open-vault/http/handler.go

package http

import (
	"encoding/json"
	"fmt"
	"net/http"
	"strings"

	"github.com/hashicorp/vault/logical"
	"github.com/hashicorp/vault/vault"
)

// AuthCookieName is the name of the cookie containing the token.
const AuthCookieName = "token"

// Handler returns an http.Handler for the API. This can be used on
// its own to mount the Vault API within another web server.
func Handler(core *vault.Core) http.Handler {
	// Create the muxer to handle the actual endpoints
	mux := http.NewServeMux()
	mux.Handle("/v1/sys/init", handleSysInit(core))
	mux.Handle("/v1/sys/seal-status", handleSysSealStatus(core))
	mux.Handle("/v1/sys/seal", handleSysSeal(core))
	mux.Handle("/v1/sys/unseal", handleSysUnseal(core))
	mux.Handle("/v1/sys/mounts/", handleSysMounts(core))
	mux.Handle("/v1/sys/policy", handleSysListPolicies(core))
	mux.Handle("/v1/sys/policy/", handleSysPolicy(core))
	mux.Handle("/v1/sys/revoke/", handleSysRevoke(core))
	mux.Handle("/v1/sys/revoke-prefix/", handleSysRevokePrefix(core))
	mux.Handle("/v1/sys/auth/", handleSysAuth(core))
	mux.Handle("/v1/sys/audit", handleSysListAudit(core))
	mux.Handle("/v1/sys/audit/", handleSysAudit(core))
	mux.Handle("/v1/", handleLogical(core))

	// Wrap the handler in another handler to trigger all help paths.
	handler := handleHelpHandler(mux, core)

	return handler
}

// stripPrefix is a helper to strip a prefix from the path. It will
// return false from the second return value if it the prefix doesn't exist.
func stripPrefix(prefix, path string) (string, bool) {
	if !strings.HasPrefix(path, prefix) {
		return "", false
	}

	path = path[len(prefix):]
	if path == "" {
		return "", false
	}

	return path, true
}

func parseRequest(r *http.Request, out interface{}) error {
	dec := json.NewDecoder(r.Body)
	return dec.Decode(out)
}

// requestAuth adds the token to the logical.Request if it exists.
func requestAuth(r *http.Request, req *logical.Request) *logical.Request {
	// Attach the cookie value as the token if we have it
	cookie, err := r.Cookie(AuthCookieName)
	if err == nil {
		req.ClientToken = cookie.Value
	}

	return req
}

func respondError(w http.ResponseWriter, status int, err error) {
	w.Header().Add("Content-Type", "application/json")
	w.WriteHeader(status)

	resp := &ErrorResponse{Errors: make([]string, 0, 1)}
	if err != nil {
		resp.Errors = append(resp.Errors, err.Error())
	}

	enc := json.NewEncoder(w)
	enc.Encode(resp)
}

func respondCommon(w http.ResponseWriter, resp *logical.Response) bool {
	if resp == nil {
		return false
	}

	if resp.IsError() {
		err := fmt.Errorf("%s", resp.Data["error"].(string))
		respondError(w, http.StatusBadRequest, err)
		return true
	}

	return false
}

func respondOk(w http.ResponseWriter, body interface{}) {
	w.Header().Add("Content-Type", "application/json")

	if body == nil {
		w.WriteHeader(http.StatusNoContent)
	} else {
		w.WriteHeader(http.StatusOK)
		enc := json.NewEncoder(w)
		enc.Encode(body)
	}
}

type ErrorResponse struct {
	Errors []string `json:"errors"`
}
http: start the API server 2015-03-12 06:05:16 +00:00			`package http`

			`import (`
			`"encoding/json"`
http: detect errors in logical and return them properly 2015-04-01 04:24:20 +00:00			`"fmt"`
http: start the API server 2015-03-12 06:05:16 +00:00			`"net/http"`
http: help 2015-04-03 05:21:33 +00:00			`"strings"`
http: start the API server 2015-03-12 06:05:16 +00:00
http: support auth 2015-03-29 23:14:54 +00:00			`"github.com/hashicorp/vault/logical"`
http: start the API server 2015-03-12 06:05:16 +00:00			`"github.com/hashicorp/vault/vault"`
			`)`

http: support auth 2015-03-29 23:14:54 +00:00			`// AuthCookieName is the name of the cookie containing the token.`
			`const AuthCookieName = "token"`

