Woodpecker agent tokens should only be valid for one time usage

[runephilosof-karnovgroup]

Clear and concise description of the problem

Woodpecker token is available to jobs woodpecker-ci/autoscaler#91

Suggested solution

Agent tokens should be invalidated after first usage.

Alternative

No response

Additional context

No response

Validations

• Checked that the feature isn't part of the next version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]
• Read the docs.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

[qwerty287]

Maybe I completely misunderstand this, but what about this case:

1. Start agent with some token set vie env var
2. The server invalidates the token.
3. Shut down the agent.
4. Start the agent again. This should work without changing the env vars.

Maybe you could also fix your problem with #3199?

[runephilosof-karnovgroup]

Maybe the token should be exchanged for another token, which is saved in the agent config.

[runephilosof-karnovgroup]

@anbraten @6543 This is a security issue since it seems like some people are using the woodpecker autoscaler in a way that makes the token available to jobs (I say that because woodpecker-ci/autoscaler#15 (comment) is merged).

[anbraten]

Maybe the token should be exchanged for another token, which is saved in the agent config.

So sth like this?

• The registration-token would be generated via an api endpoint, already creating the agent db entry with the final agent-token
• The generated registration-token maybe a jwt-token containing the resulting agent-id is returned and invalidated
• The agent exchanges the registration-token for an agent-token
• The fetched agent-token is saved to the config
• The agent is from now on using the agent-token from the config file

[runephilosof-karnovgroup]

Something in the database will need to indicate that it is invalid.
Maybe add a field (either registration_token:string or registered:bool).