aboutsummaryrefslogtreecommitdiff
path: root/cmd/cashierd
AgeCommit message (Collapse)Author
2017-01-15Add more context to errorsNiall Sheridan
2017-01-13Use wkfs to manage the lets encrypt cacheNiall Sheridan
2017-01-06Check that tls cert/key are set if use_tls is trueNiall Sheridan
2017-01-05Move GetPublicKey to the shared `lib` packageNiall Sheridan
2016-12-29Use vendored s3 wkfsNiall Sheridan
2016-12-28Add LetsEncrypt supportNiall Sheridan
When configured the server will request a TLS certificate for the specified server name from LetsEncrypt
2016-10-11Replace the 'datastore' option with a 'database' optionNiall Sheridan
The 'datastore' string option is deprecated and will be removed in a future version. The new 'database' map option is preferred.
2016-10-06Add support for Hashicorp VaultNiall Sheridan
Vault is supported for the following: As a well-known filesystem for TLS cert, TLS key and SSH signing key. For configuration secrets for cookie_secret, csrf_secret, oauth_client_id and oauth_client_secret options.
2016-10-06Use wkfs when loading tls certsNiall Sheridan
2016-09-30Use json.NewDecoder to decode json from httpNiall Sheridan
2016-09-11Add a toggle for unexpired certsNiall Sheridan
2016-09-01Remove the Principal field from the requestNiall Sheridan
The server will always overwrite this field with the username obtained from the auth provider. Allowing the client to set it is a waste of time.
2016-08-27Allow setting some config from environmentNiall Sheridan
2016-08-27Update dependenciesNiall Sheridan
2016-08-26First attempt at dropping privilegessid77
2016-08-20Run some tests in parallelNiall Sheridan
2016-08-20Use references to config structsNiall Sheridan
2016-08-16Allow selecting which ip to listen onNiall Sheridan
2016-08-09SQLite DB supportNiall Sheridan
2016-08-08Don't use local filesNiall Sheridan
2016-08-07Use bootstrapNiall Sheridan
Move templates and static under server/
2016-08-01Fix and enable handers testNiall Sheridan
2016-07-31Support mongo datastoresNiall Sheridan
2016-07-31Use a KRL for revoked certsNiall Sheridan
2016-07-24Add a page for revoking certsNiall Sheridan
Add a template for revocation Use DATETIME type to store created/expires times Require auth for the /admin and /revoke endpoints
2016-07-17Add some handlers testsNiall Sheridan
2016-07-03first pass at a certificate storeNiall Sheridan
2016-06-30Configurable logfile locationNiall Sheridan
2016-06-28http loggingNiall Sheridan
2016-06-06Merge pull request #16 from nsheridan/s3Niall Sheridan
Add AWS S3 and Google GCS virtual filesystems
2016-06-06Save oauth 'state' identifier in the clientNiall Sheridan
2016-06-05Add AWS S3 and Google GCS virtual filesystems.Niall Sheridan
This allows the signing key to be read directly from S3 using a path like /s3/<bucket>/<path/to/signing.key> or /gcs/<bucket>/<path/to/signing.key>.
2016-05-29Switch from json to hcl configsNiall Sheridan
This is backward-compatible with the JSON config format - this is a non-breaking change. HCL treats config blocks as repeated fields so the config has to be unmarshalled into a struct comprised of []Server, []Auth, []SSH first.
2016-05-28Set expiry time in the github auth packageNiall Sheridan
2016-05-28Define the token tmpl as a stringNiall Sheridan
2016-05-24Don't allow wide-open Google or Github configsPatrick O'Doherty
Fail loudly if either the google_opts domain value or github_opts organization values are not set in the configuration. The lack of these values means that a) in the Google case any @gmail.com address will be allowed b) the Github case any Github user will be allowed. This was previously documented but left as a foot-gun in the code. Future commits will allow for explicit wildcards to be set.
2016-05-22Make template directory configurableNiall Sheridan
2016-05-22Move binaries into cmd/ directoryNiall Sheridan