theirongolddev/gitlore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(token): add stored token support with resolve_token and token_source

Browse Source 
Introduce a centralized token resolution system that supports both
environment variables and config-file-stored tokens with clear priority
(env var wins). This enables cron-based sync which runs in minimal
shell environments without env vars.

Core changes:
- GitLabConfig gains optional `token` field and `resolve_token()` method
  that checks env var first, then config file, returning trimmed values
- `token_source()` returns human-readable provenance ("environment variable"
  or "config file") for diagnostics
- `ensure_config_permissions()` enforces 0600 on config files containing
  tokens (Unix only, no-op on other platforms)

New CLI commands:
- `lore token set [--token VALUE]` — validates against GitLab API, stores
  in config, enforces file permissions. Supports flag, stdin pipe, or
  interactive entry.
- `lore token show [--unmask]` — displays masked token with source label

Consumers updated to use resolve_token():
- auth_test: removes manual env var lookup
- doctor: shows token source in health check output
- ingest: uses centralized resolution

Includes 10 unit tests for resolve/source logic and 2 for mask_token.
This commit is contained in:
teernisse
2026-02-18 16:27:35 -05:00
parent a4df8e5444
commit 30ed02c694
7 changed files with 303 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/core/paths.rs
View File

@@ -68,6 +68,36 @@ fn get_xdg_data_dir() -> PathBuf {
})
}
/// Enforce restrictive permissions (0600) on the config file.
/// Warns to stderr if permissions were too open, then tightens them.
#[cfg(unix)]
pub fn ensure_config_permissions(path: &std::path::Path) {
use std::os::unix::fs::MetadataExt;
let Ok(meta) = std::fs::metadata(path) else {
return;
};
let mode = meta.mode() & 0o777;
if mode != 0o600 {
eprintln!(
"Warning: config file permissions were {mode:04o}, tightening to 0600: {}",
path.display()
);
let _ = set_permissions_600(path);
}
}
#[cfg(unix)]
fn set_permissions_600(path: &std::path::Path) -> std::io::Result<()> {
use std::os::unix::fs::PermissionsExt;
let perms = std::fs::Permissions::from_mode(0o600);
std::fs::set_permissions(path, perms)
}
/// No-op on non-Unix platforms.
#[cfg(not(unix))]
pub fn ensure_config_permissions(_path: &std::path::Path) {}
#[cfg(test)]
mod tests {
use super::*;