Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add logout command to CLI #488

Closed
hackerwins opened this issue Mar 8, 2023 · 3 comments · Fixed by #571
Closed

Add logout command to CLI #488

hackerwins opened this issue Mar 8, 2023 · 3 comments · Fixed by #571
Labels
good first issue 🐤 Good for newcomers

Comments

@hackerwins
Copy link
Member

hackerwins commented Mar 8, 2023

Description:

We can log in to the Yorkie server, to use admin APIs which can manage documents and projects with CLI.

$ yorkie login -u username -p password
$ yorkie project ls

 NAME     PUBLIC KEY            SECRET KEY            AUTH WEBHOOK URL  AUTH WEBHOOK METHODS  CREATED AT
 default  cg044avhiqss73d20n2g  cg044avhiqss73d20n30                    []                    6 days

But we don't have logout command to log out from the Yorkie server yet.

Refer to:

Related to #544

Why:

  • The user can use the logout command to delete authentication information locally.
@blurfx
Copy link
Member

blurfx commented Apr 18, 2023

I'm interested in this issue. can I work on it?

@blurfx
Copy link
Member

blurfx commented Apr 25, 2023

I'm working on a logout CLI command, but I currently have the following issues and would like to discuss them.

We currently use JWT for authentication, so we can't invalidate them.

So this is my approach.

  • Give the JWT token a unique id using jti field
  • Record the token id somewhere when a user requests to log out. (to mark that the token id has been invalidated)
    • It should also work in cluster mode, so something like Redis would be good.
  • Within the TokenManager.Verify function, or wherever the function is used, check if the token has been marked as invalidated using Redis. (if Redis has a token id, it's invalidated)

I tried the above method, but there were two problems.

  • I created a Server.LogOut method in server/admin.go, but couldn't find a way to get the token when request has come.
  • I couldn't find a way to access Redis or similar storage on the Yorkie server. (I don't even know if it exists)

Please let me know if you can think of a better approach, or if there's a way to work around the two issues above. :)

@hackerwins
Copy link
Member Author

Thank you for your research.

Instead of token invalidation, I think deleting the token from the context file(~/.yorkie/config.json) would be a more appropriate way to handle the logout command for now.

It might be beneficial to consider aspects such as token invalidation for future reference as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue 🐤 Good for newcomers
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants