From 7798356bda0265ad27ca6537b64c5b6b5afcd71b Mon Sep 17 00:00:00 2001 From: giomba Date: Mon, 10 Apr 2023 17:28:41 +0200 Subject: [PATCH] Add certificate renew endpoint. --- README.md | 19 ++++++++++--------- main.py | 12 ++++++++++++ 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 2d0cd60..6ed2cee 100644 --- a/README.md +++ b/README.md @@ -28,15 +28,16 @@ Using the REST API, the system administrator can manage the `uug` part of the is Since the whole `2001:470:c844:uug0::/60` network will be forwared to/from the user gateway, then she has to manage the *n* part of the address (if she wants), for example using forwarding again and DHCPv6 or SLAAC with radv. ## REST API endpoints -| endpoint | method | body | description | -|---------------------------|:---------:|-------------------------------|-----------------------| -| /users | GET | | get list of users | -| /users | POST | ```{ "name": "johndoe" }``` | create new user | -| /gateways | GET | | get list of gateways | -| /gateways | POST | ```{ "name": "fqdn.domain.tld", "user": "johndoe" }``` | create new gateway for user | -| /gateway/$fqdn | GET | | get info about gateway | -| /gateway/$fqdn | DELETE | | delete gateway | -| /gateway/$fqdn/config | GET | | get client config file for gateway | +| endpoint | method | body | description | +| --------------------- | :----: | ------------------------------------------------------ | -------------------------------------------------------------------- | +| /users | GET | | get list of users | +| /users | POST | ```{ "name": "johndoe" }``` | create new user | +| /gateways | GET | | get list of gateways | +| /gateways | POST | ```{ "name": "fqdn.domain.tld", "user": "johndoe" }``` | create new gateway for user | +| /gateway/$fqdn | GET | | get info about gateway | +| /gateway/$fqdn | DELETE | | delete gateway | +| /gateway/$fqdn/config | GET | | get client config file for gateway | +| /gateway/$fqdn/renew | POST | | generate new certificate for gateway (min 30 days before expiration) | ## Technical details VPNUnit runs inside a Docker container, and stores its data in the `/data` subvolume (which is usually mounted on `/srv/vpnunit` on the physical machine). diff --git a/main.py b/main.py index 60c5028..f95efbe 100644 --- a/main.py +++ b/main.py @@ -257,6 +257,18 @@ def get_gateway_config(fqdn): ) +@app.route("/gateway//renew", methods=["POST"]) +@auth.login_required +def post_gateway_renew(fqdn): + os.environ["EASYRSA_CERT_EXPIRE"] = "180" # days + + r = os.system("easyrsa renew {} nopass".format(fqdn)) + if r != 0: + raise Ex(500, "exit: {} cannot renew") + + return jsonify({"status": "ok"}) + + @app.route("/gateway/", methods=["DELETE"]) @auth.login_required def delete_gateway(fqdn):