30ed02c694
Introduce a centralized token resolution system that supports both
environment variables and config-file-stored tokens with clear priority
(env var wins). This enables cron-based sync which runs in minimal
shell environments without env vars.
Core changes:
- GitLabConfig gains optional `token` field and `resolve_token()` method
that checks env var first, then config file, returning trimmed values
- `token_source()` returns human-readable provenance ("environment variable"
or "config file") for diagnostics
- `ensure_config_permissions()` enforces 0600 on config files containing
tokens (Unix only, no-op on other platforms)
New CLI commands:
- `lore token set [--token VALUE]` — validates against GitLab API, stores
in config, enforces file permissions. Supports flag, stdin pipe, or
interactive entry.
- `lore token show [--unmask]` — displays masked token with source label
Consumers updated to use resolve_token():
- auth_test: removes manual env var lookup
- doctor: shows token source in health check output
- ingest: uses centralized resolution
Includes 10 unit tests for resolve/source logic and 2 for mask_token.
26 lines
640 B
Rust
26 lines
640 B
Rust
use crate::core::config::Config;
|
|
use crate::core::error::Result;
|
|
use crate::gitlab::GitLabClient;
|
|
|
|
pub struct AuthTestResult {
|
|
pub username: String,
|
|
pub name: String,
|
|
pub base_url: String,
|
|
}
|
|
|
|
pub async fn run_auth_test(config_path: Option<&str>) -> Result<AuthTestResult> {
|
|
let config = Config::load(config_path)?;
|
|
|
|
let token = config.gitlab.resolve_token()?;
|
|
|
|
let client = GitLabClient::new(&config.gitlab.base_url, &token, None);
|
|
|
|
let user = client.get_current_user().await?;
|
|
|
|
Ok(AuthTestResult {
|
|
username: user.username,
|
|
name: user.name,
|
|
base_url: config.gitlab.base_url,
|
|
})
|
|
}
|