Add certificate renew endpoint.

2023-04-10 17:28:41 +02:00 · 2023-04-10 17:28:41 +02:00 · 7798356bda
parent 7eb3e946e5
commit 7798356bda
2 changed files with 22 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -28,15 +28,16 @@ Using the REST API, the system administrator can manage the `uug` part of the is
 Since the whole `2001:470:c844:uug0::/60` network will be forwared to/from the user gateway, then she has to manage the *n* part of the address (if she wants), for example using forwarding again and DHCPv6 or SLAAC with radv.

 ## REST API endpoints
-| endpoint                  | method    | body                          | description           |
-|---------------------------|:---------:|-------------------------------|-----------------------|
-| /users                    | GET       |                               | get list of users     |
-| /users                    | POST      | ```{ "name": "johndoe" }```   | create new user       |
-| /gateways                 | GET       |                               | get list of gateways  |
-| /gateways                 | POST      | ```{ "name": "fqdn.domain.tld", "user": "johndoe" }```    | create new gateway for user |
-| /gateway/$fqdn            | GET       |                               | get info about gateway    |
-| /gateway/$fqdn            | DELETE    |                               | delete gateway            |
-| /gateway/$fqdn/config     | GET       |                               | get client config file for gateway |
+| endpoint              | method | body                                                   | description                                                          |
+| --------------------- | :----: | ------------------------------------------------------ | -------------------------------------------------------------------- |
+| /users                |  GET   |                                                        | get list of users                                                    |
+| /users                |  POST  | ```{ "name": "johndoe" }```                            | create new user                                                      |
+| /gateways             |  GET   |                                                        | get list of gateways                                                 |
+| /gateways             |  POST  | ```{ "name": "fqdn.domain.tld", "user": "johndoe" }``` | create new gateway for user                                          |
+| /gateway/$fqdn        |  GET   |                                                        | get info about gateway                                               |
+| /gateway/$fqdn        | DELETE |                                                        | delete gateway                                                       |
+| /gateway/$fqdn/config |  GET   |                                                        | get client config file for gateway                                   |
+| /gateway/$fqdn/renew  |  POST  |                                                        | generate new certificate for gateway (min 30 days before expiration) |

 ## Technical details
 VPNUnit runs inside a Docker container, and stores its data in the `/data` subvolume (which is usually mounted on `/srv/vpnunit` on the physical machine).
--- a/main.py
+++ b/main.py
@ -257,6 +257,18 @@ def get_gateway_config(fqdn):
    )


+@app.route("/gateway/<fqdn>/renew", methods=["POST"])
+@auth.login_required
+def post_gateway_renew(fqdn):
+    os.environ["EASYRSA_CERT_EXPIRE"] = "180"  # days
+
+    r = os.system("easyrsa renew {} nopass".format(fqdn))
+    if r != 0:
+        raise Ex(500, "exit: {} cannot renew")
+
+    return jsonify({"status": "ok"})
+
+
@app.route("/gateway/<fqdn>", methods=["DELETE"])
@auth.login_required
 def delete_gateway(fqdn):