kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4596ea08ab6602546aef315ea025d6d91c522bca
mcias/cmd/mciasdb/role.go
Kyle Isom 59d51a1d38 Implement Phase 7: gRPC dual-stack interface 
- proto/mcias/v1/: AdminService, AuthService, TokenService,
  AccountService, CredentialService; generated Go stubs in gen/
- internal/grpcserver: full handler implementations sharing all
  business logic (auth, token, db, crypto) with REST server;
  interceptor chain: logging -> auth (JWT alg-first + revocation) ->
  rate-limit (token bucket, 10 req/s, burst 10, per-IP)
- internal/config: optional grpc_addr field in [server] section
- cmd/mciassrv: dual-stack startup; gRPC/TLS listener on grpc_addr
  when configured; graceful shutdown of both servers in 15s window
- cmd/mciasgrpcctl: companion gRPC CLI mirroring mciasctl commands
  (health, pubkey, account, role, token, pgcreds) using TLS with
  optional custom CA cert
- internal/grpcserver/grpcserver_test.go: 20 tests via bufconn covering
  public RPCs, auth interceptor (no token, invalid, revoked -> 401),
  non-admin -> 403, Login/Logout/RenewToken/ValidateToken flows,
  AccountService CRUD, SetPGCreds/GetPGCreds AES-GCM round-trip,
  credential fields absent from all responses
Security:
  JWT validation path identical to REST: alg header checked before
  signature, alg:none rejected, revocation table checked after sig.
  Authorization metadata value never logged by any interceptor.
  Credential fields (PasswordHash, TOTPSecret*, PGPassword) absent from
  all proto response messages — enforced by proto design and confirmed
  by test TestCredentialFieldsAbsentFromAccountResponse.
  Login dummy-Argon2 timing guard preserves timing uniformity for
  unknown users (same as REST handleLogin).
  TLS required at listener level; cmd/mciassrv uses
  credentials.NewServerTLSFromFile; no h2c offered.
137 tests pass, zero race conditions (go test -race ./...)
2026-03-11 14:38:47 -07:00

113 lines
2.6 KiB
Go
Raw Blame History

package main
import (
"flag"
"fmt"
"os"
"strings"
)
func (t *tool) runRole(args []string) {
if len(args) == 0 {
fatalf("role requires a subcommand: list, grant, revoke")
}
switch args[0] {
case "list":
t.roleList(args[1:])
case "grant":
t.roleGrant(args[1:])
case "revoke":
t.roleRevoke(args[1:])
default:
fatalf("unknown role subcommand %q", args[0])
}
}
func (t *tool) roleList(args []string) {
fs := flag.NewFlagSet("role list", flag.ExitOnError)
id := fs.String("id", "", "account UUID (required)")
_ = fs.Parse(args)
if *id == "" {
fatalf("role list: --id is required")
}
a, err := t.db.GetAccountByUUID(*id)
if err != nil {
fatalf("get account: %v", err)
}
roles, err := t.db.GetRoles(a.ID)
if err != nil {
fatalf("get roles: %v", err)
}
if len(roles) == 0 {
fmt.Printf("account %s has no roles\n", a.Username)
return
}
fmt.Printf("roles for %s (%s):\n", a.Username, a.UUID)
for _, r := range roles {
fmt.Printf(" %s\n", r)
}
}
func (t *tool) roleGrant(args []string) {
fs := flag.NewFlagSet("role grant", flag.ExitOnError)
id := fs.String("id", "", "account UUID (required)")
role := fs.String("role", "", "role to grant (required)")
_ = fs.Parse(args)
if *id == "" {
fatalf("role grant: --id is required")
}
if *role == "" {
fatalf("role grant: --role is required")
}
*role = strings.TrimSpace(*role)
a, err := t.db.GetAccountByUUID(*id)
if err != nil {
fatalf("get account: %v", err)
}
if err := t.db.GrantRole(a.ID, *role, nil); err != nil {
fatalf("grant role: %v", err)
}
if err := t.db.WriteAuditEvent("role_granted", nil, &a.ID, "", fmt.Sprintf(`{"actor":"mciasdb","role":%q}`, *role)); err != nil {
fmt.Fprintf(os.Stderr, "warning: write audit event: %v\n", err)
}
fmt.Printf("granted role %q to account %s\n", *role, a.Username)
}
func (t *tool) roleRevoke(args []string) {
fs := flag.NewFlagSet("role revoke", flag.ExitOnError)
id := fs.String("id", "", "account UUID (required)")
role := fs.String("role", "", "role to revoke (required)")
_ = fs.Parse(args)
if *id == "" {
fatalf("role revoke: --id is required")
}
if *role == "" {
fatalf("role revoke: --role is required")
}
a, err := t.db.GetAccountByUUID(*id)
if err != nil {
fatalf("get account: %v", err)
}
if err := t.db.RevokeRole(a.ID, *role); err != nil {
fatalf("revoke role: %v", err)
}
if err := t.db.WriteAuditEvent("role_revoked", nil, &a.ID, "", fmt.Sprintf(`{"actor":"mciasdb","role":%q}`, *role)); err != nil {
fmt.Fprintf(os.Stderr, "warning: write audit event: %v\n", err)
}
fmt.Printf("revoked role %q from account %s\n", *role, a.Username)
}
Reference in New Issue View Git Blame Copy Permalink