Merge branch 'v0.3.0' into stale-account-request-cleanup

bin/generate_rest.sh

@@ -27,4 +27,4 @@ swagger generate client -P rest_model_zrok.Principal -f "$zrokSpec" -c rest_clie
 echo "...generating js client"
 openapi -s specs/zrok.yml -o ui/src/api -l js
 
-git co rest_server_zrok/configure_zrok.go
+git checkout rest_server_zrok/configure_zrok.go

cmd/zrok/adminGenerate.go

@@ -0,0 +1,79 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/jaevor/go-nanoid"
+	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/admin"
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+	"github.com/openziti-test-kitchen/zrok/zrokdir"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	adminCmd.AddCommand(newAdminGenerateCommand().cmd)
+}
+
+type adminGenerateCommand struct {
+	cmd    *cobra.Command
+	amount int
+}
+
+func newAdminGenerateCommand() *adminGenerateCommand {
+	cmd := &cobra.Command{
+		Use:   "generate",
+		Short: "Generate invite tokens (default: 5)",
+		Args:  cobra.ExactArgs(0),
+	}
+	command := &adminGenerateCommand{cmd: cmd}
+	cmd.Run = command.run
+
+	cmd.Flags().IntVar(&command.amount, "amount", 5, "Amount of tokens to generate")
+
+	return command
+}
+
+func (cmd *adminGenerateCommand) run(_ *cobra.Command, args []string) {
+	var err error
+	tokens := make([]string, cmd.amount)
+	for i := 0; i < int(cmd.amount); i++ {
+		tokens[i], err = createToken()
+		if err != nil {
+			logrus.Error("error creating token", err)
+		}
+	}
+
+	zrd, err := zrokdir.Load()
+	if err != nil {
+		logrus.Error("error loading zrokdir", err)
+	}
+
+	zrok, err := zrd.Client()
+	if err != nil {
+		if !panicInstead {
+			logrus.Error("error creating zrok api client", err)
+		}
+		panic(err)
+	}
+	req := admin.NewInviteTokenGenerateParams()
+	req.Body = &rest_model_zrok.InviteTokenGenerateRequest{
+		Tokens: tokens,
+	}
+	_, err = zrok.Admin.InviteTokenGenerate(req, mustGetAdminAuth())
+	if err != nil {
+		if !panicInstead {
+			logrus.Error("error creating invite tokens", err)
+		}
+		panic(err)
+	}
+	fmt.Printf("generated %d tokens\n", len(tokens))
+}
+
+func createToken() (string, error) {
+	gen, err := nanoid.CustomASCII("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", 12)
+	if err != nil {
+		return "", err
+	}
+	return gen(), nil
+}

cmd/zrok/enable.go

@@ -57,7 +57,8 @@ func (cmd *enableCommand) run(_ *cobra.Command, args []string) {
 	}
 	zrok, err := zrd.Client()
 	if err != nil {
-		panic(err)
+		cmd.endpointError(zrd.ApiEndpoint())
+		tui.Error("error creating service client", err)
 	}
 	auth := httptransport.APIKeyAuth("X-TOKEN", "header", token)
 	req := environment.NewEnableParams()
@@ -87,6 +88,7 @@ func (cmd *enableCommand) run(_ *cobra.Command, args []string) {
 		prg.Send(fmt.Sprintf("the zrok service returned an error: %v", err))
 		prg.Quit()
 		<-done
+		cmd.endpointError(zrd.ApiEndpoint())
 		os.Exit(1)
 	}
 	prg.Send("writing the environment details...")
@@ -110,6 +112,14 @@ func (cmd *enableCommand) run(_ *cobra.Command, args []string) {
 	<-done
 }
 
+func (cmd *enableCommand) endpointError(apiEndpoint, _ string) {
+	fmt.Printf("%v\n\n", tui.ErrorStyle.Render("there was a problem enabling your environment!"))
+	fmt.Printf("you are trying to use the zrok service at: %v\n\n", tui.CodeStyle.Render(apiEndpoint))
+	fmt.Printf("you can change your zrok service endpoint using this command:\n\n")
+	fmt.Printf("%v\n\n", tui.CodeStyle.Render("$ zrok config set apiEndpoint <newEndpoint>"))
+	fmt.Printf("(where newEndpoint is something like: %v)\n\n", tui.CodeStyle.Render("https://some.zrok.io"))
+}
+
 func getHost() (string, string, error) {
 	info, err := host.Info()
 	if err != nil {

cmd/zrok/invite.go

@@ -2,6 +2,9 @@ package main
 
 import (
 	"fmt"
+	"os"
+	"strings"
+
 	"github.com/charmbracelet/bubbles/textinput"
 	tea "github.com/charmbracelet/bubbletea"
 	"github.com/charmbracelet/lipgloss"
@@ -11,8 +14,6 @@ import (
 	"github.com/openziti-test-kitchen/zrok/util"
 	"github.com/openziti-test-kitchen/zrok/zrokdir"
 	"github.com/spf13/cobra"
-	"os"
-	"strings"
 )
 
 func init() {
@@ -20,8 +21,9 @@ func init() {
 }
 
 type inviteCommand struct {
-	cmd *cobra.Command
-	tui inviteTui
+	cmd   *cobra.Command
+	token string
+	tui   inviteTui
 }
 
 func newInviteCommand() *inviteCommand {
@@ -35,10 +37,27 @@ func newInviteCommand() *inviteCommand {
 		tui: newInviteTui(),
 	}
 	cmd.Run = command.run
+
+	cmd.Flags().StringVar(&command.token, "token", "", "Invite token required when zrok running in token store mode")
+
 	return command
 }
 
 func (cmd *inviteCommand) run(_ *cobra.Command, _ []string) {
+	zrd, err := zrokdir.Load()
+	if err != nil {
+		tui.Error("error loading zrokdir", err)
+	}
+
+	zrok, err := zrd.Client()
+	if err != nil {
+		if !panicInstead {
+			cmd.endpointError(zrd.ApiEndpoint())
+			tui.Error("error creating zrok api client", err)
+		}
+		panic(err)
+	}
+
 	if _, err := tea.NewProgram(&cmd.tui).Run(); err != nil {
 		tui.Error("unable to run interface", err)
 		os.Exit(1)
@@ -46,34 +65,29 @@ func (cmd *inviteCommand) run(_ *cobra.Command, _ []string) {
 	if cmd.tui.done {
 		email := cmd.tui.inputs[0].Value()
 
