From cfe13bd08580645b794e44609752df3e5c850ccf Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Tue, 30 Jan 2024 12:59:56 -0500
Subject: [PATCH] 'zrok admin create account'

---
 cmd/zrok/adminCreateAccount.go     | 66 ++++++++++++++++++++++++++++++
 controller/access.go               |  2 +-
 controller/createFrontend.go       |  2 +-
 controller/invite.go               |  2 +-
 controller/passwords.go            |  2 +-
 controller/register.go             |  4 +-
 controller/resetPassword.go        |  2 +-
 controller/resetPasswordRequest.go |  2 +-
 controller/util.go                 |  2 +-
 9 files changed, 75 insertions(+), 9 deletions(-)
 create mode 100644 cmd/zrok/adminCreateAccount.go

diff --git a/cmd/zrok/adminCreateAccount.go b/cmd/zrok/adminCreateAccount.go
new file mode 100644
index 00000000..b147fb2b
--- /dev/null
+++ b/cmd/zrok/adminCreateAccount.go
@@ -0,0 +1,66 @@
+package main
+
+import (
+	"github.com/openziti/zrok/controller"
+	"github.com/openziti/zrok/controller/config"
+	"github.com/openziti/zrok/controller/store"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	adminCreateCmd.AddCommand(newAdminCreateAccount().cmd)
+}
+
+type adminCreateAccount struct {
+	cmd *cobra.Command
+}
+
+func newAdminCreateAccount() *adminCreateAccount {
+	cmd := &cobra.Command{
+		Use:   "account <configPath}> <email> <password>",
+		Short: "Pre-populate an account in the database; returns an enable token for the account",
+		Args:  cobra.ExactArgs(3),
+	}
+	command := &adminCreateAccount{cmd: cmd}
+	cmd.Run = command.run
+	return command
+}
+
+func (cmd *adminCreateAccount) run(_ *cobra.Command, args []string) {
+	cfg, err := config.LoadConfig(args[0])
+	if err != nil {
+		panic(err)
+	}
+	str, err := store.Open(cfg.Store)
+	if err != nil {
+		panic(err)
+	}
+	token, err := controller.CreateToken()
+	if err != nil {
+		panic(err)
+	}
+	hpwd, err := controller.HashPassword(args[2])
+	if err != nil {
+		panic(err)
+	}
+	trx, err := str.Begin()
+	if err != nil {
+		panic(err)
+	}
+	defer func() {
+		if err := trx.Commit(); err != nil {
+			panic(err)
+		}
+	}()
+	a := &store.Account{
+		Email:    args[1],
+		Salt:     hpwd.Salt,
+		Password: hpwd.Password,
+		Token:    token,
+	}
+	if _, err := str.CreateAccount(a, trx); err != nil {
+		panic(err)
+	}
+	logrus.Infof("account token = %v", token)
+}
diff --git a/controller/access.go b/controller/access.go
index 56f9c8c5..3d84323a 100644
--- a/controller/access.go
+++ b/controller/access.go
@@ -62,7 +62,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
 		return share.NewAccessNotFound()
 	}
 
-	feToken, err := createToken()
+	feToken, err := CreateToken()
 	if err != nil {
 		logrus.Error(err)
 		return share.NewAccessInternalServerError()
diff --git a/controller/createFrontend.go b/controller/createFrontend.go
index 7f037117..45767387 100644
--- a/controller/createFrontend.go
+++ b/controller/createFrontend.go
@@ -50,7 +50,7 @@ func (h *createFrontendHandler) Handle(params admin.CreateFrontendParams, princi
 	}
 	defer func() { _ = tx.Rollback() }()
 
