feat: Implement password encryption and HTTP registration for login functionality (#17)

Signed-off-by: cormick <[email protected]>

Author: CormickKneey

.gitignore

@@ -56,3 +56,7 @@ Temporary Items
 ### macOS Patch ###
 # iCloud generated files
 *.icloud
+
+# output
+bin
+output

Makefile

@@ -0,0 +1,120 @@
+#/*
+# *     Copyright 2024 The CNAI Authors
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# *      http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
+
+.PHONY: all
+all: build
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk command is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+.PHONY: test
+test: fmt vet ## Run unit test and display the coverage.
+	go test $$(go list ./pkg/...) -coverprofile cover.out
+	go tool cover -func cover.out
+
+GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
+GOLANGCI_LINT_VERSION ?= v1.54.2
+golangci-lint:
+	@[ -f $(GOLANGCI_LINT) ] || { \
+	set -e ;\
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell dirname $(GOLANGCI_LINT)) $(GOLANGCI_LINT_VERSION) ;\
+	}
+
+.PHONY: lint
+lint: golangci-lint ## Run golangci-lint linter & yamllint
+	$(GOLANGCI_LINT) run
+
+.PHONY: lint-fix
+lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
+
+GOIMPORTS := $(shell command -v goimports 2> /dev/null)
+ifeq ($(GOIMPORTS),)
+GOIMPORTS_INSTALL = go install golang.org/x/tools/cmd/goimports@latest
+else
+GOIMPORTS_INSTALL =
+endif
+
+$(GOIMPORTS_INSTALL):
+	$(GOIMPORTS_INSTALL)
+
+lint-fix: $(GOIMPORTS_INSTALL)
+	$(GOIMPORTS) -l -w .
+	$(GOLANGCI_LINT) run --fix
+
+##@ Build
+
+.PHONY: build
+build: fmt vet
+	go build -o output/modctl main.go
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+.PHONY: gen
+gen: gen-mockery## Generate all we need!
+
+.PHONY: gen-mockery check-mockery install-mockery
+gen-mockery: check-mockery ## Generate mockery code
+	@echo "generating mockery code according to .mockery.yaml"
+	@mockery
+
+check-mockery:
+	@which mockery > /dev/null || { echo "mockery not found. Trying to install via Homebrew..."; $(MAKE)  install-mockery; }
+	@mockery --version | grep -q "2.46.3" || { echo "mockery version is not v2.46.3. Trying to install the correct version..."; $(MAKE)  install-mockery; }
+
+install-mockery:
+	@if command -v brew > /dev/null; then \
+		echo "Installing mockery via Homebrew"; \
+		brew install mockery; \
+	else \
+		echo "Error: Homebrew is not installed. Please install Homebrew first and ensure it's in your PATH."; \
+		exit 1; \
+	fi

README.md

@@ -11,7 +11,8 @@ It offers commands such as `build`, `pull`, `push`, and more, making it easy for
 
 ```shell
 $ git clone https://github.com/CloudNativeAI/modctl.git
-$ go build -o modctl cmd/main.go
+$ make
+$ ./output/modctl -h
 ```
 
 ### Build

cmd/login.go

@@ -17,31 +17,32 @@
 package cmd
 
 import (
-	"bufio"
 	"context"
 	"fmt"
-	"os"
 	"strings"
+	"syscall"
+
+	"golang.org/x/crypto/ssh/terminal"
 
 	"github.com/CloudNativeAI/modctl/pkg/backend"
 	"github.com/CloudNativeAI/modctl/pkg/config"
-
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
 var loginConfig = config.NewLogin()
 
-type loginOptions struct {
-	username      string
-	password      string
-	passwordStdin bool
-}
-
 // loginCmd represents the modctl command for login.
 var loginCmd = &cobra.Command{
-	Use:                "login [flags] <registry>",
-	Short:              "A command line tool for modctl login",
+	Use:   "login [flags] <registry>",
+	Short: "A command line tool for modctl login",
+	Example: `
+# login to docker hub:
+modctl login -u foo registry-1.docker.io
+
+# login to insecure register:
+modctl login -u foo --insecure registry-insecure.io 
+`,
 	Args:               cobra.ExactArgs(1),
 	DisableAutoGenTag:  true,
 	SilenceUsage:       true,
@@ -51,7 +52,7 @@ var loginCmd = &cobra.Command{
 			return err
 		}
 
-		return runLogin(context.Background(), args[0])
+		return runLogin(cmd.Context(), args[0])
 	},
 }
 
@@ -60,7 +61,8 @@ func init() {
 	flags := loginCmd.Flags()
 	flags.StringVarP(&loginConfig.Username, "username", "u", "", "Username for login")
 	flags.StringVarP(&loginConfig.Password, "password", "p", "", "Password for login")
-	flags.BoolVar(&loginConfig.PasswordStdin, "password-stdin", false, "Take the password from stdin")
+	flags.BoolVar(&loginConfig.PasswordStdin, "password-stdin", true, "Take the password from stdin by default")
+	flags.BoolVar(&loginConfig.Insecure, "insecure", false, "Allow insecure connections to registry")
 
 	if err := viper.BindPFlags(flags); err != nil {
 		panic(fmt.Errorf("bind cache login flags to viper: %w", err))
@@ -75,18 +77,18 @@ func runLogin(ctx context.Context, registry string) error {
 	}
 
