#191 moved everything except processarchive from cgi to go

unioslo · Oct 29, 2023 · b4d76ac · b4d76ac
1 parent 839142d
commit b4d76ac
Show file tree

Hide file tree

Showing 12 changed files with 1,086 additions and 48 deletions.
diff --git a/server/httpd_ssl.conf b/server/httpd_ssl.conf
@@ -22,16 +22,22 @@ SSLVerifyDepth  10
     SSLOptions +StdEnvVars
 </Files>
 
-<Directory "/var/www/cgi-bin">
+<Location "/cgi-bin/">
     SSLOptions +StdEnvVars
     SSLRequireSSL
-</Directory>
+    ProxyPass "http://nivlheimapi:4040/cgi-bin/"
+</Location>
 
-<Directory "/var/www/cgi-bin/secure">
-    SSLOptions +StdEnvVars +ExportCertData
+<Location "/cgi-bin/secure/">
     SSLRequireSSL
     SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
-</Directory>
+    RequestHeader set Cert-Client-Cert "%{SSL_CLIENT_CERT}s"
+    RequestHeader set Cert-Client-V-Remain "%{SSL_CLIENT_V_REMAIN}s"
+    RequestHeader set Cert-Client-S-DN "%{SSL_CLIENT_S_DN}s"
+    RequestHeader set Cert-Client-I-DN "%{SSL_CLIENT_I_DN}s"
+    RequestHeader set Cert-Client-S-DN-CN "%{SSL_CLIENT_S_DN_CN}s"
+    ProxyPass "http://nivlheimapi:4040/cgi-bin/secure/"
+</Location>
 
 <Location "/api/">
     ProxyPass "http://nivlheimapi:4040/api/"

diff --git a/server/server.conf b/server/server.conf
@@ -16,11 +16,16 @@ LDAPprimaryAttr=
 LDAPadminGroup=
 AllAccessGroups=
 HostOwnerPluginURL=
-CFEngineKeyDir=
+CFEngineKeyDir=/var/pubkeys
 PGhost=
 PGport=
 PGdatabase=
 PGuser=
 PGpassword=
 PGsslmode=
 HTTPListenAddress=
+CACertFile=CA/nivlheimca.crt
+CAKeyFile=CA/nivlheimca.key
+ConfDir=/var/www/nivlheim
+QueueDir=/var/www/nivlheim/queue
+UploadDir=/var/www/nivlheim/upload
diff --git a/server/service/api.go b/server/service/api.go
@@ -69,8 +69,15 @@ func createAPImuxer(theDB *sql.DB, devmode bool) *http.ServeMux {
 	api.Handle("/api/v2/status", &apiMethodStatus{db: theDB})
 	api.HandleFunc("/api/v2/userinfo", apiGetUserInfo)
 
+    api.HandleFunc("/cgi-bin/ping", apiPing)
+    api.Handle("/cgi-bin/reqcert", &apiMethodReqCert{db: theDB})
+    api.Handle("/cgi-bin/secure/renewcert", &apiMethodRenewCert{db: theDB})
+    api.Handle("/cgi-bin/secure/ping", &apiMethodSecurePing{db: theDB})
+    api.Handle("/cgi-bin/secure/post", &apiMethodPostArchive{db: theDB})
+
 	// Add CSRF protection to all the api functions
 	mux.Handle("/api/v2/", wrapCSRFprotection(api))
+    mux.Handle("/cgi-bin/", wrapCSRFprotection(api))
 
 	// Oauth2-related endpoints
 	mux.HandleFunc("/api/oauth2/start", startOauth2Login)

diff --git a/server/service/api_status.go b/server/service/api_status.go
@@ -74,8 +74,7 @@ func (vars *apiMethodStatus) ServeHTTP(w http.ResponseWriter, req *http.Request)
 	// IncomingQueueSize
 	// TODO optimize for large directories
 	status.IncomingQueueSize = -1
-	const queuedir = "/var/www/nivlheim/queue"
-	f, err := os.Open(queuedir)
+	f, err := os.Open(config.QueueDir)
 	if err == nil {
 		defer f.Close()
 		names, err := f.Readdirnames(0)