feat: setup wizard and token management
added ed25519 key generation to setup endpoint deployment handler for token CRUD with install commands wired routes for /api/setup/generate-keys and /admin/deployment setup generates keypair on demand deployment endpoints provide one-liner install commands ready for v0.1.22 testing
This commit is contained in:
Fimeg
@@ -42,6 +42,7 @@ func startWelcomeModeServer() {
|
||||
|
||||
// Setup endpoint for web configuration
|
||||
router.POST("/api/setup/configure", setupHandler.ConfigureServer)
|
||||
router.POST("/api/setup/generate-keys", setupHandler.GenerateSigningKeys)
|
||||
|
||||
// Setup endpoint for web configuration
|
||||
router.GET("/setup", setupHandler.ShowSetupPage)
|
||||
@@ -171,6 +172,7 @@ func main() {
|
||||
rateLimitHandler := handlers.NewRateLimitHandler(rateLimiter)
|
||||
downloadHandler := handlers.NewDownloadHandler(filepath.Join("/app"), cfg)
|
||||
subsystemHandler := handlers.NewSubsystemHandler(subsystemQueries, commandQueries)
|
||||
deploymentHandler := handlers.NewDeploymentHandler(registrationTokenQueries, agentQueries)
|
||||
|
||||
// Initialize verification handler
|
||||
var verificationHandler *handlers.VerificationHandler
|
||||
@@ -318,6 +320,12 @@ func main() {
|
||||
admin.GET("/registration-tokens/stats", rateLimiter.RateLimit("admin_operations", middleware.KeyByUserID), registrationTokenHandler.GetTokenStats)
|
||||
admin.GET("/registration-tokens/validate", rateLimiter.RateLimit("admin_operations", middleware.KeyByUserID), registrationTokenHandler.ValidateRegistrationToken)
|
||||
|
||||
// Deployment routes (token management with install commands)
|
||||
admin.GET("/deployment/tokens", rateLimiter.RateLimit("admin_operations", middleware.KeyByUserID), deploymentHandler.ListTokens)
|
||||
admin.POST("/deployment/tokens", rateLimiter.RateLimit("admin_token_gen", middleware.KeyByUserID), deploymentHandler.CreateToken)
|
||||
admin.GET("/deployment/tokens/:id", rateLimiter.RateLimit("admin_operations", middleware.KeyByUserID), deploymentHandler.GetToken)
|
||||
admin.DELETE("/deployment/tokens/:id", rateLimiter.RateLimit("admin_operations", middleware.KeyByUserID), deploymentHandler.RevokeToken)
|
||||
|
||||
// Rate Limit Management
|
||||
admin.GET("/rate-limits", rateLimiter.RateLimit("admin_operations", middleware.KeyByUserID), rateLimitHandler.GetRateLimitSettings)
|
||||
admin.PUT("/rate-limits", rateLimiter.RateLimit("admin_operations", middleware.KeyByUserID), rateLimitHandler.UpdateRateLimitSettings)
|
||||
|
||||
96
aggregator-server/internal/api/handlers/deployment.go
Normal file
96
aggregator-server/internal/api/handlers/deployment.go
Normal file
@@ -0,0 +1,96 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/Fimeg/RedFlag/aggregator-server/internal/database/queries"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
type DeploymentHandler struct {
|
||||
registrationTokenQueries *queries.RegistrationTokenQueries
|
||||
agentQueries *queries.AgentQueries
|
||||
}
|
||||
|
||||
func NewDeploymentHandler(regTokenQueries *queries.RegistrationTokenQueries, agentQueries *queries.AgentQueries) *DeploymentHandler {
|
||||
return &DeploymentHandler{
|
||||
registrationTokenQueries: regTokenQueries,
|
||||
agentQueries: agentQueries,
|
||||
}
|
||||
}
|
||||
|
||||
// ListTokens returns all registration tokens
|
||||
func (h *DeploymentHandler) ListTokens(c *gin.Context) {
|
||||
tokens, err := h.registrationTokenQueries.ListAllTokens()
|
||||
