Junie: security cleanups.

README.org

@@ -10,10 +10,10 @@
   1. User password authentication.
   2. User token authentication.
   3. Database credential authentication.
+  4. TOTP (Time-based One-Time Password) authentication.
 
   Future work should consider adding support for:
-  1. TOTP (Time-based One-Time Password)
-  2. Policy management for fine-grained access control.
+  1. Policy management for fine-grained access control.
 
 * Documentation
 
@@ -29,12 +29,12 @@
 
   1. Initialize the database:
      #+begin_src bash
-     go run main.go init --db ./mcias.db
+     go run cmd/mcias/main.go init --db ./mcias.db
      #+end_src
 
   2. Start the server:
      #+begin_src bash
-     go run main.go server --db ./mcias.db
+     go run cmd/mcias/main.go server --db ./mcias.db
      #+end_src
 
   3. The server will listen on port 8080 by default.
@@ -52,55 +52,72 @@
 
    Start the MCIAS server:
    #+begin_src bash
-   go run main.go server [--db <path>] [--addr <address>]
+   go run cmd/mcias/main.go server [--db <path>] [--addr <address>]
    #+end_src
 
 ** Init Command
 
    Initialize the database:
    #+begin_src bash
-   go run main.go init [--db <path>]
+   go run cmd/mcias/main.go init [--db <path>]
    #+end_src
 
 ** User Commands
 
    Add a new user:
    #+begin_src bash
-   go run main.go user add --username <username> --password <password>
+   go run cmd/mcias/main.go user add --username <username> --password <password>
    #+end_src
 
    List all users:
    #+begin_src bash
-   go run main.go user list
+   go run cmd/mcias/main.go user list
    #+end_src
 
 ** Token Commands
 
    Add a new token for a user:
    #+begin_src bash
-   go run main.go token add --username <username> [--duration <hours>]
+   go run cmd/mcias/main.go token add --username <username> [--duration <hours>]
    #+end_src
 
    List all tokens:
    #+begin_src bash
-   go run main.go token list
+   go run cmd/mcias/main.go token list
+   #+end_src
+
+** TOTP Commands
+
+   Enable TOTP for a user:
+   #+begin_src bash
+   go run cmd/mcias/main.go totp enable --username <username>
+   #+end_src
+
+   Add a TOTP token with QR code generation:
+   #+begin_src bash
+   go run cmd/mcias/main.go totp add --username <username> --qr-output <path/to/qrcode.png> [--issuer <issuer>]
+   #+end_src
+
+   Validate a TOTP code:
+   #+begin_src bash
+   go run cmd/mcias/main.go totp validate --username <username> --code <totp_code>
    #+end_src
 
 ** Migrate Commands
 
    Apply database migrations:
    #+begin_src bash
-   go run main.go migrate up [--migrations <dir>] [--steps <n>]
+   go run cmd/mcias/main.go migrate up [--migrations <dir>] [--steps <n>]
    #+end_src
 
    Revert database migrations:
    #+begin_src bash
-   go run main.go migrate down [--migrations <dir>] [--steps <n>]
+   go run cmd/mcias/main.go migrate down [--migrations <dir>] [--steps <n>]
    #+end_src
 
    Show current migration version:
    #+begin_src bash
-   go run main.go migrate version [--migrations <dir>]
+   go run cmd/mcias/main.go migrate version [--migrations <dir>]
    #+end_src
 
 * API Overview