Add certificate renew endpoint.
This commit is contained in:
parent
7eb3e946e5
commit
7798356bda
19
README.md
19
README.md
|
@ -28,15 +28,16 @@ Using the REST API, the system administrator can manage the `uug` part of the is
|
||||||
Since the whole `2001:470:c844:uug0::/60` network will be forwared to/from the user gateway, then she has to manage the *n* part of the address (if she wants), for example using forwarding again and DHCPv6 or SLAAC with radv.
|
Since the whole `2001:470:c844:uug0::/60` network will be forwared to/from the user gateway, then she has to manage the *n* part of the address (if she wants), for example using forwarding again and DHCPv6 or SLAAC with radv.
|
||||||
|
|
||||||
## REST API endpoints
|
## REST API endpoints
|
||||||
| endpoint | method | body | description |
|
| endpoint | method | body | description |
|
||||||
|---------------------------|:---------:|-------------------------------|-----------------------|
|
| --------------------- | :----: | ------------------------------------------------------ | -------------------------------------------------------------------- |
|
||||||
| /users | GET | | get list of users |
|
| /users | GET | | get list of users |
|
||||||
| /users | POST | ```{ "name": "johndoe" }``` | create new user |
|
| /users | POST | ```{ "name": "johndoe" }``` | create new user |
|
||||||
| /gateways | GET | | get list of gateways |
|
| /gateways | GET | | get list of gateways |
|
||||||
| /gateways | POST | ```{ "name": "fqdn.domain.tld", "user": "johndoe" }``` | create new gateway for user |
|
| /gateways | POST | ```{ "name": "fqdn.domain.tld", "user": "johndoe" }``` | create new gateway for user |
|
||||||
| /gateway/$fqdn | GET | | get info about gateway |
|
| /gateway/$fqdn | GET | | get info about gateway |
|
||||||
| /gateway/$fqdn | DELETE | | delete gateway |
|
| /gateway/$fqdn | DELETE | | delete gateway |
|
||||||
| /gateway/$fqdn/config | GET | | get client config file for gateway |
|
| /gateway/$fqdn/config | GET | | get client config file for gateway |
|
||||||
|
| /gateway/$fqdn/renew | POST | | generate new certificate for gateway (min 30 days before expiration) |
|
||||||
|
|
||||||
## Technical details
|
## Technical details
|
||||||
VPNUnit runs inside a Docker container, and stores its data in the `/data` subvolume (which is usually mounted on `/srv/vpnunit` on the physical machine).
|
VPNUnit runs inside a Docker container, and stores its data in the `/data` subvolume (which is usually mounted on `/srv/vpnunit` on the physical machine).
|
||||||
|
|
12
main.py
12
main.py
|
@ -257,6 +257,18 @@ def get_gateway_config(fqdn):
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@app.route("/gateway/<fqdn>/renew", methods=["POST"])
|
||||||
|
@auth.login_required
|
||||||
|
def post_gateway_renew(fqdn):
|
||||||
|
os.environ["EASYRSA_CERT_EXPIRE"] = "180" # days
|
||||||
|
|
||||||
|
r = os.system("easyrsa renew {} nopass".format(fqdn))
|
||||||
|
if r != 0:
|
||||||
|
raise Ex(500, "exit: {} cannot renew")
|
||||||
|
|
||||||
|
return jsonify({"status": "ok"})
|
||||||
|
|
||||||
|
|
||||||
@app.route("/gateway/<fqdn>", methods=["DELETE"])
|
@app.route("/gateway/<fqdn>", methods=["DELETE"])
|
||||||
@auth.login_required
|
@auth.login_required
|
||||||
def delete_gateway(fqdn):
|
def delete_gateway(fqdn):
|
||||||
|
|
Loading…
Reference in New Issue