feat(global): multi endpoint management (#407)

api/http/auth_handler.go

@@ -4,11 +4,12 @@ import (
 	"github.com/portainer/portainer"
 
 	"encoding/json"
-	"github.com/asaskevich/govalidator"
-	"github.com/gorilla/mux"
 	"log"
 	"net/http"
 	"os"
+
+	"github.com/asaskevich/govalidator"
+	"github.com/gorilla/mux"
 )
 
 // AuthHandler represents an HTTP API handler for managing authentication.
@@ -27,7 +28,7 @@ const (
 	ErrInvalidCredentials = portainer.Error("Invalid credentials")
 )
 
-// NewAuthHandler returns a new instance of DialHandler.
+// NewAuthHandler returns a new instance of AuthHandler.
 func NewAuthHandler() *AuthHandler {
 	h := &AuthHandler{
 		Router: mux.NewRouter(),
@@ -38,8 +39,8 @@ func NewAuthHandler() *AuthHandler {
 }
 
 func (handler *AuthHandler) handlePostAuth(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "POST" {
-		handleNotAllowed(w, []string{"POST"})
+	if r.Method != http.MethodPost {
+		handleNotAllowed(w, []string{http.MethodPost})
 		return
 	}
 

api/http/docker_handler.go

@@ -3,7 +3,6 @@ package http
 import (
 	"github.com/portainer/portainer"
 
-	"github.com/gorilla/mux"
 	"io"
 	"log"
 	"net"
@@ -12,6 +11,8 @@ import (
 	"net/url"
 	"os"
 	"strings"
+
+	"github.com/gorilla/mux"
 )
 
 // DockerHandler represents an HTTP API handler for proxying requests to the Docker API.
@@ -36,18 +37,22 @@ func NewDockerHandler(middleWareService *middleWareService) *DockerHandler {
 }
 
 func (handler *DockerHandler) proxyRequestsToDockerAPI(w http.ResponseWriter, r *http.Request) {
-	handler.proxy.ServeHTTP(w, r)
+	if handler.proxy != nil {
+		handler.proxy.ServeHTTP(w, r)
+	} else {
+		Error(w, portainer.ErrNoActiveEndpoint, http.StatusNotFound, handler.Logger)
+	}
 }
 
-func (handler *DockerHandler) setupProxy(config *portainer.EndpointConfiguration) error {
+func (handler *DockerHandler) setupProxy(endpoint *portainer.Endpoint) error {
 	var proxy http.Handler
-	endpointURL, err := url.Parse(config.Endpoint)
+	endpointURL, err := url.Parse(endpoint.URL)
 	if err != nil {
 		return err
 	}
 	if endpointURL.Scheme == "tcp" {
-		if config.TLS {
-			proxy, err = newHTTPSProxy(endpointURL, config)
+		if endpoint.TLS {
+			proxy, err = newHTTPSProxy(endpointURL, endpoint)
 			if err != nil {
 				return err
 			}
@@ -65,7 +70,6 @@ func (handler *DockerHandler) setupProxy(config *portainer.EndpointConfiguration
 // singleJoiningSlash from golang.org/src/net/http/httputil/reverseproxy.go
 // included here for use in NewSingleHostReverseProxyWithHostHeader
 // because its used in NewSingleHostReverseProxy from golang.org/src/net/http/httputil/reverseproxy.go
-
 func singleJoiningSlash(a, b string) string {
 	aslash := strings.HasSuffix(a, "/")
 	bslash := strings.HasPrefix(b, "/")
@@ -81,7 +85,6 @@ func singleJoiningSlash(a, b string) string {
 // NewSingleHostReverseProxyWithHostHeader is based on NewSingleHostReverseProxy
 // from golang.org/src/net/http/httputil/reverseproxy.go and merely sets the Host
 // HTTP header, which NewSingleHostReverseProxy deliberately preserves
-
 func NewSingleHostReverseProxyWithHostHeader(target *url.URL) *httputil.ReverseProxy {
 	targetQuery := target.RawQuery
 	director := func(req *http.Request) {
@@ -107,10 +110,10 @@ func newHTTPProxy(u *url.URL) http.Handler {
 	return NewSingleHostReverseProxyWithHostHeader(u)
 }
 
