Merge pull request #2 from vulncheck-oss/inquiry

🚧 web auth progress - DRAFT

Makefile

@@ -27,3 +27,6 @@ test:
 
 update:
 	go get -u ./... && go mod tidy
+
+lint:
+	@golangci-lint run

go.mod

@@ -12,9 +12,10 @@ require (
 	github.com/charmbracelet/huh v0.3.0
 	github.com/charmbracelet/huh/spinner v0.0.0-20240328185852-590ecabc34b9
 	github.com/charmbracelet/lipgloss v0.10.0
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/viper v1.18.2
-	github.com/vulncheck-oss/sdk v1.2.5
+	github.com/vulncheck-oss/sdk v1.2.6
 	golang.org/x/term v0.18.0
 )
 

go.sum

@@ -74,6 +74,8 @@ github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo
 github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
 github.com/pelletier/go-toml/v2 v2.2.0 h1:QLgLl2yMN7N+ruc31VynXs1vhMZa7CeHHejIeBAsoHo=
 github.com/pelletier/go-toml/v2 v2.2.0/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
+github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -111,8 +113,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/vulncheck-oss/sdk v1.2.5 h1:gJgUm+dojHTC9fUSl/doq9IGS5QqtH5BGCDgTkcIjU8=
-github.com/vulncheck-oss/sdk v1.2.5/go.mod h1:ufLXRGtv47jpjt2B7FcwUXhexX7F4lj4LaXl3ZyNiKA=
+github.com/vulncheck-oss/sdk v1.2.6 h1:5KVRqHs7nnQ9mJNeEUEDwZq7E2V9oGrre0XGBlwG/Ao=
+github.com/vulncheck-oss/sdk v1.2.6/go.mod h1:ufLXRGtv47jpjt2B7FcwUXhexX7F4lj4LaXl3ZyNiKA=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw=

pkg/cmd/auth/auth.go

@@ -2,7 +2,8 @@ package auth
 
 import (
 	"github.com/spf13/cobra"
-	"github.com/vulncheck-oss/cli/pkg/cmd/auth/login"
+
+	cmdLogin "github.com/vulncheck-oss/cli/pkg/cmd/auth/login"
 	"github.com/vulncheck-oss/cli/pkg/cmd/auth/logout"
 	"github.com/vulncheck-oss/cli/pkg/cmd/auth/status"
 	"github.com/vulncheck-oss/cli/pkg/i18n"
@@ -18,7 +19,7 @@ func Command() *cobra.Command {
 
 	session.DisableAuthCheck(cmd)
 
-	cmd.AddCommand(login.Command())
+	cmd.AddCommand(cmdLogin.Command())
 	cmd.AddCommand(status.Command())
 	cmd.AddCommand(logout.Command())
 

pkg/cmd/auth/login/login.go

@@ -2,8 +2,11 @@ package login
 
 import (
 	"github.com/spf13/cobra"
+	"github.com/vulncheck-oss/cli/pkg/cmd/auth/login/token"
+	"github.com/vulncheck-oss/cli/pkg/cmd/auth/login/web"
 	"github.com/vulncheck-oss/cli/pkg/config"
 	"github.com/vulncheck-oss/cli/pkg/i18n"
+	pkgLogin "github.com/vulncheck-oss/cli/pkg/login"
 	"github.com/vulncheck-oss/cli/pkg/session"
 	"github.com/vulncheck-oss/cli/pkg/ui"
 )
@@ -27,43 +30,29 @@ func Command() *cobra.Command {
 			}
 
 			if config.HasConfig() && config.HasToken() {
-				if err := existingToken(); err != nil {
+				if err := pkgLogin.ExistingToken(); err != nil {
 					return err
 				}
 			}
 
-			choice, err := chooseAuthMethod()
+			choice, err := pkgLogin.ChooseAuthMethod()
 
 			if err != nil {
 				return err
 			}
 
 			switch choice {
 			case "token":
-				return cmdToken(cmd, args)
+				return token.CmdToken(cmd, args)
 			case "web":
-				return ui.Error("Command currently under construction")
+				return web.CmdWeb(cmd, args)
 			default:
 				return ui.Error("Invalid choice")
 			}
 		},
 	}
 
