package auth import ( "fmt" "forge.cadoles.com/Cadoles/emissary/internal/auth/thirdparty" "forge.cadoles.com/Cadoles/emissary/internal/command/common" "forge.cadoles.com/Cadoles/emissary/internal/jwk" "github.com/lithammer/shortuuid/v4" "github.com/pkg/errors" "github.com/urfave/cli/v2" ) func CreateTokenCommand() *cli.Command { return &cli.Command{ Name: "create-token", Usage: "Create a new authentication token", Flags: []cli.Flag{ &cli.StringFlag{ Name: "role", Usage: fmt.Sprintf("associate `ROLE` to the token (available: %v)", []thirdparty.Role{thirdparty.RoleReader, thirdparty.RoleWriter}), Value: string(thirdparty.RoleReader), }, &cli.StringFlag{ Name: "subject", Usage: "associate `SUBJECT` to the token", Value: fmt.Sprintf("user-%s", shortuuid.New()), }, }, Action: func(ctx *cli.Context) error { conf, err := common.LoadConfig(ctx) if err != nil { return errors.Wrap(err, "Could not load configuration") } subject := ctx.String("subject") role := ctx.String("role") localAuth := conf.Server.Auth.Local if localAuth == nil { return errors.New("local auth is disabled") } key, err := jwk.LoadOrGenerate(string(localAuth.PrivateKeyPath), jwk.DefaultKeySize) if err != nil { return errors.WithStack(err) } token, err := thirdparty.GenerateToken(ctx.Context, key, subject, thirdparty.Role(role)) if err != nil { return errors.WithStack(err) } fmt.Println(token) return nil }, } }