if err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to list tokens"})
|
||||
return
|
||||
}
|
||||
c.JSON(http.StatusOK, gin.H{"tokens": tokens})
|
||||
}
|
||||
|
||||
// CreateToken creates a new registration token
|
||||
func (h *DeploymentHandler) CreateToken(c *gin.Context) {
|
||||
var req struct {
|
||||
MaxSeats int `json:"max_seats" binding:"required,min=1"`
|
||||
ExpiresIn string `json:"expires_in"` // e.g., "24h", "7d"
|
||||
Note string `json:"note"` // Optional note/label
|
||||
}
|
||||
if err := c.ShouldBindJSON(&req); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// Parse expiration duration
|
||||
var duration time.Duration
|
||||
var err error
|
||||
if req.ExpiresIn != "" {
|
||||
duration, err = time.ParseDuration(req.ExpiresIn)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid expires_in format - use Go duration (e.g., 24h, 168h)"})
|
||||
return
|
||||
}
|
||||
} else {
|
||||
duration = 24 * time.Hour // Default 24 hours
|
||||
}
|
||||
|
||||
expiresAt := time.Now().Add(duration)
|
||||
token, err := h.registrationTokenQueries.CreateToken(req.MaxSeats, expiresAt)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create token"})
|
||||
return
|
||||
}
|
||||
|
||||
// Build install command
|
||||
serverURL := c.Request.Host
|
||||
installCommand := fmt.Sprintf("curl -sSL http://%s/api/v1/install/linux | bash -s -- %s", serverURL, token.Token)
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"token": token,
|
||||
"install_command": installCommand,
|
||||
"message": "registration token created",
|
||||
})
|
||||
}
|
||||
|
||||
// RevokeToken revokes a registration token
|
||||
func (h *DeploymentHandler) RevokeToken(c *gin.Context) {
|
||||
tokenID := c.Param("id")
|
||||
if err := h.registrationTokenQueries.RevokeToken(tokenID); err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to revoke token"})
|
||||
return
|
||||
}
|
||||
c.JSON(http.StatusOK, gin.H{"message": "token revoked"})
|
||||
}
|
||||
|
||||
// GetToken returns details about a specific token
|
||||
func (h *DeploymentHandler) GetToken(c *gin.Context) {
|
||||
tokenID := c.Param("id")
|
||||
token, err := h.registrationTokenQueries.GetTokenByID(tokenID)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusNotFound, gin.H{"error": "token not found"})
|
||||
return
|
||||
}
|
||||
c.JSON(http.StatusOK, gin.H{"token": token})
|
||||
}
|
||||
@@ -1,7 +1,10 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"crypto/ed25519"
|
||||
"crypto/rand"
|
||||
"database/sql"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strconv"
|
||||
@@ -409,3 +412,28 @@ func (h *SetupHandler) ConfigureServer(c *gin.Context) {
|
||||
})
|
||||
}
|
||||
|
||||
// GenerateSigningKeys generates Ed25519 keypair for agent update signing
|
||||
func (h *SetupHandler) GenerateSigningKeys(c *gin.Context) {
|
||||
// Generate Ed25519 keypair
|
||||
publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to generate keypair"})
|
||||
return
|
||||
}
|
||||
|
||||
// Encode to hex
|
||||
publicKeyHex := hex.EncodeToString(publicKey)
|
||||
privateKeyHex := hex.EncodeToString(privateKey)
|
||||
|
||||
// Generate fingerprint (first 16 chars)
|
||||
fingerprint := publicKeyHex[:16]
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"public_key": publicKeyHex,
|
||||
"private_key": privateKeyHex,
|
||||
"fingerprint": fingerprint,
|
||||
"algorithm": "ed25519",
|
||||
"key_size": 32,
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
Binary file not shown.
Reference in New Issue
Block a user