Added support for long-lived API keys.

src/main/nim/strawboss.nim

@@ -4,7 +4,7 @@ import strawbosspkg/configuration
 import strawbosspkg/core
 import strawbosspkg/server
 
-let SB_VER = "0.2.0"
+let SB_VER = "0.3.1"
 
 proc logProcOutput*(outMsg, errMsg: TaintedString, cmd: string) =
   let prefix = if cmd != nil: cmd & ": " else: ""
@@ -18,6 +18,7 @@ Usage:
   strawboss serve [options]
   strawboss run <requestFile> [options]
   strawboss hashpwd <pwd>
+  strawboss api-key <username>
   
 Options
   
@@ -68,3 +69,6 @@ Options
     echo pwd
     echo pwd[0..28]
 
+  elif args["api-key"]:
+    let sessionToken = server.makeApiKey(cfg, $args["<username>"])
+    echo sessionToken

src/main/nim/strawbosspkg/server.nim

@@ -11,6 +11,12 @@ type
 #const ISO_TIME_FORMAT = "yyyy-MM-dd'T'HH:mm:ss"
 const JSON = "application/json"
 
+proc newSession*(user: UserRef): Session =
+  result = Session(
+    user: user,
+    issuedAt: getTime(),
+    expires: daysForward(7).toTime())
+
 proc makeJsonResp(status: HttpCode, details: string = ""): string =
   result = $(%* {
     "statusCode": status.int,
@@ -18,12 +24,6 @@ proc makeJsonResp(status: HttpCode, details: string = ""): string =
     "details": details
   })
 
-proc newSession*(user: UserRef): Session =
-  result = Session(
-    user: user,
-    issuedAt: getTime(),
-    expires: daysForward(7).toTime())
-
 proc toJWT*(cfg: StrawBossConfig, session: Session): string =
   ## Make a JST token for this session.
   var jwt = JWT(
@@ -46,6 +46,7 @@ proc fromJWT*(cfg: StrawBossConfig, strTok: string): Session =
   # Find the user record (if authenticated)
   let username = jwt.claims["sub"].node.str
   let users = cfg.users.filterIt(it.name == username)
+  debug "username: " & username & "\n\tusers: " & $users.mapIt(it.name) & "\n\tall users: " & cfg.users.mapIt(it.name)
   if users.len != 1: raiseEx "Could not find session user."
 
   result = Session(
@@ -89,7 +90,30 @@ proc makeAuthToken*(cfg: StrawBossConfig, uname, pwd: string): string =
   let user = users[0]
 
   if not validatePwd(user, pwd): raiseEx "invalid username or password"
-  result = toJWT(cfg, newSession(user))
+
+  let session = newSession(user)
+
+  result = toJWT(cfg, session)
+
+proc makeApiKey*(cfg: StrawBossConfig, uname: string): string =
+  ## Given a username, make an API token (JWT token string that does not
+  ## expire). Note that this does not validate the username/pwd combination. It
+  ## is not intended to be exposed publicly via the API, but serve as a utility
+  ## function for an administrator to setup a unsupervised account (git access
+  ## for example).
+
+  if uname == nil: raiseEx "no username given"
+
+  # find the user record
+  let users = cfg.users.filterIt(it.name == uname)
+  if users.len != 1: raiseEx "invalid username"
+
+  let session = Session(
+    user: users[0],
+    issuedAt: getTime(),
+    expires: daysForward(365 * 1000).toTime())
+
+  result = toJWT(cfg, session);
 
 template checkAuth() =
   ## Check this request for authentication and authorization information.
@@ -106,6 +130,7 @@ template checkAuth() =
     authed = true
   except:
     debug "Auth failed: " & getCurrentExceptionMsg()
+    response.data[2]["WWW-Authenticate"] = "Bearer"
     resp(Http401, makeJsonResp(Http401), JSON)
 
 proc start*(cfg: StrawBossConfig): void =

strawboss.config.json

@@ -5,6 +5,7 @@
   "authSecret": "change me",
   "pwdCost": 11,
   "maintenancePeriod": 5000,
+  "logLevel": "info",
   "projects": [
     { "name": "new-life-intro-band",
       "repo": "/home/jdb/projects/new-life-introductory-band" },

strawboss.nimble

@@ -1,7 +1,7 @@
 # Package
 
 bin           = @["strawboss"]
-version       = "0.3.0"
+version       = "0.3.1"
 author        = "Jonathan Bernard"
 description   = "My personal continious integration worker."
 license       = "MIT"