handlers

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 24, 2019 License: BSD-3-Clause Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetClaim

func GetClaim(jwt string, claim string) (string, error)

GetClaim returns a claim from JWT

func StatusLive

func StatusLive(echoContext echo.Context) error

StatusLive is a method that respond WORKING and is used to verify that the application is running (live)

func StatusReady

func StatusReady(c echo.Context) error

StatusReady is a method which is used to verify that the application is able to receive data (ready)

Types

type AppHandler

type AppHandler struct {
	// contains filtered or unexported fields
}

AppHandler is a struct that maintains persistence of objects used in handlers

func NewAppHandler

func NewAppHandler(config viper.Viper, auditChannel chan types.AuditRecord, logChannel chan map[string]interface{}, db *gorm.DB, permEnforcer *casbin.Enforcer) *AppHandler

NewAppHandler return a new pointer of user struct

func (AppHandler) AddRoles

func (h AppHandler) AddRoles(c echo.Context) error

AddRoles adds a new role

func (AppHandler) AssociateRoleToUser

func (h AppHandler) AssociateRoleToUser(c echo.Context) error

AssociateRoleToUser associates a role to a specific user

func (AppHandler) CertCreate

func (h AppHandler) CertCreate(c echo.Context) error

CertCreate create a certificate for user login - Input JSON sample:

{
	"key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1sB8sL1RATWY04/aLHlRiIyBc59h+Vr+kcK/RL6yYcT3PqAvzTHMlstXKbG9g4P18+DriHbOxeXQXRL/FZAJTE/kBs4iW/C75gxfny4scEq3xyAepk8R+812UKBN9QDivU7+LJ67YrmrZo8OmfhhVhqqvH8wIrjc85WuEpmqK7FcMZblcS4SgDMuOr11PWx36VNd5XRnRM0gfp3WFh3SRVqKHoH/39VHPHMz7LHt360EwKu9yslV7J0Jj631tG3p3061Nit/VOed6vRdFSE3na5FIwDw+LNvFJR8ahmAUKk1aMllBcRH8oXksDw5YufB84CRIr0znO/+8SIgcKXLl manoel.junior@twofish.local",
	"remote_user":"jim",
 "remote_host":"192.168.2.105",
	"user_ip":"192.168.2.5",
	"command":"/bin/bash"
}

- Output sample

{
	"result": "success",
	"certificate": "ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3

BlbnNzaC5jb20AAAAgvz4Hjd5bR2H2ryXBjyTuGt+Uerg80LriH48MtyOyBIgAAAADAQABAAABAQ C1sB8sL1RATWY04/aLHlRiIyBc59h+Vr+kcK/RL6yYcT3PqAvzTHMlstXKbG9g4P18+DriHbOxeX QXRL/FZAJTE/kBs4iW/C75gxfny4scEq3xyAepk8R+812UKBN9QDivU7+LJ67YrmrZo8OmfhhVhq qvH8wIrjc85WuEpmqK7FcMZblcS4SgDMuOr11PWx36VNd5XRnRM0gfp3WFh3SRVqKHoH/39VHPHM z7LHt360EwKu9yslV7J0Jj631tG3p3061Nit/VOed6vRdFSE3na5FIwDw+LNvFJR8ahmAUKk1aMl lBcRH8oXksDw5YufB84CRIr0znO/+8SIgcKXLlAAAAAAAAAAAAAAABAAAAtXVzZXJbXSBmcm9tWz E5Mi4xNjguMi41XSBjb21tYW5kW10gc3NoS2V5WzgwOjI5OmY3OmZjOjFkOjFhOjdmOjRiOmM4Oj JhOjJhOmUwOjA4OmU2OmQzOjMyXSBjYVtTSEEyNTY6OU5zLzdHamwxVVFReXBodElLREdZZCtPeU JkVjVrWnNRK3lmaVhzdDg0Y10gdmFsaWQgdG9bMjAxOC0xMi0wOVQyMTowNjozNS0wMjowMF0AAA AHAAAAA2ppbQAAAABcDZ2FAAAAAFwNn/sAAAAlAAAADnNvdXJjZS1hZGRyZXNzAAAADwAAAAsxOT IuMTY4LjIuNQAAABIAAAAKcGVybWl0LXB0eQAAAAAAAAAAAAABFQAAAAdzc2gtcnNhAAAAASMAAA EBAPj/vg/zXKNBy+GjtW0dZfZ2LQUeCA5FhOiQPaCpKpLO7YMAA63Lb3KbGdDOAnTFS3K69dwA+o ItlSO7aEkIfo7YNxCNb6tMIwoa6y3E1hdQI2N+lAhcg2lSQtbeKzpds7vvQ/j5UuSVWvRxBJZOCk XEHRaA7y8e2jWVHQg9kcDeTFCvcIj7AEkBPTUXQFJd/RxDWmiYPSdQ9FTq39y11jKk9YXsG2fjiZ o1uenoWCBJi2DJ9gkE53ednJzGAKa7y2+KMHwbPhcuTm19YvtH31M9iF2JtkZx5qXXeWlJ7HgkcY 60j2bUfqBIlZH/dor4t6BHcBOAHbm32C4Xe4jSRVMAAAEPAAAAB3NzaC1yc2EAAAEAp/sdFMyeo6 Jbdu4R33pZiSuTBGyBash4SlK4PoVEiuWnN2UHVH6DAi84qzG+Qhho48YJYarDDxxbOxcDinQ2j1 5XU0V/vVeucS12UF06HG9r+J51u0KMA/3dN4WNG6GKDrzY5M5Uad7lWnDNtbjRnhPVPCxHgV5YQL O6k94+kaPZbR+bVWb5tAOMoC1XHBwwDNLDqUKs2C8lvEpJY0Mf7ag9SNSep0Q5isq97zY3CWwPCt pYTN9tkQpfn+Noe4H7yOP2mkpAs3i7j/u0+Zz6SHejy4A7HlGHfJvWrOyg8J0ZzBSl5ho5eAw4Lr t+xcTVkFgWWPcml7CFiGwFhbui4w== }

func (AppHandler) CertInfo

func (h AppHandler) CertInfo(c echo.Context) error

CertInfo returns certificate info based on KeyID

- Output sample

{
	"result":"success",
	"remote_user": "username",
	"remote_host": "10.0.0.1"
}

func (AppHandler) DisassociateRoleToUser

func (h AppHandler) DisassociateRoleToUser(c echo.Context) error

DisassociateRoleToUser disassociates a role to a specific user

func (AppHandler) GetRoles

func (h AppHandler) GetRoles(c echo.Context) error

GetRoles prints all the existing roles

func (AppHandler) GetRolesByUser

func (h AppHandler) GetRolesByUser(c echo.Context) error

GetRolesByUser prints all the existing roles to specific user

func (AppHandler) GetRolesForMe

func (h AppHandler) GetRolesForMe(c echo.Context) error

GetRolesForMe prints all the existing roles to current user

func (AppHandler) GetUsersWithRole

func (h AppHandler) GetUsersWithRole(c echo.Context) error

GetUsersWithRole prints all associated users to specific role

func (AppHandler) PublicKey

func (h AppHandler) PublicKey(c echo.Context) error

PublicKey returns CA public key

- Output sample

{
	"result":"success",
	"public_key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6rGI3i3D1fvay1MFKHjEfcvKA

A6vuNH5ayPcmOIoeHvkXPO6uCp4pbSNmy45szxyTEjGYJx0F6qylUzi4jZ+1BIpq5QStetsP4pryLhd vK21bkCIBAqZbmw6Wc4D2Z+Qc7Is1/ZBr3g2lmfWApNqFmlwnDGpH6Hp0lRdBtanTz3/er99JS9WRXF c/uRGkY6n/fX3VELTixmcyRIIQDI66Cy+6jkS9nDn4E8Hu2mshWP/VtOok4DsIBk1YQb9wSeTOtmIZf EjBbzcKyBorYHWqYvNXN4wDtKtSTypjE1d42qodK3sKNMqqrIXdicHUId967oL7497+jDklpfZ24z3O gM7rdXRijDJUP6RcBpKFSriGOV6wolYop7Rc/DLgA16MOx8Zh/iVh3LI0zKyeQhG5tNO/hoNPe8Bp0k IXio9xBt/TyAHl3OfFQ6rYOwefvmp2ladV2Wy/BeIOPnswO0jk288qpzUDYE8sOlrtn3DZfqG5auDAe A+7XNuDuwUmwjSFTRz4nAtooCaF8UTysIfHYFgtKvU+xCIXWsHMr4BSaF1B3f2434r4Hn0gfWeg5CSu 0nO45S07q3TKjnoo644zmHtuUUw/+fG1ctmmjq1DO85TcotqdW1oT/SZwYxK7hqwvY7S5uClkUSXmDG

 UY3HMVIFLJPzCBi4bjhIX6Jbdw==\n"
}

func (AppHandler) RemoveRole

func (h AppHandler) RemoveRole(c echo.Context) error

RemoveRole removes an existent role

func (AppHandler) StatusConfig

func (h AppHandler) StatusConfig(c echo.Context) error

StatusConfig is a method that respond WORKING and is used to verify that the application is running (live)

type IDToken

type IDToken struct {
	Issuer            string                 `json:"iss"`
	Subject           string                 `json:"sub"`
	Audience          audience               `json:"aud"`
	AuthorizedParty   string                 `json:"azp"`
	Expiry            jsonTime               `json:"exp"`
	IssuedAt          jsonTime               `json:"iat"`
	JTI               string                 `json:"jti"`
	Nonce             string                 `json:"nonce"`
	AtHash            string                 `json:"at_hash"`
	Name              string                 `json:"name"`
	PreferredUsername string                 `json:"preferred_username"`
	GivenName         string                 `json:"given_name"`
	FamilyName        string                 `json:"family_name"`
	MiddleName        string                 `json:"middle_name"`
	Nickname          string                 `json:"nickname"`
	PhoneNumber       string                 `json:"phone_number"`
	Email             string                 `json:"email"`
	ClaimNames        map[string]string      `json:"_claim_names"`
	ClaimSources      map[string]claimSource `json:"_claim_sources"`
}

IDToken is the struct that holds all information about a JWT token

func ValidateJWT

func ValidateJWT(c echo.Context, config viper.Viper) (IDToken, error)

ValidateJWT validates JWT based on audience, expiration, signature and issuer and returns a valid JWT token if it succeeds

type Vault

type Vault struct {
	// contains filtered or unexported fields
}

Vault store configuration to use remote Vault as cert signer

func GetVault

func GetVault() Vault

GetVault returns Vault configuration

func (*Vault) GetExternalPublicKey

func (v *Vault) GetExternalPublicKey() (string, error)

GetExternalPublicKey returns public key from external CA

func (*Vault) GetToken

func (v *Vault) GetToken() error

GetToken autenticate on Vault instance and returns a client token

func (*Vault) SignUserSSHCertificate

func (v *Vault) SignUserSSHCertificate(c *ssh.Certificate) (string, error)

SignUserSSHCertificate sign ssh.Certificate for user and return a string with data (without \n at end)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL