From 97f4acb98e7805ee428f73bbf3cdababc3a864e4 Mon Sep 17 00:00:00 2001 From: Falk Werner Date: Sat, 4 Feb 2023 09:59:32 +0100 Subject: [PATCH] allow to specify authentication token via command line or environment variable --- doc/webfuse_provider.md | 9 +++++++++ src/provider_main.cpp | 31 +++++++++++++++++++++++++++---- 2 files changed, 36 insertions(+), 4 deletions(-) diff --git a/doc/webfuse_provider.md b/doc/webfuse_provider.md index 3733a18..7ce47dd 100644 --- a/doc/webfuse_provider.md +++ b/doc/webfuse_provider.md @@ -15,6 +15,13 @@ Inject a remote filesystem via webfuse. | -p | --path | path | path of local filesystem to inject (default: .) | | -u | --url | url | url of webfuse server | | -a | --ca-path | path | path of ca file | +| -t | --token | token | authentication token (overrides WEBFUSE_TOKEN) | + +## Environment variables + +| Variable | Description | +| -------- | ----------- | +| WEBFUSE_TOKEN | Default value of webfuse token | ## Examples @@ -28,3 +35,5 @@ Inject a remote filesystem via webfuse. `webfuse_provider -u wss://localhost/` - inject current diectory via TLS using a specific ca: `webfuse_provider -u wss://localhost/ -a /path/to/server-cert.pem` +- inject current directory, authenticate via token: + `webfuse_provider -u wss://localhost/ -t my_token` diff --git a/src/provider_main.cpp b/src/provider_main.cpp index e9f63e3..94199ae 100644 --- a/src/provider_main.cpp +++ b/src/provider_main.cpp @@ -8,6 +8,8 @@ #include #include +#include + #include namespace @@ -29,11 +31,18 @@ public: , cmd(command::run) , exit_code() { + char const * const webfuse_token = getenv("WEBFUSE_TOKEN"); + if (nullptr != webfuse_token) + { + token = webfuse_token; + } + struct option const long_options[] = { {"path" , required_argument, nullptr, 'p'}, {"url" , required_argument, nullptr, 'u'}, {"ca-path", required_argument, nullptr, 'a'}, + {"token" , required_argument, nullptr, 't'}, {"version", no_argument , nullptr, 'v'}, {"help" , no_argument , nullptr, 'h'}, {nullptr , 0 , nullptr, 0 } @@ -45,7 +54,7 @@ public: while (!finished) { int option_index = 0; - const int c = getopt_long(argc, argv, "p:u:a:vh", long_options, &option_index); + const int c = getopt_long(argc, argv, "p:u:a:t:vh", long_options, &option_index); switch (c) { case -1: @@ -60,6 +69,9 @@ public: case 'a': ca_path = optarg; break; + case 't': + token = optarg; + break; case 'h': cmd = command::show_help; break; @@ -86,6 +98,7 @@ public: std::string base_path; std::string url; std::string ca_path; + std::string token; command cmd; int exit_code; }; @@ -102,9 +115,17 @@ Options: --url, -u set url of webfuse2 service --path, -p set path of directory to expose (default: .) --ca-path, -a set path of ca file (default: not set) + --token, -t set authentication token (default: see below) --version, -v print version and quit --help, -h print this message and quit +Authentication Token: + When requested by webfuse server, the authentication token + is determined as follows: + - if present, use contents of environment variable WEBFUSE_TOKEN + - else if specified, use the contents fo the -t option + - else query user for authentication token + Examples: webfuse-provider -u ws://localhost:8080/ webfuse-provider -u ws://localhost:8080/ -p /some/directory @@ -126,7 +147,8 @@ void on_signal(int _) class filesystem: public webfuse::filesystem_i { public: - explicit filesystem(std::string const & base_path) + filesystem(std::string const & base_path, std::string const & token) + : token_(token) { char buffer[PATH_MAX]; char * resolved_path = ::realpath(base_path.c_str(), buffer); @@ -420,7 +442,7 @@ public: std::string get_credentials() override { - return getpass("credentials: "); + return (!token_.empty()) ? token_ : getpass("credentials: "); } @@ -431,6 +453,7 @@ private: } std::string base_path_; + std::string token_; }; } @@ -449,7 +472,7 @@ int main(int argc, char* argv[]) signal(SIGINT, &on_signal); signal(SIGTERM, &on_signal); - filesystem fs(ctx.base_path); + filesystem fs(ctx.base_path, ctx.token); webfuse::provider provider(fs, ctx.ca_path); provider.set_connection_listener([](bool connected) { if (!connected)