From 802bafc92160205a2a3068b7b780a6a5eeb331d9 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Tue, 18 Sep 2018 11:38:34 -0700
Subject: start skeleton of auth internal bits

---
 rust/src/bin/fatcat-auth.rs | 109 ++++++++++++++++++++++++++++++++++++++++++++
 rust/src/bin/fatcatd.rs     |  12 ++---
 2 files changed, 113 insertions(+), 8 deletions(-)
 create mode 100644 rust/src/bin/fatcat-auth.rs

(limited to 'rust/src/bin')

diff --git a/rust/src/bin/fatcat-auth.rs b/rust/src/bin/fatcat-auth.rs
new file mode 100644
index 00000000..7cb8af8e
--- /dev/null
+++ b/rust/src/bin/fatcat-auth.rs
@@ -0,0 +1,109 @@
+//! JSON Export Helper
+
+#[macro_use]
+extern crate clap;
+extern crate dotenv;
+#[macro_use]
+extern crate error_chain;
+extern crate fatcat;
+#[macro_use]
+extern crate log;
+extern crate env_logger;
+extern crate serde_json;
+extern crate uuid;
+
+use clap::{App, Arg, SubCommand};
+use dotenv::dotenv;
+use std::env;
+
+use fatcat::errors::*;
+use fatcat::api_helpers::FatCatId;
+use std::str::FromStr;
+use uuid::Uuid;
+
+use error_chain::ChainedError;
+//use std::io::{Stdout,StdoutLock};
+use std::io::prelude::*;
+use std::io::{BufReader, BufWriter};
+
+
+fn run() -> Result<()> {
+    let m = App::new("fatcat-auth")
+        .version(env!("CARGO_PKG_VERSION"))
+        .author("Bryan Newbold <bnewbold@archive.org>")
+        .about("Editor authentication admin tool")
+        .subcommand(
+            SubCommand::with_name("list-editors")
+                .about("Prints all currently registered editors")
+        )
+        .subcommand(
+            SubCommand::with_name("create-editor")
+                .about("Creates a new auth token (macaroon) for the given editor")
+                .args_from_usage(
+                    "<username> 'username for editor'
+                     --admin 'creates editor with admin privs'
+                     --bot 'this editor is a bot'"
+                )
+        )
+        .subcommand(
+            SubCommand::with_name("create-token")
+                .about("Creates a new auth token (macaroon) for the given editor")
+                .args_from_usage(
+                    "<editor-id> 'id of the editor (fatcatid, not username)'
+                     --env-format 'outputs in a format that shells can source'"
+                )
+        )
+        .subcommand(
+            SubCommand::with_name("inspect-token")
+                .about("Dumps token metadata (and whether it is valid)")
+        )
+        .subcommand(
+            SubCommand::with_name("revoke-tokens")
+                .about("Resets auth_epoch for a single editor (invalidating all existing tokens)")
+        )
+        .subcommand(
+            SubCommand::with_name("revoke-tokens-all")
+                .about("Resets auth_epoch for all editors (invalidating tokens for all users!)")
+        )
+        .get_matches();
+
+/*
+        value_t_or_exit!(subm, "magic", u32)
+        .after_help("Reads a ident table TSV dump from stdin (aka, ident_id, rev_id, redirect_id), \
+            and outputs JSON (one entity per line). Database connection info read from environment \
+            (DATABASE_URL, same as fatcatd).")
+*/
+    match m.subcommand() {
+        ("list-editors", Some(_subm)) => {
+            fatcat::auth::print_editors()?;
+        },
+        ("create-editor", Some(subm)) => {
+            fatcat::auth::create_editor(
+                subm.value_of("username").unwrap().to_string(),
+                subm.is_present("admin"),
+                subm.is_present("bot"))?;
+        },
+        ("create-token", Some(subm)) => {
+            let editor_id = FatCatId::from_str(subm.value_of("editor").unwrap())?;
+            fatcat::auth::create_token(editor_id, None)?;
+        },
+        ("inspect-token", Some(subm)) => {
+            fatcat::auth::inspect_token(subm.value_of("token").unwrap())?;
+        },
+        ("revoke-tokens", Some(subm)) => {
+            let editor_id = FatCatId::from_str(subm.value_of("editor").unwrap())?;
+            fatcat::auth::revoke_tokens(editor_id)?;
+        },
+        ("revoke-tokens-everyone", Some(_subm)) => {
+            fatcat::auth::revoke_tokens_everyone()?;
+        },
+        _ => {
+            println!("Missing or unimplemented command!");
+            println!("{}", m.usage());
+            ::std::process::exit(-1);
+        }
+    }
+    Ok(())
+}
+
+quick_main!(run);
diff --git a/rust/src/bin/fatcatd.rs b/rust/src/bin/fatcatd.rs
index 57b6a3da..e14296da 100644
--- a/rust/src/bin/fatcatd.rs
+++ b/rust/src/bin/fatcatd.rs
@@ -20,9 +20,7 @@ use iron::modifiers::RedirectRaw;
 use iron::{status, Chain, Iron, IronResult, Request, Response};
 use iron_slog::{DefaultLogFormatter, LoggerMiddleware};
 use slog::{Drain, Logger};
-//use dotenv::dotenv;
-//use std::env;
-//use swagger::auth::AllowAllMiddleware;
+
 
 /// Create custom server, wire it to the autogenerated router,
 /// and pass it to the web server.
@@ -78,11 +76,9 @@ fn main() {
 
     let mut chain = Chain::new(LoggerMiddleware::new(router, logger, formatter));
 
-    // Auth stuff unused for now
-    //chain.link_before(fatcat_api_spec::server::ExtractAuthData);
-    // add authentication middlewares into the chain here
-    // for the purpose of this example, pretend we have authenticated a user
-    //chain.link_before(AllowAllMiddleware::new("cosmo"));
+    // authentication
+    chain.link_before(fatcat_api_spec::server::ExtractAuthData);
+    chain.link_before(fatcat::auth::OpenAuthMiddleware::new());
 
     chain.link_after(fatcat::XClacksOverheadMiddleware);
 
-- 
cgit v1.2.3