kiwi-vpn/api/plan.md

1.2 KiB

Server props

  • default DN parts: country, state, city, org, OU
  • "customizable" flags for DN parts
  • flag: use client-to-client
  • force cipher, tls-cipher, auth params
  • server name
  • default certification duration
  • default certificate algo

User props

  • username (CN part)
  • password
  • custom DN parts: country, state, city, org, OU
  • email (DN part)
  • tags

User tags

  • admin: administrator
  • login: can log into the web interface
  • issue: can certify own devices (without approval)
  • renew: can renew certificates for own devices (without approval)

Device props

  • name (CN part)
  • type (icon)
  • approved: bool
  • expiry

Device status

  • created (approved = NULL): device has been newly created
  • requested (approved = false): certificate has been requested (issue or renew)
  • issued (approved = true): certificate has been granted (may be expired)

Permissions

  • admin cannot "admin" itself (to prevent self decapitation)
  • admin can "edit", "admin" and "create" everything else
  • user can "edit" itself and its devices
  • user can "create" devices for itself

User

  • edit: change DN parts, password
  • admin: add or remove tag, delete, generate password

Device

  • edit: change type, delete, request
  • admin: approve