application_controller.rb 1.18 KB
class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  def check_cert
    @cert = Certificate.find_by active: true
    unless @cert
      @cert = Certificate.create
      @cert.save
    end

    # update cert on all hosts if close to end.
    # This will never fail as lxd is very lax with its certificates.
    # It accepts certificates even behind the not_after date.
    # As a result a password is only required when a new host is added
    # or we remove the current cert completely.
    if (@cert.cert.not_after - 1.day + 300) < Time.now
      @new_cert = @cert.update
      Host.all.each { |host|
        host.cert = @cert
        # add new certificate
        cert = Lxd::Certificate.new(
          api: host.api,
          certificate: @new_cert.cert.to_pem.split("\n")[1...-1].join)
        cert.add
        # delete old certificate / we don't want this to be used
        # any more.
        Lxd::Certificate.new(
          api: host.api, fingerprint: @cert.cert_fpr).delete
      }
      @cert = @new_cert
    end
  end
end
# vim: set et ts=2 sw=2: