aboutsummaryrefslogtreecommitdiff
path: root/server
AgeCommit message (Collapse)Author
2016-08-26First attempt at dropping privilegessid77
2016-08-20Replace Fatals with ErrorsNiall Sheridan
2016-08-20Run some tests in parallelNiall Sheridan
2016-08-20Use references to config structsNiall Sheridan
2016-08-17Switch from bootstrap to skeletonNiall Sheridan
2016-08-16Allow selecting which ip to listen onNiall Sheridan
2016-08-09SQLite DB supportNiall Sheridan
2016-08-07Use bootstrapNiall Sheridan
Move templates and static under server/
2016-08-07Ping the db before attempting to query itNiall Sheridan
2016-08-01fix buildNiall Sheridan
2016-07-31Support mongo datastoresNiall Sheridan
2016-07-31Use a KRL for revoked certsNiall Sheridan
2016-07-24Add a page for revoking certsNiall Sheridan
Add a template for revocation Use DATETIME type to store created/expires times Require auth for the /admin and /revoke endpoints
2016-07-17Add some handlers testsNiall Sheridan
2016-07-03first pass at a certificate storeNiall Sheridan
2016-06-30Configurable logfile locationNiall Sheridan
2016-06-14Update whitelistingNiall Sheridan
Whitelist Google users based on their email address instead of the username part of the email address. Plain gmail (non Google Apps) accounts don't necessarily end in '@gmail.com', and whitelisting on username alone is open to abuse. Skip testing for a Google Apps domain (ui.Hd) if no domain is configured. Principals will still be added as the user part of the email address. For the Github provider, skip checking that the user is a member of an organization is none is configured.
2016-06-14Merge pull request #21 from nsheridan/whitelist_supportMarco Bonetti
Add support for a users whitelist
2016-06-14Add support for a users whitelistMarco Bonetti
2016-06-13Run the linter as part of tests.Niall Sheridan
Fix lint warnings.
2016-06-06Merge pull request #16 from nsheridan/s3Niall Sheridan
Add AWS S3 and Google GCS virtual filesystems
2016-06-06Save oauth 'state' identifier in the clientNiall Sheridan
2016-06-05Add AWS S3 and Google GCS virtual filesystems.Niall Sheridan
This allows the signing key to be read directly from S3 using a path like /s3/<bucket>/<path/to/signing.key> or /gcs/<bucket>/<path/to/signing.key>.
2016-06-02Validate tokens correctlyNiall Sheridan
This switch statement doesn't do what I thought it does
2016-05-29Switch from json to hcl configsNiall Sheridan
This is backward-compatible with the JSON config format - this is a non-breaking change. HCL treats config blocks as repeated fields so the config has to be unmarshalled into a struct comprised of []Server, []Auth, []SSH first.
2016-05-29Remove unneeded template_dirNiall Sheridan
2016-05-28Set expiry time in the github auth packageNiall Sheridan
2016-05-24Don't allow wide-open Google or Github configsPatrick O'Doherty
Fail loudly if either the google_opts domain value or github_opts organization values are not set in the configuration. The lack of these values means that a) in the Google case any @gmail.com address will be allowed b) the Github case any Github user will be allowed. This was previously documented but left as a foot-gun in the code. Future commits will allow for explicit wildcards to be set.
2016-05-22Make template directory configurableNiall Sheridan
2016-05-22Move server/main.go to top-level server.goNiall Sheridan
Also add a Dockerfile
2016-05-22Open the browser automaticallyNiall Sheridan
2016-05-21Log the issuing of new certsNiall Sheridan
2016-05-21Remove database config. Not needed.Niall Sheridan
2016-05-18miscNiall Sheridan
2016-05-18Don't use jwt, it doesn't buy a whole lot for this applicationNiall Sheridan
2016-05-18Do login if the provided token is invalidNiall Sheridan
2016-05-09Placeholder for database config.Niall Sheridan
2016-04-23Add config file testsNiall Sheridan
2016-04-23Refactor to use an io.Reader for easier testingNiall Sheridan
2016-04-23Fix commentsNiall Sheridan
2016-04-22Add github oauth provider.Niall Sheridan
2016-04-22Fix typo in comment.Olivier Tharan
2016-04-21Fix testNiall Sheridan
2016-04-21Just make ProviderOpts a map[string]string.Niall Sheridan
I have no idea why I made it a map[string]interface{} and it's a pain to deal with.
2016-04-21Some small fixes.Niall Sheridan
Rename 'GoogleOpts' to 'ProviderOpts'. Rename Principals to AdditionalPrincipals to match the config option.
2016-04-21use correct config parameterNiall Sheridan
2016-04-21Missed some bitsNiall Sheridan
2016-04-20add commentsNiall Sheridan
2016-04-20Add comments.Niall Sheridan
2016-04-20Be explicit that this is for signing user keysNiall Sheridan