nix-cache-login/cmd/status.go

package cmd

import (
	"fmt"
	"os"
	"time"

	"github.com/spf13/cobra"

	"guardianproject.dev/ops/nix-cache-login/internal/config"
	"guardianproject.dev/ops/nix-cache-login/internal/netrc"
	"guardianproject.dev/ops/nix-cache-login/internal/token"
)

var statusCmd = &cobra.Command{
	Use:   "status",
	Short: "Show current token status",
	Long:  `Decodes the JWT from the netrc file (without verification) and shows expiry information.`,
	RunE:  runStatus,
}

func init() {
	rootCmd.AddCommand(statusCmd)
}

func runStatus(cmd *cobra.Command, args []string) error {
	// Read token from netrc
	pw, err := netrc.GetPassword(cfg.NetrcPath, cfg.CacheHost)
	if err != nil {
		return fmt.Errorf("reading netrc: %w", err)
	}

	if pw == "" {
		fmt.Fprintln(os.Stderr, "No token found.")
		return nil
	}

	// Decode JWT payload
	claims, err := token.DecodePayload(pw)
	if err != nil {
		return fmt.Errorf("decoding token: %w", err)
	}

	// Show claims
	if iss, ok := claims["iss"].(string); ok {
		fmt.Fprintf(os.Stdout, "Issuer:  %s\n", iss)
	}
	if sub, ok := claims["sub"].(string); ok {
		fmt.Fprintf(os.Stdout, "Subject: %s\n", sub)
	}
	if name, ok := claims["preferred_username"].(string); ok {
		fmt.Fprintf(os.Stdout, "User:    %s\n", name)
	}

	exp, remaining := token.ExpiryInfo(claims)
	if !exp.IsZero() {
		fmt.Fprintf(os.Stdout, "Expires: %s\n", exp.Local().Format(time.RFC1123))
		if remaining > 0 {
			fmt.Fprintf(os.Stdout, "Remaining: %s\n", remaining.Round(time.Second))
		} else {
			fmt.Fprintf(os.Stdout, "Status: EXPIRED (%s ago)\n", (-remaining).Round(time.Second))
		}
	}

	// Check refresh token
	rtPath := config.RefreshTokenPath()
	if _, err := os.Stat(rtPath); err == nil {
		fmt.Fprintf(os.Stdout, "Refresh token: present\n")
	} else {
		fmt.Fprintf(os.Stdout, "Refresh token: not found\n")
	}

	return nil
}
initial working version 2026-02-26 11:05:16 +01:00			`package cmd`

			`import (`
			`"fmt"`
			`"os"`
			`"time"`

			`"github.com/spf13/cobra"`

			`"guardianproject.dev/ops/nix-cache-login/internal/config"`
			`"guardianproject.dev/ops/nix-cache-login/internal/netrc"`
			`"guardianproject.dev/ops/nix-cache-login/internal/token"`
			`)`

			`var statusCmd = &cobra.Command{`
			`Use: "status",`
			`Short: "Show current token status",`
			Long: `Decodes the JWT from the netrc file (without verification) and shows expiry information.`,
			`RunE: runStatus,`
			`}`

			`func init() {`
			`rootCmd.AddCommand(statusCmd)`
			`}`

			`func runStatus(cmd *cobra.Command, args []string) error {`
			`// Read token from netrc`
			`pw, err := netrc.GetPassword(cfg.NetrcPath, cfg.CacheHost)`
			`if err != nil {`
			`return fmt.Errorf("reading netrc: %w", err)`
			`}`

			`if pw == "" {`
			`fmt.Fprintln(os.Stderr, "No token found.")`
			`return nil`
			`}`

			`// Decode JWT payload`
			`claims, err := token.DecodePayload(pw)`
			`if err != nil {`
			`return fmt.Errorf("decoding token: %w", err)`
			`}`

			`// Show claims`
			`if iss, ok := claims["iss"].(string); ok {`
			`fmt.Fprintf(os.Stdout, "Issuer: %s\n", iss)`
			`}`
			`if sub, ok := claims["sub"].(string); ok {`
			`fmt.Fprintf(os.Stdout, "Subject: %s\n", sub)`
			`}`
			`if name, ok := claims["preferred_username"].(string); ok {`
			`fmt.Fprintf(os.Stdout, "User: %s\n", name)`
			`}`

			`exp, remaining := token.ExpiryInfo(claims)`
			`if !exp.IsZero() {`
			`fmt.Fprintf(os.Stdout, "Expires: %s\n", exp.Local().Format(time.RFC1123))`
			`if remaining > 0 {`
			`fmt.Fprintf(os.Stdout, "Remaining: %s\n", remaining.Round(time.Second))`
			`} else {`
			`fmt.Fprintf(os.Stdout, "Status: EXPIRED (%s ago)\n", (-remaining).Round(time.Second))`
			`}`
			`}`

			`// Check refresh token`
			`rtPath := config.RefreshTokenPath()`
			`if _, err := os.Stat(rtPath); err == nil {`
			`fmt.Fprintf(os.Stdout, "Refresh token: present\n")`
			`} else {`
			`fmt.Fprintf(os.Stdout, "Refresh token: not found\n")`
			`}`

			`return nil`
			`}`