forked from arangodb-helper/arangodb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
97 lines (86 loc) · 2.94 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
//
// DISCLAIMER
//
// Copyright 2018 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Ewout Prangsma
//
package main
import (
"fmt"
"io/ioutil"
"strings"
"github.com/spf13/cobra"
service "github.com/arangodb-helper/arangodb/service"
)
var (
cmdAuth = &cobra.Command{
Use: "auth",
Short: "ArangoDB authentication helper commands",
Run: cmdShowUsage,
}
cmdAuthHeader = &cobra.Command{
Use: "header",
Short: "Create a full HTTP Authorization header for accessing an ArangoDB server",
Run: cmdAuthHeaderRun,
}
cmdAuthToken = &cobra.Command{
Use: "token",
Short: "Create a JWT authentication token for accessing an ArangoDB server",
Run: cmdAuthTokenRun,
}
authOptions struct {
jwtSecretFile string
user string
}
)
func init() {
cmdMain.AddCommand(cmdAuth)
cmdAuth.AddCommand(cmdAuthHeader)
cmdAuth.AddCommand(cmdAuthToken)
pf := cmdAuth.PersistentFlags()
pf.StringVar(&authOptions.jwtSecretFile, "auth.jwt-secret", "", "name of a plain text file containing a JWT secret used for server authentication")
pf.StringVar(&authOptions.user, "auth.user", "", "name of a user to authenticate as. If empty, 'super-user' authentication is used")
}
// mustAuthCreateJWTToken creates a the JWT token based on authentication options.
// On error the process is exited with a non-zero exit code.
func mustAuthCreateJWTToken() string {
authOptions.jwtSecretFile = mustExpand(authOptions.jwtSecretFile)
if authOptions.jwtSecretFile == "" {
log.Fatal().Msg("A JWT secret file is required. Set --auth.jwt-secret option.")
}
content, err := ioutil.ReadFile(authOptions.jwtSecretFile)
if err != nil {
log.Fatal().Err(err).Msgf("Failed to read JWT secret file '%s'", authOptions.jwtSecretFile)
}
jwtSecret := strings.TrimSpace(string(content))
token, err := service.CreateJwtToken(jwtSecret, authOptions.user)
if err != nil {
log.Fatal().Err(err).Msg("Failed to create JWT token")
}
return token
}
// cmdAuthHeaderRun prints a JWT authorization header on stdout and exits.
func cmdAuthHeaderRun(cmd *cobra.Command, args []string) {
token := mustAuthCreateJWTToken()
fmt.Printf("%s: %s%s\n", service.AuthorizationHeader, service.BearerPrefix, token)
}
// cmdAuthTokenRun prints a JWT authorization token on stdout and exits.
func cmdAuthTokenRun(cmd *cobra.Command, args []string) {
token := mustAuthCreateJWTToken()
fmt.Println(token)
}