add offline key for bootstrapping problem

tmpauth/access.go

@@ -16,6 +16,7 @@ type accessController struct {
 	realm           string
 	clientID        string
 	secret          []byte
+	offlineKey      string
 	publicKey       *ecdsa.PublicKey
 	tokenCache      map[[32]byte]*CachedToken
 	tokenCacheMutex *sync.RWMutex

tmpauth/auth.go

@@ -2,6 +2,7 @@ package tmpauth
 
 import (
 	"crypto/sha256"
+	"crypto/subtle"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -14,12 +15,17 @@ import (
 )
 
 const TmpAuthHost = "auth.tmpim.pw"
+const offlineUser = "offline"
 
 func (ac *accessController) authenticateUser(username, password string) error {
 	ac.janitorOnce.Do(func() {
 		go ac.janitor()
 	})
 
+	if username == offlineUser && subtle.ConstantTimeCompare([]byte(password), []byte(ac.offlineKey)) == 1 {
+		return nil
+	}
+
 	token, err := ac.parseWrappedAuthJWT(password)
 	if err != nil {
 		return err

tmpauth/config.go

@@ -35,6 +35,11 @@ func newAccessController(options map[string]interface{}) (auth.AccessController,
 		return nil, fmt.Errorf(`"publickey" must be set for tmpauth access controller`)
 	}
 
+	offlineKey, ok := options["offlinekey"].(string)
+	if !ok {
+		return nil, fmt.Errorf(`"offlinekey" must be set for tmpauth access controller`)
+	}
+
 	pubKeyData, err := base64.StdEncoding.DecodeString(publicKey)
 	if err != nil {
 		return nil, fmt.Errorf("tmpauth: invalid public_key: %w", err)
@@ -69,10 +74,11 @@ func newAccessController(options map[string]interface{}) (auth.AccessController,
 	}
 
 	return &accessController{
-		realm:     realm,
-		clientID:  claims.Subject,
-		secret:    []byte(claims.Secret),
-		publicKey: pubKey,
+		realm:      realm,
+		clientID:   claims.Subject,
+		secret:     []byte(claims.Secret),
+		offlineKey: offlineKey,
+		publicKey:  pubKey,
 
 		tokenCache:      make(map[[32]byte]*CachedToken),
 		tokenCacheMutex: new(sync.RWMutex),