fix tokens sub-command

README.md

@@ -124,34 +124,33 @@ GET /snowflake_db/my_schema/.columns
 Of course there must be an authentication / authorization logic. It is based on tokens being issued with the `dbrest token` sub-command which are tied to roles defined in a YAML config file:
 
 ```yaml
-roles:
-  reader:
-    snowflake_db:
-      allow_read:
-        - schema1.*
-        - schema2.table1
-      allow_sql: 'disable'
-
-    my_pg:
-      allow_read:
-        - '*'
-      allow_sql: 'disable' 
-
-  writer:
-    snowflake_db:
-      allow_read:
-        - schema1.*
-        - schema2.table1
-      allow_write:
-        - schema2.table3
-      allow_sql: 'disable'
-
-    my_pg:
-      allow_read:
-        - '*'
-      allow_write:
-        - '*'
-      allow_sql: 'any' 
+reader:
+  snowflake_db:
+    allow_read:
+      - schema1.*
+      - schema2.table1
+    allow_sql: 'disable'
+
+  my_pg:
+    allow_read:
+      - '*'
+    allow_sql: 'disable' 
+
+writer:
+  snowflake_db:
+    allow_read:
+      - schema1.*
+      - schema2.table1
+    allow_write:
+      - schema2.table3
+    allow_sql: 'disable'
+
+  my_pg:
+    allow_read:
+      - '*'
+    allow_write:
+      - '*'
+    allow_sql: 'any' 
 ```
 
 We can now issue tokens with `dbrest tokens issue <token_name> --roles reader,writer`.
@@ -196,7 +195,7 @@ dbrest -h
 ## Docker
 
 ```bash
-docker run -it dbrest/dbrest -h
+docker run --rm -it dbrest/dbrest -h
 ```
 
 ## Binary (Linux)

dbrest_cli.go

@@ -100,8 +100,8 @@ var cliTokens = &g.CliSC{
 				},
 				{
 					Name:        "regenerate",
-					Type:        "string",
-					Description: "Whether to regenerate the token (it is exists)",
+					Type:        "bool",
+					Description: "Whether to regenerate the token value (if it exists)",
 				},
 			},
 		},
@@ -233,9 +233,10 @@ func tokens(c *g.CliSC) (ok bool, err error) {
 			return false, nil
 		}
 
-		_, regenerate := c.Vals["regenerate"]
+		regenerate := cast.ToBool(c.Vals["regenerate"])
 		token := state.NewToken(roles)
-		if oldToken, ok := state.Tokens[name]; ok {
+		oldToken, existing := state.Tokens[name]
+		if existing {
 			if !regenerate {
 				token.Token = oldToken.Token
 			}
@@ -245,7 +246,16 @@ func tokens(c *g.CliSC) (ok bool, err error) {
 		if err != nil {
 			return ok, g.Error(err, "could not issue token")
 		}
-		g.Info("Successfully added token `%s`", name)
+		if !existing || regenerate {
+			if regenerate {
+				g.Info("Successfully regenerated token `%s`", name)
+			} else {
+				g.Info("Successfully added token `%s`", name)
+			}
+			g.Info("Token Value is: " + token.Token)
+		} else {
+			g.Info("Successfully updated roles for token `%s`. The token value was unchanged. Use --regenerate to regenerate token value.", name)
+		}
 	case "revoke":
 		if name == "" {
 			return false, nil
@@ -263,7 +273,7 @@ func tokens(c *g.CliSC) (ok bool, err error) {
 		if err != nil {
 			return ok, g.Error(err, "could not toggle token")
 		}
-		g.Info("token `%s` is now %s", lo.Ternary(disabled, "disabled", "enabled"))
+		g.Info("token `%s` is now %s", name, lo.Ternary(disabled, "disabled", "enabled"))
 	case "list":
 		tokens := lo.Keys(state.Tokens)
 		sort.Strings(tokens)

server/request.go

@@ -60,7 +60,7 @@ func NewRequest(c echo.Context) Request {
 	// token -> roles -> grants
 	if authToken := c.Request().Header.Get("Authorization"); authToken != "" {
 		token, ok := state.ResolveToken(authToken)
-		if ok {
+		if ok && !token.Disabled {
 			req.Roles = state.GetRoleMap(token.Roles)
 			req.Permissions = req.Roles.GetPermissions(req.Connection)
 		}

state/tokens.go

@@ -110,6 +110,7 @@ func (tm TokenMap) Toggle(name string) (disabled bool, err error) {
 	token.Disabled = !token.Disabled
 	disabled = token.Disabled
 	tm[name] = token
+	TokenValues[token.Token] = token
 	tmMux.Unlock()
 
 	err = tm.Save()