Communication between CLI and panel

[padarom]

I think users shouldn't be able to register themselves, they should need to be registered by an administrator. This brings up the question how the first administrator is supposed to be created. I see two standalone options:

• Create a default user and force a password change on first login
• Add a "first user" form when accessing the panel while no users are available

A third option that's a bit more work is having a CLI with that capability. I can see the CLI being utilized for other things as well, though at this point I don't have any more examples. That would mean there's a demeterserver binary that just runs the server (and is ideally configured as a daemon) and a demeter binary that just gives you command line options to communicate with the panel's server and maybe even gameserver daemons.

However, how do we authenticate requests as coming from the CLI? Does the server generate a file with an access key somewhere that the CLI reads to automatically figure out its credentials?

[ELD]

I think the first option is probably sufficient, though, we may want to someday build out the third option where the CLI can authenticate with the server/panel and provide advanced administrative tasks only through it. Though, it doesn't really make it explicitly more secure.

The best way for the CLI to authenticate with server is probably through a JWT grant/bearer token flow. The Cloud Foundry CLI (for example) does something similar to this as the CLI basically just makes authenticated cURL requests to the CloudController for the CF foundation.