summaryrefslogtreecommitdiffstats
path: root/rust/src/bin/fatcat-auth.rs
blob: de9ade1502d6d47b916a684d514ef13e337f71f0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
//! JSON Export Helper

use clap::{App, SubCommand};

use fatcat::editing_crud::EditorCrud;
use fatcat::errors::Result;
use fatcat::identifiers::FatcatId;
use fatcat::{auth, server};
use fatcat_api_spec::models::Editor;
use std::process;
use std::str::FromStr;

fn main() -> Result<()> {
    let m = App::new("fatcat-auth")
        .version(env!("CARGO_PKG_VERSION"))
        .author("Bryan Newbold <bnewbold@archive.org>")
        .about("Editor authentication admin tool")
        .subcommand(
            SubCommand::with_name("list-editors").about("Prints all currently registered editors"),
        )
        .subcommand(
            SubCommand::with_name("create-editor")
                .about("Creates a new auth token (macaroon) for the given editor")
                .args_from_usage(
                    "<username> 'username for editor'
                     --admin 'creates editor with admin privs'
                     --bot 'this editor is a bot'",
                ),
        )
        .subcommand(
            SubCommand::with_name("create-token")
                .about("Creates a new auth token (macaroon) for the given editor")
                .args_from_usage(
                    "<editor-id> 'id of the editor (fatcatid, not username)'
                     --env-format 'outputs in a format that shells can source'",
                ),
        )
        .subcommand(
            SubCommand::with_name("inspect-token")
                .about("Dumps token metadata (and whether it is valid)")
                .args_from_usage("<token> 'base64-encoded token (macaroon)'"),
        )
        .subcommand(
            SubCommand::with_name("create-key")
                .about("Creates a new auth secret key (aka, root/signing key for tokens)")
                .args_from_usage("--env-format 'outputs in a format that shells can source'"),
        )
        .subcommand(
            SubCommand::with_name("revoke-tokens")
                .about("Resets auth_epoch for a single editor (invalidating all existing tokens)")
                .args_from_usage("<editor-id> 'identifier (fcid) of editor'"),
        )
        .subcommand(
            SubCommand::with_name("revoke-tokens-everyone")
                .about("Resets auth_epoch for all editors (invalidating tokens for all users!)"),
        )
        .get_matches();

    // First, the commands with no db or confectionary needed
    match m.subcommand() {
        ("create-key", Some(subm)) => {
            let key = fatcat::auth::create_key();
            if subm.is_present("env-format") {
                println!("AUTH_SECRET_KEY=\"{}\"", key);
            } else {
                println!("{}", key);
            }
            return Ok(());
        }
        _ => (),
    }

    // Then the ones that do
    let db_conn = server::database_worker_pool()?
        .get()
        .expect("database pool");
    let confectionary = auth::env_confectionary()?;
    match m.subcommand() {
        ("list-editors", Some(_subm)) => {
            fatcat::auth::print_editors(&db_conn)?;
        }
        ("create-editor", Some(subm)) => {
            let editor = Editor {
                editor_id: None,
                username: subm.value_of("username").unwrap().to_string(),
                is_admin: Some(subm.is_present("admin")),
                is_bot: Some(subm.is_present("bot")),
                is_active: Some(true),
            };
            let editor_row = editor.db_create(&db_conn)?;
            //println!("{:?}", editor);
            println!("{}", FatcatId::from_uuid(&editor_row.id).to_string());
        }
        ("create-token", Some(subm)) => {
            let editor_id = FatcatId::from_str(subm.value_of("editor-id").unwrap())?;
            let token = confectionary.create_token(editor_id, None)?;
            if subm.is_present("env-format") {
                println!("FATCAT_AUTH_TOKEN=\"{}\"", token);
            } else {
                println!("{}", token);
            }
        }
        ("inspect-token", Some(subm)) => {
            confectionary.inspect_token(&db_conn, subm.value_of("token").unwrap())?;
        }
        ("revoke-tokens", Some(subm)) => {
            let editor_id = FatcatId::from_str(subm.value_of("editor-id").unwrap())?;
            fatcat::auth::revoke_tokens(&db_conn, editor_id)?;
            println!("success!");
        }
        ("revoke-tokens-everyone", Some(_subm)) => {
            fatcat::auth::revoke_tokens_everyone(&db_conn)?;
            println!("success!");
        }
        _ => {
            println!("Missing or unimplemented command!");
            println!("{}", m.usage());
            process::exit(-1);
        }
    }
    Ok(())
}