path: root/server
AgeCommit message (Collapse)Author
2017-01-10Use latest versionsNiall Sheridan
Fix newly-broken tests
2017-01-08Remove dbinit and use sql/js seed filesNiall Sheridan
2017-01-05Move GetPublicKey to the shared `lib` packageNiall Sheridan
2016-12-29Use vendored s3 wkfsNiall Sheridan
2016-12-28Log SHA256 fingerprintsNiall Sheridan
2016-12-28quieten the linterNiall Sheridan
2016-12-28Allow building static binariesNiall Sheridan
sqlite uses CGO which prevents the building of statically-linked binaries. This change will omit sqlite support when building a static binary with: CGO_ENABLED=0 go build --ldflags '-extldflags "-static"'
2016-12-28Add LetsEncrypt supportNiall Sheridan
When configured the server will request a TLS certificate for the specified server name from LetsEncrypt
2016-10-17Unmarshal the config using mapstructure directly.Niall Sheridan
Avoid unmarshalling into an intermediate struct. Better tests.
2016-10-11Replace the 'datastore' option with a 'database' optionNiall Sheridan
The 'datastore' string option is deprecated and will be removed in a future version. The new 'database' map option is preferred.
2016-10-06Add support for Hashicorp VaultNiall Sheridan
Vault is supported for the following: As a well-known filesystem for TLS cert, TLS key and SSH signing key. For configuration secrets for cookie_secret, csrf_secret, oauth_client_id and oauth_client_secret options.
2016-09-30Use json.NewDecoder to decode json from httpNiall Sheridan
2016-09-28Submit => RevokeNiall Sheridan
2016-09-24Use a new session for each requestNiall Sheridan
2016-09-11Invert check for revoked certNiall Sheridan
2016-09-11Add a toggle for unexpired certsNiall Sheridan
2016-09-11Allow filtering resultsNiall Sheridan
2016-09-01Remove the Principal field from the requestNiall Sheridan
The server will always overwrite this field with the username obtained from the auth provider. Allowing the client to set it is a waste of time.
2016-08-28Allow searching on keyID and principalsNiall Sheridan
2016-08-28List only certs which haven't expiredNiall Sheridan
2016-08-28Cosmetic changesNiall Sheridan
2016-08-27Allow setting some config from environmentNiall Sheridan
2016-08-26First attempt at dropping privilegessid77
2016-08-20Replace Fatals with ErrorsNiall Sheridan
2016-08-20Run some tests in parallelNiall Sheridan
2016-08-20Use references to config structsNiall Sheridan
2016-08-17Switch from bootstrap to skeletonNiall Sheridan
2016-08-16Allow selecting which ip to listen onNiall Sheridan
2016-08-09SQLite DB supportNiall Sheridan
2016-08-07Use bootstrapNiall Sheridan
Move templates and static under server/
2016-08-07Ping the db before attempting to query itNiall Sheridan
2016-08-01fix buildNiall Sheridan
2016-07-31Support mongo datastoresNiall Sheridan
2016-07-31Use a KRL for revoked certsNiall Sheridan
2016-07-24Add a page for revoking certsNiall Sheridan
Add a template for revocation Use DATETIME type to store created/expires times Require auth for the /admin and /revoke endpoints
2016-07-17Add some handlers testsNiall Sheridan
2016-07-03first pass at a certificate storeNiall Sheridan
2016-06-30Configurable logfile locationNiall Sheridan
2016-06-14Update whitelistingNiall Sheridan
Whitelist Google users based on their email address instead of the username part of the email address. Plain gmail (non Google Apps) accounts don't necessarily end in '@gmail.com', and whitelisting on username alone is open to abuse. Skip testing for a Google Apps domain (ui.Hd) if no domain is configured. Principals will still be added as the user part of the email address. For the Github provider, skip checking that the user is a member of an organization is none is configured.
2016-06-14Merge pull request #21 from nsheridan/whitelist_supportMarco Bonetti
Add support for a users whitelist
2016-06-14Add support for a users whitelistMarco Bonetti
2016-06-13Run the linter as part of tests.Niall Sheridan
Fix lint warnings.
2016-06-06Merge pull request #16 from nsheridan/s3Niall Sheridan
Add AWS S3 and Google GCS virtual filesystems
2016-06-06Save oauth 'state' identifier in the clientNiall Sheridan
2016-06-05Add AWS S3 and Google GCS virtual filesystems.Niall Sheridan
This allows the signing key to be read directly from S3 using a path like /s3/<bucket>/<path/to/signing.key> or /gcs/<bucket>/<path/to/signing.key>.
2016-06-02Validate tokens correctlyNiall Sheridan
This switch statement doesn't do what I thought it does
2016-05-29Switch from json to hcl configsNiall Sheridan
This is backward-compatible with the JSON config format - this is a non-breaking change. HCL treats config blocks as repeated fields so the config has to be unmarshalled into a struct comprised of []Server, []Auth, []SSH first.
2016-05-29Remove unneeded template_dirNiall Sheridan
2016-05-28Set expiry time in the github auth packageNiall Sheridan
2016-05-24Don't allow wide-open Google or Github configsPatrick O'Doherty
Fail loudly if either the google_opts domain value or github_opts organization values are not set in the configuration. The lack of these values means that a) in the Google case any @gmail.com address will be allowed b) the Github case any Github user will be allowed. This was previously documented but left as a foot-gun in the code. Future commits will allow for explicit wildcards to be set.