feat(auth): store and retrieve auth token from home directory by default (#2)

internal/command/server/auth/create_token.go

@@ -2,8 +2,11 @@ package auth
 
 import (
 	"fmt"
+	"os"
+	"path/filepath"
 
 	"forge.cadoles.com/Cadoles/emissary/internal/auth/thirdparty"
+	"forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
 	"forge.cadoles.com/Cadoles/emissary/internal/command/common"
 	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
 	"github.com/lithammer/shortuuid/v4"
@@ -26,6 +29,13 @@ func CreateTokenCommand() *cli.Command {
 				Usage: "associate `SUBJECT` to the token",
 				Value: fmt.Sprintf("user-%s", shortuuid.New()),
 			},
+			&cli.StringFlag{
+				Name:      "output",
+				Aliases:   []string{"o"},
+				TakesFile: true,
+				Usage:     "output token to `OUTPUT` (or '-' to print to stdout)",
+				Value:     flag.AuthTokenDefaultHomePath,
+			},
 		},
 		Action: func(ctx *cli.Context) error {
 			conf, err := common.LoadConfig(ctx)
@@ -35,6 +45,7 @@ func CreateTokenCommand() *cli.Command {
 
 			subject := ctx.String("subject")
 			role := ctx.String("role")
+			output := ctx.String("output")
 
 			localAuth := conf.Server.Auth.Local
 			if localAuth == nil {
@@ -51,7 +62,23 @@ func CreateTokenCommand() *cli.Command {
 				return errors.WithStack(err)
 			}
 
-			fmt.Println(token)
+			output = os.ExpandEnv(output)
+
+			if output == "-" {
+				fmt.Println(token)
+			} else {
+				outputDirectory := filepath.Dir(output)
+
+				if err := os.MkdirAll(outputDirectory, os.FileMode(0o700)); err != nil {
+					return errors.WithStack(err)
+				}
+
+				if err := os.WriteFile(output, []byte(token), os.FileMode(0o600)); err != nil {
+					return errors.WithStack(err)
+				}
+
+				fmt.Printf("Token written to '%s'.\n", output)
+			}
 
 			return nil
 		},