feat: switch to api key auth instead of username and password (#23)

Author: JLL32

README.md

@@ -12,16 +12,15 @@ go install github.com/saferwall/cli@latest
 
 ## Getting Started
 
-To use the CLI you need a [Saferwall](https://saferwall.com) account. Run the `init` command to interactively set up your credentials:
+To use the CLI you need a [Saferwall](https://saferwall.com) API key. Run the `init` command to interactively set up your credentials:
 
 ```sh
 saferwall-cli init
 ```
 
 This launches an interactive prompt that asks for:
 - **URL** — the Saferwall API endpoint (defaults to `https://api.saferwall.com`)
-- **Username** — your Saferwall account username
-- **Password** — your Saferwall account password
+- **API Key** — your Saferwall API key
 
 The credentials are saved to `~/.config/saferwall/config.toml`. To reconfigure, delete that file and run `init` again.
 

cmd/download.go

@@ -42,19 +42,13 @@ var downloadCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 		arg := args[0]
 
-		// Login to saferwall web service.
 		webSvc := webapi.New(cfg.Credentials.URL)
-		token, err := webSvc.Login(cfg.Credentials.Username, cfg.Credentials.Password)
-		if err != nil {
-			log.Fatalf("failed to authenticate: %v", err)
-		}
-
 		hashes := collectHashes(arg)
 		if len(hashes) == 0 {
 			log.Fatalf("no valid SHA256 hashes found in %q", arg)
 		}
 
-		downloadFiles(webSvc, token, hashes)
+		downloadFiles(webSvc, cfg.Credentials.APIKey, hashes)
 	},
 }
 

cmd/init.go

@@ -18,10 +18,8 @@ import (
 const configTemplate = `[credentials]
 # The URL used to interact with saferwall APIs.
 url = %q
-# The user name you choose when you sign-up for saferwall.com.
-username = %q
-# The password you choose when you sign-up for saferwall.com.
-password = %q
+# Your Saferwall API key.
+api_key = %q
 `
 
 func configDir() string {
@@ -57,16 +55,16 @@ var initCmd = &cobra.Command{
 			return
 		}
 
-		url, username, password := m.values()
-		if username == "" || password == "" {
-			log.Fatalf("username and password are required")
+		url, apiKey := m.values()
+		if apiKey == "" {
+			log.Fatalf("api key is required")
 		}
 
 		if err := os.MkdirAll(configDir(), 0o700); err != nil {
 			log.Fatalf("failed to create config directory: %v", err)
 		}
 
-		content := fmt.Sprintf(configTemplate, url, username, password)
+		content := fmt.Sprintf(configTemplate, url, apiKey)
 		if err := os.WriteFile(path, []byte(content), 0o600); err != nil {
 			log.Fatalf("failed to write config file: %v", err)
 		}

cmd/initui.go

@@ -14,8 +14,7 @@ import (
 
 const (
 	fieldURL = iota
-	fieldUsername
-	fieldPassword
+	fieldAPIKey
 	fieldCount
 )
 
@@ -35,16 +34,10 @@ func newInitModel() initModel {
 	url.Prompt = "  "
 	inputs[fieldURL] = url
 
-	username := textinput.New()
-	username.Placeholder = "your username"
-	username.Prompt = "  "
-	inputs[fieldUsername] = username
-
-	password := textinput.New()
-	password.Placeholder = "your password"
-	password.EchoMode = textinput.EchoPassword
-	password.Prompt = "  "
-	inputs[fieldPassword] = password
+	apiKey := textinput.New()
+	apiKey.Placeholder = "your api key"
+	apiKey.Prompt = "  "
+	inputs[fieldAPIKey] = apiKey
 
 	return initModel{inputs: inputs}
 }
@@ -66,7 +59,7 @@ func (m initModel) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 			m.focused = (m.focused - 1 + fieldCount) % fieldCount
 			return m, m.updateFocus()
 		case "enter":
-			if m.focused == fieldPassword {
+			if m.focused == fieldAPIKey {
 				m.submitted = true
 				return m, tea.Quit
 			}
@@ -102,7 +95,7 @@ func (m initModel) View() string {
 	b.WriteString("\n")
 	b.WriteString(styleLabel.Render("  Configure Saferwall CLI") + "\n\n")
 
-	labels := []string{"URL", "Username", "Password"}
+	labels := []string{"URL", "API Key"}
 	for i, label := range labels {
 		if i == m.focused {
 			b.WriteString(styleSuccess.Render("  > "))
@@ -120,8 +113,7 @@ func (m initModel) View() string {
 	return b.String()
 }
 
-func (m initModel) values() (url, username, password string) {
+func (m initModel) values() (url, apiKey string) {
 	return m.inputs[fieldURL].Value(),
-		m.inputs[fieldUsername].Value(),
-		m.inputs[fieldPassword].Value()
+		m.inputs[fieldAPIKey].Value()
 }

cmd/rescan.go

@@ -46,13 +46,7 @@ var reScanCmd = &cobra.Command{
 	Args:  cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 
-		// Login to saferwall web service
 		webSvc := webapi.New(cfg.Credentials.URL)
-		token, err := webSvc.Login(cfg.Credentials.Username, cfg.Credentials.Password)
-		if err != nil {
-			log.Fatalf("failed to authenticate: %v", err)
-		}
-
 		arg := args[0]
 
 		var sha256List []string
@@ -71,6 +65,6 @@ var reScanCmd = &cobra.Command{
 			}
 		}
 
