File: handler.go

package info (click to toggle)
golang-github-spiffe-go-spiffe 2.5.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,116 kB
  • sloc: makefile: 157
file content (72 lines) | stat: -rw-r--r-- 2,220 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
package federation

import (
	"fmt"
	"net/http"

	"github.com/spiffe/go-spiffe/v2/bundle/spiffebundle"
	"github.com/spiffe/go-spiffe/v2/logger"
	"github.com/spiffe/go-spiffe/v2/spiffeid"
)

type HandlerOption interface {
	apply(*handlerConfig) error
}

func WithLogger(log logger.Logger) HandlerOption {
	return handlerOption(func(c *handlerConfig) error {
		c.log = log
		return nil
	})
}

// NewHandler returns an HTTP handler that provides the trust domain bundle for
// the given trust domain. The bundle is encoded according to the format
// outlined in the SPIFFE Trust Domain and Bundle specification. The bundle
// source is used to obtain the bundle on each request. Source implementations
// should consider a caching strategy if retrieval is expensive.
// See the specification for more details:
// https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Trust_Domain_and_Bundle.md
func NewHandler(trustDomain spiffeid.TrustDomain, source spiffebundle.Source, opts ...HandlerOption) (http.Handler, error) {
	conf := &handlerConfig{
		log: logger.Null,
	}

	for _, opt := range opts {
		if err := opt.apply(conf); err != nil {
			return nil, fmt.Errorf("handler configuration is invalid: %w", err)
		}
	}
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if r.Method != http.MethodGet {
			http.Error(w, "method is not allowed", http.StatusMethodNotAllowed)
			return
		}

		bundle, err := source.GetBundleForTrustDomain(trustDomain)
		if err != nil {
			conf.log.Errorf("unable to get bundle for trust domain %q: %v", trustDomain, err)
			http.Error(w, fmt.Sprintf("unable to serve bundle for %q", trustDomain), http.StatusInternalServerError)
			return
		}
		data, err := bundle.Marshal()
		if err != nil {
			conf.log.Errorf("unable to marshal bundle for trust domain %q: %v", trustDomain, err)
			http.Error(w, fmt.Sprintf("unable to serve bundle for %q", trustDomain), http.StatusInternalServerError)
			return
		}

		w.Header().Set("Content-Type", "application/json")
		_, _ = w.Write(data)
	}), nil
}

type handlerConfig struct {
	log logger.Logger
}

type handlerOption func(*handlerConfig) error

func (o handlerOption) apply(conf *handlerConfig) error {
	return o(conf)
}