-	feToken, err := createToken()
+	feToken, err := CreateToken()
 	if err != nil {
 		logrus.Errorf("error creating frontend token: %v", err)
 		return admin.NewCreateFrontendInternalServerError()
diff --git a/controller/invite.go b/controller/invite.go
index dabd02c1..b9835cd6 100644
--- a/controller/invite.go
+++ b/controller/invite.go
@@ -55,7 +55,7 @@ func (h *inviteHandler) Handle(params account.InviteParams) middleware.Responder
 		logrus.Infof("using invite token '%v' to process invite request for '%v'", inviteToken.Token, params.Body.Email)
 	}
 
-	token, err = createToken()
+	token, err = CreateToken()
 	if err != nil {
 		logrus.Error(err)
 		return account.NewInviteInternalServerError()
diff --git a/controller/passwords.go b/controller/passwords.go
index 9e87e92c..7feac74e 100644
--- a/controller/passwords.go
+++ b/controller/passwords.go
@@ -24,7 +24,7 @@ func salt() string {
 	return base64.StdEncoding.EncodeToString(buf)
 }
 
-func hashPassword(password string) (*hashedPassword, error) {
+func HashPassword(password string) (*hashedPassword, error) {
 	return rehashPassword(password, salt())
 }
 
diff --git a/controller/register.go b/controller/register.go
index 8bfb1fe9..7067c356 100644
--- a/controller/register.go
+++ b/controller/register.go
@@ -38,7 +38,7 @@ func (h *registerHandler) Handle(params account.RegisterParams) middleware.Respo
 		return account.NewRegisterNotFound()
 	}
 
-	token, err := createToken()
+	token, err := CreateToken()
 	if err != nil {
 		logrus.Errorf("error creating token for request '%v' (%v): %v", params.Body.Token, ar.Email, err)
 		return account.NewRegisterInternalServerError()
@@ -49,7 +49,7 @@ func (h *registerHandler) Handle(params account.RegisterParams) middleware.Respo
 		return account.NewRegisterUnprocessableEntity().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
 	}
 
-	hpwd, err := hashPassword(params.Body.Password)
+	hpwd, err := HashPassword(params.Body.Password)
 	if err != nil {
 		logrus.Errorf("error hashing password for request '%v' (%v): %v", params.Body.Token, ar.Email, err)
 		return account.NewRegisterInternalServerError()
diff --git a/controller/resetPassword.go b/controller/resetPassword.go
index 5327e3c7..fb66ed77 100644
--- a/controller/resetPassword.go
+++ b/controller/resetPassword.go
@@ -53,7 +53,7 @@ func (handler *resetPasswordHandler) Handle(params account.ResetPasswordParams)
 		return account.NewResetPasswordUnprocessableEntity().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
 	}
 
-	hpwd, err := hashPassword(params.Body.Password)
+	hpwd, err := HashPassword(params.Body.Password)
 	if err != nil {
 		logrus.Errorf("error hashing password for '%v' (%v): %v", params.Body.Token, a.Email, err)
 		return account.NewResetPasswordRequestInternalServerError()
diff --git a/controller/resetPasswordRequest.go b/controller/resetPasswordRequest.go
index 7913d359..c73c860a 100644
--- a/controller/resetPasswordRequest.go
+++ b/controller/resetPasswordRequest.go
@@ -34,7 +34,7 @@ func (handler *resetPasswordRequestHandler) Handle(params account.ResetPasswordR
 	}
 	defer func() { _ = tx.Rollback() }()
 
-	token, err = createToken()
+	token, err = CreateToken()
 	if err != nil {
 		logrus.Errorf("error creating token for '%v': %v", params.Body.EmailAddress, err)
 		return account.NewResetPasswordRequestInternalServerError()
diff --git a/controller/util.go b/controller/util.go
index c490fde2..cf70f982 100644
--- a/controller/util.go
+++ b/controller/util.go
@@ -65,7 +65,7 @@ func createShareToken() (string, error) {
 	return gen(), nil
 }
 
-func createToken() (string, error) {
+func CreateToken() (string, error) {
 	gen, err := nanoid.CustomASCII("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", 12)
 	if err != nil {
 		return "", err