lotus/cli/auth.go

package cli

import (
	"fmt"

	"golang.org/x/xerrors"
	"gopkg.in/urfave/cli.v2"

	"github.com/filecoin-project/go-jsonrpc/auth"

	"github.com/filecoin-project/lotus/api/apistruct"
	"github.com/filecoin-project/lotus/node/repo"
)

var authCmd = &cli.Command{
	Name:  "auth",
	Usage: "Manage RPC permissions",
	Subcommands: []*cli.Command{
		authCreateAdminToken,
		authApiInfoToken,
	},
}

var authCreateAdminToken = &cli.Command{
	Name:  "create-token",
	Usage: "Create token",
	Flags: []cli.Flag{
		&cli.StringFlag{
			Name:  "perm",
			Usage: "permission to assign to the token, one of: read, write, sign, admin",
		},
	},

	Action: func(cctx *cli.Context) error {
		napi, closer, err := GetAPI(cctx)
		if err != nil {
			return err
		}
		defer closer()

		ctx := ReqContext(cctx)

		if !cctx.IsSet("perm") {
			return xerrors.New("--perm flag not set")
		}

		perm := cctx.String("perm")
		idx := 0
		for i, p := range apistruct.AllPermissions {
			if auth.Permission(perm) == p {
				idx = i + 1
			}
		}

		if idx == 0 {
			return fmt.Errorf("--perm flag has to be one of: %s", apistruct.AllPermissions)
		}

		// slice on [:idx] so for example: 'sign' gives you [read, write, sign]
		token, err := napi.AuthNew(ctx, apistruct.AllPermissions[:idx])
		if err != nil {
			return err
		}

		// TODO: Log in audit log when it is implemented

		fmt.Println(string(token))
		return nil
	},
}

var authApiInfoToken = &cli.Command{
	Name:  "api-info",
	Usage: "Get token with API info required to connect to this node",
	Flags: []cli.Flag{
		&cli.StringFlag{
			Name:  "perm",
			Usage: "permission to assign to the token, one of: read, write, sign, admin",
		},
	},

	Action: func(cctx *cli.Context) error {
		napi, closer, err := GetAPI(cctx)
		if err != nil {
			return err
		}
		defer closer()

		ctx := ReqContext(cctx)

		if !cctx.IsSet("perm") {
			return xerrors.New("--perm flag not set")
		}

		perm := cctx.String("perm")
		idx := 0
		for i, p := range apistruct.AllPermissions {
			if auth.Permission(perm) == p {
				idx = i + 1
			}
		}

		if idx == 0 {
			return fmt.Errorf("--perm flag has to be one of: %s", apistruct.AllPermissions)
		}

		// slice on [:idx] so for example: 'sign' gives you [read, write, sign]
		token, err := napi.AuthNew(ctx, apistruct.AllPermissions[:idx])
		if err != nil {
			return err
		}

		ti, ok := cctx.App.Metadata["repoType"]
		if !ok {
			log.Errorf("unknown repo type, are you sure you want to use GetAPI?")
			ti = repo.FullNode
		}
		t, ok := ti.(repo.RepoType)
		if !ok {
			log.Errorf("repoType type does not match the type of repo.RepoType")
		}

		ainfo, err := GetAPIInfo(cctx, t)
		if err != nil {
			return xerrors.Errorf("could not get API info: %w", err)
		}

		envVar := envForRepo(t)

		// TODO: Log in audit log when it is implemented

		fmt.Printf("%s=%s:%s\n", envVar, string(token), ainfo.Addr)
		return nil
	},
}
Basic single node UI 2019-09-18 17:53:48 +00:00			`package cli`

			`import (`
			`"fmt"`

cli: auth api-info 2020-03-25 20:38:57 +00:00			`"golang.org/x/xerrors"`
Basic single node UI 2019-09-18 17:53:48 +00:00			`"gopkg.in/urfave/cli.v2"`

Extract auth utils to go-jsonrpc 2020-05-20 18:23:51 +00:00			`"github.com/filecoin-project/go-jsonrpc/auth"`

Move api struct to a seprate pkg 2019-12-09 17:08:32 +00:00			`"github.com/filecoin-project/lotus/api/apistruct"`
cli: auth api-info 2020-03-25 20:38:57 +00:00			`"github.com/filecoin-project/lotus/node/repo"`
Basic single node UI 2019-09-18 17:53:48 +00:00			`)`

			`var authCmd = &cli.Command{`
			`Name: "auth",`
			`Usage: "Manage RPC permissions",`
			`Subcommands: []*cli.Command{`
			`authCreateAdminToken,`
cli: auth api-info 2020-03-25 20:38:57 +00:00			`authApiInfoToken,`
Basic single node UI 2019-09-18 17:53:48 +00:00			`},`
			`}`

			`var authCreateAdminToken = &cli.Command{`
Add parameters for creating tokens License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2019-11-14 20:19:52 +00:00			`Name: "create-token",`
			`Usage: "Create token",`
			`Flags: []cli.Flag{`
			`&cli.StringFlag{`
			`Name: "perm",`
			`Usage: "permission to assign to the token, one of: read, write, sign, admin",`
			`},`
			`},`

