scripts/generate-jwt-token-for-container.sh

#!/usr/bin/env bash
# Generate JWT token for a specific RPC container
# Usage: ./generate-jwt-token-for-container.sh <VMID> <username> [expiry_days]

set -euo pipefail

# Load IP configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true


PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.10}"
VMID="${1:-}"
USERNAME="${2:-rpc-user}"
EXPIRY_DAYS="${3:-365}"

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

info() { echo -e "${GREEN}[INFO]${NC} $1"; }
warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
error() { echo -e "${RED}[ERROR]${NC} $1"; }

if [ -z "$VMID" ]; then
    error "Usage: $0 <VMID> <username> [expiry_days]"
    error "Example: $0 2503 ali-full-access 365"
    exit 1
fi

# Get JWT secret from container or saved file
JWT_SECRET=""

# Try to get from saved file first
if [ -f "/tmp/jwt_secret_${VMID}.txt" ]; then
    JWT_SECRET=$(cat "/tmp/jwt_secret_${VMID}.txt")
    info "Using saved JWT secret for VMID $VMID"
else
    # Try to get from container
    info "Retrieving JWT secret from VMID $VMID..."
    JWT_SECRET=$(ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
        "pct exec $VMID -- cat /etc/nginx/jwt_secret 2>/dev/null" || echo "")
    
    if [ -z "$JWT_SECRET" ]; then
        error "Failed to retrieve JWT secret. Make sure JWT authentication is configured on VMID $VMID"
        error "Run: ./scripts/setup-jwt-auth-all-rpc-containers.sh first"
        exit 1
    fi
fi

# Calculate expiry time
EXPIRY=$(date -d "+${EXPIRY_DAYS} days" +%s)
NOW=$(date +%s)

# Create JWT payload
if command -v jq &> /dev/null; then
    PAYLOAD=$(jq -n \
        --arg sub "$USERNAME" \
        --arg iat "$NOW" \
        --arg exp "$EXPIRY" \
        '{sub: $sub, iat: ($iat | tonumber), exp: ($exp | tonumber)}')
else
    # Fallback without jq
    PAYLOAD="{\"sub\":\"$USERNAME\",\"iat\":$NOW,\"exp\":$EXPIRY}"
fi

# Generate token using Python
if command -v python3 &> /dev/null; then
    info "Generating JWT token using Python..."
    
    TOKEN=$(python3 <<PYTHON_SCRIPT
import hmac
import hashlib
import base64
import json
import time

def base64url_encode(data):
    return base64.urlsafe_b64encode(data).decode('utf-8').rstrip('=')

def create_jwt(payload, secret):
    header = {"alg": "HS256", "typ": "JWT"}
    
    encoded_header = base64url_encode(json.dumps(header, separators=(',', ':')).encode('utf-8'))
    encoded_payload = base64url_encode(json.dumps(payload, separators=(',', ':')).encode('utf-8'))
    
    message = f"{encoded_header}.{encoded_payload}"
    signature = hmac.new(
        secret.encode('utf-8'),
        message.encode('utf-8'),
        hashlib.sha256
    ).digest()
    encoded_signature = base64url_encode(signature)
    
    return f"{encoded_header}.{encoded_payload}.{encoded_signature}"

payload = ${PAYLOAD}
secret = '${JWT_SECRET}'
token = create_jwt(payload, secret)
print(token)
PYTHON_SCRIPT
)
    
    if [ -n "$TOKEN" ]; then
        echo ""
        info "JWT Token generated successfully!"
        echo ""
        echo "VMID: $VMID"
        echo "Username: $USERNAME"
        echo "Expiry: $EXPIRY_DAYS days"
        echo ""
        echo "Token: $TOKEN"
        echo ""
        
        # Get IP address
        declare -A RPC_IPS=(
            [2503]="${RPC_ALI_1_ALT:-${RPC_ALI_1_ALT:-${RPC_ALI_1_ALT:-192.168.11.253}}}"
            [2504]="${RPC_ALI_2_ALT:-${RPC_ALI_2_ALT:-${RPC_ALI_2_ALT:-192.168.11.254}}}"
            [2505]="${RPC_LUIS_1:-${RPC_LUIS_1:-${RPC_LUIS_1:-192.168.11.255}}}"
            [2506]="${RPC_LUIS_2:-${RPC_LUIS_2:-${RPC_LUIS_2:-192.168.11.202}}}"
            [2507]="${RPC_PUTU_1:-${RPC_PUTU_1:-${RPC_PUTU_1:-192.168.11.203}}}"
            [2508]="${RPC_PUTU_2:-${RPC_PUTU_2:-${RPC_PUTU_2:-192.168.11.204}}}"
        )
        
        IP="${RPC_IPS[$VMID]:-unknown}"
        
        echo "Usage:"
        echo "  curl -k -H 'Authorization: Bearer $TOKEN' \\"
        echo "    -H 'Content-Type: application/json' \\"
        echo "    -d '{\"jsonrpc\":\"2.0\",\"method\":\"eth_chainId\",\"params\":[],\"id\":1}' \\"
        echo "    https://${IP}/"
        echo ""
        exit 0
    fi
fi

error "Failed to generate JWT token. Python3 is required."
exit 1
Complete markdown files cleanup and organization - Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards. 2026-01-06 01:46:25 -08:00			`#!/usr/bin/env bash`
			`# Generate JWT token for a specific RPC container`
			`# Usage: ./generate-jwt-token-for-container.sh <VMID> <username> [expiry_days]`

			`set -euo pipefail`

docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-12 15:46:57 -08:00			`# Load IP configuration`
			`SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"`
			`PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"`
			`source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null \|\| true`


Complete markdown files cleanup and organization - Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards. 2026-01-06 01:46:25 -08:00			`PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.10}"`
			`VMID="${1:-}"`
			`USERNAME="${2:-rpc-user}"`
			`EXPIRY_DAYS="${3:-365}"`

			`# Colors`
			`RED='\033[0;31m'`
			`GREEN='\033[0;32m'`
			`YELLOW='\033[1;33m'`
			`BLUE='\033[0;34m'`
			`NC='\033[0m'`

			`info() { echo -e "${GREEN}[INFO]${NC} $1"; }`
			`warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }`
			`error() { echo -e "${RED}[ERROR]${NC} $1"; }`

			`if [ -z "$VMID" ]; then`
			`error "Usage: $0 <VMID> <username> [expiry_days]"`
			`error "Example: $0 2503 ali-full-access 365"`
			`exit 1`
			`fi`

			`# Get JWT secret from container or saved file`
			`JWT_SECRET=""`

			`# Try to get from saved file first`
			`if [ -f "/tmp/jwt_secret_${VMID}.txt" ]; then`
			`JWT_SECRET=$(cat "/tmp/jwt_secret_${VMID}.txt")`
			`info "Using saved JWT secret for VMID $VMID"`
			`else`
			`# Try to get from container`
			`info "Retrieving JWT secret from VMID $VMID..."`
			`JWT_SECRET=$(ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \`
			`"pct exec $VMID -- cat /etc/nginx/jwt_secret 2>/dev/null" \|\| echo "")`

			`if [ -z "$JWT_SECRET" ]; then`
			`error "Failed to retrieve JWT secret. Make sure JWT authentication is configured on VMID $VMID"`
			`error "Run: ./scripts/setup-jwt-auth-all-rpc-containers.sh first"`
			`exit 1`
			`fi`
			`fi`

			`# Calculate expiry time`
			`EXPIRY=$(date -d "+${EXPIRY_DAYS} days" +%s)`
			`NOW=$(date +%s)`

