core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/pkg/unifi/client.go
Snider 3993d0583e Secure SSH and TLS connections, and fix CI issues 
Addresses security concerns from OWASP audit and CodeQL by enforcing strict
host key verification and TLS certificate verification.

Security Changes:
- Enforced strict SSH host key checking in pkg/container and devops.
- Removed insecure SSH host key verification from pkg/ansible.
- Added synchronous host key discovery during VM boot using ssh-keyscan.
- Updated UniFi client to enforce TLS certificate verification by default.
- Added --insecure flag and config option for UniFi to allow opt-in to
  skipping TLS verification for self-signed certificates.

CI and Maintenance:
- Fixed auto-merge workflow by providing repository context to 'gh' command.
- Resolved merge conflicts in .github/workflows/auto-merge.yml.
- Added unit tests for secured Ansible SSH client.
- Fixed formatting issues identified by QA checks.
2026-02-05 03:48:42 +00:00

52 lines
1.1 KiB
Go
Raw Blame History

package unifi
import (
"crypto/tls"
"net/http"
uf "github.com/unpoller/unifi/v5"
"github.com/host-uk/core/pkg/log"
)
// Client wraps the unpoller UniFi client with config-based auth.
type Client struct {
api *uf.Unifi
url string
}
// New creates a new UniFi API client for the given controller URL and credentials.
func New(url, user, pass, apikey string, insecure bool) (*Client, error) {
cfg := &uf.Config{
URL: url,
User: user,
Pass: pass,
APIKey: apikey,
}
// Setup HTTP client with optional TLS verification skip
httpClient := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: insecure,
MinVersion: tls.VersionTLS12,
},
},
}
api, err := uf.NewUnifi(cfg)
if err != nil {
return nil, log.E("unifi.New", "failed to create client", err)
}
// Override the HTTP client to skip TLS verification
api.Client = httpClient
return &Client{api: api, url: url}, nil
}
// API exposes the underlying SDK client for direct access.
func (c *Client) API() *uf.Unifi { return c.api }
// URL returns the UniFi controller URL.
func (c *Client) URL() string { return c.url }
Reference in a new issue View git blame Copy permalink