diff --git a/combined/cmd/root.go b/combined/cmd/root.go index 8837fea44..0ec0e9480 100644 --- a/combined/cmd/root.go +++ b/combined/cmd/root.go @@ -62,6 +62,8 @@ Configuration is loaded from a YAML file specified with --config.`, func init() { rootCmd.PersistentFlags().StringVarP(&configPath, "config", "c", "", "path to YAML configuration file (required)") _ = rootCmd.MarkPersistentFlagRequired("config") + + rootCmd.AddCommand(newTokenCommands()) } func Execute() error { diff --git a/combined/cmd/token.go b/combined/cmd/token.go new file mode 100644 index 000000000..9393c6c46 --- /dev/null +++ b/combined/cmd/token.go @@ -0,0 +1,60 @@ +package cmd + +import ( + "context" + "fmt" + "os" + "strings" + + log "github.com/sirupsen/logrus" + "github.com/spf13/cobra" + + "github.com/netbirdio/netbird/formatter/hook" + tokencmd "github.com/netbirdio/netbird/management/cmd/token" + "github.com/netbirdio/netbird/management/server/store" + "github.com/netbirdio/netbird/management/server/types" + "github.com/netbirdio/netbird/util" +) + +// newTokenCommands creates the token command tree with combined-specific store opener. +func newTokenCommands() *cobra.Command { + return tokencmd.NewCommands(withTokenStore) +} + +// withTokenStore loads the combined YAML config, initializes the store, and calls fn. +func withTokenStore(cmd *cobra.Command, fn func(ctx context.Context, s store.Store) error) error { + if err := util.InitLog("error", "console"); err != nil { + return fmt.Errorf("init log: %w", err) + } + + ctx := context.WithValue(cmd.Context(), hook.ExecutionContextKey, hook.SystemSource) //nolint:staticcheck + + cfg, err := LoadConfig(configPath) + if err != nil { + return fmt.Errorf("load config: %w", err) + } + + if dsn := cfg.Server.Store.DSN; dsn != "" { + switch strings.ToLower(cfg.Server.Store.Engine) { + case "postgres": + os.Setenv("NB_STORE_ENGINE_POSTGRES_DSN", dsn) + case "mysql": + os.Setenv("NB_STORE_ENGINE_MYSQL_DSN", dsn) + } + } + + datadir := cfg.Management.DataDir + engine := types.Engine(cfg.Management.Store.Engine) + + s, err := store.NewStore(ctx, engine, datadir, nil, true) + if err != nil { + return fmt.Errorf("create store: %w", err) + } + defer func() { + if err := s.Close(ctx); err != nil { + log.Debugf("close store: %v", err) + } + }() + + return fn(ctx, s) +} diff --git a/management/cmd/root.go b/management/cmd/root.go index 2eca7859d..3cb2bceb6 100644 --- a/management/cmd/root.go +++ b/management/cmd/root.go @@ -81,9 +81,7 @@ func init() { rootCmd.AddCommand(migrationCmd) - tokenCmd.PersistentFlags().StringVar(&nbconfig.MgmtConfigPath, "config", defaultMgmtConfig, "Netbird config file location") - tokenCmd.AddCommand(tokenCreateCmd) - tokenCmd.AddCommand(tokenListCmd) - tokenCmd.AddCommand(tokenRevokeCmd) - rootCmd.AddCommand(tokenCmd) + tc := newTokenCommands() + tc.PersistentFlags().StringVar(&nbconfig.MgmtConfigPath, "config", defaultMgmtConfig, "Netbird config file location") + rootCmd.AddCommand(tc) } diff --git a/management/cmd/token.go b/management/cmd/token.go index f0e0d9945..67af1a5f5 100644 --- a/management/cmd/token.go +++ b/management/cmd/token.go @@ -3,62 +3,24 @@ package cmd import ( "context" "fmt" - "os" - "strconv" - "text/tabwriter" - "time" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/netbirdio/netbird/formatter/hook" + tokencmd "github.com/netbirdio/netbird/management/cmd/token" nbconfig "github.com/netbirdio/netbird/management/internals/server/config" "github.com/netbirdio/netbird/management/server/store" - "github.com/netbirdio/netbird/management/server/types" "github.com/netbirdio/netbird/util" ) -var ( - tokenName string - tokenExpireIn string - tokenDatadir string +var tokenDatadir string - tokenCmd = &cobra.Command{ - Use: "token", - Short: "Manage proxy access tokens", - Long: "Commands for creating, listing, and revoking proxy access tokens