 	// read password from stdin if password-stdin is set
-	if loginConfig.PasswordStdin {
+	if loginConfig.PasswordStdin && loginConfig.Password == "" {
 		fmt.Print("Enter password: ")
-		reader := bufio.NewReader(os.Stdin)
-		password, err := reader.ReadString('\n')
+		password, err := terminal.ReadPassword(syscall.Stdin)
 		if err != nil {
 			return err
 		}
 
-		loginConfig.Password = strings.TrimSpace(password)
+		loginConfig.Password = strings.TrimSpace(string(password))
 	}
 
-	if err := b.Login(ctx, registry, loginConfig.Username, loginConfig.Password); err != nil {
+	fmt.Println("\nLogging In...")
+	if err := b.Login(ctx, registry, loginConfig.Username, loginConfig.Password, loginConfig.Insecure); err != nil {
 		return err
 	}
 

go.mod

@@ -13,6 +13,7 @@ require (
 	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.9.0
 	github.com/vbauerster/mpb/v8 v8.8.3
+	golang.org/x/crypto v0.28.0
 	oras.land/oras-go/v2 v2.5.0
 	zotregistry.dev/zot v1.4.3
 )
@@ -114,6 +115,7 @@ require (
 	golang.org/x/net v0.29.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/term v0.25.0 // indirect
 	golang.org/x/text v0.19.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect

pkg/backend/backend.go

@@ -25,7 +25,7 @@ import (
 // Backend is the interface to represent the backend.
 type Backend interface {
 	// Login logs into a registry.
-	Login(ctx context.Context, registry, username, password string) error
+	Login(ctx context.Context, registry, username, password string, insecure bool) error
 
 	// Logout logs out from a registry.
 	Logout(ctx context.Context, registry string) error

pkg/backend/login.go

@@ -18,14 +18,13 @@ package backend
 
 import (
 	"context"
-
 	"oras.land/oras-go/v2/registry/remote"
 	"oras.land/oras-go/v2/registry/remote/auth"
 	"oras.land/oras-go/v2/registry/remote/credentials"
 )
 
 // Login logs into a registry.
-func (b *backend) Login(ctx context.Context, registry, username, password string) error {
+func (b *backend) Login(ctx context.Context, registry, username, password string, insecure bool) error {
 	// read credentials from docker store.
 	store, err := credentials.NewStoreFromDocker(credentials.StoreOptions{AllowPlaintextPut: true})
 	if err != nil {
@@ -36,6 +35,7 @@ func (b *backend) Login(ctx context.Context, registry, username, password string
 	if err != nil {
 		return err
 	}
+	reg.PlainHTTP = insecure
 
 	cred := auth.Credential{
 		Username: username,

pkg/config/login.go

@@ -22,13 +22,15 @@ type Login struct {
 	Username      string
 	Password      string
 	PasswordStdin bool
+	Insecure      bool
 }
 
 func NewLogin() *Login {
 	return &Login{
 		Username:      "",
 		Password:      "",
-		PasswordStdin: false,
+		PasswordStdin: true,
+		Insecure:      false,
 	}
 }
 
@@ -37,7 +39,7 @@ func (l *Login) Validate() error {
 		return fmt.Errorf("missing username")
 	}
 
-	if len(l.Password) == 0 {
+	if len(l.Password) == 0 && !l.PasswordStdin {
 		return fmt.Errorf("missing password")
 	}
 

pkg/config/login_test.go

@@ -28,8 +28,8 @@ func TestNewLogin(t *testing.T) {
 	if login.Password != "" {
 		t.Errorf("expected empty password, got %s", login.Password)
 	}
-	if login.PasswordStdin != false {
-		t.Errorf("expected PasswordStdin to be false, got %v", login.PasswordStdin)
+	if login.PasswordStdin != true {
+		t.Errorf("expected PasswordStdin to be true, got %v", login.PasswordStdin)
 	}
 }
 

pkg/modelfile/modelfile_test.go

@@ -19,6 +19,7 @@ package modelfile
 import (
 	"errors"
 	"os"
+	"sort"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -199,8 +200,12 @@ name bar
 
 		assert.NoError(err)
 		assert.NotNil(mf)
-		assert.Equal(tc.configs, mf.GetConfigs())
-		assert.Equal(tc.models, mf.GetModels())
+		configs := mf.GetConfigs()
+		models := mf.GetModels()
+		sort.Strings(configs)
+		sort.Strings(models)
+		assert.Equal(tc.configs, configs)
+		assert.Equal(tc.models, models)
 		assert.Equal(tc.name, mf.GetName())
 		assert.Equal(tc.arch, mf.GetArch())
 		assert.Equal(tc.family, mf.GetFamily())