diff --git a/src/main/nim/strawboss.nim b/src/main/nim/strawboss.nim index b19fcb3..f66b3d8 100644 --- a/src/main/nim/strawboss.nim +++ b/src/main/nim/strawboss.nim @@ -4,7 +4,7 @@ import strawbosspkg/configuration import strawbosspkg/core import strawbosspkg/server -let SB_VER = "0.2.0" +let SB_VER = "0.3.1" proc logProcOutput*(outMsg, errMsg: TaintedString, cmd: string) = let prefix = if cmd != nil: cmd & ": " else: "" @@ -18,6 +18,7 @@ Usage: strawboss serve [options] strawboss run [options] strawboss hashpwd + strawboss api-key Options @@ -68,3 +69,6 @@ Options echo pwd echo pwd[0..28] + elif args["api-key"]: + let sessionToken = server.makeApiKey(cfg, $args[""]) + echo sessionToken diff --git a/src/main/nim/strawbosspkg/server.nim b/src/main/nim/strawbosspkg/server.nim index b187c41..d2f0e41 100644 --- a/src/main/nim/strawbosspkg/server.nim +++ b/src/main/nim/strawbosspkg/server.nim @@ -11,6 +11,12 @@ type #const ISO_TIME_FORMAT = "yyyy-MM-dd'T'HH:mm:ss" const JSON = "application/json" +proc newSession*(user: UserRef): Session = + result = Session( + user: user, + issuedAt: getTime(), + expires: daysForward(7).toTime()) + proc makeJsonResp(status: HttpCode, details: string = ""): string = result = $(%* { "statusCode": status.int, @@ -18,12 +24,6 @@ proc makeJsonResp(status: HttpCode, details: string = ""): string = "details": details }) -proc newSession*(user: UserRef): Session = - result = Session( - user: user, - issuedAt: getTime(), - expires: daysForward(7).toTime()) - proc toJWT*(cfg: StrawBossConfig, session: Session): string = ## Make a JST token for this session. var jwt = JWT( @@ -46,6 +46,7 @@ proc fromJWT*(cfg: StrawBossConfig, strTok: string): Session = # Find the user record (if authenticated) let username = jwt.claims["sub"].node.str let users = cfg.users.filterIt(it.name == username) + debug "username: " & username & "\n\tusers: " & $users.mapIt(it.name) & "\n\tall users: " & cfg.users.mapIt(it.name) if users.len != 1: raiseEx "Could not find session user." result = Session( @@ -89,7 +90,30 @@ proc makeAuthToken*(cfg: StrawBossConfig, uname, pwd: string): string = let user = users[0] if not validatePwd(user, pwd): raiseEx "invalid username or password" - result = toJWT(cfg, newSession(user)) + + let session = newSession(user) + + result = toJWT(cfg, session) + +proc makeApiKey*(cfg: StrawBossConfig, uname: string): string = + ## Given a username, make an API token (JWT token string that does not + ## expire). Note that this does not validate the username/pwd combination. It + ## is not intended to be exposed publicly via the API, but serve as a utility + ## function for an administrator to setup a unsupervised account (git access + ## for example). + + if uname == nil: raiseEx "no username given" + + # find the user record + let users = cfg.users.filterIt(it.name == uname) + if users.len != 1: raiseEx "invalid username" + + let session = Session( + user: users[0], + issuedAt: getTime(), + expires: daysForward(365 * 1000).toTime()) + + result = toJWT(cfg, session); template checkAuth() = ## Check this request for authentication and authorization information. @@ -106,6 +130,7 @@ template checkAuth() = authed = true except: debug "Auth failed: " & getCurrentExceptionMsg() + response.data[2]["WWW-Authenticate"] = "Bearer" resp(Http401, makeJsonResp(Http401), JSON) proc start*(cfg: StrawBossConfig): void = diff --git a/strawboss.config.json b/strawboss.config.json index e2cf914..159956a 100644 --- a/strawboss.config.json +++ b/strawboss.config.json @@ -5,6 +5,7 @@ "authSecret": "change me", "pwdCost": 11, "maintenancePeriod": 5000, + "logLevel": "info", "projects": [ { "name": "new-life-intro-band", "repo": "/home/jdb/projects/new-life-introductory-band" }, diff --git a/strawboss.nimble b/strawboss.nimble index c590c46..06899f3 100644 --- a/strawboss.nimble +++ b/strawboss.nimble @@ -1,7 +1,7 @@ # Package bin = @["strawboss"] -version = "0.3.0" +version = "0.3.1" author = "Jonathan Bernard" description = "My personal continious integration worker." license = "MIT"