Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-12-29 | Use vendored s3 wkfs | Niall Sheridan | |
2016-12-28 | Log SHA256 fingerprints | Niall Sheridan | |
2016-12-28 | quieten the linter | Niall Sheridan | |
2016-12-28 | Allow building static binaries | Niall Sheridan | |
sqlite uses CGO which prevents the building of statically-linked binaries. This change will omit sqlite support when building a static binary with: CGO_ENABLED=0 go build --ldflags '-extldflags "-static"' | |||
2016-12-28 | Add LetsEncrypt support | Niall Sheridan | |
When configured the server will request a TLS certificate for the specified server name from LetsEncrypt | |||
2016-10-17 | Unmarshal the config using mapstructure directly. | Niall Sheridan | |
Avoid unmarshalling into an intermediate struct. Better tests. | |||
2016-10-11 | Replace the 'datastore' option with a 'database' option | Niall Sheridan | |
The 'datastore' string option is deprecated and will be removed in a future version. The new 'database' map option is preferred. | |||
2016-10-06 | Add support for Hashicorp Vault | Niall Sheridan | |
Vault is supported for the following: As a well-known filesystem for TLS cert, TLS key and SSH signing key. For configuration secrets for cookie_secret, csrf_secret, oauth_client_id and oauth_client_secret options. | |||
2016-09-30 | Use json.NewDecoder to decode json from http | Niall Sheridan | |
2016-09-28 | Submit => Revoke | Niall Sheridan | |
2016-09-24 | Use a new session for each request | Niall Sheridan | |
2016-09-11 | Invert check for revoked cert | Niall Sheridan | |
2016-09-11 | Add a toggle for unexpired certs | Niall Sheridan | |
2016-09-11 | Allow filtering results | Niall Sheridan | |
2016-09-01 | Remove the Principal field from the request | Niall Sheridan | |
The server will always overwrite this field with the username obtained from the auth provider. Allowing the client to set it is a waste of time. | |||
2016-08-28 | Allow searching on keyID and principals | Niall Sheridan | |
2016-08-28 | List only certs which haven't expired | Niall Sheridan | |
2016-08-28 | Cosmetic changes | Niall Sheridan | |
2016-08-27 | Allow setting some config from environment | Niall Sheridan | |
2016-08-26 | First attempt at dropping privileges | sid77 | |
2016-08-20 | Replace Fatals with Errors | Niall Sheridan | |
2016-08-20 | Run some tests in parallel | Niall Sheridan | |
2016-08-20 | Use references to config structs | Niall Sheridan | |
2016-08-17 | Switch from bootstrap to skeleton | Niall Sheridan | |
2016-08-16 | Allow selecting which ip to listen on | Niall Sheridan | |
2016-08-09 | SQLite DB support | Niall Sheridan | |
2016-08-07 | Use bootstrap | Niall Sheridan | |
Move templates and static under server/ | |||
2016-08-07 | Ping the db before attempting to query it | Niall Sheridan | |
2016-08-01 | fix build | Niall Sheridan | |
2016-07-31 | Support mongo datastores | Niall Sheridan | |
2016-07-31 | Use a KRL for revoked certs | Niall Sheridan | |
2016-07-24 | Add a page for revoking certs | Niall Sheridan | |
Add a template for revocation Use DATETIME type to store created/expires times Require auth for the /admin and /revoke endpoints | |||
2016-07-17 | Add some handlers tests | Niall Sheridan | |
2016-07-03 | first pass at a certificate store | Niall Sheridan | |
2016-06-30 | Configurable logfile location | Niall Sheridan | |
2016-06-14 | Update whitelisting | Niall Sheridan | |
Whitelist Google users based on their email address instead of the username part of the email address. Plain gmail (non Google Apps) accounts don't necessarily end in '@gmail.com', and whitelisting on username alone is open to abuse. Skip testing for a Google Apps domain (ui.Hd) if no domain is configured. Principals will still be added as the user part of the email address. For the Github provider, skip checking that the user is a member of an organization is none is configured. | |||
2016-06-14 | Merge pull request #21 from nsheridan/whitelist_support | Marco Bonetti | |
Add support for a users whitelist | |||
2016-06-14 | Add support for a users whitelist | Marco Bonetti | |
2016-06-13 | Run the linter as part of tests. | Niall Sheridan | |
Fix lint warnings. | |||
2016-06-06 | Merge pull request #16 from nsheridan/s3 | Niall Sheridan | |
Add AWS S3 and Google GCS virtual filesystems | |||
2016-06-06 | Save oauth 'state' identifier in the client | Niall Sheridan | |
2016-06-05 | Add AWS S3 and Google GCS virtual filesystems. | Niall Sheridan | |
This allows the signing key to be read directly from S3 using a path like /s3/<bucket>/<path/to/signing.key> or /gcs/<bucket>/<path/to/signing.key>. | |||
2016-06-02 | Validate tokens correctly | Niall Sheridan | |
This switch statement doesn't do what I thought it does | |||
2016-05-29 | Switch from json to hcl configs | Niall Sheridan | |
This is backward-compatible with the JSON config format - this is a non-breaking change. HCL treats config blocks as repeated fields so the config has to be unmarshalled into a struct comprised of []Server, []Auth, []SSH first. | |||
2016-05-29 | Remove unneeded template_dir | Niall Sheridan | |
2016-05-28 | Set expiry time in the github auth package | Niall Sheridan | |
2016-05-24 | Don't allow wide-open Google or Github configs | Patrick O'Doherty | |
Fail loudly if either the google_opts domain value or github_opts organization values are not set in the configuration. The lack of these values means that a) in the Google case any @gmail.com address will be allowed b) the Github case any Github user will be allowed. This was previously documented but left as a foot-gun in the code. Future commits will allow for explicit wildcards to be set. | |||
2016-05-22 | Make template directory configurable | Niall Sheridan | |
2016-05-22 | Move server/main.go to top-level server.go | Niall Sheridan | |
Also add a Dockerfile | |||
2016-05-22 | Open the browser automatically | Niall Sheridan | |