239 lines
4.8 KiB
Org Mode
239 lines
4.8 KiB
Org Mode
#+title: MCIAS Installation and Usage Guide
|
|
#+created: <2025-05-09 Fri 13:42>
|
|
|
|
* MCIAS Installation and Usage Guide
|
|
|
|
** Prerequisites
|
|
|
|
Before installing MCIAS, ensure you have the following prerequisites:
|
|
|
|
- Go 1.23 or later
|
|
- SQLite3
|
|
- golangci-lint (for development)
|
|
|
|
** Installation
|
|
|
|
*** Clone the Repository
|
|
|
|
#+begin_src bash
|
|
git clone git.wntrmute.dev/kyle/mcias
|
|
cd mcias
|
|
#+end_src
|
|
|
|
*** Install Dependencies
|
|
|
|
#+begin_src bash
|
|
go mod download
|
|
#+end_src
|
|
|
|
*** Initialize the Database
|
|
|
|
MCIAS uses SQLite for data storage. To initialize the database:
|
|
|
|
#+begin_src bash
|
|
go run cmd/mcias/main.go init --db ./mcias.db
|
|
#+end_src
|
|
|
|
This command creates a new SQLite database file and initializes it with the schema defined in =schema.sql=.
|
|
|
|
** Running the Server
|
|
|
|
*** Basic Usage
|
|
|
|
To start the MCIAS server with default settings:
|
|
|
|
#+begin_src bash
|
|
go run cmd/mcias/main.go server --db ./mcias.db
|
|
#+end_src
|
|
|
|
By default, the server listens on port 8080.
|
|
|
|
*** Configuration Options
|
|
|
|
MCIAS supports the following command-line options for the server:
|
|
|
|
- =--db <path>=: Path to the SQLite database file (default: =mcias.db=)
|
|
- =--addr <address>=: Address to listen on (default: =:8080=)
|
|
|
|
Example with custom port:
|
|
|
|
#+begin_src bash
|
|
go run cmd/mcias/main.go server --db ./mcias.db --addr :9000
|
|
#+end_src
|
|
|
|
** Managing Users and Authentication
|
|
|
|
*** Adding a New User
|
|
|
|
To add a new user to the system:
|
|
|
|
#+begin_src bash
|
|
go run cmd/mcias/main.go user add --username <username> --password <password>
|
|
#+end_src
|
|
|
|
*** Managing TOTP Authentication
|
|
|
|
To enable TOTP for a user:
|
|
|
|
#+begin_src bash
|
|
go run cmd/mcias/main.go totp enable --username <username>
|
|
#+end_src
|
|
|
|
This will generate a TOTP secret for the user and display it. The user should save this secret in their authenticator app.
|
|
|
|
To add a TOTP token with QR code generation:
|
|
|
|
#+begin_src bash
|
|
go run cmd/mcias/main.go totp add --username <username> --qr-output <path/to/qrcode.png>
|
|
#+end_src
|
|
|
|
To validate a TOTP code:
|
|
|
|
#+begin_src bash
|
|
go run cmd/mcias/main.go totp validate --username <username> --code <totp_code>
|
|
#+end_src
|
|
|
|
** Building from Source
|
|
|
|
To build the server binary:
|
|
|
|
#+begin_src bash
|
|
cd cmd/mcias
|
|
go build -o mcias
|
|
#+end_src
|
|
|
|
Then run the binary:
|
|
|
|
#+begin_src bash
|
|
./mcias server --db ./mcias.db
|
|
#+end_src
|
|
|
|
To build the client binary:
|
|
|
|
#+begin_src bash
|
|
cd cmd/mcias-client
|
|
go build -o mcias-client
|
|
#+end_src
|
|
|
|
** Development
|
|
|
|
*** Running Tests
|
|
|
|
To run all tests:
|
|
|
|
#+begin_src bash
|
|
go test ./...
|
|
#+end_src
|
|
|
|
*** Linting
|
|
|
|
To run the linter:
|
|
|
|
#+begin_src bash
|
|
golangci-lint run
|
|
#+end_src
|
|
|
|
** Using the API
|
|
|
|
*** Authentication with Password
|
|
|
|
To authenticate a user with a password:
|
|
|
|
#+begin_src bash
|
|
curl -X POST http://localhost:8080/v1/login/password \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"version": "v1",
|
|
"login": {
|
|
"user": "username",
|
|
"password": "password"
|
|
}
|
|
}'
|
|
#+end_src
|
|
|
|
*** Authentication with Token
|
|
|
|
To authenticate a user with a token:
|
|
|
|
#+begin_src bash
|
|
curl -X POST http://localhost:8080/v1/login/token \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"version": "v1",
|
|
"login": {
|
|
"user": "username",
|
|
"token": "your_token"
|
|
}
|
|
}'
|
|
#+end_src
|
|
|
|
*** Authentication with TOTP
|
|
|
|
To authenticate a user with a password and TOTP code:
|
|
|
|
#+begin_src bash
|
|
curl -X POST http://localhost:8080/v1/login/totp \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"version": "v1",
|
|
"login": {
|
|
"user": "username",
|
|
"password": "password",
|
|
"totp": "123456"
|
|
}
|
|
}'
|
|
#+end_src
|
|
|
|
*** Retrieving Database Credentials
|
|
|
|
To retrieve database credentials:
|
|
|
|
#+begin_src bash
|
|
curl -X GET "http://localhost:8080/v1/database/credentials?username=username" \
|
|
-H "Authorization: Bearer your_token"
|
|
#+end_src
|
|
|
|
** Troubleshooting
|
|
|
|
*** Common Issues
|
|
|
|
1. *Database errors*: Ensure the database file exists and has the correct permissions.
|
|
#+begin_src bash
|
|
# Check permissions
|
|
ls -l mcias.db
|
|
# Fix permissions if needed
|
|
chmod 644 mcias.db
|
|
#+end_src
|
|
|
|
2. *Port already in use*: If the port is already in use, specify a different port with the =-addr= flag.
|
|
#+begin_src bash
|
|
go run main.go -db ./mcias.db -addr :8081
|
|
#+end_src
|
|
|
|
3. *Authentication failures*: Ensure you're using the correct username and password/token.
|
|
|
|
*** Logging
|
|
|
|
MCIAS logs to stdout by default. To capture logs to a file:
|
|
|
|
#+begin_src bash
|
|
go run main.go -db ./mcias.db > mcias.log 2>&1
|
|
#+end_src
|
|
|
|
** Security Best Practices
|
|
|
|
1. *Production Deployment*:
|
|
- Use HTTPS in production
|
|
- Set up proper firewall rules
|
|
- Run the service with minimal privileges
|
|
|
|
2. *Database Security*:
|
|
- Regularly backup the database
|
|
- Restrict file permissions on the database file
|
|
- Consider encrypting the database file at rest
|
|
|
|
3. *User Management*:
|
|
- Implement strong password policies
|
|
- Regularly rotate tokens
|
|
- Monitor for suspicious authentication attempts
|