-func newHTTPSProxy(u *url.URL, endpointConfig *portainer.EndpointConfiguration) (http.Handler, error) {
+func newHTTPSProxy(u *url.URL, endpoint *portainer.Endpoint) (http.Handler, error) {
 	u.Scheme = "https"
 	proxy := NewSingleHostReverseProxyWithHostHeader(u)
-	config, err := createTLSConfiguration(endpointConfig.TLSCACertPath, endpointConfig.TLSCertPath, endpointConfig.TLSKeyPath)
+	config, err := createTLSConfiguration(endpoint.TLSCACertPath, endpoint.TLSCertPath, endpoint.TLSKeyPath)
 	if err != nil {
 		return nil, err
 	}

api/http/endpoint_handler.go

@@ -0,0 +1,294 @@
+package http
+
+import (
+	"github.com/portainer/portainer"
+
+	"encoding/json"
+	"log"
+	"net/http"
+	"os"
+	"strconv"
+
+	"github.com/asaskevich/govalidator"
+	"github.com/gorilla/mux"
+)
+
+// EndpointHandler represents an HTTP API handler for managing Docker endpoints.
+type EndpointHandler struct {
+	*mux.Router
+	Logger            *log.Logger
+	EndpointService   portainer.EndpointService
+	FileService       portainer.FileService
+	server            *Server
+	middleWareService *middleWareService
+}
+
+// NewEndpointHandler returns a new instance of EndpointHandler.
+func NewEndpointHandler(middleWareService *middleWareService) *EndpointHandler {
+	h := &EndpointHandler{
+		Router:            mux.NewRouter(),
+		Logger:            log.New(os.Stderr, "", log.LstdFlags),
+		middleWareService: middleWareService,
+	}
+	h.Handle("/endpoints", middleWareService.addMiddleWares(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		h.handlePostEndpoints(w, r)
+	}))).Methods(http.MethodPost)
+	h.Handle("/endpoints", middleWareService.addMiddleWares(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		h.handleGetEndpoints(w, r)
+	}))).Methods(http.MethodGet)
+	h.Handle("/endpoints/{id}", middleWareService.addMiddleWares(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		h.handleGetEndpoint(w, r)
+	}))).Methods(http.MethodGet)
+	h.Handle("/endpoints/{id}", middleWareService.addMiddleWares(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		h.handlePutEndpoint(w, r)
+	}))).Methods(http.MethodPut)
+	h.Handle("/endpoints/{id}", middleWareService.addMiddleWares(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		h.handleDeleteEndpoint(w, r)
+	}))).Methods(http.MethodDelete)
+	h.Handle("/endpoints/{id}/active", middleWareService.addMiddleWares(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		h.handlePostEndpoint(w, r)
+	}))).Methods(http.MethodPost)
+	return h
+}
+
+// handleGetEndpoints handles GET requests on /endpoints
+func (handler *EndpointHandler) handleGetEndpoints(w http.ResponseWriter, r *http.Request) {
+	endpoints, err := handler.EndpointService.Endpoints()
+	if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+	encodeJSON(w, endpoints, handler.Logger)
+}
+
+// handlePostEndpoints handles POST requests on /endpoints
+// if the active URL parameter is specified, will also define the new endpoint as the active endpoint.
+// /endpoints(?active=true|false)
+func (handler *EndpointHandler) handlePostEndpoints(w http.ResponseWriter, r *http.Request) {
+	var req postEndpointsRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		Error(w, ErrInvalidJSON, http.StatusBadRequest, handler.Logger)
+		return
+	}
+
+	_, err := govalidator.ValidateStruct(req)
+	if err != nil {
+		Error(w, ErrInvalidRequestFormat, http.StatusBadRequest, handler.Logger)
+		return
+	}
+
+	endpoint := &portainer.Endpoint{
+		Name: req.Name,
+		URL:  req.URL,
+		TLS:  req.TLS,
+	}
+
+	err = handler.EndpointService.CreateEndpoint(endpoint)
+	if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+
+	if req.TLS {
+		caCertPath, _ := handler.FileService.GetPathForTLSFile(endpoint.ID, portainer.TLSFileCA)
+		endpoint.TLSCACertPath = caCertPath
+		certPath, _ := handler.FileService.GetPathForTLSFile(endpoint.ID, portainer.TLSFileCert)
+		endpoint.TLSCertPath = certPath
+		keyPath, _ := handler.FileService.GetPathForTLSFile(endpoint.ID, portainer.TLSFileKey)
+		endpoint.TLSKeyPath = keyPath
+		err = handler.EndpointService.UpdateEndpoint(endpoint.ID, endpoint)
+		if err != nil {
+			Error(w, err, http.StatusInternalServerError, handler.Logger)
+			return
+		}
+	}
+
+	activeEndpointParameter := r.FormValue("active")
+	if activeEndpointParameter != "" {
+		active, err := strconv.ParseBool(activeEndpointParameter)
+		if err != nil {
+			Error(w, err, http.StatusBadRequest, handler.Logger)
+			return
+		}
+		if active == true {
+			err = handler.server.updateActiveEndpoint(endpoint)
+			if err != nil {
+				Error(w, err, http.StatusInternalServerError, handler.Logger)
+				return
+			}
+		}
+	}
+
+	encodeJSON(w, &postEndpointsResponse{ID: int(endpoint.ID)}, handler.Logger)
+}
+
+type postEndpointsRequest struct {
+	Name string `valid:"required"`
+	URL  string `valid:"required"`
+	TLS  bool
+}
+
+type postEndpointsResponse struct {
+	ID int `json:"Id"`
+}
+
+// handleGetEndpoint handles GET requests on /endpoints/:id
+// GET /endpoints/0 returns active endpoint
+func (handler *EndpointHandler) handleGetEndpoint(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	id := vars["id"]
+
+	endpointID, err := strconv.Atoi(id)
+	if err != nil {
+		Error(w, err, http.StatusBadRequest, handler.Logger)
+		return
+	}
+
+	var endpoint *portainer.Endpoint
+	if id == "0" {
+		endpoint, err = handler.EndpointService.GetActive()
+		if err == portainer.ErrEndpointNotFound {
+			Error(w, err, http.StatusNotFound, handler.Logger)
+			return
+		} else if err != nil {
+			Error(w, err, http.StatusInternalServerError, handler.Logger)
+			return
+		}
+		if handler.server.ActiveEndpoint == nil {
+			err = handler.server.updateActiveEndpoint(endpoint)
+			if err != nil {
+				Error(w, err, http.StatusInternalServerError, handler.Logger)
+				return
+			}
+		}
+	} else {
+		endpoint, err = handler.EndpointService.Endpoint(portainer.EndpointID(endpointID))
+		if err == portainer.ErrEndpointNotFound {
+			Error(w, err, http.StatusNotFound, handler.Logger)
+			return
+		} else if err != nil {
+			Error(w, err, http.StatusInternalServerError, handler.Logger)
+			return
+		}
+	}
+
+	encodeJSON(w, endpoint, handler.Logger)
+}
+
+// handlePostEndpoint handles POST requests on /endpoints/:id/active
+func (handler *EndpointHandler) handlePostEndpoint(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	id := vars["id"]
+
+	endpointID, err := strconv.Atoi(id)
+	if err != nil {
+		Error(w, err, http.StatusBadRequest, handler.Logger)
+		return
+	}
+
+	endpoint, err := handler.EndpointService.Endpoint(portainer.EndpointID(endpointID))
+	if err == portainer.ErrEndpointNotFound {
+		Error(w, err, http.StatusNotFound, handler.Logger)
+		return
+	} else if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+
+	err = handler.server.updateActiveEndpoint(endpoint)
+	if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
+	}
+}
+
+// handlePutEndpoint handles PUT requests on /endpoints/:id
+func (handler *EndpointHandler) handlePutEndpoint(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	id := vars["id"]
+
+	endpointID, err := strconv.Atoi(id)
+	if err != nil {
+		Error(w, err, http.StatusBadRequest, handler.Logger)
+		return
+	}
+
+	var req putEndpointsRequest
+	if err = json.NewDecoder(r.Body).Decode(&req); err != nil {
+		Error(w, ErrInvalidJSON, http.StatusBadRequest, handler.Logger)
+		return
+	}
+
+	_, err = govalidator.ValidateStruct(req)
+	if err != nil {
+		Error(w, ErrInvalidRequestFormat, http.StatusBadRequest, handler.Logger)
+		return
+	}
+
+	endpoint := &portainer.Endpoint{
+		ID:   portainer.EndpointID(endpointID),
+		Name: req.Name,
+		URL:  req.URL,
+		TLS:  req.TLS,
+	}
+
+	if req.TLS {
+		caCertPath, _ := handler.FileService.GetPathForTLSFile(endpoint.ID, portainer.TLSFileCA)
+		endpoint.TLSCACertPath = caCertPath
+		certPath, _ := handler.FileService.GetPathForTLSFile(endpoint.ID, portainer.TLSFileCert)
+		endpoint.TLSCertPath = certPath
+		keyPath, _ := handler.FileService.GetPathForTLSFile(endpoint.ID, portainer.TLSFileKey)
+		endpoint.TLSKeyPath = keyPath
+	} else {
+		err = handler.FileService.DeleteTLSFiles(endpoint.ID)
+		if err != nil {
+			Error(w, err, http.StatusInternalServerError, handler.Logger)
+			return
+		}
+	}
+
+	err = handler.EndpointService.UpdateEndpoint(endpoint.ID, endpoint)
+	if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+}
+
+type putEndpointsRequest struct {
+	Name string `valid:"required"`
+	URL  string `valid:"required"`
+	TLS  bool
+}
+
+// handleDeleteEndpoint handles DELETE requests on /endpoints/:id
+func (handler *EndpointHandler) handleDeleteEndpoint(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	id := vars["id"]
+
+	endpointID, err := strconv.Atoi(id)
+	if err != nil {
+		Error(w, err, http.StatusBadRequest, handler.Logger)
+		return
+	}
+
+	endpoint, err := handler.EndpointService.Endpoint(portainer.EndpointID(endpointID))
+	if err == portainer.ErrEndpointNotFound {
+		Error(w, err, http.StatusNotFound, handler.Logger)
+		return
+	} else if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+
+	err = handler.EndpointService.DeleteEndpoint(portainer.EndpointID(endpointID))
+	if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+
+	if endpoint.TLS {
+		err = handler.FileService.DeleteTLSFiles(portainer.EndpointID(endpointID))
+		if err != nil {
+			Error(w, err, http.StatusInternalServerError, handler.Logger)
+		}
+	}
+}

