Auth

This command suite is created for Wrgld administrator to manage both authentication and authorization for the HTTP API. By default, only registered users who are given access can use the HTTP API. First the user should be registered (with their password) using the command add-user. Registered users can then be given access by assigning the appropriate scopes using the command add-scope. Users can then login at endpoint /authenticate/ and obtain a JWT token to access the HTTP API.

Scopes represent what actions are allowed via the HTTP API for a users. Valid scopes are:

  • repo.read: covers view-only actions such as fetch, diff, etc...
  • repo.readConfig: covers read config action
  • repo.write: covers write actions such as push, commit, etc...
  • repo.writeConfig: covers write config action

wrgl auth add-user

Add a user and set their name/password.

wrgl auth add-user EMAIL [flags]

In addition to email, this command also ask for user's name and password. If a user with the given email already exist then this command updates that user's info instead.

Flags

-h, --help

help for add-user

--name

set user's name

--password

set user's password

Inherited flags

--badger-log

set Badger log level, valid options are "error", "warning", "debug", and "info" (defaults to "error")

--cpuprofile

write cpu profile to file

--debug

print debug logs to stdout

--debug-file

print debug logs to the given file instead

--heapprofile

write heap profile to file

--wrgl-dir

parent directory of repo, default to current working directory.

wrgl auth list-user

List registered users.

wrgl auth list-user [flags]

Flags

-h, --help

help for list-user

Inherited flags

--badger-log

set Badger log level, valid options are "error", "warning", "debug", and "info" (defaults to "error")

--cpuprofile

write cpu profile to file

--debug

print debug logs to stdout

--debug-file

print debug logs to the given file instead

--heapprofile

write heap profile to file

--wrgl-dir

parent directory of repo, default to current working directory.

wrgl auth remove-user

Remove users with email.

wrgl auth remove-user EMAIL... [flags]

Flags

-h, --help

help for remove-user

Inherited flags

--badger-log

set Badger log level, valid options are "error", "warning", "debug", and "info" (defaults to "error")

--cpuprofile

write cpu profile to file

--debug

print debug logs to stdout

--debug-file

print debug logs to the given file instead

--heapprofile

write heap profile to file

--wrgl-dir

parent directory of repo, default to current working directory.

wrgl auth add-scope

Add one or more scopes for a user.

wrgl auth add-scope EMAIL SCOPE... [flags]

Flags

--all

add all scopes to user

-h, --help

help for add-scope

Inherited flags

--badger-log

set Badger log level, valid options are "error", "warning", "debug", and "info" (defaults to "error")

--cpuprofile

write cpu profile to file

--debug

print debug logs to stdout

--debug-file

print debug logs to the given file instead

--heapprofile

write heap profile to file

--wrgl-dir

parent directory of repo, default to current working directory.

Examples

# authorize user to fetch & push data
wrgl auth add-scope user@email.com repo.read repo.write

# authorize a user to do everything
wrgl auth add-scope user@email.com --all

wrgl auth list-scope

List scopes for a user.

wrgl auth list-scope { EMAIL | anyone } [flags]

Flags

-h, --help

help for list-scope

Inherited flags

--badger-log

set Badger log level, valid options are "error", "warning", "debug", and "info" (defaults to "error")

--cpuprofile

write cpu profile to file

--debug

print debug logs to stdout

--debug-file

print debug logs to the given file instead

--heapprofile

write heap profile to file

--wrgl-dir

parent directory of repo, default to current working directory.

Examples

# list scopes for a user
wrgl auth list-scope john.doe@domain.com

# list scopes for anonymous users
wrgl auth list-scope anyone

wrgl auth remove-scope

Remove one or more scopes for a user.

wrgl auth remove-scope { EMAIL | anyone } SCOPE... [flags]

Flags

-h, --help

help for remove-scope

Inherited flags

--badger-log

set Badger log level, valid options are "error", "warning", "debug", and "info" (defaults to "error")

--cpuprofile

write cpu profile to file

--debug

print debug logs to stdout

--debug-file

print debug logs to the given file instead

--heapprofile

write heap profile to file

--wrgl-dir

parent directory of repo, default to current working directory.

Examples

# remove write scopes for a user
wrgl auth remove-scope john.doe@domain.com repo.write