-		zrd, err := zrokdir.Load()
-		if err != nil {
-			tui.Error("error loading zrokdir", err)
-		}
-
-		zrok, err := zrd.Client()
-		if err != nil {
-			if !panicInstead {
-				tui.Error("error creating zrok api client", err)
-			}
-			panic(err)
-		}
 		req := account.NewInviteParams()
 		req.Body = &rest_model_zrok.InviteRequest{
 			Email: email,
+			Token: cmd.token,
 		}
 		_, err = zrok.Account.Invite(req)
 		if err != nil {
-			if !panicInstead {
-				tui.Error("error creating invitation", err)
-			}
-			panic(err)
+			cmd.endpointError(zrd.ApiEndpoint())
+			tui.Error("error creating invitation", err)
 		}
 
 		fmt.Printf("invitation sent to '%v'!\n", email)
 	}
 }
 
+func (cmd *inviteCommand) endpointError(apiEndpoint, _ string) {
+	fmt.Printf("%v\n\n", tui.ErrorStyle.Render("there was a problem creating an invitation!"))
+	fmt.Printf("you are trying to use the zrok service at: %v\n\n", tui.CodeStyle.Render(apiEndpoint))
+	fmt.Printf("you can change your zrok service endpoint using this command:\n\n")
+	fmt.Printf("%v\n\n", tui.CodeStyle.Render("$ zrok config set apiEndpoint <newEndpoint>"))
+	fmt.Printf("(where newEndpoint is something like: %v)\n\n", tui.CodeStyle.Render("https://some.zrok.io"))
+}
+
 type inviteTui struct {
 	focusIndex int
 	msg        string
@@ -97,9 +111,9 @@ func newInviteTui() inviteTui {
 	m := inviteTui{
 		inputs: make([]textinput.Model, 2),
 	}
-	m.focusedStyle = tui.WarningStyle
-	m.blurredStyle = tui.CodeStyle
-	m.errorStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("#F00"))
+	m.focusedStyle = tui.WarningStyle.Copy()
+	m.blurredStyle = tui.CodeStyle.Copy()
+	m.errorStyle = tui.ErrorStyle.Copy()
 	m.cursorStyle = m.focusedStyle.Copy()
 	m.noStyle = lipgloss.NewStyle()
 	m.helpStyle = m.blurredStyle.Copy()

controller/config.go

@@ -2,7 +2,6 @@ package controller
 
 import (
 	"time"
-
 	"github.com/michaelquigley/cf"
 	"github.com/openziti-test-kitchen/zrok/controller/store"
 	"github.com/pkg/errors"
@@ -42,6 +41,7 @@ type EmailConfig struct {
 type RegistrationConfig struct {
 	EmailFrom               string
 	RegistrationUrlTemplate string
+	TokenStrategy           string
 }
 
 type ZitiConfig struct {
@@ -71,17 +71,6 @@ type RegistrationMaintenanceConfig struct {
 	BatchLimit        int
 }
 
-func LoadConfig(path string) (*Config, error) {
-	cfg := DefaultConfig()
-	if err := cf.BindYaml(cfg, path, cf.DefaultOptions()); err != nil {
-		return nil, errors.Wrapf(err, "error loading controller config '%v'", path)
-	}
-	if cfg.V != ConfigVersion {
-		return nil, errors.Errorf("expecting configuration version '%v', your configuration is version '%v'; please see zrok.io for changelog and configuration documentation", ConfigVersion, cfg.V)
-	}
-	return cfg, nil
-}
-
 func DefaultConfig() *Config {
 	return &Config{
 		Metrics: &MetricsConfig{ServiceName: "metrics"},
@@ -94,3 +83,14 @@ func DefaultConfig() *Config {
 		},
 	}
 }
+
+func LoadConfig(path string) (*Config, error) {
+	cfg := DefaultConfig()
+	if err := cf.BindYaml(cfg, path, cf.DefaultOptions()); err != nil {
+		return nil, errors.Wrapf(err, "error loading controller config '%v'", path)
+	}
+	if cfg.V != ConfigVersion {
+		return nil, errors.Errorf("expecting configuration version '%v', your configuration is version '%v'; please see zrok.io for changelog and configuration documentation", ConfigVersion, cfg.V)
+	}
+	return cfg, nil
+}

controller/controller.go

@@ -28,13 +28,14 @@ func Run(inCfg *Config) error {
 
 	api := operations.NewZrokAPI(swaggerSpec)
 	api.KeyAuth = newZrokAuthenticator(cfg).authenticate
-	api.AccountInviteHandler = newInviteHandler()
+	api.AccountInviteHandler = newInviteHandler(cfg)
 	api.AccountLoginHandler = account.LoginHandlerFunc(loginHandler)
 	api.AccountRegisterHandler = newRegisterHandler()
 	api.AccountVerifyHandler = newVerifyHandler()
 	api.AdminCreateFrontendHandler = newCreateFrontendHandler()
 	api.AdminCreateIdentityHandler = newCreateIdentityHandler()
 	api.AdminDeleteFrontendHandler = newDeleteFrontendHandler()
+	api.AdminInviteTokenGenerateHandler = newInviteTokenGenerateHandler()
 	api.AdminListFrontendsHandler = newListFrontendsHandler()
 	api.AdminUpdateFrontendHandler = newUpdateFrontendHandler()
 	api.EnvironmentEnableHandler = newEnableHandler()

controller/invite.go

@@ -9,10 +9,13 @@ import (
 )
 
 type inviteHandler struct {
+	cfg *Config
 }
 
-func newInviteHandler() *inviteHandler {
-	return &inviteHandler{}
+func newInviteHandler(cfg *Config) *inviteHandler {
+	return &inviteHandler{
+		cfg: cfg,
+	}
 }
 
 func (self *inviteHandler) Handle(params account.InviteParams) middleware.Responder {
@@ -25,8 +28,29 @@ func (self *inviteHandler) Handle(params account.InviteParams) middleware.Respon
 		return account.NewInviteBadRequest()
 	}
 	logrus.Infof("received account request for email '%v'", params.Body.Email)
+	var token string
 
-	token, err := createToken()
+	tx, err := str.Begin()
+	if err != nil {
+		logrus.Error(err)
+		return account.NewInviteInternalServerError()
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	if self.cfg.Registration != nil && self.cfg.Registration.TokenStrategy == "store" {
+		inviteToken, err := str.GetInviteTokenByToken(params.Body.Token, tx)
+		if err != nil {
+			logrus.Errorf("cannot get invite token '%v' for '%v': %v", params.Body.Token, params.Body.Email, err)
+			return account.NewInviteBadRequest()
+		}
+		if err := str.DeleteInviteToken(inviteToken.Id, tx); err != nil {
+			logrus.Error(err)
+			return account.NewInviteInternalServerError()
+		}
+		logrus.Infof("using invite token '%v' to process invite request for '%v'", inviteToken.Token, params.Body.Email)
+	}
+
+	token, err = createToken()
 	if err != nil {
 		logrus.Error(err)
 		return account.NewInviteInternalServerError()
@@ -37,13 +61,6 @@ func (self *inviteHandler) Handle(params account.InviteParams) middleware.Respon
 		SourceAddress: params.HTTPRequest.RemoteAddr,
 	}
 
-	tx, err := str.Begin()
-	if err != nil {
-		logrus.Error(err)
-		return account.NewInviteInternalServerError()
-	}
-	defer func() { _ = tx.Rollback() }()
-
 	if _, err := str.FindAccountWithEmail(params.Body.Email, tx); err == nil {
 		logrus.Errorf("found account for '%v', cannot process account request", params.Body.Email)
 		return account.NewInviteBadRequest()

controller/inviteTokenGenerate.go

@@ -0,0 +1,55 @@
+package controller
+
+import (
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/openziti-test-kitchen/zrok/controller/store"
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/account"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/admin"
+	"github.com/sirupsen/logrus"
+)
+
+type inviteTokenGenerateHandler struct {
+}
+
+func newInviteTokenGenerateHandler() *inviteTokenGenerateHandler {
+	return &inviteTokenGenerateHandler{}
+}
+
+func (handler *inviteTokenGenerateHandler) Handle(params admin.InviteTokenGenerateParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	if !principal.Admin {
+		logrus.Errorf("invalid admin principal")
+		return admin.NewInviteTokenGenerateUnauthorized()
+	}
+
+	if params.Body == nil || len(params.Body.Tokens) == 0 {
+		logrus.Error("missing tokens")
+		return admin.NewInviteTokenGenerateBadRequest()
+	}
+	logrus.Infof("received invite generate request with %d tokens", len(params.Body.Tokens))
+
+	invites := make([]*store.InviteToken, len(params.Body.Tokens))
+	for i, token := range params.Body.Tokens {
+		invites[i] = &store.InviteToken{
+			Token: token,
+		}
+	}
+	tx, err := str.Begin()
+	if err != nil {
+		logrus.Error(err)
+		return admin.NewInviteTokenGenerateInternalServerError()
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	if err := str.CreateInviteTokens(invites, tx); err != nil {
+		logrus.Error(err)
+		return admin.NewInviteTokenGenerateInternalServerError()
+	}
+
+	if err := tx.Commit(); err != nil {
+		logrus.Errorf("error committing inviteGenerate request: %v", err)
+		return account.NewInviteInternalServerError()
+	}
+
+	return admin.NewInviteTokenGenerateCreated()
+}

controller/store/invite_tokens.go

@@ -0,0 +1,52 @@
+package store
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/jmoiron/sqlx"
+	"github.com/pkg/errors"
+)
+
+type InviteToken struct {
+	Model
+	Token string
+}
+
+func (str *Store) CreateInviteTokens(inviteTokens []*InviteToken, tx *sqlx.Tx) error {
+	sql := "insert into invite_tokens (token) values %s"
+	invs := make([]any, len(inviteTokens))
+	queries := make([]string, len(inviteTokens))
+	for i, inv := range inviteTokens {
+		invs[i] = inv.Token
+		queries[i] = fmt.Sprintf("($%d)", i+1)
+	}
+	stmt, err := tx.Prepare(fmt.Sprintf(sql, strings.Join(queries, ",")))
+	if err != nil {
+		return errors.Wrap(err, "error preparing invite_tokens insert statement")
+	}
+	if _, err := stmt.Exec(invs...); err != nil {
+		return errors.Wrap(err, "error executing invites_tokens insert statement")
+	}
+	return nil
+}
+
+func (str *Store) GetInviteTokenByToken(token string, tx *sqlx.Tx) (*InviteToken, error) {
+	inviteToken := &InviteToken{}
+	if err := tx.QueryRowx("select * from invite_tokens where token = $1", token).StructScan(inviteToken); err != nil {
+		return nil, errors.Wrap(err, "error getting unused invite_token")
+	}
+	return inviteToken, nil
+}
+
+func (str *Store) DeleteInviteToken(id int, tx *sqlx.Tx) error {
+	stmt, err := tx.Prepare("delete from invite_tokens where id = $1")
+	if err != nil {
+		return errors.Wrap(err, "error preparing invite_tokens delete statement")
+	}
+	_, err = stmt.Exec(id)
+	if err != nil {
+		return errors.Wrap(err, "error executing invite_tokens delete statement")
+	}
+	return nil
+}

controller/store/sql/postgresql/005_v0_3_0_invites.sql

@@ -0,0 +1,14 @@
+-- +migrate Up
+
+--
+-- invite_tokens
+---
+
+create table invite_tokens (
+  id                    serial                primary key,
+  token                 varchar(32)           not null unique,
+  created_at            timestamptz           not null default(current_timestamp),
+  updated_at            timestamptz           not null default(current_timestamp),
+
+  constraint chk_token check(token <> '')
+);

controller/store/sql/sqlite3/005_v0_3_0_invites.sql

@@ -0,0 +1,14 @@
+-- +migrate Up
+
+--
+-- invite_tokens
+---
+
+create table invite_tokens (
+  id                    integer             primary key,
+  token                 string              not null unique,
+  created_at            datetime            not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
+  updated_at            datetime            not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
+
+  constraint chk_token check(token <> '')
+);

rest_client_zrok/admin/admin_client.go

@@ -36,6 +36,8 @@ type ClientService interface {
 
 	DeleteFrontend(params *DeleteFrontendParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*DeleteFrontendOK, error)
 
+	InviteTokenGenerate(params *InviteTokenGenerateParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*InviteTokenGenerateCreated, error)
+
 	ListFrontends(params *ListFrontendsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListFrontendsOK, error)
 
 	UpdateFrontend(params *UpdateFrontendParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UpdateFrontendOK, error)
@@ -160,6 +162,45 @@ func (a *Client) DeleteFrontend(params *DeleteFrontendParams, authInfo runtime.C
 	panic(msg)
 }
 
+/*
+InviteTokenGenerate invite token generate API
+*/
+func (a *Client) InviteTokenGenerate(params *InviteTokenGenerateParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*InviteTokenGenerateCreated, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewInviteTokenGenerateParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "inviteTokenGenerate",
+		Method:             "POST",
+		PathPattern:        "/invite/token/generate",
+		ProducesMediaTypes: []string{"application/zrok.v1+json"},
+		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &InviteTokenGenerateReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*InviteTokenGenerateCreated)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for inviteTokenGenerate: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
 /*
 ListFrontends list frontends API
 */

rest_client_zrok/admin/invite_token_generate_parameters.go

@@ -0,0 +1,150 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+)
+
+// NewInviteTokenGenerateParams creates a new InviteTokenGenerateParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewInviteTokenGenerateParams() *InviteTokenGenerateParams {
+	return &InviteTokenGenerateParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewInviteTokenGenerateParamsWithTimeout creates a new InviteTokenGenerateParams object
+// with the ability to set a timeout on a request.
+func NewInviteTokenGenerateParamsWithTimeout(timeout time.Duration) *InviteTokenGenerateParams {
+	return &InviteTokenGenerateParams{
+		timeout: timeout,
+	}
+}
+
+// NewInviteTokenGenerateParamsWithContext creates a new InviteTokenGenerateParams object
+// with the ability to set a context for a request.
+func NewInviteTokenGenerateParamsWithContext(ctx context.Context) *InviteTokenGenerateParams {
+	return &InviteTokenGenerateParams{
+		Context: ctx,
+	}
+}
+
+// NewInviteTokenGenerateParamsWithHTTPClient creates a new InviteTokenGenerateParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewInviteTokenGenerateParamsWithHTTPClient(client *http.Client) *InviteTokenGenerateParams {
+	return &InviteTokenGenerateParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+InviteTokenGenerateParams contains all the parameters to send to the API endpoint
+
+	for the invite token generate operation.
+
+	Typically these are written to a http.Request.
+*/
+type InviteTokenGenerateParams struct {
+
+	// Body.
+	Body *rest_model_zrok.InviteTokenGenerateRequest
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the invite token generate params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *InviteTokenGenerateParams) WithDefaults() *InviteTokenGenerateParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the invite token generate params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *InviteTokenGenerateParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the invite token generate params
+func (o *InviteTokenGenerateParams) WithTimeout(timeout time.Duration) *InviteTokenGenerateParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the invite token generate params
+func (o *InviteTokenGenerateParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the invite token generate params
+func (o *InviteTokenGenerateParams) WithContext(ctx context.Context) *InviteTokenGenerateParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the invite token generate params
+func (o *InviteTokenGenerateParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the invite token generate params
+func (o *InviteTokenGenerateParams) WithHTTPClient(client *http.Client) *InviteTokenGenerateParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the invite token generate params
+func (o *InviteTokenGenerateParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the invite token generate params
+func (o *InviteTokenGenerateParams) WithBody(body *rest_model_zrok.InviteTokenGenerateRequest) *InviteTokenGenerateParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the invite token generate params
+func (o *InviteTokenGenerateParams) SetBody(body *rest_model_zrok.InviteTokenGenerateRequest) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *InviteTokenGenerateParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if o.Body != nil {
+		if err := r.SetBodyParam(o.Body); err != nil {
+			return err
+		}
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_client_zrok/admin/invite_token_generate_responses.go

@@ -0,0 +1,254 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"fmt"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+)
+
+// InviteTokenGenerateReader is a Reader for the InviteTokenGenerate structure.
+type InviteTokenGenerateReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *InviteTokenGenerateReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 201:
+		result := NewInviteTokenGenerateCreated()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewInviteTokenGenerateBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 401:
+		result := NewInviteTokenGenerateUnauthorized()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 500:
+		result := NewInviteTokenGenerateInternalServerError()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code())
+	}
+}
+
+// NewInviteTokenGenerateCreated creates a InviteTokenGenerateCreated with default headers values
+func NewInviteTokenGenerateCreated() *InviteTokenGenerateCreated {
+	return &InviteTokenGenerateCreated{}
+}
+
+/*
+InviteTokenGenerateCreated describes a response with status code 201, with default header values.
+
+invitation tokens created
+*/
+type InviteTokenGenerateCreated struct {
+}
+
+// IsSuccess returns true when this invite token generate created response has a 2xx status code
+func (o *InviteTokenGenerateCreated) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this invite token generate created response has a 3xx status code
+func (o *InviteTokenGenerateCreated) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this invite token generate created response has a 4xx status code
+func (o *InviteTokenGenerateCreated) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this invite token generate created response has a 5xx status code
+func (o *InviteTokenGenerateCreated) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this invite token generate created response a status code equal to that given
+func (o *InviteTokenGenerateCreated) IsCode(code int) bool {
+	return code == 201
+}
+
+func (o *InviteTokenGenerateCreated) Error() string {
+	return fmt.Sprintf("[POST /invite/token/generate][%d] inviteTokenGenerateCreated ", 201)
+}
+
+func (o *InviteTokenGenerateCreated) String() string {
+	return fmt.Sprintf("[POST /invite/token/generate][%d] inviteTokenGenerateCreated ", 201)
+}
+
+func (o *InviteTokenGenerateCreated) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewInviteTokenGenerateBadRequest creates a InviteTokenGenerateBadRequest with default headers values
+func NewInviteTokenGenerateBadRequest() *InviteTokenGenerateBadRequest {
+	return &InviteTokenGenerateBadRequest{}
+}
+
+/*
+InviteTokenGenerateBadRequest describes a response with status code 400, with default header values.
+
+invitation tokens not created
+*/
+type InviteTokenGenerateBadRequest struct {
+}
+
+// IsSuccess returns true when this invite token generate bad request response has a 2xx status code
+func (o *InviteTokenGenerateBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this invite token generate bad request response has a 3xx status code
+func (o *InviteTokenGenerateBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this invite token generate bad request response has a 4xx status code
+func (o *InviteTokenGenerateBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this invite token generate bad request response has a 5xx status code
+func (o *InviteTokenGenerateBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this invite token generate bad request response a status code equal to that given
+func (o *InviteTokenGenerateBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+func (o *InviteTokenGenerateBadRequest) Error() string {
+	return fmt.Sprintf("[POST /invite/token/generate][%d] inviteTokenGenerateBadRequest ", 400)
+}
+
+func (o *InviteTokenGenerateBadRequest) String() string {
+	return fmt.Sprintf("[POST /invite/token/generate][%d] inviteTokenGenerateBadRequest ", 400)
+}
+
+func (o *InviteTokenGenerateBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewInviteTokenGenerateUnauthorized creates a InviteTokenGenerateUnauthorized with default headers values
+func NewInviteTokenGenerateUnauthorized() *InviteTokenGenerateUnauthorized {
+	return &InviteTokenGenerateUnauthorized{}
+}
+
+/*
+InviteTokenGenerateUnauthorized describes a response with status code 401, with default header values.
+
+unauthorized
+*/
+type InviteTokenGenerateUnauthorized struct {
+}
+
+// IsSuccess returns true when this invite token generate unauthorized response has a 2xx status code
+func (o *InviteTokenGenerateUnauthorized) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this invite token generate unauthorized response has a 3xx status code
+func (o *InviteTokenGenerateUnauthorized) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this invite token generate unauthorized response has a 4xx status code
+func (o *InviteTokenGenerateUnauthorized) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this invite token generate unauthorized response has a 5xx status code
+func (o *InviteTokenGenerateUnauthorized) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this invite token generate unauthorized response a status code equal to that given
+func (o *InviteTokenGenerateUnauthorized) IsCode(code int) bool {
+	return code == 401
+}
+
+func (o *InviteTokenGenerateUnauthorized) Error() string {
+	return fmt.Sprintf("[POST /invite/token/generate][%d] inviteTokenGenerateUnauthorized ", 401)
+}
+
+func (o *InviteTokenGenerateUnauthorized) String() string {
+	return fmt.Sprintf("[POST /invite/token/generate][%d] inviteTokenGenerateUnauthorized ", 401)
+}
+
+func (o *InviteTokenGenerateUnauthorized) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewInviteTokenGenerateInternalServerError creates a InviteTokenGenerateInternalServerError with default headers values
+func NewInviteTokenGenerateInternalServerError() *InviteTokenGenerateInternalServerError {
+	return &InviteTokenGenerateInternalServerError{}
+}
+
+/*
+InviteTokenGenerateInternalServerError describes a response with status code 500, with default header values.
+
+internal server error
+*/
+type InviteTokenGenerateInternalServerError struct {
+}
+
+// IsSuccess returns true when this invite token generate internal server error response has a 2xx status code
+func (o *InviteTokenGenerateInternalServerError) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this invite token generate internal server error response has a 3xx status code
+func (o *InviteTokenGenerateInternalServerError) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this invite token generate internal server error response has a 4xx status code
+func (o *InviteTokenGenerateInternalServerError) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this invite token generate internal server error response has a 5xx status code
+func (o *InviteTokenGenerateInternalServerError) IsServerError() bool {
+	return true
+}
+
+// IsCode returns true when this invite token generate internal server error response a status code equal to that given
+func (o *InviteTokenGenerateInternalServerError) IsCode(code int) bool {
+	return code == 500
+}
+
+func (o *InviteTokenGenerateInternalServerError) Error() string {
+	return fmt.Sprintf("[POST /invite/token/generate][%d] inviteTokenGenerateInternalServerError ", 500)
+}
+
+func (o *InviteTokenGenerateInternalServerError) String() string {
+	return fmt.Sprintf("[POST /invite/token/generate][%d] inviteTokenGenerateInternalServerError ", 500)
+}
+
+func (o *InviteTokenGenerateInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}

