add password prompt for setup db password

b03bb129 · Gabriel Zachmann · cefabac6 · b03bb129 · b03bb129 · b03bb129
Commit b03bb129 authored 4 years ago by Gabriel Zachmann
--- a/cmd/mytoken-server/mytoken-setup/setup.go
+++ b/cmd/mytoken-server/mytoken-setup/setup.go
@@ -54,8 +54,8 @@ func main() {

 type commandGenSigningKey struct{}
 type commandCreateDB struct {
-	Username string `short:"u" long:"user" default:"root" description:"This username is used to connect to the database to create a new database, database user, and tables."`
-	Password string `short:"p" long:"password" description:"The password for the database user"`
+	Username string  `short:"u" long:"user" default:"root" description:"This username is used to connect to the database to create a new database, database user, and tables."`
+	Password *string `short:"p" optional:"true" optional-value:"" long:"password" description:"The password for the database user"`
 }
 type commandInstallGeoIPDB struct{}

@@ -85,7 +85,13 @@ func (c *commandGenSigningKey) Execute(args []string) error {

 // Execute implements the flags.Commander interface
 func (c *commandCreateDB) Execute(args []string) error {
-	dsn := fmt.Sprintf("%s:%s@%s(%s)/", c.Username, c.Password, "tcp", config.Get().DB.Host)
+	password := ""
+	if c.Password != nil && len(*c.Password) == 0 { // -p specified without argument
+		password = prompter.Password("Database Password")
+	}
+	fmt.Printf("%s:%s\n", c.Username, password)
+	os.Exit(0)
+	dsn := fmt.Sprintf("%s:%s@%s(%s)/", c.Username, password, "tcp", config.Get().DB.Host)
 	if err := db.ConnectDSN(dsn); err != nil {
 		return err
 	}

--- a/internal/client/commands/at.go
+++ b/internal/client/commands/at.go
@@ -9,7 +9,7 @@ import (
 // atCommand is a type for holding and handling the AT command
 type atCommand struct {
 	generalOptions
-	Scopes    []string `long:"scope" description:"Request the passed scope. Can be used multiple times"`
+	Scopes    []string `long:"scope" short:"s" description:"Request the passed scope. Can be used multiple times"`
 	Audiences []string `long:"aud" description:"Request the passed audience. Can be used multiple times"`
 }


--- a/internal/client/commands/st.go
+++ b/internal/client/commands/st.go
@@ -46,11 +46,11 @@ type CommonSTOptions struct {
 	TransferCode string `long:"TC" description:"Use the passed transfer code to exchange it into a super token"`
 	OIDCFlow     string `long:"oidc" choice:"auth" choice:"device" choice:"default" optional:"true" optional-value:"default" description:"Use the passed OpenID Connect flow to create a super token"`

-	Capabilities         []string `long:"capability" default:"default" description:"Request the passed capabilities. Can be used multiple times"` //TODO
-	SubtokenCapabilities []string `long:"subtoken-capability" description:"Request the passed subtoken capabilities. Can be used multiple times"` //TODO
+	Capabilities         []string `long:"capability" default:"default" description:"Request the passed capabilities. Can be used multiple times"`
+	SubtokenCapabilities []string `long:"subtoken-capability" description:"Request the passed subtoken capabilities. Can be used multiple times"`
 	Restrictions         string   `long:"restrictions" description:"The restrictions that restrict the requested super token. Can be a json object or array or '@<filepath>' where <filepath> is the path to a json file.'"`

-	RestrictScopes      []string `long:"scope" description:"Restrict the supertoken so that it can only be used to request ATs with these scopes. Can be used multiple times. Overwritten by --restriction."`
+	RestrictScopes      []string `long:"scope" short:"s" description:"Restrict the supertoken so that it can only be used to request ATs with these scopes. Can be used multiple times. Overwritten by --restriction."`
 	RestrictAudiences   []string `long:"aud" description:"Restrict the supertoken so that it can only be used to request ATs with these audiences. Can be used multiple times. Overwritten by --restriction."`
 	RestrictExp         string   `long:"exp" description:"Restrict the supertoken so that it cannot be used after this time. The time given can be an absolute time given as a unix timestamp, a relative time string starting with '+' or an absolute time string."`
 	RestrictNbf         string   `long:"nbf" description:"Restrict the supertoken so that it cannot be used before this time. The time given can be an absolute time given as a unix timestamp, a relative time string starting with '+' or an absolute time string."`

--- a/internal/client/utils/cryptutils/cryptutils.go
+++ b/internal/client/utils/cryptutils/cryptutils.go
@@ -2,12 +2,10 @@ package cryptutils

 import (
 	"encoding/base64"
-	"fmt"
 	"os/exec"
 	"strings"
-	"syscall"

-	"golang.org/x/crypto/ssh/terminal"
+	"github.com/Songmu/prompter"

 	"github.com/zachmann/mytoken/internal/utils/cryptUtils"
 )
@@ -39,22 +37,14 @@ func DecryptGPG(ciph, id string) (string, error) {
 	return string(out), nil
 }

+// EncryptPassword encrypts the given string using a password which the user is prompted for
 func EncryptPassword(str string) (string, error) {
-	fmt.Printf("Enter encryption password: ")
-	password, err := terminal.ReadPassword(syscall.Stdin)
-	fmt.Println()
-	if err != nil {
-		return "", err
-	}
-	return cryptUtils.AES256Encrypt(str, string(password))
+	password := prompter.Password("Enter encryption password")
+	return cryptUtils.AES256Encrypt(str, password)
 }

+// DecryptPassword decrypts the given string using a password which the user is prompted for
 func DecryptPassword(ciph string) (string, error) {
-	fmt.Printf("Enter decryption password: ")
-	password, err := terminal.ReadPassword(syscall.Stdin)
-	fmt.Println()
-	if err != nil {
-		return "", err
-	}
-	return cryptUtils.AES256Decrypt(ciph, string(password))
+	password := prompter.Password("Enter decryption password")
+	return cryptUtils.AES256Decrypt(ciph, password)
 }