barry/ZKAC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ZKAC/cli/zkac_cli/main.py
everbarry 3b75d3c6f0 p2p grants
2026-05-06 00:08:46 +02:00

291 lines
11 KiB
Python
Raw Blame History

"""CLI entry point for zkac-node."""
from __future__ import annotations
import argparse
import base64
import json
import sys
from . import client, store
from .paths import user_dir
# ── user ──────────────────────────────────────────────────────────────
def _cmd_user_create(args):
path = store.create_user(args.userid)
ident = store.load_identity(args.userid)
print(f"created user {args.userid!r}")
print(f" issuance public key: {ident['issuance_pk'].hex()}")
print(f" p2p transport public key: {ident['transport_pk'].hex()}")
print(f" (share this key out-of-band to receive credentials)")
print(f" stored in {path}")
def _cmd_user_list(_args):
users = store.list_users()
if not users:
print("no users found")
return
for u in users:
print(u)
def _cmd_user_show(args):
ident = store.load_identity(args.userid)
contact = store.export_contact_bundle(args.userid)
print(f"user: {args.userid}")
print(f" issuance pk: {ident['issuance_pk'].hex()}")
print(f" p2p transport pk: {ident['transport_pk'].hex()}")
print(" share contact:")
print(f" {contact}")
owned = [
{"registry_id": r, **store.load_admin(args.userid, r)}
for r in store.list_admin_registries(args.userid)
]
if owned:
print(f" registries owned: {len(owned)}")
for r in owned:
print(f" {r['registry_id']} @ {r.get('server', '?')} roles={r.get('roles', [])}")
creds = store.list_credentials(args.userid)
if creds:
print(f" credentials: {len(creds)}")
for reg_hex, role in creds:
print(f" {reg_hex[:16]}… / {role}")
# ── serve ─────────────────────────────────────────────────────────────
def _cmd_serve(args):
from .server import serve
data_dir = args.data_dir
if data_dir is None:
data_dir = str(user_dir(args.userid) / "server")
serve(data_dir, args.host, args.port)
# ── server pin ───────────────────────────────────────────────────────
def _cmd_server_pin(args):
pk_bytes = bytes.fromhex(args.key)
store.pin_server(args.userid, args.server, base64.b64encode(pk_bytes).decode())
print(f"pinned {args.server} for {args.userid} -> {args.key[:16]}")
# ── registry ──────────────────────────────────────────────────────────
def _cmd_registry_create(args):
roles = [r.strip() for r in args.roles.split(",")]
rid = client.create_registry(args.userid, args.server, roles)
print(f"registry created: {rid}")
print(f" roles: {', '.join(roles)}")
def _cmd_registry_update(args):
add = [r.strip() for r in args.add_roles.split(",")]
client.update_registry(args.userid, args.server, args.registry, add)
print(f"registry updated: {args.registry[:16]}")
print(f" added roles: {', '.join(add)}")
def _cmd_registry_get(args):
info = client.get_registry(args.userid, args.server, args.registry)
print(f"registry: {args.registry}")
print(f" state bytes: {len(info.get('state_bytes_b64', ''))} chars (b64)")
def _cmd_registry_list(args):
regs = client.list_own_registries(args.userid)
if not regs:
print("no registries")
return
for r in regs:
print(f" {r['registry_id']} @ {r['server']} roles={r['roles']}")
# ── grant ─────────────────────────────────────────────────────────────
def _cmd_grant(args):
to = args.to
peer_key = args.peer_key
if args.to_contact:
if args.to or args.peer_key:
raise RuntimeError("use either --to-contact OR (--to and --peer-key), not both")
parsed = store.parse_contact_bundle(args.to_contact)
to = parsed["issuance_pk_hex"]
peer_key = parsed["transport_pk_hex"]
elif not args.to or not args.peer_key:
raise RuntimeError("grant requires --to and --peer-key (or --to-contact)")
result = client.grant_p2p(
args.userid, args.server, args.registry, args.role, to, args.peer, peer_key,
)
print(f"granted {args.role!r} to {to[:16]}")
print(f" delivery: direct p2p ({result['peer']})")
# ── credentials / collect ───────────────────────────────────────────
def _cmd_credentials_list(args):
local = store.list_credentials(args.userid)
print("local credentials:")
if not local:
print(" (none)")
for reg_hex, role in local:
print(f" {reg_hex}:{role}")
print("\npending grants: removed (use direct p2p listener)")
def _cmd_p2p_listen(args):
print(f"listening for p2p grant on {args.host}:{args.port}")
result = client.receive_p2p(args.userid, args.host, args.port)
print("received credential")
print(f" registry: {result['registry_id']}")
print(f" role: {result['role']}")
# ── auth ──────────────────────────────────────────────────────────────
def _cmd_auth(args):
resp = client.authenticate(
args.userid, args.registry, args.role, server=args.server,
)
print(json.dumps(resp, indent=2))
def _cmd_net_check(args):
resp = client.net_check(args.target, timeout_s=args.timeout)
if resp.get("ok"):
print("network check: ok")
print(f" target: {resp['target']}")
