added: certs/*/info

src/api.rs

@@ -11,8 +11,8 @@ use crate::env_key;
 use anyhow::Context;
 use axum::body;
 use axum::extract::{Path, State};
-use axum::routing::post;
-use axum::{http::StatusCode, response::IntoResponse, Router};
+
+use axum::{http::StatusCode, response::IntoResponse, Json, Router};
 use axum_extra::routing::{
     RouterExt, // for `Router::typed_*`
     TypedPath,
@@ -22,8 +22,8 @@ use serde::Deserialize;
 use ssh_key::{Certificate, PublicKey};
 use tokio::sync::Mutex;
 use tower::ServiceBuilder;
-use tower_http::ServiceBuilderExt;
-use tracing::{debug, instrument, trace};
+use tower_http::{trace::TraceLayer, ServiceBuilderExt};
+use tracing::{debug, trace};
 
 use self::extract::CertificateBody;
 
@@ -133,9 +133,11 @@ pub async fn run(
     let app = Router::new()
         .typed_get(get_certs_identifier)
         .typed_put(put_cert_update)
-        .route("/certs/:identifier", post(post_certs_identifier))
+        .typed_get(get_cert_info)
+        .typed_post(post_certs_identifier)
         .fallback(fallback_404)
         .layer(ServiceBuilder::new().map_request_body(body::boxed))
+        .layer(TraceLayer::new_for_http())
         .with_state(state);
 
     // run our app with hyper
@@ -193,7 +195,6 @@ pub struct GetCert {
 /// return Unauthorized with an challenge
 /// upon which the client will ssh-keysign
 /// the challenge an issue an post request
-#[instrument(skip_all, ret)]
 async fn get_certs_identifier(
     GetCert { identifier }: GetCert,
     State(ApiState { certs, .. }): State<ApiState>,
@@ -205,9 +206,41 @@ async fn get_certs_identifier(
     Ok(cert.to_openssh().context("to openssh")?)
 }
 
+#[derive(TypedPath, Deserialize)]
+#[typed_path("/certs/:identifier/info")]
+pub struct GetCertInfo {
+    pub identifier: String,
+}
+
+#[cfg(feature = "info")]
+async fn get_cert_info(
+    GetCertInfo { identifier }: GetCertInfo,
+    State(ApiState { certs, .. }): State<ApiState>,
+) -> ApiResult<Json<Certificate>> {
+    let certs = certs.lock().await;
+    let cert = certs
+        .get(&identifier)
+        .ok_or(ApiError::CertificateNotFound)?;
+    Ok(Json(cert.clone()))
+}
+
+#[cfg(not(feature = "info"))]
+async fn get_cert_info(
+    GetCertInfo { identifier: _ }: GetCertInfo,
+    State(ApiState { certs: _, .. }): State<ApiState>,
+) -> ApiResult<()> {
+    unimplemented!()
+}
+
+#[derive(TypedPath, Deserialize)]
+#[typed_path("/certs/:identifier")]
+pub struct PostCertInfo {
+    pub identifier: String,
+}
+
 /// POST with signed challenge
-#[instrument(skip_all, ret)]
 async fn post_certs_identifier(
+    PostCertInfo { identifier: _ }: PostCertInfo,
     State(ApiState { .. }): State<ApiState>,
     Path(_identifier): Path<String>,
 ) -> ApiResult<String> {
@@ -219,7 +252,6 @@ async fn post_certs_identifier(
 pub struct PutCert;
 
 /// Upload an cert with an higher serial than the previous
-#[instrument(skip_all, ret)]
 async fn put_cert_update(
     _: PutCert,
     State(ApiState {
@@ -237,7 +269,6 @@ async fn put_cert_update(
 ) -> ApiResult<String> {
     cert.validate(&[ca.fingerprint(Default::default())])
         .map_err(|_| ApiError::CertificateInvalid)?;
-    let _string_repr = cert.to_openssh();
     let prev = load_cert_by_id(&cert_dir, &ca, cert.key_id()).await?;
     let mut prev_serial = 0;
     let serial = cert.serial();