intake/cmd/passwd.go

package cmd

import (
	"bufio"
	"fmt"
	"os"

	"github.com/Jaculabilis/intake/core"
	"github.com/spf13/cobra"
	"golang.org/x/term"
)

var passwdCmd = &cobra.Command{
	Use:   "passwd",
	Short: "Set the password for the web interface",
	Long: `Set the password for the web interface.

Access through the command line should be controlled by standard filesystem
permissions.

passwd expects to be run from a tty. If you want to pipe the password in, use
the --stdin flag.
`,
	Run: func(cmd *cobra.Command, args []string) {
		passwd(boolArg(cmd, "verify"), boolArg(cmd, "stdin"))
	},
}

func init() {
	rootCmd.AddCommand(passwdCmd)

	passwdCmd.Flags().Bool("verify", false, "Compare the input password instead of setting it.")
	passwdCmd.Flags().Bool("stdin", false, "Read the password from stdin. Terminal whitespace is stripped.")
}

func passwd(verify bool, stdin bool) {
	db := openAndMigrateDb()

	var password string
	if stdin {
		scanner := bufio.NewScanner(os.Stdin)
		for scanner.Scan() {
			password = scanner.Text()
			break
		}
		if scanner.Err() != nil {
			fmt.Printf("error: failed to read password: %v", scanner.Err())
			os.Exit(1)
		}
	} else {
		fmt.Print("Enter your password: ")
		bytes, err := term.ReadPassword(int(os.Stdin.Fd()))
		if err != nil {
			fmt.Printf("error: failed to read password: %v\n", err)
			os.Exit(1)
		}
		password = string(bytes)
		fmt.Println()
	}

	if verify {
		match, err := core.CheckPassword(db, password)
		if err != nil {
			fmt.Printf("error: failed to check password: %v\n", err)
			os.Exit(1)
		}
		if match {
			fmt.Println("correct!")
			os.Exit(0)
		} else {
			fmt.Println("incorrect")
			os.Exit(1)
		}
	}

	err := core.SetPassword(db, password)
	if err != nil {
		fmt.Printf("failed to set password: %v\n", err)
	}
	fmt.Println("password set")
}