ospab
91ab02dc8e
- Add OTP token management (oncp/src/token.rs) * Time-limited tokens with expiry (default 3 minutes) * One-time use validation (token deleted after use) * Automatic cleanup of expired tokens * Cryptographically secure random generation (10 chars) * Token masking in logs (XX****XX format) - Add dynamic IPAM (oncp/src/network.rs) * NetworkConfig for 10.X.0.0/16 subnet management * IpamPool with sequential IP allocation * Master node octet validation (0-255, excluding reserved) * IP release mechanism for rollback scenarios - Update enrollment flow * EnrollmentRequest requires OTP token field * Silent drop (HTTP 444) for invalid tokens * IP allocation during node approval * CLI command: 'node token --expiry 3' * Master CLI --network-octet parameter - Security enhancements * Two-factor enrollment: token + admin approval * Token enumeration prevention (no error responses) * Automatic token cleanup every 60 seconds * PSK + assigned IP returned on approval Tests: All 16 tests passing (4 token, 5 network, 7 existing)
150 KiB
150 KiB