orchid/servers/certDomainManage.go

100 lines
2.8 KiB
Go
Raw Normal View History

2023-07-10 17:51:14 +01:00
package servers
import (
"context"
2023-07-10 17:51:14 +01:00
"encoding/json"
"fmt"
"github.com/1f349/mjwt"
"github.com/1f349/orchid/database"
2023-07-22 01:39:39 +01:00
"github.com/1f349/orchid/renewal"
"github.com/1f349/orchid/utils"
2023-07-10 17:51:14 +01:00
"github.com/julienschmidt/httprouter"
"net/http"
)
func certDomainManageGET(db *database.Queries, signer mjwt.Verifier) httprouter.Handle {
2024-03-09 00:55:06 +00:00
return checkAuthForCertificate(signer, "orchid:cert:edit", db, func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, certId int64) {
rows, err := db.GetDomainStatesForCert(context.Background(), certId)
2023-07-10 17:51:14 +01:00
if err != nil {
apiError(rw, http.StatusInsufficientStorage, "Database error")
return
}
// write output
rw.WriteHeader(http.StatusAccepted)
m := map[string]any{
"id": fmt.Sprintf("%d", certId),
"domains": rows,
2023-07-10 17:51:14 +01:00
}
_ = json.NewEncoder(rw).Encode(m)
})
}
func certDomainManagePUTandDELETE(db *database.Queries, signer mjwt.Verifier, domains utils.DomainChecker) httprouter.Handle {
return checkAuthForCertificate(signer, "orchid:cert:edit", db, func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, certId int64) {
2023-07-10 17:51:14 +01:00
// check request type
isAdd := req.Method == http.MethodPut
// read domains from request body
var d []string
if json.NewDecoder(req.Body).Decode(&d) != nil {
apiError(rw, http.StatusBadRequest, "Invalid request body")
return
}
// validate all domains
for _, i := range d {
if !validateDomainOwnershipClaims(i, b.Claims.Perms) {
2023-07-10 17:51:14 +01:00
apiError(rw, http.StatusBadRequest, "Token cannot modify a specified domain")
return
}
if !domains.ValidateDomain(i) {
apiError(rw, http.StatusBadRequest, "Invalid domain")
return
}
}
// run a safe transaction to insert or update the certificate domains
if db.UseTx(req.Context(), func(tx *database.Queries) error {
2023-07-10 17:51:14 +01:00
if isAdd {
// insert domains to add
for _, i := range d {
err := tx.AddDomains(req.Context(), database.AddDomainsParams{
CertID: certId,
Domain: i,
State: renewal.DomainStateAdded,
})
2023-07-10 17:51:14 +01:00
if err != nil {
return fmt.Errorf("failed to add domains to the database")
}
}
} else {
// update domains to removed state
err := tx.UpdateDomains(req.Context(), database.UpdateDomainsParams{
2024-03-09 00:55:06 +00:00
State: renewal.DomainStateRemoved,
Domains: d,
})
2023-07-10 17:51:14 +01:00
if err != nil {
return fmt.Errorf("failed to remove domains from the database")
}
}
return nil
}) != nil {
apiError(rw, http.StatusInsufficientStorage, "Database error")
return
}
// write output
rw.WriteHeader(http.StatusAccepted)
m := map[string]any{
"id": fmt.Sprintf("%d", certId),
}
if isAdd {
m["add_domains"] = d
} else {
m["remove_domains"] = d
}
_ = json.NewEncoder(rw).Encode(m)
})
}