initial working version

cmd/status.go

@@ -0,0 +1,74 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/spf13/cobra"
+
+	"guardianproject.dev/ops/nix-cache-login/internal/config"
+	"guardianproject.dev/ops/nix-cache-login/internal/netrc"
+	"guardianproject.dev/ops/nix-cache-login/internal/token"
+)
+
+var statusCmd = &cobra.Command{
+	Use:   "status",
+	Short: "Show current token status",
+	Long:  `Decodes the JWT from the netrc file (without verification) and shows expiry information.`,
+	RunE:  runStatus,
+}
+
+func init() {
+	rootCmd.AddCommand(statusCmd)
+}
+
+func runStatus(cmd *cobra.Command, args []string) error {
+	// Read token from netrc
+	pw, err := netrc.GetPassword(cfg.NetrcPath, cfg.CacheHost)
+	if err != nil {
+		return fmt.Errorf("reading netrc: %w", err)
+	}
+
+	if pw == "" {
+		fmt.Fprintln(os.Stderr, "No token found.")
+		return nil
+	}
+
+	// Decode JWT payload
+	claims, err := token.DecodePayload(pw)
+	if err != nil {
+		return fmt.Errorf("decoding token: %w", err)
+	}
+
+	// Show claims
+	if iss, ok := claims["iss"].(string); ok {
+		fmt.Fprintf(os.Stdout, "Issuer:  %s\n", iss)
+	}
+	if sub, ok := claims["sub"].(string); ok {
+		fmt.Fprintf(os.Stdout, "Subject: %s\n", sub)
+	}
+	if name, ok := claims["preferred_username"].(string); ok {
+		fmt.Fprintf(os.Stdout, "User:    %s\n", name)
+	}
+
+	exp, remaining := token.ExpiryInfo(claims)
+	if !exp.IsZero() {
+		fmt.Fprintf(os.Stdout, "Expires: %s\n", exp.Local().Format(time.RFC1123))
+		if remaining > 0 {
+			fmt.Fprintf(os.Stdout, "Remaining: %s\n", remaining.Round(time.Second))
+		} else {
+			fmt.Fprintf(os.Stdout, "Status: EXPIRED (%s ago)\n", (-remaining).Round(time.Second))
+		}
+	}
+
+	// Check refresh token
+	rtPath := config.RefreshTokenPath()
+	if _, err := os.Stat(rtPath); err == nil {
+		fmt.Fprintf(os.Stdout, "Refresh token: present\n")
+	} else {
+		fmt.Fprintf(os.Stdout, "Refresh token: not found\n")
+	}
+
+	return nil
+}