feat: refactor of authenticaitonrefactor-authz-scheme

2 files changed, 115 insertions, 4 deletions

diff --git a/cmd/main.go b/cmd/main.go
index b679e51..bda8bf6 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -66,18 +66,33 @@ func main() {
 	if err := adminSvc.InitServer(); err != nil {
 		slog.Error("error initializing server", "msg", err)
 	}
-	tokens := authz.NewTokenMap()
-	err = tokens.LoadTokensFromFile(tokenFilePath)
+	// Load authentication tokens and identity mappings
+	tokens := authz.NewSafeTokenMap()
+	identities := authz.NewIdentityMap()
+
+	// Load tokens from CSV file
+	tokenMap, identityMap, err := authz.LoadTokensFromFile(tokenFilePath)
 	if err != nil {
-		slog.Error("error generating token", slog.Any("error", err))
+		slog.Error("error loading tokens", slog.Any("error", err))
 		os.Exit(1)
 	}
+
+	// Update the token map with loaded values
+	for id, hash := range tokenMap {
+		tokens.Set(id, hash)
+	}
+
+	// Copy identity mappings
+	for id, name := range identityMap.IDToName {
+		identities.Register(id, name)
+	}
+
 	router := http.NewServeMux()
 	// TODO we don't want to use a global
 	// de-reference args
 	router.Handle("/mgmt/", admin.Hooks(adminSvc, git.GitHttpBackendHandler(reposDir, backendCommand)))
 	router.Handle("/", git.GitHttpBackendHandler(reposDir, backendCommand))
-	mux := authz.Authentication(tokens, authz.Authorization(adminSvc, router))
+	mux := authz.Authentication(tokens, identities, authz.Authorization(adminSvc, router))
 	server := &http.Server{
 		Addr:              addr,
 		ReadHeaderTimeout: 5 * time.Second,
diff --git a/cmd/tokentool/main.go b/cmd/tokentool/main.go
new file mode 100644
index 0000000..f137fb4
--- /dev/null
+++ b/cmd/tokentool/main.go
@@ -0,0 +1,96 @@
+package main
+
+import (
+	"encoding/csv"
+	"flag"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"git.ofmax.li/go-git-server/internal/authz"
+)
+
+func main() {
+	var (
+		tokenFile string
+		generate  bool
+		list      bool
+		name      string
+	)
+
+	flag.StringVar(&tokenFile, "tokens", "tokens.csv", "Path to tokens CSV file")
+	flag.BoolVar(&generate, "generate", false, "Generate a new token")
+	flag.BoolVar(&list, "list", false, "List existing tokens")
+	flag.StringVar(&name, "name", "", "Friendly name for new token")
+	flag.Parse()
+
+	if generate {
+		if name == "" {
+			fmt.Fprintln(os.Stderr, "Error: -name required when generating token")
+			os.Exit(1)
+		}
+
+		// Generate new access ID and token
+		accessID, err := authz.GenerateAccessID()
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error generating access ID: %v\n", err)
+			os.Exit(1)
+		}
+
+		token, hash, err := authz.GenerateNewToken()
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error generating token: %v\n", err)
+			os.Exit(1)
+		}
+
+		// Ensure directory exists
+		if err := os.MkdirAll(filepath.Dir(tokenFile), 0755); err != nil {
+			fmt.Fprintf(os.Stderr, "Error creating directory: %v\n", err)
+			os.Exit(1)
+		}
+
+		// Open file in append mode
+		f, err := os.OpenFile(tokenFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error opening token file: %v\n", err)
+			os.Exit(1)
+		}
+		defer f.Close()
+
+		// Write new entry
+		w := csv.NewWriter(f)
+		if err := w.Write([]string{string(accessID), name, hash}); err != nil {
+			fmt.Fprintf(os.Stderr, "Error writing to CSV: %v\n", err)
+			os.Exit(1)
+		}
+		w.Flush()
+
+		fmt.Printf("Generated new token:\n")
+		fmt.Printf("Access ID: %s\n", accessID)
+		fmt.Printf("Name: %s\n", name)
+		fmt.Printf("Token: %s\n", token)
+		fmt.Printf("Added to %s\n", tokenFile)
+		return
+	}
+
+	if list {
+		// Load and display existing tokens
+		_, identities, err := authz.LoadTokensFromFile(tokenFile)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error reading tokens: %v\n", err)
+			os.Exit(1)
+		}
+
+		fmt.Printf("Existing tokens in %s:\n", tokenFile)
+		fmt.Printf("%-40s %-30s\n", "ACCESS ID", "NAME")
+		fmt.Printf("%s %s\n", strings.Repeat("-", 40), strings.Repeat("-", 30))
+
+		for id, name := range identities.IDToName {
+			fmt.Printf("%-40s %-30s\n", id, name)
+		}
+		return
+	}
+
+	flag.Usage()
+}