feat: refactor of authenticaitonrefactor-authz-scheme

1 files changed, 42 insertions, 24 deletions

diff --git a/README.md b/README.md
index 63f4e6e..76ac488 100644
--- a/README.md
+++ b/README.md
@@ -8,9 +8,9 @@ An attempt at a secure Git HTTP server implementation in Go that provides authen
 
 Initially `go-git-server` wraps the built-in git-http-backend CGI process. This is done to provide complete compatibility out of the box. In the future a native go backend could be created but there's no compelling story to re-write the backend.
 
-Authentication is done using a token that is generated by the server and is a fixed length 28 with the full 255 character range vs the normal ASCII range. The secret is then base64 encoded. Potentially in the future an OAuth token or client side TLS could be implemented.
+Authentication is done using a token system with unique access IDs. Each token is associated with both an access ID (for internal use) and a friendly name (for human readability). Tokens are generated by the server with a fixed length of 32 bytes using cryptographically secure random numbers. The system supports different types of identities including users (uid:), service accounts (aid:), bots, and CI systems.
 
-Authorization is implemented using [casbin.](https://github.com/casbin/casbin) Casbin allows for a flexible authorization models that can potentially provide some extensive controls.
+Authorization is implemented using [casbin](https://github.com/casbin/casbin). The system provides role-based access control with predefined roles like admin, maintainers, and bots. Each role has specific permissions defined in the policy file.
 
 ## Focus
 
@@ -27,7 +27,8 @@ Tools like gitea are great, but they require things like a DBMS. This increases
 - Role-based access control using Casbin
 - Git repository management
 - Configuration via Git (optional management repo)
-- GitWeb support
+- Graceful fallback to default configuration when management repo is not found
+- Cgit support
 
 ## Installation
 
@@ -50,11 +51,32 @@ Start the server:
 
 ### Generate Authentication Token
 
+Currently the `tokentool` is not in the container nor is a binary built for it and available. You will have to build it yourself or use it like `go run cmd/tokentool/main.go`
+
+```bash
+./tokentool -generate -name username
+```
+
+This will:
+1. Generate a new access ID and token
+2. Create an entry in tokens.csv with the format: `<access_id>,<friendly_name>,<hash>`
+3. Display the token that should be used for authentication
+
+To list existing tokens:
+
 ```bash
-./main -g
+./tokentool -list
+```
+
+The tokens.csv file format is:
+
+```
+access_id,friendly_name,hash
 ```
 
-This will output a token and its hash. Add the hash to your tokens.csv file.
+Special prefixes for friendly names:
+- `uid:` - Regular users (default if no prefix)
+- `aid:bot:` - Bot accounts
 
 ## Configuration
 
@@ -65,16 +87,18 @@ name: "go-git-server"
 version: "v1alpha1"
 basepath: ./repos
 repos:
-  - name: myrepo
-    public: false
-    permissions:
-      - role: maintainers
-        mode: 1
-    git_web_config:
-      owner: username
-      description: Repository description
+- name: myrepo
+  public: false
+  permissions:
+  - role: maintainers
+    mode: 1
+  git_web_config:
+    owner: username
+    description: Repository description
 ```
 
+The server will automatically use the repository directory path as the base path when using the default configuration if the management repository is not found.
+
 ### Authentication Model (auth_model.ini)
 
 The authentication model uses Casbin for role-based access control.
@@ -82,25 +106,19 @@ The authentication model uses Casbin for role-based access control.
 ### Token File (tokens.csv)
 
 Format:
+
 ```
-uid:username,hash
+accessid,uid:username,hash
 ```
 
 ## Development
 
 Requirements:
-- Go 1.21+
+- Go 1.24+
 - Git
 
 Run tests:
+
 ```bash
-go test ./...
+just test
 ```
-
-## License
-
-This project is licensed under the MIT License - see the LICENSE file for details.
-
-# TODO                                        
-- [ ] Refactor config to be a versioned model 
-- [ ] hooks env?