Add a command to revoke a leaked api_token
Closed this issue · 2 comments
Occasionally, users will accidentally leak their private API token. It would be nice if there was a command to revoke an api_key.token by value. This effectively boils down to running UPDATE api_tokens SET revoked = 't' WHERE token ='abc'; against the production database, however I'm not sure how we want to handle this architecturally.
The bot could make a one-off connection to the production database (I see no need to maintain a connection pool for this) or the bot could run a one-off command such that all the database access logic stays within the crates.io codebase. From a security standpoint I'm not sure if there is much difference, since the bot could always obtain database credentials by reading the app's environment variables. From a maintenance standpoint, I think it is best to maintain all business logic in the crates.io repository.
Maybe the key feature request here is to just provide a way to run these one-off commands. We could add a src/bin/bot.rs executable to crates.io, and consolidate any such functionality as sub-commands of this. Then the bot would just pass all arguments along to the command, converting something like ~run revoke_token abc into execution of target/release/bot revoke_token abc.
It would also be nice if we could report a response back to the channel. In this case, we could return the value of api_token.last_used_at for the revoked token. We could even show a list of the last several crate versions that were published by the token. This would help us coordinate with the end-user to see if any suspicious activity has occurred since the token was leaked.
@jtgeibel another approach would be to add a special HTTP API to crates.io itself: it makes the implementation cleaner, and could be reused if we manage to signup to GitHub Token Scanning in the future (we can't right now).
That's a great suggestion @pietroalbini. I think this is superseded by rust-lang/crates.io#2653 now, so I'm closing this. Although I think a special HTTP API could be useful for other bot actions in the future.