feat(auth): store and retrieve auth token from home directory by default (#2)

2023-08-25 12:02:02 -06:00 · 2023-08-25 12:02:02 -06:00 · 3d7a094cb8
parent 077964c7b9
commit 3d7a094cb8
4 changed files with 56 additions and 21 deletions
--- a/2
+++ b/2
@ -118,7 +118,7 @@ gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh goreleaser chan
 		tools/gitea-release/bin/gitea-release.sh

 .emissary-token:
-	$(MAKE) run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server auth create-token --role writer > .emissary-token"
+	$(MAKE) run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server auth create-token --role writer --output .emissary-token"

 AGENT_ID ?= 1

--- a/doc/tutorials/fr/first-steps.md
+++ b/doc/tutorials/fr/first-steps.md
@ -80,9 +80,11 @@
 5. Créer un jeton d'administration:

    ```shell
-    sudo emissary --workdir /usr/share/emissary --config /etc/emissary/server.yml server auth create-token --role writer --subject $(whoami) > .emissary-token
+    sudo emissary --workdir /usr/share/emissary --config /etc/emissary/server.yml server auth create-token --role writer --subject $(whoami)
    ```

+    > **Note** Le jeton sera stocké dans le répertoire `$HOME/.config/emissary`.
+
 6. Vérifier l'authentification sur l'API:

    ```shell
--- a/internal/command/api/flag/flag.go
+++ b/internal/command/api/flag/flag.go
@ -2,7 +2,6 @@ package flag

 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"strings"

@ -12,6 +11,11 @@ import (
 	"github.com/urfave/cli/v2"
 )

+const (
+	AuthTokenDefaultHomePath  = "$HOME/.config/emissary/auth-token"
+	AuthTokenDefaultLocalPath = ".emissary-token"
+)
+
 func ComposeFlags(flags ...cli.Flag) []cli.Flag {
 	baseFlags := []cli.Flag{
 		&cli.StringFlag{
@ -37,10 +41,10 @@ func ComposeFlags(flags ...cli.Flag) []cli.Flag {
 			Aliases: []string{"t"},
 			Usage:   "use `TOKEN` as authentication token",
 		},
-		&cli.StringFlag{
+		&cli.StringSliceFlag{
 			Name:      "token-file",
 			Usage:     "use `TOKEN_FILE` as file containing the authentication token",
-			Value:     ".emissary-token",
+			Value:     cli.NewStringSlice(AuthTokenDefaultLocalPath, AuthTokenDefaultHomePath),
 			TakesFile: true,
 		},
 	}
@ -55,14 +59,14 @@ type BaseFlags struct {
 	Format     format.Format
 	OutputMode format.OutputMode
 	Token      string
-	TokenFile  string
+	TokenFiles []string
 }

 func GetBaseFlags(ctx *cli.Context) *BaseFlags {
 	serverURL := ctx.String("server")
 	rawFormat := ctx.String("format")
 	rawOutputMode := ctx.String("output-mode")
-	tokenFile := ctx.String("token-file")
+	tokenFiles := ctx.StringSlice("token-file")
 	token := ctx.String("token")

 	return &BaseFlags{
@ -70,7 +74,7 @@ func GetBaseFlags(ctx *cli.Context) *BaseFlags {
 		Format:     format.Format(rawFormat),
 		OutputMode: format.OutputMode(rawOutputMode),
 		Token:      token,
-		TokenFile:  tokenFile,
+		TokenFiles: tokenFiles,
 	}
 }

@ -79,18 +83,20 @@ func GetToken(flags *BaseFlags) (string, error) {
 		return flags.Token, nil
 	}

-	if flags.TokenFile == "" {
-		return "", nil
+	for _, tokenFile := range flags.TokenFiles {
+		tokenFile = os.ExpandEnv(tokenFile)
+
+		rawToken, err := os.ReadFile(tokenFile)
+		if err != nil && !errors.Is(err, os.ErrNotExist) {
+			return "", errors.WithStack(err)
+		}
+
+		if rawToken == nil {
+			continue
+		}
+
+		return strings.TrimSpace(string(rawToken)), nil
 	}

-	rawToken, err := ioutil.ReadFile(flags.TokenFile)
-	if err != nil && !errors.Is(err, os.ErrNotExist) {
-		return "", errors.WithStack(err)
-	}
-
-	if rawToken == nil {
-		return "", nil
-	}
-
-	return strings.TrimSpace(string(rawToken)), nil
+	return "", nil
 }
--- a/internal/command/server/auth/create_token.go
+++ b/internal/command/server/auth/create_token.go
@ -2,8 +2,11 @@ package auth

 import (
 	"fmt"
+	"os"
+	"path/filepath"

 	"forge.cadoles.com/Cadoles/emissary/internal/auth/thirdparty"
+	"forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
 	"forge.cadoles.com/Cadoles/emissary/internal/command/common"
 	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
 	"github.com/lithammer/shortuuid/v4"
@ -26,6 +29,13 @@ func CreateTokenCommand() *cli.Command {
 				Usage: "associate `SUBJECT` to the token",
 				Value: fmt.Sprintf("user-%s", shortuuid.New()),
 			},
+			&cli.StringFlag{
+				Name:      "output",
+				Aliases:   []string{"o"},
+				TakesFile: true,
+				Usage:     "output token to `OUTPUT` (or '-' to print to stdout)",
+				Value:     flag.AuthTokenDefaultHomePath,
+			},
 		},
 		Action: func(ctx *cli.Context) error {
 			conf, err := common.LoadConfig(ctx)
@ -35,6 +45,7 @@ func CreateTokenCommand() *cli.Command {

 			subject := ctx.String("subject")
 			role := ctx.String("role")
+			output := ctx.String("output")

 			localAuth := conf.Server.Auth.Local
 			if localAuth == nil {
@ -51,7 +62,23 @@ func CreateTokenCommand() *cli.Command {
 				return errors.WithStack(err)
 			}

-			fmt.Println(token)
+			output = os.ExpandEnv(output)
+
+			if output == "-" {
+				fmt.Println(token)
+			} else {
+				outputDirectory := filepath.Dir(output)
+
+				if err := os.MkdirAll(outputDirectory, os.FileMode(0o700)); err != nil {
+					return errors.WithStack(err)
+				}
+
+				if err := os.WriteFile(output, []byte(token), os.FileMode(0o600)); err != nil {
+					return errors.WithStack(err)
+				}
+
+				fmt.Printf("Token written to '%s'.\n", output)
+			}

 			return nil
 		},