pub mod organization; pub mod organization;
pub mod user; pub mod user;
pub mod ca;

View File

@ -32,6 +32,8 @@ pub fn options() -> &'static str {
pub fn orgidoptions(_id: i32) -> &'static str { pub fn orgidoptions(_id: i32) -> &'static str {
"" ""
} }
#[options("/v1/org")]
pub fn createorgoptions() -> &'static str {""}
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
#[serde(crate = "rocket::serde")] #[serde(crate = "rocket::serde")]