rest_model_zrok/invite_request.go

@@ -19,6 +19,9 @@ type InviteRequest struct {
 
 	// email
 	Email string `json:"email,omitempty"`
+
+	// token
+	Token string `json:"token,omitempty"`
 }
 
 // Validate validates this invite request

rest_model_zrok/invite_token_generate_request.go

@@ -0,0 +1,50 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package rest_model_zrok
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// InviteTokenGenerateRequest invite token generate request
+//
+// swagger:model inviteTokenGenerateRequest
+type InviteTokenGenerateRequest struct {
+
+	// tokens
+	Tokens []string `json:"tokens"`
+}
+
+// Validate validates this invite token generate request
+func (m *InviteTokenGenerateRequest) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this invite token generate request based on context it is used
+func (m *InviteTokenGenerateRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *InviteTokenGenerateRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *InviteTokenGenerateRequest) UnmarshalBinary(b []byte) error {
+	var res InviteTokenGenerateRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

rest_server_zrok/embedded_spec.go

@@ -431,6 +431,42 @@ func init() {
         }
       }
     },
+    "/invite/token/generate": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "admin"
+        ],
+        "operationId": "inviteTokenGenerate",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "$ref": "#/definitions/inviteTokenGenerateRequest"
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "description": "invitation tokens created"
+          },
+          "400": {
+            "description": "invitation tokens not created"
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/login": {
       "post": {
         "tags": [
@@ -864,6 +900,20 @@ func init() {
       "properties": {
         "email": {
           "type": "string"
+        },
+        "token": {
+          "type": "string"
+        }
+      }
+    },
+    "inviteTokenGenerateRequest": {
+      "type": "object",
+      "properties": {
+        "tokens": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
         }
       }
     },
@@ -1549,6 +1599,42 @@ func init() {
         }
       }
     },
+    "/invite/token/generate": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "admin"
+        ],
+        "operationId": "inviteTokenGenerate",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "$ref": "#/definitions/inviteTokenGenerateRequest"
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "description": "invitation tokens created"
+          },
+          "400": {
+            "description": "invitation tokens not created"
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/login": {
       "post": {
         "tags": [
@@ -1982,6 +2068,20 @@ func init() {
       "properties": {
         "email": {
           "type": "string"
+        },
+        "token": {
+          "type": "string"
+        }
+      }
+    },
+    "inviteTokenGenerateRequest": {
+      "type": "object",
+      "properties": {
+        "tokens": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
         }
       }
     },

rest_server_zrok/operations/admin/invite_token_generate.go

@@ -0,0 +1,71 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+)
+
+// InviteTokenGenerateHandlerFunc turns a function with the right signature into a invite token generate handler
+type InviteTokenGenerateHandlerFunc func(InviteTokenGenerateParams, *rest_model_zrok.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn InviteTokenGenerateHandlerFunc) Handle(params InviteTokenGenerateParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// InviteTokenGenerateHandler interface for that can handle valid invite token generate params
+type InviteTokenGenerateHandler interface {
+	Handle(InviteTokenGenerateParams, *rest_model_zrok.Principal) middleware.Responder
+}
+
+// NewInviteTokenGenerate creates a new http.Handler for the invite token generate operation
+func NewInviteTokenGenerate(ctx *middleware.Context, handler InviteTokenGenerateHandler) *InviteTokenGenerate {
+	return &InviteTokenGenerate{Context: ctx, Handler: handler}
+}
+
+/*
+	InviteTokenGenerate swagger:route POST /invite/token/generate admin inviteTokenGenerate
+
+InviteTokenGenerate invite token generate API
+*/
+type InviteTokenGenerate struct {
+	Context *middleware.Context
+	Handler InviteTokenGenerateHandler
+}
+
+func (o *InviteTokenGenerate) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewInviteTokenGenerateParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *rest_model_zrok.Principal
+	if uprinc != nil {
+		principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}

rest_server_zrok/operations/admin/invite_token_generate_parameters.go

@@ -0,0 +1,76 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
+
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+)
+
+// NewInviteTokenGenerateParams creates a new InviteTokenGenerateParams object
+//
+// There are no default values defined in the spec.
+func NewInviteTokenGenerateParams() InviteTokenGenerateParams {
+
+	return InviteTokenGenerateParams{}
+}
+
+// InviteTokenGenerateParams contains all the bound params for the invite token generate operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters inviteTokenGenerate
+type InviteTokenGenerateParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  In: body
+	*/
+	Body *rest_model_zrok.InviteTokenGenerateRequest
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewInviteTokenGenerateParams() beforehand.
+func (o *InviteTokenGenerateParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body rest_model_zrok.InviteTokenGenerateRequest
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			res = append(res, errors.NewParseError("body", "body", "", err))
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Body = &body
+			}
+		}
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_server_zrok/operations/admin/invite_token_generate_responses.go

@@ -0,0 +1,112 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// InviteTokenGenerateCreatedCode is the HTTP code returned for type InviteTokenGenerateCreated
+const InviteTokenGenerateCreatedCode int = 201
+
+/*
+InviteTokenGenerateCreated invitation tokens created
+
+swagger:response inviteTokenGenerateCreated
+*/
+type InviteTokenGenerateCreated struct {
+}
+
+// NewInviteTokenGenerateCreated creates InviteTokenGenerateCreated with default headers values
+func NewInviteTokenGenerateCreated() *InviteTokenGenerateCreated {
+
+	return &InviteTokenGenerateCreated{}
+}
+
+// WriteResponse to the client
+func (o *InviteTokenGenerateCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(201)
+}
+
+// InviteTokenGenerateBadRequestCode is the HTTP code returned for type InviteTokenGenerateBadRequest
+const InviteTokenGenerateBadRequestCode int = 400
+
+/*
+InviteTokenGenerateBadRequest invitation tokens not created
+
+swagger:response inviteTokenGenerateBadRequest
+*/
+type InviteTokenGenerateBadRequest struct {
+}
+
+// NewInviteTokenGenerateBadRequest creates InviteTokenGenerateBadRequest with default headers values
+func NewInviteTokenGenerateBadRequest() *InviteTokenGenerateBadRequest {
+
+	return &InviteTokenGenerateBadRequest{}
+}
+
+// WriteResponse to the client
+func (o *InviteTokenGenerateBadRequest) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(400)
+}
+
+// InviteTokenGenerateUnauthorizedCode is the HTTP code returned for type InviteTokenGenerateUnauthorized
+const InviteTokenGenerateUnauthorizedCode int = 401
+
+/*
+InviteTokenGenerateUnauthorized unauthorized
+
+swagger:response inviteTokenGenerateUnauthorized
+*/
+type InviteTokenGenerateUnauthorized struct {
+}
+
+// NewInviteTokenGenerateUnauthorized creates InviteTokenGenerateUnauthorized with default headers values
+func NewInviteTokenGenerateUnauthorized() *InviteTokenGenerateUnauthorized {
+
+	return &InviteTokenGenerateUnauthorized{}
+}
+
+// WriteResponse to the client
+func (o *InviteTokenGenerateUnauthorized) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(401)
+}
+
+// InviteTokenGenerateInternalServerErrorCode is the HTTP code returned for type InviteTokenGenerateInternalServerError
+const InviteTokenGenerateInternalServerErrorCode int = 500
+
+/*
+InviteTokenGenerateInternalServerError internal server error
+
+swagger:response inviteTokenGenerateInternalServerError
+*/
+type InviteTokenGenerateInternalServerError struct {
+}
+
+// NewInviteTokenGenerateInternalServerError creates InviteTokenGenerateInternalServerError with default headers values
+func NewInviteTokenGenerateInternalServerError() *InviteTokenGenerateInternalServerError {
+
+	return &InviteTokenGenerateInternalServerError{}
+}
+
+// WriteResponse to the client
+func (o *InviteTokenGenerateInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(500)
+}

rest_server_zrok/operations/admin/invite_token_generate_urlbuilder.go

@@ -0,0 +1,87 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+)
+
+// InviteTokenGenerateURL generates an URL for the invite token generate operation
+type InviteTokenGenerateURL struct {
+	_basePath string
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *InviteTokenGenerateURL) WithBasePath(bp string) *InviteTokenGenerateURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *InviteTokenGenerateURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *InviteTokenGenerateURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/invite/token/generate"
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *InviteTokenGenerateURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *InviteTokenGenerateURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *InviteTokenGenerateURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on InviteTokenGenerateURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on InviteTokenGenerateURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *InviteTokenGenerateURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}

rest_server_zrok/operations/zrok_api.go

@@ -76,6 +76,9 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		AccountInviteHandler: account.InviteHandlerFunc(func(params account.InviteParams) middleware.Responder {
 			return middleware.NotImplemented("operation account.Invite has not yet been implemented")
 		}),
+		AdminInviteTokenGenerateHandler: admin.InviteTokenGenerateHandlerFunc(func(params admin.InviteTokenGenerateParams, principal *rest_model_zrok.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation admin.InviteTokenGenerate has not yet been implemented")
+		}),
 		AdminListFrontendsHandler: admin.ListFrontendsHandlerFunc(func(params admin.ListFrontendsParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation admin.ListFrontends has not yet been implemented")
 		}),
@@ -177,6 +180,8 @@ type ZrokAPI struct {
 	MetadataGetShareDetailHandler metadata.GetShareDetailHandler
 	// AccountInviteHandler sets the operation handler for the invite operation
 	AccountInviteHandler account.InviteHandler
+	// AdminInviteTokenGenerateHandler sets the operation handler for the invite token generate operation
+	AdminInviteTokenGenerateHandler admin.InviteTokenGenerateHandler
 	// AdminListFrontendsHandler sets the operation handler for the list frontends operation
 	AdminListFrontendsHandler admin.ListFrontendsHandler
 	// AccountLoginHandler sets the operation handler for the login operation
@@ -307,6 +312,9 @@ func (o *ZrokAPI) Validate() error {
 	if o.AccountInviteHandler == nil {
 		unregistered = append(unregistered, "account.InviteHandler")
 	}
+	if o.AdminInviteTokenGenerateHandler == nil {
+		unregistered = append(unregistered, "admin.InviteTokenGenerateHandler")
+	}
 	if o.AdminListFrontendsHandler == nil {
 		unregistered = append(unregistered, "admin.ListFrontendsHandler")
 	}
@@ -475,6 +483,10 @@ func (o *ZrokAPI) initHandlerCache() {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
 	o.handlers["POST"]["/invite"] = account.NewInvite(o.context, o.AccountInviteHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/invite/token/generate"] = admin.NewInviteTokenGenerate(o.context, o.AdminInviteTokenGenerateHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}