-		reScanFile(webSvc, sha256List, token)
+		reScanFile(webSvc, sha256List, cfg.Credentials.APIKey)
 	},
 }

cmd/scan.go

@@ -125,13 +125,7 @@ var scanCmd = &cobra.Command{
 	Args:  cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 
-		// login to saferwall web service
 		webSvc := webapi.New(cfg.Credentials.URL)
-		token, err := webSvc.Login(cfg.Credentials.Username, cfg.Credentials.Password)
-		if err != nil {
-			log.Fatalf("failed to authenticate: %v", err)
-		}
-
-		scanFile(webSvc, args[0], token)
+		scanFile(webSvc, args[0], cfg.Credentials.APIKey)
 	},
 }

cmd/view.go

@@ -26,11 +26,6 @@ var viewCmd = &cobra.Command{
 		sha256 := strings.ToLower(args[0])
 
 		webSvc := webapi.New(cfg.Credentials.URL)
-		_, err := webSvc.Login(cfg.Credentials.Username, cfg.Credentials.Password)
-		if err != nil {
-			log.Fatalf("failed to authenticate: %v", err)
-		}
-
 		var file entity.File
 		if err := webSvc.GetFile(sha256, &file); err != nil {
 			log.Fatalf("failed to get file: %v", err)

internal/config/config.go

@@ -10,9 +10,8 @@ import (
 
 // CredentialsCfg represents saferwall credentials.
 type CredentialsCfg struct {
-	URL      string `mapstructure:"url"`
-	Username string `mapstructure:"username"`
-	Password string `mapstructure:"password"`
+	URL    string `mapstructure:"url"`
+	APIKey string `mapstructure:"api_key"`
 }
 
 // AWSS3Cfg represents AWS S3 credentials.

internal/webapi/auth.go

@@ -1,63 +1,14 @@
-// Copyright 2018 Saferwall. All rights reserved.
-// Use of this source code is governed by Apache v2 license
-// license that can be found in the LICENSE file.
-
-package webapi
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"io"
-	"net/http"
-)
-
-// Pages represents a paginated list of data items.
-type Pages struct {
-	Page       int `json:"page"`
-	PerPage    int `json:"per_page"`
-	PageCount  int `json:"page_count"`
-	TotalCount int `json:"total_count"`
-	Items      any `json:"items"`
-}
-
-func (s Service) Login(username, password string) (string, error) {
-
-	requestBody, err := json.Marshal(map[string]string{
-		"username": username,
-		"password": password,
-	})
-	if err != nil {
-		return "", err
-	}
-
-	body := bytes.NewBuffer(requestBody)
-	request, err := http.NewRequest(http.MethodPost, s.authURL, body)
-	if err != nil {
-		return "", err
-	}
-
-	request.Header.Set("Content-Type", "application/json; charset=utf-8")
-	resp, err := s.client.Do(request)
-	if err != nil {
-		return "", err
-	}
-
-	defer resp.Body.Close()
-	d, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return "", err
-	}
-
-	var res map[string]string
-	err = json.Unmarshal(d, &res)
-	if err != nil {
-		return "", err
-	}
-
-	if resp.StatusCode != http.StatusOK {
-		return "", errors.New("failed login")
-	}
-
-	return res["token"], nil
-}
+// Copyright 2018 Saferwall. All rights reserved.
+// Use of this source code is governed by Apache v2 license
+// license that can be found in the LICENSE file.
+
+package webapi
+
+// Pages represents a paginated list of data items.
+type Pages struct {
+	Page       int `json:"page"`
+	PerPage    int `json:"per_page"`
+	PageCount  int `json:"page_count"`
+	TotalCount int `json:"total_count"`
+	Items      any `json:"items"`
+}

internal/webapi/files.go

@@ -82,7 +82,7 @@ func (s Service) ListFiles(authToken string, page int) (*Pages, error) {
 		return nil, err
 	}
 
-	request.Header.Set("Cookie", "JWTCookie="+authToken)
+	request.Header.Set("X-Api-Key", authToken)
 
 	// Perform the http request.
 	resp, err := s.client.Do(request)
@@ -131,7 +131,7 @@ func (s Service) Scan(filepath string, authToken, preferredOS string, enableDeto
 	}
 
 	// Add our auth token.
-	request.Header.Set("Cookie", "JWTCookie="+authToken)
+	request.Header.Set("X-Api-Key", authToken)
 
 	// Perform the http request.
 	resp, err := s.client.Do(request)
@@ -178,7 +178,7 @@ func (s Service) Rescan(sha256, authToken, preferredOS string, enableDetonation
 	}
 
 	request.Header.Set("Content-Type", "application/json")
-	request.Header.Set("Cookie", "JWTCookie="+authToken)
+	request.Header.Set("X-Api-Key", authToken)
 
 	// Perform the http request.
 	resp, err := s.client.Do(request)
@@ -254,7 +254,7 @@ func (s Service) Download(sha256, authToken string) (*bytes.Buffer, error) {
 	}
 
 	request.Header.Set("Content-Type", "application/json")
-	request.Header.Set("Cookie", "JWTCookie="+authToken)
+	request.Header.Set("X-Api-Key", authToken)
 
 	// Perform the http request.
 	resp, err := s.client.Do(request)
@@ -282,7 +282,7 @@ func (s Service) Delete(sha256, authToken string) error {
 	}
 
 	request.Header.Set("Content-Type", "application/json")
-	request.Header.Set("Cookie", "JWTCookie="+authToken)
+	request.Header.Set("X-Api-Key", authToken)
 
 	// Perform the http request.
 	resp, err := s.client.Do(request)