kyle
/
mcias
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11 Commits 1 Branch 0 Tags 197 KiB
Go 100%
Go to file
Kyle Isom 95d96732d2 Junie: TOTP flow update and db migrations. 2025-06-06 12:42:23 -07:00
.junie Core implementation written with Junie. 2025-06-06 10:15:49 -07:00
api Junie: TOTP flow update and db migrations. 2025-06-06 12:42:23 -07:00
cmd Junie: TOTP flow update and db migrations. 2025-06-06 12:42:23 -07:00
data Junie: TOTP flow update and db migrations. 2025-06-06 12:42:23 -07:00
database Junie: TOTP flow update and db migrations. 2025-06-06 12:42:23 -07:00
docs Core implementation written with Junie. 2025-06-06 10:15:49 -07:00
.gitignore Junie: TOTP flow update and db migrations. 2025-06-06 12:42:23 -07:00
.golangci.yml Junie: add TOTP authentication 2025-06-06 11:35:49 -07:00
README.org Junie: TOTP flow update and db migrations. 2025-06-06 12:42:23 -07:00
go.mod Junie: TOTP flow update and db migrations. 2025-06-06 12:42:23 -07:00
go.sum Junie: TOTP flow update and db migrations. 2025-06-06 12:42:23 -07:00
schema.sql get it testing 2025-05-09 17:33:01 -07:00

README.org

MCIAS

MCIAS

MCIAS is the metacircular identity and access system, providing identity and authentication across metacircular projects.

It currently provides the following across metacircular services:

  1. User password authentication.
  2. User token authentication.
  3. Database credential authentication.

Future work should consider adding support for:

  1. TOTP (Time-based One-Time Password)
  2. Policy management for fine-grained access control.

Documentation

Comprehensive documentation is available in the docs directory:

  • Overview - Project overview, system architecture, database schema, and security considerations
  • API Documentation - API endpoints, request/response formats, error handling, and authentication flow
  • Installation and Usage Guide - Prerequisites, installation steps, running the server, and more

Quick Start

To get started with MCIAS:

  1. Initialize the database:

    go run main.go init --db ./mcias.db

  2. Start the server:

    go run main.go server --db ./mcias.db
  3. The server will listen on port 8080 by default.

CLI Commands

MCIAS provides two command-line interfaces:

  1. The server CLI (`mcias`) for managing the MCIAS server
  2. The client CLI (`mcias-client`) for interacting with the MCIAS server

Server CLI Commands

Server Command

Start the MCIAS server:

go run main.go server [--db <path>] [--addr <address>]

Init Command

Initialize the database:

go run main.go init [--db <path>]

User Commands

Add a new user:

go run main.go user add --username <username> --password <password>

List all users:

go run main.go user list

Token Commands

Add a new token for a user:

go run main.go token add --username <username> [--duration <hours>]

List all tokens:

go run main.go token list

Migrate Commands

Apply database migrations:

go run main.go migrate up [--migrations <dir>] [--steps <n>]

Revert database migrations:

go run main.go migrate down [--migrations <dir>] [--steps <n>]

Show current migration version:

go run main.go migrate version [--migrations <dir>]

API Overview

Authentication Endpoints

/v1/login/password

Password-based authentication endpoint.

/v1/login/token

Token-based authentication endpoint.

/v1/credentials/database

Database credential authentication endpoint (not yet fully implemented).

Request Format

The general datastructure used to log in should look like:

{
    "version": "v1",
    "login": {
        "user": "username",
        "password": "secret password",
        "token": "1234567890",
        "totp": "123456"
    }
}

Any fields that aren't used should be omitted. The version and login.user types are required, as well as the appropriate credential field.

Development

  • Run tests: go test ./...
  • Run linter: golangci-lint run
  • Run specific linter: golangci-lint run --disable-all --enable=gosec

The project uses a strict golangci-lint configuration defined in .golangci.yml. This configuration includes a comprehensive set of linters focused on:

  • Security best practices
  • Code quality and maintainability
  • Performance considerations
  • Error handling correctness

See the Installation and Usage Guide for more details.

Client Tool

MCIAS includes a separate command-line client tool (`mcias-client`) that can be used to interact with the MCIAS server. The client tool provides access to all the APIs defined in the server.

Installation

To build and install the client tool:

cd cmd/mcias-client
go build -o mcias-client
# Optional: Move to a directory in your PATH
sudo mv mcias-client /usr/local/bin/

Client CLI Commands

Login Commands

Login with username and password:

mcias-client login password --username <username> --password <password> [--totp <code>]

Login with a token:

mcias-client login token --username <username> --token <token>

Database Commands

Get database credentials:

mcias-client database credentials --username <username> --token <token>

Or use a stored token from a previous login:

mcias-client database credentials --use-stored

Configuration

The client tool can be configured using command-line flags or a configuration file:

  • `server`: MCIAS server address (default: http://localhost:8080)
  • `token-file`: File to store authentication token (default: $HOME/.mcias-token)
  • `config`: Config file (default: $HOME/.mcias-client.yaml)

Example configuration file ($HOME/.mcias-client.yaml):

server: "http://mcias.example.com:8080"
token-file: "/path/to/token/file"