aboutsummaryrefslogtreecommitdiffstats
path: root/rust/src/bin
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2019-01-08 16:28:27 -0800
committerBryan Newbold <bnewbold@robocracy.org>2019-01-08 16:28:27 -0800
commit16f2e78298dbd2231f5f337ea17c89a6a131a052 (patch)
tree6e72581e625e73c97cbab72d0f9c35665c99e5d7 /rust/src/bin
parenteb40a5f274f3608db34309cfd16739a7642ef5e7 (diff)
parentffb721f90c5d97ee80885209bf45feb85ca9625c (diff)
downloadfatcat-16f2e78298dbd2231f5f337ea17c89a6a131a052.tar.gz
fatcat-16f2e78298dbd2231f5f337ea17c89a6a131a052.zip
Merge branch 'bnewbold-crude-auth'
Fixed a conflict in: python/fatcat_export.py
Diffstat (limited to 'rust/src/bin')
-rw-r--r--rust/src/bin/fatcat-auth.rs134
-rw-r--r--rust/src/bin/fatcat-export.rs18
-rw-r--r--rust/src/bin/fatcatd.rs24
3 files changed, 151 insertions, 25 deletions
diff --git a/rust/src/bin/fatcat-auth.rs b/rust/src/bin/fatcat-auth.rs
new file mode 100644
index 00000000..addd2b66
--- /dev/null
+++ b/rust/src/bin/fatcat-auth.rs
@@ -0,0 +1,134 @@
+//! JSON Export Helper
+
+//#[macro_use]
+extern crate clap;
+extern crate diesel;
+extern crate dotenv;
+#[macro_use]
+extern crate error_chain;
+extern crate fatcat;
+//#[macro_use]
+extern crate env_logger;
+extern crate log;
+extern crate serde_json;
+extern crate uuid;
+
+use clap::{App, SubCommand};
+
+use diesel::prelude::*;
+use fatcat::api_helpers::FatCatId;
+use fatcat::errors::*;
+use std::str::FromStr;
+//use uuid::Uuid;
+
+//use error_chain::ChainedError;
+//use std::io::{Stdout,StdoutLock};
+//use std::io::prelude::*;
+//use std::io::{BufReader, BufWriter};
+
+fn run() -> Result<()> {
+ let m = App::new("fatcat-auth")
+ .version(env!("CARGO_PKG_VERSION"))
+ .author("Bryan Newbold <bnewbold@archive.org>")
+ .about("Editor authentication admin tool")
+ .subcommand(
+ SubCommand::with_name("list-editors").about("Prints all currently registered editors"),
+ )
+ .subcommand(
+ SubCommand::with_name("create-editor")
+ .about("Creates a new auth token (macaroon) for the given editor")
+ .args_from_usage(
+ "<username> 'username for editor'
+ --admin 'creates editor with admin privs'
+ --bot 'this editor is a bot'",
+ ),
+ )
+ .subcommand(
+ SubCommand::with_name("create-token")
+ .about("Creates a new auth token (macaroon) for the given editor")
+ .args_from_usage(
+ "<editor-id> 'id of the editor (fatcatid, not username)'
+ --env-format 'outputs in a format that shells can source'", // TODO
+ ),
+ )
+ .subcommand(
+ SubCommand::with_name("inspect-token")
+ .about("Dumps token metadata (and whether it is valid)")
+ .args_from_usage("<token> 'base64-encoded token (macaroon)'"),
+ )
+ .subcommand(
+ SubCommand::with_name("create-key")
+ .about("Creates a new auth secret key (aka, root/signing key for tokens)")
+ .args_from_usage(
+ "--env-format 'outputs in a format that shells can source'", // TODO
+ ),
+ )
+ .subcommand(
+ SubCommand::with_name("revoke-tokens")
+ .about("Resets auth_epoch for a single editor (invalidating all existing tokens)")
+ .args_from_usage("<editor-id> 'identifier (fcid) of editor'"),
+ )
+ .subcommand(
+ SubCommand::with_name("revoke-tokens-everyone")
+ .about("Resets auth_epoch for all editors (invalidating tokens for all users!)"),
+ )
+ .get_matches();
+
+ // First, the commands with no db or confectionary needed
+ match m.subcommand() {
+ ("create-key", Some(_subm)) => {
+ println!("{}", fatcat::auth::create_key());
+ return Ok(());
+ }
+ _ => (),
+ }
+
+ // Then the ones that do
+ let db_conn = fatcat::database_worker_pool()?
