kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a80242ae3e4d1dace25150cc62262d023a8fd623
mcias/cmd/mciasdb/token.go
Kyle Isom 59d51a1d38 Implement Phase 7: gRPC dual-stack interface 
- proto/mcias/v1/: AdminService, AuthService, TokenService,
  AccountService, CredentialService; generated Go stubs in gen/
- internal/grpcserver: full handler implementations sharing all
  business logic (auth, token, db, crypto) with REST server;
  interceptor chain: logging -> auth (JWT alg-first + revocation) ->
  rate-limit (token bucket, 10 req/s, burst 10, per-IP)
- internal/config: optional grpc_addr field in [server] section
- cmd/mciassrv: dual-stack startup; gRPC/TLS listener on grpc_addr
  when configured; graceful shutdown of both servers in 15s window
- cmd/mciasgrpcctl: companion gRPC CLI mirroring mciasctl commands
  (health, pubkey, account, role, token, pgcreds) using TLS with
  optional custom CA cert
- internal/grpcserver/grpcserver_test.go: 20 tests via bufconn covering
  public RPCs, auth interceptor (no token, invalid, revoked -> 401),
  non-admin -> 403, Login/Logout/RenewToken/ValidateToken flows,
  AccountService CRUD, SetPGCreds/GetPGCreds AES-GCM round-trip,
  credential fields absent from all responses
Security:
  JWT validation path identical to REST: alg header checked before
  signature, alg:none rejected, revocation table checked after sig.
  Authorization metadata value never logged by any interceptor.
  Credential fields (PasswordHash, TOTPSecret*, PGPassword) absent from
  all proto response messages — enforced by proto design and confirmed
  by test TestCredentialFieldsAbsentFromAccountResponse.
  Login dummy-Argon2 timing guard preserves timing uniformity for
  unknown users (same as REST handleLogin).
  TLS required at listener level; cmd/mciassrv uses
  credentials.NewServerTLSFromFile; no h2c offered.
137 tests pass, zero race conditions (go test -race ./...)
2026-03-11 14:38:47 -07:00

131 lines
3.1 KiB
Go
Raw Blame History

package main
import (
"flag"
"fmt"
"os"
"strings"
)
func (t *tool) runToken(args []string) {
if len(args) == 0 {
fatalf("token requires a subcommand: list, revoke, revoke-all")
}
switch args[0] {
case "list":
t.tokenList(args[1:])
case "revoke":
t.tokenRevoke(args[1:])
case "revoke-all":
t.tokenRevokeAll(args[1:])
default:
fatalf("unknown token subcommand %q", args[0])
}
}
func (t *tool) runPrune(args []string) {
if len(args) == 0 {
fatalf("prune requires a subcommand: tokens")
}
switch args[0] {
case "tokens":
t.pruneTokens()
default:
fatalf("unknown prune subcommand %q", args[0])
}
}
func (t *tool) tokenList(args []string) {
fs := flag.NewFlagSet("token list", flag.ExitOnError)
id := fs.String("id", "", "account UUID (required)")
_ = fs.Parse(args)
if *id == "" {
fatalf("token list: --id is required")
}
a, err := t.db.GetAccountByUUID(*id)
if err != nil {
fatalf("get account: %v", err)
}
records, err := t.db.ListTokensForAccount(a.ID)
if err != nil {
fatalf("list tokens: %v", err)
}
if len(records) == 0 {
fmt.Printf("no token records for account %s\n", a.Username)
return
}
fmt.Printf("tokens for %s (%s):\n", a.Username, a.UUID)
fmt.Printf("%-36s %-20s %-20s %-20s\n", "JTI", "ISSUED AT", "EXPIRES AT", "REVOKED AT")
fmt.Println(strings.Repeat("-", 100))
for _, r := range records {
revokedAt := "-"
if r.RevokedAt != nil {
revokedAt = r.RevokedAt.Format("2006-01-02T15:04:05Z")
}
fmt.Printf("%-36s %-20s %-20s %-20s\n",
r.JTI,
r.IssuedAt.Format("2006-01-02T15:04:05Z"),
r.ExpiresAt.Format("2006-01-02T15:04:05Z"),
revokedAt,
)
}
}
func (t *tool) tokenRevoke(args []string) {
fs := flag.NewFlagSet("token revoke", flag.ExitOnError)
jti := fs.String("jti", "", "JTI of the token to revoke (required)")
_ = fs.Parse(args)
if *jti == "" {
fatalf("token revoke: --jti is required")
}
if err := t.db.RevokeToken(*jti, "mciasdb"); err != nil {
fatalf("revoke token: %v", err)
}
if err := t.db.WriteAuditEvent("token_revoked", nil, nil, "", fmt.Sprintf(`{"actor":"mciasdb","jti":%q}`, *jti)); err != nil {
fmt.Fprintf(os.Stderr, "warning: write audit event: %v\n", err)
}
fmt.Printf("token %s revoked\n", *jti)
}
func (t *tool) tokenRevokeAll(args []string) {
fs := flag.NewFlagSet("token revoke-all", flag.ExitOnError)
id := fs.String("id", "", "account UUID (required)")
_ = fs.Parse(args)
if *id == "" {
fatalf("token revoke-all: --id is required")
}
a, err := t.db.GetAccountByUUID(*id)
if err != nil {
fatalf("get account: %v", err)
}
if err := t.db.RevokeAllUserTokens(a.ID, "mciasdb"); err != nil {
fatalf("revoke all tokens: %v", err)
}
if err := t.db.WriteAuditEvent("token_revoked", nil, &a.ID, "", `{"actor":"mciasdb","action":"revoke_all"}`); err != nil {
fmt.Fprintf(os.Stderr, "warning: write audit event: %v\n", err)
}
fmt.Printf("all active tokens revoked for account %s\n", a.Username)
}
func (t *tool) pruneTokens() {
count, err := t.db.PruneExpiredTokens()
if err != nil {
fatalf("prune expired tokens: %v", err)
}
fmt.Printf("pruned %d expired token record(s)\n", count)
}
Reference in New Issue View Git Blame Copy Permalink