api/http/handler.go

@@ -13,10 +13,12 @@ import (
 type Handler struct {
 	AuthHandler      *AuthHandler
 	UserHandler      *UserHandler
+	EndpointHandler  *EndpointHandler
 	SettingsHandler  *SettingsHandler
 	TemplatesHandler *TemplatesHandler
 	DockerHandler    *DockerHandler
 	WebSocketHandler *WebSocketHandler
+	UploadHandler    *UploadHandler
 	FileHandler      http.Handler
 }
 
@@ -33,10 +35,14 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.StripPrefix("/api", h.AuthHandler).ServeHTTP(w, r)
 	} else if strings.HasPrefix(r.URL.Path, "/api/users") {
 		http.StripPrefix("/api", h.UserHandler).ServeHTTP(w, r)
+	} else if strings.HasPrefix(r.URL.Path, "/api/endpoints") {
+		http.StripPrefix("/api", h.EndpointHandler).ServeHTTP(w, r)
 	} else if strings.HasPrefix(r.URL.Path, "/api/settings") {
 		http.StripPrefix("/api", h.SettingsHandler).ServeHTTP(w, r)
 	} else if strings.HasPrefix(r.URL.Path, "/api/templates") {
 		http.StripPrefix("/api", h.TemplatesHandler).ServeHTTP(w, r)
+	} else if strings.HasPrefix(r.URL.Path, "/api/upload") {
+		http.StripPrefix("/api", h.UploadHandler).ServeHTTP(w, r)
 	} else if strings.HasPrefix(r.URL.Path, "/api/websocket") {
 		http.StripPrefix("/api", h.WebSocketHandler).ServeHTTP(w, r)
 	} else if strings.HasPrefix(r.URL.Path, "/api/docker") {