-	token := &cobra.Command{
-		Use:   "token",
-		Short: i18n.C.AuthLoginToken,
-		RunE:  cmdToken,
-	}
-
-	web := &cobra.Command{
-		Use:   "web",
-		Short: i18n.C.AuthLoginWeb,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return ui.Error("web login is not yet implemented")
-		},
-	}
-
-	cmd.AddCommand(web, token)
+	cmd.AddCommand(web.Command(), token.Command())
 
 	session.DisableAuthCheck(cmd)
 	return cmd

pkg/cmd/auth/login/token/token.go

@@ -0,0 +1,40 @@
+package token
+
+import (
+	"github.com/charmbracelet/huh"
+	"github.com/spf13/cobra"
+	"github.com/vulncheck-oss/cli/pkg/config"
+	"github.com/vulncheck-oss/cli/pkg/i18n"
+	"github.com/vulncheck-oss/cli/pkg/login"
+	"github.com/vulncheck-oss/cli/pkg/ui"
+)
+
+func Command() *cobra.Command {
+	return &cobra.Command{
+		Use:   "token",
+		Short: i18n.C.AuthLoginToken,
+		RunE:  CmdToken,
+	}
+}
+
+func CmdToken(cmd *cobra.Command, args []string) error {
+
+	var token string
+
+	input := huh.
+		NewInput().
+		Title("Enter your authentication token").
+		Password(true).
+		Placeholder("vulncheck_******************").
+		Value(&token)
+
+	if err := input.Run(); err != nil {
+		return ui.Error("Token verification failed: %v", err)
+	}
+
+	if !config.ValidToken(token) {
+		return ui.Error("Invalid token specified")
+	}
+
+	return login.SaveToken(token)
+}

pkg/cmd/auth/login/web/web.go

@@ -0,0 +1,131 @@
+package web
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/charmbracelet/huh/spinner"
+	"github.com/pkg/browser"
+	"github.com/spf13/cobra"
+	"github.com/vulncheck-oss/cli/pkg/config"
+	"github.com/vulncheck-oss/cli/pkg/environment"
+	"github.com/vulncheck-oss/cli/pkg/i18n"
+	"github.com/vulncheck-oss/cli/pkg/login"
+	"github.com/vulncheck-oss/cli/pkg/session"
+	"github.com/vulncheck-oss/cli/pkg/ui"
+	"os/exec"
+	"runtime"
+	"strings"
+	"time"
+)
+
+/**
+step 1. generate an inquiry.
+step 2. prompt the user to visit the inquiry URL.
+step 3. loop and sleep waiting for an inquiry response.
+*/
+
+type Inquiry struct {
+	Hash       string
+	Token      string
+	Name       string
+	IP         string
+	Agent      string
+	Location   string
+	Coordinate string
+	CreatedAt  string `json:"created_at"`
+	UpdatedAt  string `json:"updated_at"`
+}
+
+type InquiryResponse struct {
+	Benchmark float64 `json:"_benchmark"`
+	Message   string  `json:"message"`
+	Data      Inquiry `json:"data"`
+}
+
+type InquiryPingResponse struct {
+	Benchmark float64 `json:"_benchmark"`
+	Data      Inquiry `json:"data"`
+}
+
+func Command() *cobra.Command {
+	return &cobra.Command{
+		Use:   "web",
+		Short: i18n.C.AuthLoginWeb,
+		RunE:  CmdWeb,
+	}
+}
+
+func CmdWeb(cmd *cobra.Command, args []string) error {
+	var responseJSON *InquiryResponse
+	response, err := session.Connect(config.Token()).Form("name", GetName()).Request("POST", "/inquiry")
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+	_ = json.NewDecoder(response.Body).Decode(&responseJSON)
+
+	ui.Info("Attempting to launch vulncheck.com in your browser...")
+	if err := browser.OpenURL(fmt.Sprintf("%s/inquiry/%s", environment.Env.WEB, responseJSON.Data.Hash)); err != nil {
+		return err
+	}
+
+	var errorResponse error
+	var pingResponse *InquiryPingResponse
+
+	_ = spinner.New().
+		Style(ui.Pantone).
+		Title(" Awaiting Verification...").Action(func() {
+
+		ticker := time.NewTicker(2 * time.Second)
+		defer ticker.Stop()
+
+		timeout := time.After(30 * time.Second)
+
+		for {
+			select {
+			case <-ticker.C:
+				var responsePing *InquiryPingResponse
+				response, err := session.Connect(config.Token()).Request("GET", fmt.Sprintf("/inquiry/ping/%s", responseJSON.Data.Hash))
+				if err != nil {
+					errorResponse = err
+					return
+				}
+				defer response.Body.Close()
+				_ = json.NewDecoder(response.Body).Decode(&responsePing)
+				if config.ValidToken(responsePing.Data.Token) {
+					pingResponse = responsePing
+					return
+				}
+			case <-timeout:
+				return
+			}
+		}
+
+	}).Run()
+
+	if errorResponse != nil {
+		return errorResponse
+	}
+
+	if pingResponse != nil {
+		return login.SaveToken(pingResponse.Data.Token)
+	}
+	return nil
+}
+
+// GetName returns the ComputerName and/or hostname of the machine
+func GetName() string {
+	var out []byte
+	var err error
+
+	if strings.HasPrefix(runtime.GOOS, "darwin") {
+		out, err = exec.Command("scutil", "--get", "ComputerName").Output()
+	} else {
+		out, err = exec.Command("hostname").Output()
+	}
+	if err != nil {
+		return ""
+	}
+
+	return strings.TrimSpace(string(out))
+}