			`# Create JWT payload`
			`if command -v jq &> /dev/null; then`
			`PAYLOAD=$(jq -n \`
			`--arg sub "$USERNAME" \`
			`--arg iat "$NOW" \`
			`--arg exp "$EXPIRY" \`
			`'{sub: $sub, iat: ($iat \| tonumber), exp: ($exp \| tonumber)}')`
			`else`
			`# Fallback without jq`
			`PAYLOAD="{\"sub\":\"$USERNAME\",\"iat\":$NOW,\"exp\":$EXPIRY}"`
			`fi`

			`# Generate token using Python`
			`if command -v python3 &> /dev/null; then`
			`info "Generating JWT token using Python..."`

			`TOKEN=$(python3 <<PYTHON_SCRIPT`
			`import hmac`
			`import hashlib`
			`import base64`
			`import json`
			`import time`

			`def base64url_encode(data):`
			`return base64.urlsafe_b64encode(data).decode('utf-8').rstrip('=')`

			`def create_jwt(payload, secret):`
			`header = {"alg": "HS256", "typ": "JWT"}`

			`encoded_header = base64url_encode(json.dumps(header, separators=(',', ':')).encode('utf-8'))`
			`encoded_payload = base64url_encode(json.dumps(payload, separators=(',', ':')).encode('utf-8'))`

			`message = f"{encoded_header}.{encoded_payload}"`
			`signature = hmac.new(`
			`secret.encode('utf-8'),`
			`message.encode('utf-8'),`
			`hashlib.sha256`
			`).digest()`
			`encoded_signature = base64url_encode(signature)`

			`return f"{encoded_header}.{encoded_payload}.{encoded_signature}"`

			`payload = ${PAYLOAD}`
			`secret = '${JWT_SECRET}'`
			`token = create_jwt(payload, secret)`
			`print(token)`
			`PYTHON_SCRIPT`
			`)`

			`if [ -n "$TOKEN" ]; then`
			`echo ""`
			`info "JWT Token generated successfully!"`
			`echo ""`
			`echo "VMID: $VMID"`
			`echo "Username: $USERNAME"`
			`echo "Expiry: $EXPIRY_DAYS days"`
			`echo ""`
			`echo "Token: $TOKEN"`
			`echo ""`

			`# Get IP address`
			`declare -A RPC_IPS=(`
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-12 15:46:57 -08:00			`[2503]="${RPC_ALI_1_ALT:-${RPC_ALI_1_ALT:-${RPC_ALI_1_ALT:-192.168.11.253}}}"`
			`[2504]="${RPC_ALI_2_ALT:-${RPC_ALI_2_ALT:-${RPC_ALI_2_ALT:-192.168.11.254}}}"`
			`[2505]="${RPC_LUIS_1:-${RPC_LUIS_1:-${RPC_LUIS_1:-192.168.11.255}}}"`
			`[2506]="${RPC_LUIS_2:-${RPC_LUIS_2:-${RPC_LUIS_2:-192.168.11.202}}}"`
			`[2507]="${RPC_PUTU_1:-${RPC_PUTU_1:-${RPC_PUTU_1:-192.168.11.203}}}"`
			`[2508]="${RPC_PUTU_2:-${RPC_PUTU_2:-${RPC_PUTU_2:-192.168.11.204}}}"`
Complete markdown files cleanup and organization - Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards. 2026-01-06 01:46:25 -08:00			`)`

			`IP="${RPC_IPS[$VMID]:-unknown}"`

			`echo "Usage:"`
			`echo " curl -k -H 'Authorization: Bearer $TOKEN' \\"`
			`echo " -H 'Content-Type: application/json' \\"`
			`echo " -d '{\"jsonrpc\":\"2.0\",\"method\":\"eth_chainId\",\"params\":[],\"id\":1}' \\"`
			`echo " https://${IP}/"`
			`echo ""`
			`exit 0`
			`fi`
			`fi`

			`error "Failed to generate JWT token. Python3 is required."`
			`exit 1`