emissary/internal/command/server/auth/create_token.go

94 lines
2.5 KiB
Go
Raw Permalink Normal View History

package auth
import (
"fmt"
"os"
"path/filepath"
"forge.cadoles.com/Cadoles/emissary/internal/auth/user"
"forge.cadoles.com/Cadoles/emissary/internal/command/client/flag"
"forge.cadoles.com/Cadoles/emissary/internal/command/common"
2024-02-26 18:20:40 +01:00
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
"forge.cadoles.com/Cadoles/emissary/internal/jwk"
"github.com/google/uuid"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"
)
func CreateTokenCommand() *cli.Command {
return &cli.Command{
Name: "create-token",
2023-03-13 10:44:58 +01:00
Usage: "Create a new authentication token",
Flags: []cli.Flag{
&cli.StringFlag{
Name: "role",
Usage: fmt.Sprintf("associate `ROLE` to the token (available: %v)", []user.Role{user.RoleReader, user.RoleWriter, user.RoleAdmin}),
Value: string(user.RoleReader),
},
&cli.StringFlag{
Name: "subject",
Usage: "associate `SUBJECT` to the token",
Value: fmt.Sprintf("user-%s", uuid.New().String()),
},
2024-02-26 18:20:40 +01:00
&cli.StringFlag{
Name: "tenant",
Usage: "associate `TENANT` to the token",
Value: "00000000-0000-0000-0000-000000000000",
2024-02-26 18:20:40 +01:00
},
&cli.StringFlag{
Name: "output",
Aliases: []string{"o"},
TakesFile: true,
Usage: "output token to `OUTPUT` (or '-' to print to stdout)",
Value: flag.AuthTokenDefaultHomePath,
},
},
Action: func(ctx *cli.Context) error {
conf, err := common.LoadConfig(ctx)
if err != nil {
return errors.Wrap(err, "Could not load configuration")
}
subject := ctx.String("subject")
2024-02-26 18:20:40 +01:00
tenant := ctx.String("tenant")
role := ctx.String("role")
output := ctx.String("output")
localAuth := conf.Server.Auth.Local
if localAuth == nil {
return errors.New("local auth is disabled")
}
key, err := jwk.LoadOrGenerate(string(localAuth.PrivateKeyPath), jwk.DefaultKeySize)
if err != nil {
return errors.WithStack(err)
}
token, err := user.GenerateToken(ctx.Context, key, datastore.TenantID(tenant), subject, user.Role(role))
if err != nil {
return errors.WithStack(err)
}
output = os.ExpandEnv(output)
if output == "-" {
fmt.Println(token)
} else {
outputDirectory := filepath.Dir(output)
if err := os.MkdirAll(outputDirectory, os.FileMode(0o700)); err != nil {
return errors.WithStack(err)
}
if err := os.WriteFile(output, []byte(token), os.FileMode(0o600)); err != nil {
return errors.WithStack(err)
}
fmt.Printf("Token written to '%s'.\n", output)
}
return nil
},
}
}