used by reverse proxy instances to authenticate with the management server.", - } - - tokenCreateCmd = &cobra.Command{ - Use: "create", - Short: "Create a new proxy access token", - Long: "Creates a new proxy access token. The plain text token is displayed only once at creation time.", - RunE: tokenCreateRun, - } - - tokenListCmd = &cobra.Command{ - Use: "list", - Aliases: []string{"ls"}, - Short: "List all proxy access tokens", - Long: "Lists all proxy access tokens with their IDs, names, creation dates, expiration, and revocation status.", - RunE: tokenListRun, - } - - tokenRevokeCmd = &cobra.Command{ - Use: "revoke [token-id]", - Short: "Revoke a proxy access token", - Long: "Revokes a proxy access token by its ID. Revoked tokens can no longer be used for authentication.", - Args: cobra.ExactArgs(1), - RunE: tokenRevokeRun, - } -) - -func init() { - tokenCmd.PersistentFlags().StringVar(&tokenDatadir, "datadir", "", "Override the data directory from config (where store.db is located)") - - tokenCreateCmd.Flags().StringVar(&tokenName, "name", "", "Name for the token (required)") - tokenCreateCmd.Flags().StringVar(&tokenExpireIn, "expires-in", "", "Token expiration duration (e.g., 365d, 24h, 30d). Empty means no expiration") - tokenCreateCmd.MarkFlagRequired("name") //nolint +// newTokenCommands creates the token command tree with management-specific store opener. +func newTokenCommands() *cobra.Command { + cmd := tokencmd.NewCommands(withTokenStore) + cmd.PersistentFlags().StringVar(&tokenDatadir, "datadir", "", "Override the data directory from config (where store.db is located)") + return cmd } // withTokenStore initializes logging, loads config, opens the store, and calls fn. @@ -67,8 +29,7 @@ func withTokenStore(cmd *cobra.Command, fn func(ctx context.Context, s store.Sto return fmt.Errorf("init log: %w", err) } - //nolint - ctx := context.WithValue(cmd.Context(), hook.ExecutionContextKey, hook.SystemSource) + ctx := context.WithValue(cmd.Context(), hook.ExecutionContextKey, hook.SystemSource) //nolint:staticcheck config, err := LoadMgmtConfig(ctx, nbconfig.MgmtConfigPath) if err != nil { @@ -92,118 +53,3 @@ func withTokenStore(cmd *cobra.Command, fn func(ctx context.Context, s store.Sto return fn(ctx, s) } - -func tokenCreateRun(cmd *cobra.Command, _ []string) error { - return withTokenStore(cmd, func(ctx context.Context, s store.Store) error { - expiresIn, err := parseDuration(tokenExpireIn) - if err != nil { - return fmt.Errorf("parse expiration: %w", err) - } - - generated, err := types.CreateNewProxyAccessToken(tokenName, expiresIn, nil, "CLI") - if err != nil { - return fmt.Errorf("generate token: %w", err) - } - - if err := s.SaveProxyAccessToken(ctx, &generated.ProxyAccessToken); err != nil { - return fmt.Errorf("save token: %w", err) - } - - fmt.Println("Token created successfully!") //nolint:forbidigo - fmt.Printf("Token: %s\n", generated.PlainToken) //nolint:forbidigo - fmt.Println() //nolint:forbidigo - fmt.Println("IMPORTANT: Save this token now. It will not be shown again.") //nolint:forbidigo - fmt.Printf("Token ID: %s\n", generated.ID) //nolint:forbidigo - - return nil - }) -} - -func tokenListRun(cmd *cobra.Command, _ []string) error { - return withTokenStore(cmd, func(ctx context.Context, s store.Store) error { - tokens, err := s.GetAllProxyAccessTokens(ctx, store.LockingStrengthNone) - if err != nil { - return fmt.Errorf("list tokens: %w", err) - } - - if len(tokens) == 0 { - fmt.Println("No proxy access tokens found.") //nolint:forbidigo - return nil - } - - w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - fmt.Fprintln(w, "ID\tNAME\tCREATED\tEXPIRES\tLAST USED\tREVOKED") - fmt.Fprintln(w, "--\t----\t-------\t-------\t---------\t-------") - - for _, t := range tokens { - expires := "never" - if t.ExpiresAt != nil { - expires = t.ExpiresAt.Format("2006-01-02") - } - - lastUsed := "never" - if t.LastUsed != nil { - lastUsed = t.LastUsed.Format("2006-01-02 15:04") - } - - revoked := "no" - if t.Revoked { - revoked = "yes" - } - - fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\n", - t.ID, - t.Name, - t.CreatedAt.Format("2006-01-02"), - expires, - lastUsed, - revoked, - ) - } - - w.Flush() - - return nil - }) -} - -func tokenRevokeRun(cmd *cobra.Command, args []string) error { - return withTokenStore(cmd, func(ctx context.Context, s store.Store) error { - tokenID := args[0] - - if err := s.RevokeProxyAccessToken(ctx, tokenID); err != nil { - return fmt.Errorf("revoke token: %w", err) - } - - fmt.Printf("Token %s revoked successfully.\n", tokenID) //nolint:forbidigo - return nil - }) -} - -// parseDuration parses a duration string with support for days (e.g., "30d", "365d"). -// An empty string returns zero duration (no expiration). -func parseDuration(s string) (time.Duration, error) { - if len(s) == 0 { - return 0, nil - } - - if s[len(s)-1] == 'd' { - d, err := strconv.Atoi(s[:len(s)-1]) - if err != nil { - return 0, fmt.Errorf("invalid day format: %s", s) - } - if d <= 0 { - return 0, fmt.Errorf("duration must be positive: %s", s) - } - return time.Duration(d) * 24 * time.Hour, nil - } - - d, err := time.ParseDuration(s) - if err != nil { - return 0, err - } - if d <= 0 { - return 0, fmt.Errorf("duration must be positive: %s", s) - } - return d, nil -} diff --git a/management/cmd/token/token.go b/management/cmd/token/token.go new file mode 100644 index 000000000..93921ca40 --- /dev/null +++ b/management/cmd/token/token.go @@ -0,0 +1,185 @@ +// Package tokencmd provides reusable cobra commands for managing proxy access tokens. +// Both the management and combined binaries use these commands, each providing +// their own StoreOpener to handle config loading and store initialization. +package tokencmd + +import ( + "context" + "fmt" + "io" + "strconv" + "text/tabwriter" + "time" + + "github.com/spf13/cobra" + + "github.com/netbirdio/netbird/management/server/store" + "github.com/netbirdio/netbird/management/server/types" +) + +// StoreOpener initializes a store from the command context and calls fn. +type StoreOpener func(cmd *cobra.Command, fn func(ctx context.Context, s store.Store) error) error + +// NewCommands creates the token command tree with the given store opener. +// Returns the parent "token" command with create, list, and revoke subcommands. +func NewCommands(opener StoreOpener) *cobra.Command { + var ( + tokenName string + tokenExpireIn string + ) + + tokenCmd := &cobra.Command{ + Use: "token", + Short: "Manage proxy access tokens", + Long: "Commands for creating, listing, and revoking proxy access tokens used by reverse proxy instances to authenticate with the management server.", + } + + createCmd := &cobra.Command{ + Use: "create", + Short: "Create a new proxy access token", + Long: "Creates a new proxy access token. The plain text token is displayed only once at creation time.", + RunE: func(cmd *cobra.Command, _ []string) error { + return opener(cmd, func(ctx context.Context, s store.Store) error { + return runCreate(ctx, s, cmd.OutOrStdout(), tokenName, tokenExpireIn) + }) + }, + } + createCmd.Flags().StringVar(&tokenName, "name", "", "Name for the token (required)") + createCmd.Flags().StringVar(&tokenExpireIn, "expires-in", "", "Token expiration duration (e.g., 365d, 24h, 30d). Empty means no expiration") + if err := createCmd.MarkFlagRequired("name"); err != nil { + panic(err) + } + + listCmd := &cobra.Command{ + Use: "list", + Aliases: []string{"ls"}, + Short: "List all proxy access tokens", + Long: "Lists all proxy access tokens with their IDs, names, creation dates, expiration, and revocation status.", + RunE: func(cmd *cobra.Command, _ []string) error { + return opener(cmd, func(ctx context.Context, s store.Store) error { + return runList(ctx, s, cmd.OutOrStdout()) + }) + }, + } + + revokeCmd := &cobra.Command{ + Use: "revoke [token-id]", + Short: "Revoke a proxy access token", + Long: "Revokes a proxy access token by its ID. Revoked tokens can no longer be used for authentication.", + Args: cobra.ExactArgs(1), + RunE: func(cmd *cobra.Command, args []string) error { + return opener(cmd, func(ctx context.Context, s store.Store) error { + return runRevoke(ctx, s, cmd.OutOrStdout(), args[0]) + }) + }, + } + + tokenCmd.AddCommand(createCmd, listCmd, revokeCmd) + return tokenCmd +} + +func runCreate(ctx context.Context, s store.Store, w io.Writer, name string, expireIn string) error { + expiresIn, err := ParseDuration(expireIn) + if err != nil { + return fmt.Errorf("parse expiration: %w", err) + } + + generated, err := types.CreateNewProxyAccessToken(name, expiresIn, nil, "CLI") + if err != nil { + return fmt.Errorf("generate token: %w", err) + } + + if err := s.SaveProxyAccessToken(ctx, &generated.ProxyAccessToken); err != nil { + return fmt.Errorf("save token: %w", err) + } + + fmt.Fprintln(w, "Token created successfully!") + fmt.Fprintf(w, "Token: %s\n", generated.PlainToken) + fmt.Fprintln(w) + fmt.Fprintln(w, "IMPORTANT: Save this token now. It will not be shown again.") + fmt.Fprintf(w, "Token ID: %s\n", generated.ID) + return nil +} + +func runList(ctx context.Context, s store.Store, out io.Writer) error { + tokens, err := s.GetAllProxyAccessTokens(ctx, store.LockingStrengthNone) + if err != nil { + return fmt.Errorf("list tokens: %w", err) + } + + if len(tokens) == 0 { + fmt.Fprintln(out, "No proxy access tokens found.") + return nil + } + + w := tabwriter.NewWriter(out, 0, 0, 2, ' ', 0) + fmt.Fprintln(w, "ID\tNAME\tCREATED\tEXPIRES\tLAST USED\tREVOKED") + fmt.Fprintln(w, "--\t----\t-------\t-------\t---------\t-------") + + for _, t := range tokens { + expires := "never" + if t.ExpiresAt != nil { + expires = t.ExpiresAt.Format("2006-01-02") + } + + lastUsed := "never" + if t.LastUsed != nil { + lastUsed = t.LastUsed.Format("2006-01-02 15:04") + } + + revoked := "no" + if t.Revoked { + revoked = "yes" + } + + fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\n", + t.ID, + t.Name, + t.CreatedAt.Format("2006-01-02"), + expires, + lastUsed, + revoked, + ) + } + + w.Flush() + + return nil +} + +func runRevoke(ctx context.Context, s store.Store, w io.Writer, tokenID string) error { + if err := s.RevokeProxyAccessToken(ctx, tokenID); err != nil { + return fmt.Errorf("revoke token: %w", err) + } + + fmt.Fprintf(w, "Token %s revoked successfully.\n", tokenID) + return nil +} + +// ParseDuration parses a duration string with support for days (e.g., "30d", "365d"). +// An empty string returns zero duration (no expiration). +func ParseDuration(s string) (time.Duration, error) { + if len(s) == 0 { + return 0, nil + } + + if s[len(s)-1] == 'd' { + d, err := strconv.Atoi(s[:len(s)-1]) + if err != nil { + return 0, fmt.Errorf("invalid day format: %s", s) + } + if d <= 0 { + return 0, fmt.Errorf("duration must be positive: %s", s) + } + return time.Duration(d) * 24 * time.Hour, nil + } + + d, err := time.ParseDuration(s) + if err != nil { + return 0, err + } + if d <= 0 { + return 0, fmt.Errorf("duration must be positive: %s", s) + } + return d, nil +} diff --git a/management/cmd/token_test.go b/management/cmd/token/token_test.go similarity index 96% rename from management/cmd/token_test.go rename to management/cmd/token/token_test.go index 35ac0895e..d554bbe45 100644 --- a/management/cmd/token_test.go +++ b/management/cmd/token/token_test.go @@ -1,4 +1,4 @@ -package cmd +package tokencmd import ( "testing" @@ -89,7 +89,7 @@ func TestParseDuration(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - result, err := parseDuration(tt.input) + result, err := ParseDuration(tt.input) if tt.wantErr { assert.Error(t, err) return