MCPcopy
hub / github.com/kubewall/kubewall / PostCertificate

Method PostCertificate

backend/handlers/app/config.go:110–168  ·  view source on GitHub ↗
(c echo.Context)

Source from the content-addressed store, hash-verified

108}
109
110func (h *AppConfigHandler) PostCertificate(c echo.Context) error {
111 serverIP := strings.TrimSpace(c.FormValue("serverIP"))
112 name := strings.TrimSpace(c.FormValue("name"))
113 cert := strings.TrimSpace(c.FormValue("clientCertData"))
114 key := strings.TrimSpace(c.FormValue("clientKeyData"))
115 configName := strings.TrimSpace(c.FormValue("configName"))
116 tlsMode := strings.TrimSpace(c.FormValue("tlsMode"))
117 caCert := strings.TrimSpace(c.FormValue("caCertData"))
118
119 if serverIP == "" || name == "" || cert == "" || key == "" {
120 return echo.NewHTTPError(http.StatusBadRequest, "missing required fields: serverIP, name, clientCertData, or clientKeyData")
121 }
122
123 // Validate config name
124 if err := validateConfigName(configName); err != nil {
125 return echo.NewHTTPError(http.StatusBadRequest, err.Error())
126 }
127
128 // Normalize to lowercase
129 configName = strings.ToLower(strings.TrimSpace(configName))
130
131 // Check for duplicates
132 if h.container.Config().ConfigExists(configName) {
133 return echo.NewHTTPError(http.StatusConflict, fmt.Sprintf("config '%s' already exists", configName))
134 }
135
136 // Default to system mode if not specified
137 if tlsMode == "" {
138 tlsMode = "system"
139 }
140
141 // Validate: if custom mode, CA cert is required
142 if tlsMode == "custom" && caCert == "" {
143 return echo.NewHTTPError(http.StatusBadRequest, "CA certificate required for custom TLS mode")
144 }
145
146 encodedCert := base64.StdEncoding.EncodeToString([]byte(cert))
147 encodedKey := base64.StdEncoding.EncodeToString([]byte(key))
148
149 var encodedCaCert string
150 if caCert != "" {
151 encodedCaCert = base64.StdEncoding.EncodeToString([]byte(caCert))
152 }
153
154 kubeconfig := generateCertificateConfig(serverIP, name, encodedCert, encodedKey, encodedCaCert, tlsMode)
155
156 path := filepath.Join(homeDir(), config.AppConfigDir, config.AppKubeConfigDir, configName)
157 if err := writeKubeconfigToFile(path, kubeconfig); err != nil {
158 return err
159 }
160
161 if err := validateKubeconfigFile(path); err != nil {
162 defer os.Remove(path)
163 return echo.NewHTTPError(http.StatusBadRequest, "invalid kubeconfig").SetInternal(err)
164 }
165
166 h.container.Config().SaveKubeConfig(configName)
167 return c.JSON(http.StatusOK, echo.Map{"success": true, "configId": configName})

Callers

nothing calls this directly

Calls 8

homeDirFunction · 0.85
writeKubeconfigToFileFunction · 0.85
validateKubeconfigFileFunction · 0.85
ConfigExistsMethod · 0.80
SaveKubeConfigMethod · 0.80
validateConfigNameFunction · 0.70
ConfigMethod · 0.65

Tested by

no test coverage detected