http: start the API server 2015-03-12 06:05:16 +00:00			`// Handler returns an http.Handler for the API. This can be used on`
			`// its own to mount the Vault API within another web server.`
			`func Handler(core *vault.Core) http.Handler {`
http: help 2015-04-03 05:21:33 +00:00			`// Create the muxer to handle the actual endpoints`
http: start the API server 2015-03-12 06:05:16 +00:00			`mux := http.NewServeMux()`
http: init endpoints 2015-03-12 19:37:41 +00:00			`mux.Handle("/v1/sys/init", handleSysInit(core))`
http: prefix with v1 2015-03-12 17:47:31 +00:00			`mux.Handle("/v1/sys/seal-status", handleSysSealStatus(core))`
			`mux.Handle("/v1/sys/seal", handleSysSeal(core))`
			`mux.Handle("/v1/sys/unseal", handleSysUnseal(core))`
http: fix mount endpoints 2015-03-16 17:51:13 +00:00			`mux.Handle("/v1/sys/mounts/", handleSysMounts(core))`
http: list policies 2015-04-02 00:43:58 +00:00			`mux.Handle("/v1/sys/policy", handleSysListPolicies(core))`
http: all policy endpoints 2015-04-02 00:52:55 +00:00			`mux.Handle("/v1/sys/policy/", handleSysPolicy(core))`
command/revoke: revoke 2015-04-01 02:21:02 +00:00			`mux.Handle("/v1/sys/revoke/", handleSysRevoke(core))`
http: revoke-prefix 2015-04-01 02:23:32 +00:00			`mux.Handle("/v1/sys/revoke-prefix/", handleSysRevokePrefix(core))`
http: auth handlers 2015-04-01 03:24:51 +00:00			`mux.Handle("/v1/sys/auth/", handleSysAuth(core))`
http: audit endpoints 2015-04-02 01:36:13 +00:00			`mux.Handle("/v1/sys/audit", handleSysListAudit(core))`
			`mux.Handle("/v1/sys/audit/", handleSysAudit(core))`
http: generic read/write endpoint for secrets 2015-03-16 02:34:47 +00:00			`mux.Handle("/v1/", handleLogical(core))`
http: help 2015-04-03 05:21:33 +00:00
			`// Wrap the handler in another handler to trigger all help paths.`
			`handler := handleHelpHandler(mux, core)`

			`return handler`
			`}`

			`// stripPrefix is a helper to strip a prefix from the path. It will`
			`// return false from the second return value if it the prefix doesn't exist.`
			`func stripPrefix(prefix, path string) (string, bool) {`
			`if !strings.HasPrefix(path, prefix) {`
			`return "", false`
			`}`

			`path = path[len(prefix):]`
			`if path == "" {`
			`return "", false`
			`}`

			`return path, true`
http: start the API server 2015-03-12 06:05:16 +00:00			`}`

			`func parseRequest(r *http.Request, out interface{}) error {`
			`dec := json.NewDecoder(r.Body)`
			`return dec.Decode(out)`
			`}`

http: support auth 2015-03-29 23:14:54 +00:00			`// requestAuth adds the token to the logical.Request if it exists.`
			`func requestAuth(r http.Request, req logical.Request) *logical.Request {`
http: handle redirects and set auth cookies 2015-03-31 04:06:15 +00:00			`// Attach the cookie value as the token if we have it`
http: support auth 2015-03-29 23:14:54 +00:00			`cookie, err := r.Cookie(AuthCookieName)`
			`if err == nil {`
			`req.ClientToken = cookie.Value`
			`}`

			`return req`
			`}`

http: start the API server 2015-03-12 06:05:16 +00:00			`func respondError(w http.ResponseWriter, status int, err error) {`
			`w.Header().Add("Content-Type", "application/json")`
			`w.WriteHeader(status)`

			`resp := &ErrorResponse{Errors: make([]string, 0, 1)}`
			`if err != nil {`
			`resp.Errors = append(resp.Errors, err.Error())`
			`}`

			`enc := json.NewEncoder(w)`
			`enc.Encode(resp)`
			`}`

http: respondCommon to do common responses 2015-04-01 04:29:53 +00:00			`func respondCommon(w http.ResponseWriter, resp *logical.Response) bool {`
			`if resp == nil {`
			`return false`
			`}`

			`if resp.IsError() {`
			`err := fmt.Errorf("%s", resp.Data["error"].(string))`
			`respondError(w, http.StatusBadRequest, err)`
			`return true`
			`}`

			`return false`
http: detect errors in logical and return them properly 2015-04-01 04:24:20 +00:00			`}`

http: start the API server 2015-03-12 06:05:16 +00:00			`func respondOk(w http.ResponseWriter, body interface{}) {`
			`w.Header().Add("Content-Type", "application/json")`

			`if body == nil {`
			`w.WriteHeader(http.StatusNoContent)`
			`} else {`
			`w.WriteHeader(http.StatusOK)`
			`enc := json.NewEncoder(w)`
			`enc.Encode(body)`
			`}`
			`}`

			`type ErrorResponse struct {`
			Errors []string `json:"errors"`
			`}`