pkg/cmd/auth/status/status.go

@@ -3,9 +3,9 @@ package status
 import (
 	"fmt"
 	"github.com/spf13/cobra"
-	"github.com/vulncheck-oss/cli/pkg/cmd/auth/login"
 	"github.com/vulncheck-oss/cli/pkg/config"
 	"github.com/vulncheck-oss/cli/pkg/i18n"
+	"github.com/vulncheck-oss/cli/pkg/login"
 	"github.com/vulncheck-oss/cli/pkg/session"
 )
 

pkg/cmd/backup/backup.go

@@ -12,13 +12,21 @@ import (
 	"time"
 )
 
+type UrlOptions struct {
+	Json bool
+}
+
 func Command() *cobra.Command {
 
 	cmd := &cobra.Command{
 		Use:   "backup <command>",
 		Short: i18n.C.BackupShort,
 	}
 
+	opts := &UrlOptions{
+		Json: false,
+	}
+
 	cmdUrl := &cobra.Command{
 		Use:   "url <index>",
 		Short: i18n.C.BackupUrlShort,
@@ -30,10 +38,19 @@ func Command() *cobra.Command {
 			if err != nil {
 				return err
 			}
-			ui.Json(response.GetData()[0])
+			if opts.Json {
+				ui.Json(response.GetData()[0])
+				return nil
+			}
+
+			ui.Stat("Filename", response.GetData()[0].Filename)
+			ui.Stat("SHA256", response.GetData()[0].Sha256)
+			ui.Stat("Date Added", response.GetData()[0].DateAdded)
+			ui.Stat("URL", response.GetData()[0].URL)
 			return nil
 		},
 	}
+	cmdUrl.Flags().BoolVarP(&opts.Json, "json", "j", false, "Output as JSON")
 
 	cmdDownload := &cobra.Command{
 		Use:   "download <index>",
@@ -49,6 +66,10 @@ func Command() *cobra.Command {
 
 			file, err := extractFile(response.GetData()[0].URL)
 
+			if err != nil {
+				return err
+			}
+
 			date := parseDate(response.GetData()[0].DateAdded)
 
 			ui.Info(fmt.Sprintf(i18n.C.BackupDownloadInfo, args[0], date))