Add token base authentication

[gocanto]

Summary by CodeRabbit

• New Features

  • Introduced an interactive authentication mechanism requiring users to input credentials before accessing the main menu.
  • Added a terminal screen clear function for improved interface clarity.

• Refactor

  • Updated credential configuration to use a username along with public and private tokens.
  • Streamlined environment variable structure for application credentials.
  • Enhanced input validation and sanitization for credential fields.
  • Replaced admin user model with a unified token-based credential system.

• Style

  • Improved user prompts and error messaging for invalid credentials.

[coderabbitai]

Walkthrough

The changes introduce a new authentication mechanism using a Token struct with Username, Public, and Private fields, replacing the previous admin token structure. Environment variable names are updated to reflect this new model. A CLI guard is added to capture and validate user input against these credentials before proceeding with application logic. The screen-clearing functionality is refactored into a shared helper.

Changes

File(s)	Change Summary
.env.example	Replaces admin token environment variables with username, public, and private token variables.
boost/boost.go, env/app.go, main.go	Refactors to use new auth.Token struct for credentials; removes old admin user logic and types.
cli/gate/guard.go	Adds new Guard struct and methods for capturing and validating user token input.
cli/main.go	Integrates the guard for authentication before main menu; initializes guard with environment credentials.
database/seeder/main.go, pkg/cli/helpers.go	Moves screen-clearing logic into new ClearScreen helper function; updates usage accordingly.
pkg/auth/token.go	Introduces Token struct with validation logic and methods for credential verification.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CLI
    participant Guard
    participant Env

    User->>CLI: Start application
    CLI->>Env: Load credentials from environment
    CLI->>Guard: Initialize with Token credentials
    CLI->>Guard: CaptureInput()
    Guard->>User: Prompt for public token
    User->>Guard: Enter token
    Guard->>Guard: Validate input with Token.IsValid()
    Guard-->>CLI: Return validation result
    alt Invalid credentials
        CLI->>User: Print error and exit
    else Valid credentials
        CLI->>User: Show main menu
    end

Loading

Poem

In the warren of code, a new lock and key,
Tokens with secrets, as safe as can be.
The Guard stands watch, credentials in paw,
Trimming the spaces, enforcing the law.
With a hop and a hash, the rabbits approve—
Clear screens, clear minds, let progress move!
🐇🔐✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1ffd05f and b957397.

📒 Files selected for processing (1)

• cli/gate/guard.go (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• cli/gate/guard.go

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (5)

pkg/auth/token.go (1)

9-13: Consider adding documentation for the Token struct.

The struct fields and their relationships aren't immediately clear from the names. Consider adding documentation to explain the purpose and relationship between Username, Public, and Private fields.

+// Token represents authentication credentials with a username and public/private key pair.
+// Username: The user identifier (lowercase alphabetic, min 5 chars)
+// Public: The public token derived from hashing the private token
+// Private: The private token/seed used for validation
 type Token struct {
 	Username string `validate:"required,lowercase,alpha,min=5"`
 	Public   string `validate:"required,min=10"`
 	Private  string `validate:"required,min=10"`
 }

.env.example (1)

16-18: Address formatting and ordering issues flagged by static analysis.

The static analysis tool identified several issues with the environment variable definitions:

1. Remove unnecessary quotes from empty values
2. Fix key ordering for consistency

 # --- App super admin credentials
-ENV_APP_TOKEN_USERNAME=""
-ENV_APP_TOKEN_PUBLIC=""
-ENV_APP_TOKEN_PRIVATE=""
+ENV_APP_TOKEN_PRIVATE=
+ENV_APP_TOKEN_PUBLIC=
+ENV_APP_TOKEN_USERNAME=

Note: The reordering follows the static analysis tool's alphabetical ordering suggestion, though the current order may be more logical for users.

cli/main.go (2)

15-15: Consider dependency injection over global variables for better testability.

The global guard variable makes unit testing more difficult and creates tight coupling between components.

Consider refactoring to pass the guard as a parameter:

-var guard gate.Guard
-var environment *env.Environment

-func init() {
-	secrets, _ := boost.Spark("./../.env")
-
-	environment = secrets
-	guard = gate.MakeGuard(environment.App.Credentials)
-}

-func main() {
+func main() {
+	secrets, err := boost.Spark("./../.env")
+	if err != nil {
+		cli.Errorln("Failed to load environment: " + err.Error())
+		os.Exit(1)
+	}
+	
+	guard := gate.MakeGuard(secrets.App.Credentials)

---

33-36: Consider graceful error handling instead of hard exit.

Using os.Exit(1) prevents deferred functions from running and makes testing more difficult.

Consider returning an error or using a more graceful exit strategy:

	if guard.Rejects() {
		cli.Errorln("Invalid credentials")
-		os.Exit(1)
+		return
	}

cli/gate/guard.go (1)

26-26: Clarify the naming inconsistency between prompt and storage.

The prompt asks for "public token" but the input is stored as salt, which could be confusing.

Consider either:

1. Changing the prompt to match the field name: cli.Warning("Type the salt: ")
2. Or renaming the field to match the prompt: publicToken string instead of salt string

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d3a00f9 and 0408d1b.

📒 Files selected for processing (9)

• .env.example (1 hunks)
• boost/boost.go (3 hunks)
• cli/gate/guard.go (1 hunks)
• cli/main.go (1 hunks)
• database/seeder/main.go (1 hunks)
• env/app.go (1 hunks)
• main.go (0 hunks)
• pkg/auth/token.go (1 hunks)
• pkg/cli/helpers.go (1 hunks)

💤 Files with no reviewable changes (1)

• main.go

🧰 Additional context used

🪛 dotenv-linter (3.3.0)

.env.example

[warning] 16-16: [QuoteCharacter] The value has quote characters (', ")

---

[warning] 17-17: [QuoteCharacter] The value has quote characters (', ")

---

[warning] 17-17: [UnorderedKey] The ENV_APP_TOKEN_PUBLIC key should go before the ENV_APP_TOKEN_USERNAME key

---

[warning] 18-18: [QuoteCharacter] The value has quote characters (', ")

---

[warning] 18-18: [UnorderedKey] The ENV_APP_TOKEN_PRIVATE key should go before the ENV_APP_TOKEN_PUBLIC key

🔇 Additional comments (6)

database/seeder/main.go (1)

22-22: Good refactoring to use centralized helper.

The migration from a local clearScreen function to the centralized cli.ClearScreen() improves code reusability and maintainability.

env/app.go (2)

3-3: Good addition of the auth package import.

The import is correctly added to support the new auth.Token type.

---

10-14: Clean refactoring to use the new token structure.

The replacement of the nested admin struct with a single auth.Token field simplifies the structure while maintaining proper validation. This aligns well with the overall authentication refactoring.

boost/boost.go (3)

64-68: Excellent input sanitization with TrimSpace.

The consistent use of strings.TrimSpace() for all token fields helps prevent issues with accidental whitespace in environment variables.

---

71-87: Comprehensive input sanitization applied consistently.

Good practice applying strings.TrimSpace() to all environment variable values throughout the configuration. This prevents common issues with trailing/leading whitespace in environment files.

Also applies to: 90-103

---

113-115: Verify that auth.Token validation is properly implemented.

The validation logic has switched from validating an admin user to validating the token struct. Ensure the auth.Token type has proper validation tags and the IsValid/IsInvalid methods are correctly implemented.

#!/bin/bash
# Description: Check if auth.Token struct has proper validation and methods

# Search for the auth.Token struct definition and its validation methods
ast-grep --pattern 'type Token struct {
  $$$
}'

echo "=== Token validation methods ==="
ast-grep --pattern 'func ($_ Token) IsValid($$$) $$$'
ast-grep --pattern 'func ($_ Token) IsInvalid($$$) $$$'

echo "=== Token validation tags ==="
rg -A 10 'type Token struct'

[coderabbitai]

Note

Generated docstrings for this pull request at #34

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0408d1b and 1ffd05f.

📒 Files selected for processing (1)

• cli/gate/guard.go (1 hunks)

🔇 Additional comments (5)

cli/gate/guard.go (5)

1-10: LGTM! Clean package structure and imports.

The package declaration and imports are well-organized and include all necessary dependencies for the authentication guard functionality.

---

12-16: Well-designed Guard struct with appropriate encapsulation.

The Guard struct properly encapsulates the authentication state with:

• A salt pointer for storing user input
• An auth.Token for credential validation
• A buffered reader for input handling

The use of a pointer for salt allows tracking whether input has been captured.

---

18-23: Simple and correct constructor implementation.

The MakeGuard function properly initializes the Guard with the provided token and sets up the input reader from stdin.

---

35-41: Excellent input validation addressing security concerns.

The validation checks properly address the security recommendations from previous reviews:

• Empty input validation prevents bypass attempts
• Length limit (1024 characters) prevents potential buffer overflow or DoS attacks
• Clear, actionable error messages

This implementation effectively mitigates the security risks identified in past reviews.

---

48-56: Robust authentication logic with proper null checking.

The Rejects method correctly:

• Checks if salt has been captured (null check)
• Dereferences the salt safely after null check
• Delegates validation to the token's IsInvalid method

The logic flow ensures authentication cannot be bypassed if input hasn't been captured.