api/http/server.go

@@ -8,14 +8,33 @@ import (
 
 // Server implements the portainer.Server interface
 type Server struct {
-	BindAddress    string
-	AssetsPath     string
-	UserService    portainer.UserService
-	CryptoService  portainer.CryptoService
-	JWTService     portainer.JWTService
-	Settings       *portainer.Settings
-	TemplatesURL   string
-	EndpointConfig *portainer.EndpointConfiguration
+	BindAddress     string
+	AssetsPath      string
+	UserService     portainer.UserService
+	EndpointService portainer.EndpointService
+	CryptoService   portainer.CryptoService
+	JWTService      portainer.JWTService
+	FileService     portainer.FileService
+	Settings        *portainer.Settings
+	TemplatesURL    string
+	ActiveEndpoint  *portainer.Endpoint
+	Handler         *Handler
+}
+
+func (server *Server) updateActiveEndpoint(endpoint *portainer.Endpoint) error {
+	if endpoint != nil {
+		server.ActiveEndpoint = endpoint
+		server.Handler.WebSocketHandler.endpoint = endpoint
+		err := server.Handler.DockerHandler.setupProxy(endpoint)
+		if err != nil {
+			return err
+		}
+		err = server.EndpointService.SetActive(endpoint)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
 }
 
 // Start starts the HTTP server
@@ -23,6 +42,7 @@ func (server *Server) Start() error {
 	middleWareService := &middleWareService{
 		jwtService: server.JWTService,
 	}
+
 	var authHandler = NewAuthHandler()
 	authHandler.UserService = server.UserService
 	authHandler.CryptoService = server.CryptoService
@@ -35,19 +55,31 @@ func (server *Server) Start() error {
 	var templatesHandler = NewTemplatesHandler(middleWareService)
 	templatesHandler.templatesURL = server.TemplatesURL
 	var dockerHandler = NewDockerHandler(middleWareService)
-	dockerHandler.setupProxy(server.EndpointConfig)
 	var websocketHandler = NewWebSocketHandler()
-	websocketHandler.endpointConfiguration = server.EndpointConfig
+	// EndpointHandler requires a reference to the server to be able to update the active endpoint.
+	var endpointHandler = NewEndpointHandler(middleWareService)
+	endpointHandler.EndpointService = server.EndpointService
+	endpointHandler.FileService = server.FileService
+	endpointHandler.server = server
+	var uploadHandler = NewUploadHandler(middleWareService)
+	uploadHandler.FileService = server.FileService
 	var fileHandler = http.FileServer(http.Dir(server.AssetsPath))
 
-	handler := &Handler{
+	server.Handler = &Handler{
 		AuthHandler:      authHandler,
 		UserHandler:      userHandler,
+		EndpointHandler:  endpointHandler,
 		SettingsHandler:  settingsHandler,
 		TemplatesHandler: templatesHandler,
 		DockerHandler:    dockerHandler,
 		WebSocketHandler: websocketHandler,
 		FileHandler:      fileHandler,
+		UploadHandler:    uploadHandler,
 	}
-	return http.ListenAndServe(server.BindAddress, handler)
+	err := server.updateActiveEndpoint(server.ActiveEndpoint)
+	if err != nil {
+		return err
+	}
+
+	return http.ListenAndServe(server.BindAddress, server.Handler)
 }

api/http/settings_handler.go

@@ -3,10 +3,11 @@ package http
 import (
 	"github.com/portainer/portainer"
 
-	"github.com/gorilla/mux"
 	"log"
 	"net/http"
 	"os"
+
+	"github.com/gorilla/mux"
 )
 