print(f" via: {resp['via']}")
return
print("network check: failed")
print(f" target: {resp['target']}")
print(f" via: {resp['via']}")
print(f" error: {resp.get('error', 'unknown')}")
sys.exit(2)
# ── argparse ─────────────────────────────────────────────────────────
def main():
p = argparse.ArgumentParser(prog="zkac-node")
sub = p.add_subparsers(dest="group", required=True)
# user
user_p = sub.add_parser("user", help="manage local user identities")
user_sub = user_p.add_subparsers(dest="action", required=True)
c = user_sub.add_parser("create", help="generate a new user identity")
c.add_argument("userid")
c.set_defaults(func=_cmd_user_create)
c = user_sub.add_parser("list", help="list all local users")
c.set_defaults(func=_cmd_user_list)
c = user_sub.add_parser("show", help="show user keys + registries + credentials")
c.add_argument("userid")
c.set_defaults(func=_cmd_user_show)
# serve
c = sub.add_parser("serve", help="run as a ZKAC server node")
c.add_argument("userid", help="user whose ~/.zkac/<userid>/server/ holds server state (unless --data-dir)")
c.add_argument("--data-dir", default=None, help="override server data directory")
c.add_argument("--host", default="127.0.0.1")
c.add_argument("--port", type=int, default=9800)
c.set_defaults(func=_cmd_serve)
# server pin
srv_p = sub.add_parser("server", help="manage server pins")
srv_sub = srv_p.add_subparsers(dest="action", required=True)
c = srv_sub.add_parser("pin", help="pin a server's public key for a user")
c.add_argument("userid")
c.add_argument("server", help="host:port")
c.add_argument("--key", required=True, help="server public key (hex)")
c.set_defaults(func=_cmd_server_pin)
# registry
reg_p = sub.add_parser("registry", help="manage registries")
reg_sub = reg_p.add_subparsers(dest="action", required=True)
c = reg_sub.add_parser("create", help="create a new registry on a server")
c.add_argument("userid")
c.add_argument("server", help="host:port")
c.add_argument("--roles", required=True, help="comma-separated role names")
c.set_defaults(func=_cmd_registry_create)
c = reg_sub.add_parser("update", help="add roles to a registry you own")
c.add_argument("userid")
c.add_argument("server", help="host:port")
c.add_argument("--registry", required=True)
c.add_argument("--add-roles", required=True, help="comma-separated new roles")
c.set_defaults(func=_cmd_registry_update)
c = reg_sub.add_parser("get", help="fetch registry state from server")
c.add_argument("userid")
c.add_argument("server", help="host:port")
c.add_argument("--registry", required=True)
c.set_defaults(func=_cmd_registry_get)
c = reg_sub.add_parser("list", help="list locally owned registries")
c.add_argument("userid")
c.set_defaults(func=_cmd_registry_list)
# grant
c = sub.add_parser("grant", help="issue a credential to a recipient (admin)")
c.add_argument("userid")
c.add_argument("--server", required=True, help="host:port")
c.add_argument("--registry", required=True)
c.add_argument("--role", required=True)
c.add_argument("--to", default=None, help="recipient issuance public key (hex)")
c.add_argument("--to-contact", default=None, help="recipient one-string contact bundle")
c.add_argument("--peer", required=True, help="recipient p2p host:port")
c.add_argument("--peer-key", default=None, help="recipient p2p transport public key (hex)")
c.set_defaults(func=_cmd_grant)
# credentials
cred_p = sub.add_parser("credentials", help="credentials (local + pending)")
cred_sub = cred_p.add_subparsers(dest="action", required=True)
c = cred_sub.add_parser("list", help="show local + pending credentials")
c.add_argument("userid")
c.set_defaults(func=_cmd_credentials_list)
# direct p2p receive
c = sub.add_parser("p2p-listen", help="listen for one direct p2p credential grant")
c.add_argument("userid")
c.add_argument("--host", default="127.0.0.1")
c.add_argument("--port", type=int, default=9810)
c.set_defaults(func=_cmd_p2p_listen)
# auth
c = sub.add_parser("auth", help="authenticate with a credential")
c.add_argument("userid")
c.add_argument("--registry", required=True)
c.add_argument("--role", required=True)
c.add_argument("--server", default=None, help="host:port (optional if known from registry)")
c.set_defaults(func=_cmd_auth)
# network diagnostics
net_p = sub.add_parser("net", help="network diagnostics")
net_sub = net_p.add_subparsers(dest="action", required=True)
c = net_sub.add_parser("check", help="test TCP reachability (direct or SOCKS5 proxy)")
c.add_argument("target", help="host:port (supports .b32.i2p via SOCKS5)")
c.add_argument("--timeout", type=float, default=8.0, help="connect timeout in seconds")
c.set_defaults(func=_cmd_net_check)
args = p.parse_args()
if not hasattr(args, "func"):
p.print_help()
sys.exit(1)
args.func(args)
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink