ec3ba88459
migration 017 adds machine_id to agents table middleware validates X-Machine-ID header on authed routes agent client sends machine ID with requests MIN_AGENT_VERSION config defaults 0.1.22 version utils added for comparison blocks config copying attacks via hardware fingerprint old agents get 426 upgrade required breaking: <0.1.22 agents rejected
58 lines
1.5 KiB
Go
58 lines
1.5 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/Fimeg/RedFlag/aggregator-server/internal/services"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// SystemHandler handles system-level operations
|
|
type SystemHandler struct {
|
|
signingService *services.SigningService
|
|
}
|
|
|
|
// NewSystemHandler creates a new system handler
|
|
func NewSystemHandler(ss *services.SigningService) *SystemHandler {
|
|
return &SystemHandler{
|
|
signingService: ss,
|
|
}
|
|
}
|
|
|
|
// GetPublicKey returns the server's Ed25519 public key for signature verification
|
|
// This allows agents to fetch the public key at runtime instead of embedding it at build time
|
|
func (h *SystemHandler) GetPublicKey(c *gin.Context) {
|
|
if h.signingService == nil {
|
|
c.JSON(http.StatusServiceUnavailable, gin.H{
|
|
"error": "signing service not configured",
|
|
"hint": "Set REDFLAG_SIGNING_PRIVATE_KEY environment variable",
|
|
})
|
|
return
|
|
}
|
|
|
|
pubKeyHex := h.signingService.GetPublicKey()
|
|
fingerprint := h.signingService.GetPublicKeyFingerprint()
|
|
|
|
c.JSON(http.StatusOK, gin.H{
|
|
"public_key": pubKeyHex,
|
|
"fingerprint": fingerprint,
|
|
"algorithm": "ed25519",
|
|
"key_size": 32,
|
|
})
|
|
}
|
|
|
|
// GetSystemInfo returns general system information
|
|
func (h *SystemHandler) GetSystemInfo(c *gin.Context) {
|
|
c.JSON(http.StatusOK, gin.H{
|
|
"version": "v0.1.21",
|
|
"name": "RedFlag Aggregator",
|
|
"description": "Self-hosted update management platform",
|
|
"features": []string{
|
|
"agent_management",
|
|
"update_tracking",
|
|
"command_execution",
|
|
"ed25519_signing",
|
|
},
|
|
})
|
|
}
|