 // SettingsHandler represents an HTTP API handler for managing settings.
@@ -30,8 +31,8 @@ func NewSettingsHandler(middleWareService *middleWareService) *SettingsHandler {
 
 // handleGetSettings handles GET requests on /settings
 func (handler *SettingsHandler) handleGetSettings(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "GET" {
-		handleNotAllowed(w, []string{"GET"})
+	if r.Method != http.MethodGet {
+		handleNotAllowed(w, []string{http.MethodGet})
 		return
 	}
 

api/http/templates_handler.go

@@ -2,11 +2,12 @@ package http
 
 import (
 	"fmt"
-	"github.com/gorilla/mux"
 	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
+
+	"github.com/gorilla/mux"
 )
 
 // TemplatesHandler represents an HTTP API handler for managing templates.
@@ -32,8 +33,8 @@ func NewTemplatesHandler(middleWareService *middleWareService) *TemplatesHandler
 
 // handleGetTemplates handles GET requests on /templates
 func (handler *TemplatesHandler) handleGetTemplates(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "GET" {
-		handleNotAllowed(w, []string{"GET"})
+	if r.Method != http.MethodGet {
+		handleNotAllowed(w, []string{http.MethodGet})
 		return
 	}
 

api/http/upload_handler.go

@@ -0,0 +1,74 @@
+package http
+
+import (
+	"github.com/portainer/portainer"
+
+	"log"
+	"net/http"
+	"os"
+	"strconv"
+
+	"github.com/gorilla/mux"
+)
+
+// UploadHandler represents an HTTP API handler for managing file uploads.
+type UploadHandler struct {
+	*mux.Router
+	Logger            *log.Logger
+	FileService       portainer.FileService
+	middleWareService *middleWareService
+}
+
+// NewUploadHandler returns a new instance of UploadHandler.
+func NewUploadHandler(middleWareService *middleWareService) *UploadHandler {
+	h := &UploadHandler{
+		Router:            mux.NewRouter(),
+		Logger:            log.New(os.Stderr, "", log.LstdFlags),
+		middleWareService: middleWareService,
+	}
+	h.Handle("/upload/tls/{endpointID}/{certificate:(ca|cert|key)}", middleWareService.addMiddleWares(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		h.handlePostUploadTLS(w, r)
+	})))
+	return h
+}
+
+func (handler *UploadHandler) handlePostUploadTLS(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		handleNotAllowed(w, []string{http.MethodPost})
+		return
+	}
+
+	vars := mux.Vars(r)
+	endpointID := vars["endpointID"]
+	certificate := vars["certificate"]
+	ID, err := strconv.Atoi(endpointID)
+	if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+
+	file, _, err := r.FormFile("file")
+	defer file.Close()
+	if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+
+	var fileType portainer.TLSFileType
+	switch certificate {
+	case "ca":
+		fileType = portainer.TLSFileCA
+	case "cert":
+		fileType = portainer.TLSFileCert
+	case "key":
+		fileType = portainer.TLSFileKey
+	default:
+		Error(w, portainer.ErrUndefinedTLSFileType, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+
+	err = handler.FileService.StoreTLSFile(portainer.EndpointID(ID), fileType, file)
+	if err != nil {
+		Error(w, err, http.StatusInternalServerError, handler.Logger)
+	}
+}

api/http/user_handler.go

@@ -4,11 +4,12 @@ import (
 	"github.com/portainer/portainer"
 
 	"encoding/json"
-	"github.com/asaskevich/govalidator"
-	"github.com/gorilla/mux"
 	"log"
 	"net/http"
 	"os"
+
+	"github.com/asaskevich/govalidator"
+	"github.com/gorilla/mux"
 )
 
 // UserHandler represents an HTTP API handler for managing users.
@@ -32,10 +33,10 @@ func NewUserHandler(middleWareService *middleWareService) *UserHandler {
 	})))
 	h.Handle("/users/{username}", middleWareService.addMiddleWares(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		h.handleGetUser(w, r)
-	}))).Methods("GET")
+	}))).Methods(http.MethodGet)
 	h.Handle("/users/{username}", middleWareService.addMiddleWares(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		h.handlePutUser(w, r)
-	}))).Methods("PUT")
+	}))).Methods(http.MethodPut)
 	h.Handle("/users/{username}/passwd", middleWareService.addMiddleWares(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		h.handlePostUserPasswd(w, r)
 	})))
@@ -46,8 +47,8 @@ func NewUserHandler(middleWareService *middleWareService) *UserHandler {
 
