# authd

authd is a token-based authentication micro-service.

## Build

`authd` is written in Crystal and uses `build.zsh` as Makefile generator, as
well as shards to fetch dependencies.

You’ll need the following tools to build authd:

  - crystal
  - shards
  - build.zsh
  - make

To build authd, run the following commands:

```
shards install
make
```

Note that if you clone authd from its repository, its `Makefile` may be missing.
In such situations, run `build.zsh -c` to generate it, after which `make` should run fine.

## Deployment

```
$ authd --help
usage: authd [options]
    -s directory, --storage directory
                                     Directory in which to store users.
    -K file, --key-file file         JWT key file
    -R                               --allow-registrations
    -h, --help                       Show this help
$
```

### Users storage

The storage directory will default to `./storage`.

No SQL database, database management system or other kind of setup is required to run authd and store users.

To migrate an instance of authd, a simple copy of the storage directory will be enough.
Make sure your copy preserves symlinks, as those are extensively used.

### Administrating users

The `authd-user-add` and `authd-user-allow` are tools to add users to authd’s database and to edit their permissions.

The permission level `none` can be used in `authd-user-allow` to remove a permission.

### Key file

authd will provide users with cryptographically signed tokens.
To sign and check those tokens, a shared key is required between authd and services using authd.

authd reads that key from a file to prevent it being visible on the command line when running authd.

Any content is acceptable as a key file.

Example:

```
$ echo "I am a key." > key-file
$ authd -K ./key-file
```

## APIs

### Protocol

authd’s protocol is still subject to change.

### Libraries

A `AuthD::Client` Crystal class is available to build synchronous clients in Crystal.

```crystal
require "authd"

authd = AuthD::Client.new
authd.key = File.read("./some-file").chomp

pp! r = authd.get_token?("login", "password")

pp! r = authd.add_user("login", "password")

pp! u = authd.get_user?("login", "password").not_nil!
```

## Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.