Compare commits
1 Commits
master
...
api-and-we
Author | SHA1 | Date |
---|---|---|
core | 6275cb6d3e |
|
@ -3083,7 +3083,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "trifid-api"
|
name = "trifid-api"
|
||||||
version = "0.3.0-alpha1"
|
version = "0.3.0-alpha2"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"actix-cors",
|
"actix-cors",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "trifid-api"
|
name = "trifid-api"
|
||||||
version = "0.3.0-alpha1"
|
version = "0.3.0-alpha2"
|
||||||
authors = ["core <core@e3t.cc>"]
|
authors = ["core <core@e3t.cc>"]
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
description = "An open-source reimplementation of the Defined Networking API server"
|
description = "An open-source reimplementation of the Defined Networking API server"
|
||||||
|
|
|
@ -4,9 +4,9 @@
|
||||||
// Review carefully what you write here!
|
// Review carefully what you write here!
|
||||||
|
|
||||||
use crate::crypt::sign_cert_with_ca;
|
use crate::crypt::sign_cert_with_ca;
|
||||||
use crate::models::{Host, HostKey, HostOverride, Network, Role, RoleFirewallRule, SigningCA};
|
use crate::models::{Host, HostKey, HostOverride, Network, RoleFirewallRule, SigningCA};
|
||||||
use crate::schema::{
|
use crate::schema::{
|
||||||
host_keys, host_overrides, hosts, networks, role_firewall_rules, roles, signing_cas,
|
host_keys, host_overrides, hosts, networks, role_firewall_rules, signing_cas,
|
||||||
};
|
};
|
||||||
use crate::AppState;
|
use crate::AppState;
|
||||||
use actix_web::web::Data;
|
use actix_web::web::Data;
|
||||||
|
@ -109,6 +109,15 @@ pub async fn generate_config(
|
||||||
signature: vec![],
|
signature: vec![],
|
||||||
};
|
};
|
||||||
|
|
||||||
|
let ca_cert: NebulaCertificate = serde_json::from_value(signing_ca.cert.clone()).unwrap();
|
||||||
|
|
||||||
|
if cert.details.not_before < ca_cert.details.not_before {
|
||||||
|
cert.details.not_before = ca_cert.details.not_before; // prevent issuing invalid certs
|
||||||
|
}
|
||||||
|
if cert.details.not_after > ca_cert.details.not_after {
|
||||||
|
cert.details.not_after = ca_cert.details.not_after; // prevent issuing invalid certs
|
||||||
|
}
|
||||||
|
|
||||||
sign_cert_with_ca(signing_ca, &mut cert, &state.config).unwrap();
|
sign_cert_with_ca(signing_ca, &mut cert, &state.config).unwrap();
|
||||||
|
|
||||||
let all_blocked_hosts = hosts::dsl::hosts
|
let all_blocked_hosts = hosts::dsl::hosts
|
||||||
|
|
Loading…
Reference in New Issue