Changeset 329 in code for trunk

Timestamp:

Jun 8, 2020, 8:30:09 PM (5 years ago)

Author:

delthas

Message:

Add support for the user create admin service command

This adds support for user create, a new service command only accessible
to admin users. This lets users create other users on the fly and makes
soju start the user routine immediately; unlike sojuctl which currently
requires closing soju, creating the user, and starting soju again.

Location:

trunk

Files:

• doc/soju.1.scd (modified) (2 diffs)
• server.go (modified) (1 diff)
• service.go (modified) (2 diffs)

trunk/doc/soju.1.scd

@@ -139 +139 @@
                 is used.
 
+*network delete* <name>
+        Disconnect and delete a network.
+
+*network status*
+        Show a list of saved networks and their current status.
+
 *certfp generate* *[options...]* <network name>
         Generate self-signed certificate and use it for authentication.
@@ -160 +166 @@
         Disable SASL EXTERNAL authentication and remove stored certificate.
 
+*user create* -username <username> -password <password> [-admin]
+    Create a new soju user. Only admin users can create new accounts.
+
 *change-password* <new password>
         Change current user password.
-
-*network delete* <name>
-        Disconnect and delete a network.
-
-*network status*
-        Show a list of saved networks and their current status.
 
 # AUTHORS

trunk/server.go

@@ -89 +89 @@
 }
 
+func (s *Server) createUser(user *User) (*user, error) {
+        s.lock.Lock()
+        defer s.lock.Unlock()
+
+        if _, ok := s.users[user.Username]; ok {
+                return nil, fmt.Errorf("user %q already exists", user.Username)
+        }
+
+        err := s.db.StoreUser(user)
+        if err != nil {
+                return nil, fmt.Errorf("could not create user in db: %v", err)
+        }
+
+        s.Logger.Printf("starting bouncer for new user %q", user.Username)
+        u := newUser(s, user)
+        s.users[u.Username] = u
+        go u.run()
+        return u, nil
+}
+
 func (s *Server) getUser(name string) *user {
         s.lock.Lock()

trunk/service.go

@@ -163 +163 @@
                         },
                 },
+                "user": {
+                        children: serviceCommandSet{
+                                "create": {
+                                        usage:  "-username <username> -password <password> [-admin]",
+                                        desc:   "create a new soju user",
+                                        handle: handleUserCreate,
+                                        admin:  true,
+                                },
+                        },
+                        admin: true,
+                },
                 "change-password": {
                         usage:  "<new password>",
@@ -568 +579 @@
         return nil
 }
+
+func handleUserCreate(dc *downstreamConn, params []string) error {
+        fs := newFlagSet()
+        username := fs.String("username", "", "")
+        password := fs.String("password", "", "")
+        admin := fs.Bool("admin", false, "")
+
+        if err := fs.Parse(params); err != nil {
+                return err
+        }
+        if *username == "" {
+                return fmt.Errorf("flag -username is required")
+        }
+        if *password == "" {
+                return fmt.Errorf("flag -password is required")
+        }
+
+        hashed, err := bcrypt.GenerateFromPassword([]byte(*password), bcrypt.DefaultCost)
+        if err != nil {
+                return fmt.Errorf("failed to hash password: %v", err)
+        }
+
+        user := &User{
+                Username: *username,
+                Password: string(hashed),
+                Admin:    *admin,
+        }
+        if _, err := dc.srv.createUser(user); err != nil {
+                return fmt.Errorf("could not create user: %v", err)
+        }
+
+        sendServicePRIVMSG(dc, fmt.Sprintf("created user %q", *username))
+        return nil
+}