specs/zrok.yml

@@ -202,6 +202,28 @@ paths:
           description: unauthorized
         500:
           description: internal server error
+
+  /invite/token/generate:
+    post:
+      tags:
+        - admin
+      security:
+        - key: []
+      operationId: inviteTokenGenerate
+      parameters:
+        - name: body
+          in: body
+          schema:
+            $ref: "#/definitions/inviteTokenGenerateRequest"
+      responses:
+        201:
+          description: invitation tokens created
+        400:
+          description: invitation tokens not created
+        401:
+          description: unauthorized
+        500:
+          description: internal server error
   #
   # environment
   #
@@ -552,11 +574,21 @@ definitions:
   errorMessage:
     type: string
 
+  inviteTokenGenerateRequest:
+    type: object
+    properties:
+      tokens:
+        type: array
+        items:
+          type: string
+
   inviteRequest:
     type: object
     properties:
       email:
         type: string
+      token:
+        type: string
 
   loginRequest:
     type: object

ui/src/api/admin.js

@@ -68,6 +68,21 @@ export function createIdentity(options) {
   return gateway.request(createIdentityOperation, parameters)
 }
 
+/**
+ * @param {object} options Optional options
+ * @param {module:types.inviteTokenGenerateRequest} [options.body] 
+ * @return {Promise<object>} invitation tokens created
+ */
+export function inviteTokenGenerate(options) {
+  if (!options) options = {}
+  const parameters = {
+    body: {
+      body: options.body
+    }
+  }
+  return gateway.request(inviteTokenGenerateOperation, parameters)
+}
+
 const createFrontendOperation = {
   path: '/frontend',
   contentTypes: ['application/zrok.v1+json'],
@@ -121,3 +136,14 @@ const createIdentityOperation = {
     }
   ]
 }
+
+const inviteTokenGenerateOperation = {
+  path: '/invite/token/generate',
+  contentTypes: ['application/zrok.v1+json'],
+  method: 'post',
+  security: [
+    {
+      id: 'key'
+    }
+  ]
+}

ui/src/api/types.js

@@ -91,11 +91,19 @@
  * @property {module:types.shares} shares 
  */
 
+/**
+ * @typedef inviteTokenGenerateRequest
+ * @memberof module:types
+ * 
+ * @property {string[]} tokens 
+ */
+
 /**
  * @typedef inviteRequest
  * @memberof module:types
  * 
  * @property {string} email 
+ * @property {string} token 
  */
 
 /**

ui/src/console/detail/Detail.js

@@ -6,16 +6,17 @@ const Detail = (props) => {
     let detailComponent = <h1>{props.selection.id} ({props.selection.type})</h1>;
 
     switch(props.selection.type) {
-        case "account":
-            detailComponent = <AccountDetail user={props.user} />;
-            break;
-
         case "environment":
             detailComponent = <EnvironmentDetail selection={props.selection} />;
             break;
 
         case "share":
             detailComponent = <ShareDetail selection={props.selection} />;
+            break;
+
+        default:
+            detailComponent = <AccountDetail user={props.user} />;
+            break;
     }
 
     return (

ui/src/console/detail/account/AccountDetail.js

@@ -1,4 +1,4 @@
-import {mdiCardAccountDetails, mdiEyeOutline, mdiEyeOffOutline} from "@mdi/js";
+import {mdiCardAccountDetails} from "@mdi/js";
 import Icon from "@mdi/react";
 import PropertyTable from "../../PropertyTable";
 import {Tab, Tabs} from "react-bootstrap";

ui/src/console/detail/environment/SharesTab.js

@@ -2,8 +2,6 @@ import * as metadata from "../../../api/metadata";
 import {useEffect, useState} from "react";
 import DataTable from 'react-data-table-component';
 import {Sparklines, SparklinesLine, SparklinesSpots} from "react-sparklines";
-import {mdiConsoleNetwork} from "@mdi/js";
-import Icon from "@mdi/react";
 
 const SharesTab = (props) => {
     const [detail, setDetail] = useState({});

ui/src/console/detail/share/ShareDetail.js

@@ -25,9 +25,11 @@ const ShareDetail = (props) => {
         let interval = setInterval(() => {
             metadata.getShareDetail(props.selection.id)
                 .then(resp => {
-                    let detail = resp.data;
-                    detail.envZId = props.selection.envZId;
-                    setDetail(detail);
+                    if(mounted) {
+                        let detail = resp.data;
+                        detail.envZId = props.selection.envZId;
+                        setDetail(detail);
+                    }
                 });
         }, 1000);
         return () => {

ui/src/console/visualizer/Network.js

@@ -22,9 +22,13 @@ const Network = (props) => {
             case "environment":
                 nodeColor = "#444";
                 break;
-            case "share":
+
+            case "share": // share
                 nodeColor = "#291A66";
                 break;
+
+            default:
+                //
         }
 
         ctx.textBaseline = "middle";
@@ -41,10 +45,9 @@ const Network = (props) => {
             ctx.strokeStyle = "#c4bdde";
             ctx.stroke();
         } else {
-            switch(node.type) {
-                case "share":
-                    ctx.strokeStyle = "#433482";
-                    ctx.stroke();
+            if(node.type === "share") {
+                ctx.strokeStyle = "#433482";
+                ctx.stroke();
             }
         }
 

ui/src/register/InvalidRequest.js

@@ -1,4 +1,4 @@
-import {Button, Container, Row} from "react-bootstrap";
+import {Container, Row} from "react-bootstrap";
 
 const InvalidRequest = () => {
     return (