+ .get()
+ .expect("database pool");
+ let confectionary = fatcat::env_confectionary()?;
+ match m.subcommand() {
+ ("list-editors", Some(_subm)) => {
+ fatcat::auth::print_editors(&db_conn)?;
+ }
+ ("create-editor", Some(subm)) => {
+ let editor = fatcat::api_helpers::create_editor(
+ &db_conn,
+ subm.value_of("username").unwrap().to_string(),
+ subm.is_present("admin"),
+ subm.is_present("bot"),
+ )?;
+ //println!("{:?}", editor);
+ println!("{}", FatCatId::from_uuid(&editor.id).to_string());
+ }
+ ("create-token", Some(subm)) => {
+ let editor_id = FatCatId::from_str(subm.value_of("editor-id").unwrap())?;
+ // check that editor exists
+ let _ed: fatcat::database_models::EditorRow = fatcat::database_schema::editor::table
+ .find(&editor_id.to_uuid())
+ .get_result(&db_conn)?;
+ println!("{}", confectionary.create_token(editor_id, None)?);
+ }
+ ("inspect-token", Some(subm)) => {
+ confectionary.inspect_token(&db_conn, subm.value_of("token").unwrap())?;
+ }
+ ("revoke-tokens", Some(subm)) => {
+ let editor_id = FatCatId::from_str(subm.value_of("editor-id").unwrap())?;
+ fatcat::auth::revoke_tokens(&db_conn, editor_id)?;
+ println!("success!");
+ }
+ ("revoke-tokens-everyone", Some(_subm)) => {
+ fatcat::auth::revoke_tokens_everyone(&db_conn)?;
+ println!("success!");
+ }
+ _ => {
+ println!("Missing or unimplemented command!");
+ println!("{}", m.usage());
+ ::std::process::exit(-1);
+ }
+ }
+ Ok(())
+}
+
+quick_main!(run);
diff --git a/rust/src/bin/fatcat-export.rs b/rust/src/bin/fatcat-export.rs
index ec66ed4c..e1b930fc 100644
--- a/rust/src/bin/fatcat-export.rs
+++ b/rust/src/bin/fatcat-export.rs
@@ -17,15 +17,10 @@ extern crate serde_json;
extern crate uuid;
use clap::{App, Arg};
-use dotenv::dotenv;
-use std::env;
-use diesel::prelude::*;
-use diesel::r2d2::ConnectionManager;
use fatcat::api_entity_crud::*;
use fatcat::api_helpers::*;
use fatcat::errors::*;
-use fatcat::ConnectionPool;
use fatcat_api_spec::models::*;
use std::str::FromStr;
use uuid::Uuid;
@@ -59,17 +54,6 @@ struct IdentRow {
redirect_id: Option<FatCatId>,
}
-/// Instantiate a new API server with a pooled database connection
-pub fn database_worker_pool() -> Result<ConnectionPool> {
- dotenv().ok();
- let database_url = env::var("DATABASE_URL").expect("DATABASE_URL must be set");
- let manager = ConnectionManager::<PgConnection>::new(database_url);
- let pool = diesel::r2d2::Pool::builder()
- .build(manager)
- .expect("Failed to create database pool.");
- Ok(pool)
-}
-
macro_rules! generic_loop_work {
($fn_name:ident, $entity_model:ident) => {
fn $fn_name(
@@ -183,7 +167,7 @@ pub fn do_export(
entity_type: ExportEntityType,
redirects: bool,
) -> Result<()> {
- let db_pool = database_worker_pool()?;
+ let db_pool = fatcat::database_worker_pool()?;
let buf_input = BufReader::new(std::io::stdin());
let (row_sender, row_receiver) = channel::bounded(CHANNEL_BUFFER_LEN);
let (output_sender, output_receiver) = channel::bounded(CHANNEL_BUFFER_LEN);
diff --git a/rust/src/bin/fatcatd.rs b/rust/src/bin/fatcatd.rs
index 57b6a3da..682f5038 100644
--- a/rust/src/bin/fatcatd.rs
+++ b/rust/src/bin/fatcatd.rs
@@ -20,9 +20,6 @@ use iron::modifiers::RedirectRaw;
use iron::{status, Chain, Iron, IronResult, Request, Response};
use iron_slog::{DefaultLogFormatter, LoggerMiddleware};
use slog::{Drain, Logger};
-//use dotenv::dotenv;
-//use std::env;
-//use swagger::auth::AllowAllMiddleware;
/// Create custom server, wire it to the autogenerated router,
/// and pass it to the web server.
@@ -42,6 +39,19 @@ fn main() {
let formatter = DefaultLogFormatter;
let server = fatcat::server().unwrap();
+ info!(
+ logger,
+ "using primary auth key: {}", server.auth_confectionary.identifier,
+ );
+ info!(
+ logger,
+ "all auth keys: {:?}",
+ server
+ .auth_confectionary
+ .root_keys
+ .keys()
+ .collect::<Vec<&String>>(),
+ );
let mut router = fatcat_api_spec::router(server);
router.get("/", root_handler, "root-redirect");
@@ -78,11 +88,9 @@ fn main() {
let mut chain = Chain::new(LoggerMiddleware::new(router, logger, formatter));
- // Auth stuff unused for now
- //chain.link_before(fatcat_api_spec::server::ExtractAuthData);
- // add authentication middlewares into the chain here
- // for the purpose of this example, pretend we have authenticated a user
- //chain.link_before(AllowAllMiddleware::new("cosmo"));
+ // authentication
+ chain.link_before(fatcat_api_spec::server::ExtractAuthData);
+ chain.link_before(fatcat::auth::MacaroonAuthMiddleware::new());
chain.link_after(fatcat::XClacksOverheadMiddleware);