 // handlePostUsers handles POST requests on /users
 func (handler *UserHandler) handlePostUsers(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "POST" {
-		handleNotAllowed(w, []string{"POST"})
+	if r.Method != http.MethodPost {
+		handleNotAllowed(w, []string{http.MethodPost})
 		return
 	}
 
@@ -86,8 +87,8 @@ type postUsersRequest struct {
 
 // handlePostUserPasswd handles POST requests on /users/:username/passwd
 func (handler *UserHandler) handlePostUserPasswd(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "POST" {
-		handleNotAllowed(w, []string{"POST"})
+	if r.Method != http.MethodPost {
+		handleNotAllowed(w, []string{http.MethodPost})
 		return
 	}
 
@@ -189,8 +190,8 @@ type putUserRequest struct {
 
 // handlePostAdminInit handles GET requests on /users/admin/check
 func (handler *UserHandler) handleGetAdminCheck(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "GET" {
-		handleNotAllowed(w, []string{"GET"})
+	if r.Method != http.MethodGet {
+		handleNotAllowed(w, []string{http.MethodGet})
 		return
 	}
 
@@ -209,8 +210,8 @@ func (handler *UserHandler) handleGetAdminCheck(w http.ResponseWriter, r *http.R
 
 // handlePostAdminInit handles POST requests on /users/admin/init
 func (handler *UserHandler) handlePostAdminInit(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "POST" {
-		handleNotAllowed(w, []string{"POST"})
+	if r.Method != http.MethodPost {
+		handleNotAllowed(w, []string{http.MethodPost})
 		return
 	}
 

api/http/websocket_handler.go

@@ -7,8 +7,6 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
-	"github.com/gorilla/mux"
-	"golang.org/x/net/websocket"
 	"io"
 	"log"
 	"net"
@@ -17,14 +15,17 @@ import (
 	"net/url"
 	"os"
 	"time"
+
+	"github.com/gorilla/mux"
+	"golang.org/x/net/websocket"
 )
 
 // WebSocketHandler represents an HTTP API handler for proxying requests to a web socket.
 type WebSocketHandler struct {
 	*mux.Router
-	Logger                *log.Logger
-	middleWareService     *middleWareService
-	endpointConfiguration *portainer.EndpointConfiguration
+	Logger            *log.Logger
+	middleWareService *middleWareService
+	endpoint          *portainer.Endpoint
 }
 
 // NewWebSocketHandler returns a new instance of WebSocketHandler.
@@ -42,7 +43,7 @@ func (handler *WebSocketHandler) webSocketDockerExec(ws *websocket.Conn) {
 	execID := qry.Get("id")
 
 	// Should not be managed here
-	endpoint, err := url.Parse(handler.endpointConfiguration.Endpoint)
+	endpoint, err := url.Parse(handler.endpoint.URL)
 	if err != nil {
 		log.Fatalf("Unable to parse endpoint URL: %s", err)
 		return
@@ -57,10 +58,10 @@ func (handler *WebSocketHandler) webSocketDockerExec(ws *websocket.Conn) {
 
 	// Should not be managed here
 	var tlsConfig *tls.Config
-	if handler.endpointConfiguration.TLS {
-		tlsConfig, err = createTLSConfiguration(handler.endpointConfiguration.TLSCACertPath,
-			handler.endpointConfiguration.TLSCertPath,
-			handler.endpointConfiguration.TLSKeyPath)
+	if handler.endpoint.TLS {
+		tlsConfig, err = createTLSConfiguration(handler.endpoint.TLSCACertPath,
+			handler.endpoint.TLSCertPath,
+			handler.endpoint.TLSKeyPath)
 		if err != nil {
 			log.Fatalf("Unable to create TLS configuration: %s", err)
 			return