gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-11 05:38:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement M7: auth middleware, rate limiting, CORS, and GUI login flow

Browse Source 
Add SHA-256 API key authentication with constant-time comparison, configurable
token bucket rate limiter, CORS origin allowlist middleware, and React auth
context with login page. Auth info endpoint bootstraps GUI without credentials.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Shankar
2026-03-15 11:58:13 -04:00
parent 73f27bfb48
commit 1904a92359
12 changed files with 590 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/router/router.go
+9 -1
View File
@@ -57,7 +57,7 @@ func (r *Router) RegisterHandlers(
notifications handler.NotificationHandler,
health handler.HealthHandler,
) {
// Health endpoints (no middleware)
// Health endpoints (no auth middleware — must always be accessible)
r.mux.Handle("GET /health", middleware.Chain(
http.HandlerFunc(health.Health),
middleware.CORS,
@@ -68,6 +68,14 @@ func (r *Router) RegisterHandlers(
middleware.CORS,
middleware.ContentType,
))
// Auth info endpoint (no auth middleware — GUI needs this before login)
r.mux.Handle("GET /api/v1/auth/info", middleware.Chain(
http.HandlerFunc(health.AuthInfo),
middleware.CORS,
middleware.ContentType,
))
// Auth check endpoint (uses full middleware chain via r.Register)
r.Register("GET /api/v1/auth/check", http.HandlerFunc(health.AuthCheck))
// Certificates routes: /api/v1/certificates
r.Register("GET /api/v1/certificates", http.HandlerFunc(certificates.ListCertificates))