Basic single node UI 2019-09-18 17:53:48 +00:00			`Action: func(cctx *cli.Context) error {`
do the auth command the right way 2019-12-18 00:52:17 +00:00			`napi, closer, err := GetAPI(cctx)`
Basic single node UI 2019-09-18 17:53:48 +00:00			`if err != nil {`
			`return err`
			`}`
fix websocket closing 2019-10-03 18:12:30 +00:00			`defer closer()`

Basic single node UI 2019-09-18 17:53:48 +00:00			`ctx := ReqContext(cctx)`

Add parameters for creating tokens License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2019-11-14 20:19:52 +00:00			`if !cctx.IsSet("perm") {`
cli: auth api-info 2020-03-25 20:38:57 +00:00			`return xerrors.New("--perm flag not set")`
Add parameters for creating tokens License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2019-11-14 20:19:52 +00:00			`}`

			`perm := cctx.String("perm")`
Fix off-by-one bug in auth new 2019-11-18 16:48:58 +00:00			`idx := 0`
Move api struct to a seprate pkg 2019-12-09 17:08:32 +00:00			`for i, p := range apistruct.AllPermissions {`
Extract auth utils to go-jsonrpc 2020-05-20 18:23:51 +00:00			`if auth.Permission(perm) == p {`
Fix off-by-one bug in auth new 2019-11-18 16:48:58 +00:00			`idx = i + 1`
Add parameters for creating tokens License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2019-11-14 20:19:52 +00:00			`}`
			`}`

Fix off-by-one bug in auth new 2019-11-18 16:48:58 +00:00			`if idx == 0 {`
Move api struct to a seprate pkg 2019-12-09 17:08:32 +00:00			`return fmt.Errorf("--perm flag has to be one of: %s", apistruct.AllPermissions)`
Add parameters for creating tokens License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2019-11-14 20:19:52 +00:00			`}`

Add comment License: MIT Signed-off-by: Jakub Sztandera <kubuxu@protocol.ai> 2019-11-14 20:37:11 +00:00			`// slice on [:idx] so for example: 'sign' gives you [read, write, sign]`
Move api struct to a seprate pkg 2019-12-09 17:08:32 +00:00			`token, err := napi.AuthNew(ctx, apistruct.AllPermissions[:idx])`
Basic single node UI 2019-09-18 17:53:48 +00:00			`if err != nil {`
			`return err`
			`}`

			`// TODO: Log in audit log when it is implemented`

			`fmt.Println(string(token))`
			`return nil`
			`},`
			`}`
cli: auth api-info 2020-03-25 20:38:57 +00:00
			`var authApiInfoToken = &cli.Command{`
			`Name: "api-info",`
			`Usage: "Get token with API info required to connect to this node",`
			`Flags: []cli.Flag{`
			`&cli.StringFlag{`
			`Name: "perm",`
			`Usage: "permission to assign to the token, one of: read, write, sign, admin",`
			`},`
			`},`

			`Action: func(cctx *cli.Context) error {`
			`napi, closer, err := GetAPI(cctx)`
			`if err != nil {`
			`return err`
			`}`
			`defer closer()`

			`ctx := ReqContext(cctx)`

			`if !cctx.IsSet("perm") {`
			`return xerrors.New("--perm flag not set")`
			`}`

			`perm := cctx.String("perm")`
			`idx := 0`
			`for i, p := range apistruct.AllPermissions {`
Extract auth utils to go-jsonrpc 2020-05-20 18:23:51 +00:00			`if auth.Permission(perm) == p {`
cli: auth api-info 2020-03-25 20:38:57 +00:00			`idx = i + 1`
			`}`
			`}`

			`if idx == 0 {`
			`return fmt.Errorf("--perm flag has to be one of: %s", apistruct.AllPermissions)`
			`}`

			`// slice on [:idx] so for example: 'sign' gives you [read, write, sign]`
			`token, err := napi.AuthNew(ctx, apistruct.AllPermissions[:idx])`
			`if err != nil {`
			`return err`
			`}`

			`ti, ok := cctx.App.Metadata["repoType"]`
			`if !ok {`
			`log.Errorf("unknown repo type, are you sure you want to use GetAPI?")`
			`ti = repo.FullNode`
			`}`
			`t, ok := ti.(repo.RepoType)`
			`if !ok {`
			`log.Errorf("repoType type does not match the type of repo.RepoType")`
			`}`

seal-worker: Task type flags 2020-03-25 21:15:10 +00:00			`ainfo, err := GetAPIInfo(cctx, t)`
cli: auth api-info 2020-03-25 20:38:57 +00:00			`if err != nil {`
seal-worker: Task type flags 2020-03-25 21:15:10 +00:00			`return xerrors.Errorf("could not get API info: %w", err)`
cli: auth api-info 2020-03-25 20:38:57 +00:00			`}`

			`envVar := envForRepo(t)`

			`// TODO: Log in audit log when it is implemented`

seal-worker: Task type flags 2020-03-25 21:15:10 +00:00			`fmt.Printf("%s=%s:%s\n", envVar, string(token), ainfo.Addr)`
cli: auth api-info 2020-03-25 20:38:57 +00:00			`return nil`
			`},`
			`}`