feat(!783): Add admin commands for managing tokens

src/admin/admin.rs

@@ -2,10 +2,17 @@
 use conduwuit::Result;
 
 use crate::{
-	appservice, appservice::AppserviceCommand, check, check::CheckCommand, context::Context,
-	debug, debug::DebugCommand, federation, federation::FederationCommand, media,
-	media::MediaCommand, query, query::QueryCommand, room, room::RoomCommand, server,
-	server::ServerCommand, user, user::UserCommand,
+	appservice::{self, AppserviceCommand},
+	check::{self, CheckCommand},
+	context::Context,
+	debug::{self, DebugCommand},
+	federation::{self, FederationCommand},
+	media::{self, MediaCommand},
+	query::{self, QueryCommand},
+	room::{self, RoomCommand},
+	server::{self, ServerCommand},
+	token::{self, TokenCommand},
+	user::{self, UserCommand},
 };
 
 #[derive(Debug, Parser)]
@@ -19,6 +26,10 @@ pub enum AdminCommand {
 	/// - Commands for managing local users
 	Users(UserCommand),
 
+	#[command(subcommand)]
+	/// - Commands for managing registration tokens
+	Tokens(TokenCommand),
+
 	#[command(subcommand)]
 	/// - Commands for managing rooms
 	Rooms(RoomCommand),
@@ -64,6 +75,11 @@ pub(super) async fn process(command: AdminCommand, context: &Context<'_>) -> Res
 			context.bail_restricted()?;
 			user::process(command, context).await
 		},
+		| Tokens(command) => {
+			// token commands are all restricted
+			context.bail_restricted()?;
+			token::process(command, context).await
+		},
 		| Rooms(command) => room::process(command, context).await,
 		| Federation(command) => federation::process(command, context).await,
 		| Server(command) => server::process(command, context).await,

src/admin/mod.rs

@@ -17,6 +17,7 @@
 pub(crate) mod query;
 pub(crate) mod room;
 pub(crate) mod server;
+pub(crate) mod token;
 pub(crate) mod user;
 
 extern crate conduwuit_api as api;

src/admin/token/commands.rs

@@ -0,0 +1,74 @@
+use conduwuit::{Err, Result, utils};
+use conduwuit_macros::admin_command;
+use futures::StreamExt;
+use service::registration_tokens::TokenExpires;
+
+#[admin_command]
+pub(super) async fn issue_token(&self, expires: super::TokenExpires) -> Result {
+	let expires = {
+		if expires.immortal {
+			None
+		} else if let Some(max_uses) = expires.max_uses {
+			Some(TokenExpires::AfterUses(max_uses))
+		} else if let Some(max_age) = expires
+			.max_age
+			.as_deref()
+			.map(|max_age| utils::time::timepoint_from_now(utils::time::parse_duration(max_age)?))
+			.transpose()?
+		{
+			Some(TokenExpires::AfterTime(max_age))
+		} else {
+			unreachable!();
+		}
+	};
+
+	let (token, info) = self
+		.services
+		.registration_tokens
+		.issue_token(self.sender_or_service_user().into(), expires);
+
+	self.write_str(&format!(
+		"New registration token issued: `{token}`. {}.",
+		if let Some(expires) = info.expires {
+			format!("{expires}")
+		} else {
+			"Never expires".to_owned()
+		}
+	))
+	.await
+}
+
+#[admin_command]
+pub(super) async fn revoke_token(&self, token: String) -> Result {
+	let Some(token) = self
+		.services
+		.registration_tokens
+		.validate_token(token)
+		.await
+	else {
+		return Err!("This token does not exist or has already expired.");
+	};
+
+	self.services.registration_tokens.revoke_token(token)?;
+
+	self.write_str("Token revoked successfully.").await
+}
+
+#[admin_command]
+pub(super) async fn list_tokens(&self) -> Result {
+	let tokens: Vec<_> = self
+		.services
+		.registration_tokens
+		.iterate_tokens()
+		.collect()
+		.await;
+
+	self.write_str(&format!("Found {} registration tokens:\n", tokens.len()))
+		.await?;
+
+	for token in tokens {
+		self.write_str(&format!("- {token}\n")).await?;
+	}
+
+	Ok(())
+}

src/admin/token/mod.rs

@@ -0,0 +1,47 @@
+mod commands;
+
+use clap::{Args, Subcommand};
+use conduwuit::Result;
+
+use crate::admin_command_dispatch;
+
+#[admin_command_dispatch]
+#[derive(Debug, Subcommand)]
+pub enum TokenCommand {
+	/// - Issue a new registration token
+	#[clap(name = "issue")]
+	IssueToken {
+		/// When this token will expire.
+		#[command(flatten)]
+		expires: TokenExpires,
+	},
+
+	/// - Revoke a registration token
+	#[clap(name = "revoke")]
+	RevokeToken {
+		/// The token to revoke.
+		token: String,
+	},
+
+	/// - List all registration tokens
+	#[clap(name = "list")]
+	ListTokens,
+}
+
+#[derive(Debug, Args)]
+#[group(required = true, multiple = false)]
+pub struct TokenExpires {
+	/// The maximum number of times this token is allowed to be used before it
+	/// expires.
+	#[arg(long)]
+	max_uses: Option<u64>,
+
+	/// The maximum age of this token (e.g. 30s, 5m, 7d). It will expire after
+	/// this much time has passed.
+	#[arg(long)]
+	max_age: Option<String>,
+
+	/// This token will never expire.
+	#[arg(long)]
+	immortal: bool,
+}