device: request_certificate (no "approval" check)

2022-04-01 17:51:01 +00:00 · 2022-04-01 17:51:01 +00:00 · b421d6f79b
commit b421d6f79b
parent e6c270a0fa
1 changed files with 36 additions and 1 deletions
--- a/api/kiwi_vpn_api/routers/device.py
+++ b/api/kiwi_vpn_api/routers/device.py
@ -4,7 +4,8 @@

 from fastapi import APIRouter, Depends, HTTPException, status

-from ..db import Device, DeviceCreate, DeviceRead, User
+from ..db import Connection, Device, DeviceCreate, DeviceRead, User
+from ..easyrsa import CertificateType, DistinguishedName, EasyRSA
 from ._common import (Responses, get_current_user, get_device_by_id,
                      get_user_by_name)

@ -75,3 +76,37 @@ async def remove_device(

    # delete device
    device.delete()
+
+
+@router.post(
+    "/{device_id}/csr",
+    responses={
+        status.HTTP_200_OK: Responses.OK,
+        status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
+        status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
+        status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
+        status.HTTP_404_NOT_FOUND: Responses.ENTRY_DOESNT_EXIST,
+    },
+)
+async def request_certificate(
+    current_user: User = Depends(get_current_user),
+    device: Device = Depends(get_device_by_id),
+):
+    """
+    POST ./{device_id}/csr: Request certificate for a device.
+    """
+
+    # check permission
+    if not current_user.can_edit(device):
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
+
+    easy_rsa = EasyRSA()
+
+    with Connection.session as db:
+        db.add(device)
+        dn = DistinguishedName.build(device)
+
+    easy_rsa.issue(
+        dn=dn,
+        cert_type=CertificateType.server,
+    )