fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
180 lines
4.9 KiB
Bash
Executable File
180 lines
4.9 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Generate JWT token for Permissioned RPC access
|
|
# Usage: ./generate-jwt-token.sh [username] [expiry_days]
|
|
|
|
set -euo pipefail
|
|
|
|
PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.10}"
|
|
VMID=2501
|
|
USERNAME="${1:-rpc-user}"
|
|
EXPIRY_DAYS="${2:-365}"
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
info() { echo -e "${GREEN}[INFO]${NC} $1"; }
|
|
warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
|
|
error() { echo -e "${RED}[ERROR]${NC} $1"; }
|
|
|
|
# Check if jq is installed
|
|
if ! command -v jq &> /dev/null; then
|
|
error "jq is required but not installed. Install with: sudo apt install jq"
|
|
exit 1
|
|
fi
|
|
|
|
# Get JWT secret from container
|
|
info "Retrieving JWT secret from VMID $VMID..."
|
|
JWT_SECRET=$(ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $VMID -- cat /etc/nginx/jwt_secret 2>/dev/null" || echo "")
|
|
|
|
if [ -z "$JWT_SECRET" ]; then
|
|
error "Failed to retrieve JWT secret. Make sure JWT authentication is configured."
|
|
exit 1
|
|
fi
|
|
|
|
# Calculate expiry time
|
|
EXPIRY=$(date -d "+${EXPIRY_DAYS} days" +%s)
|
|
NOW=$(date +%s)
|
|
|
|
# Create JWT payload
|
|
PAYLOAD=$(jq -n \
|
|
--arg sub "$USERNAME" \
|
|
--arg iat "$NOW" \
|
|
--arg exp "$EXPIRY" \
|
|
'{sub: $sub, iat: ($iat | tonumber), exp: ($exp | tonumber)}')
|
|
|
|
# Check if node is available for JWT generation
|
|
if command -v node &> /dev/null; then
|
|
info "Generating JWT token using Node.js..."
|
|
|
|
# Create temporary script
|
|
TEMP_SCRIPT=$(mktemp)
|
|
cat > "$TEMP_SCRIPT" <<NODE_SCRIPT
|
|
const crypto = require('crypto');
|
|
const base64url = require('base64url');
|
|
|
|
const header = {
|
|
alg: 'HS256',
|
|
typ: 'JWT'
|
|
};
|
|
|
|
const payload = ${PAYLOAD};
|
|
|
|
const secret = '${JWT_SECRET}';
|
|
|
|
function base64UrlEncode(str) {
|
|
return Buffer.from(str)
|
|
.toString('base64')
|
|
.replace(/\+/g, '-')
|
|
.replace(/\//g, '_')
|
|
.replace(/=/g, '');
|
|
}
|
|
|
|
function sign(data, secret) {
|
|
return crypto
|
|
.createHmac('sha256', secret)
|
|
.update(data)
|
|
.digest('base64')
|
|
.replace(/\+/g, '-')
|
|
.replace(/\//g, '_')
|
|
.replace(/=/g, '');
|
|
}
|
|
|
|
const encodedHeader = base64UrlEncode(JSON.stringify(header));
|
|
const encodedPayload = base64UrlEncode(JSON.stringify(payload));
|
|
const signature = sign(\`\${encodedHeader}.\${encodedPayload}\`, secret);
|
|
|
|
const token = \`\${encodedHeader}.\${encodedPayload}.\${signature}\`;
|
|
console.log(token);
|
|
NODE_SCRIPT
|
|
|
|
TOKEN=$(node "$TEMP_SCRIPT" 2>/dev/null)
|
|
rm -f "$TEMP_SCRIPT"
|
|
|
|
if [ -n "$TOKEN" ]; then
|
|
echo ""
|
|
info "JWT Token generated successfully!"
|
|
echo ""
|
|
echo "Token: $TOKEN"
|
|
echo ""
|
|
echo "Usage:"
|
|
echo " curl -k -H 'Authorization: Bearer $TOKEN' \\"
|
|
echo " -H 'Content-Type: application/json' \\"
|
|
echo " -d '{\"jsonrpc\":\"2.0\",\"method\":\"eth_chainId\",\"params\":[],\"id\":1}' \\"
|
|
echo " https://rpc-http-prv.d-bis.org"
|
|
echo ""
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
# Fallback: Use Python if available
|
|
if command -v python3 &> /dev/null; then
|
|
info "Generating JWT token using Python..."
|
|
|
|
TOKEN=$(python3 <<PYTHON_SCRIPT
|
|
import hmac
|
|
import hashlib
|
|
import base64
|
|
import json
|
|
import time
|
|
|
|
def base64url_encode(data):
|
|
return base64.urlsafe_b64encode(data).decode('utf-8').rstrip('=')
|
|
|
|
def create_jwt(payload, secret):
|
|
header = {"alg": "HS256", "typ": "JWT"}
|
|
|
|
encoded_header = base64url_encode(json.dumps(header, separators=(',', ':')).encode('utf-8'))
|
|
encoded_payload = base64url_encode(json.dumps(payload, separators=(',', ':')).encode('utf-8'))
|
|
|
|
message = f"{encoded_header}.{encoded_payload}"
|
|
signature = hmac.new(
|
|
secret.encode('utf-8'),
|
|
message.encode('utf-8'),
|
|
hashlib.sha256
|
|
).digest()
|
|
encoded_signature = base64url_encode(signature)
|
|
|
|
return f"{encoded_header}.{encoded_payload}.{encoded_signature}"
|
|
|
|
payload = ${PAYLOAD}
|
|
secret = '${JWT_SECRET}'
|
|
token = create_jwt(payload, secret)
|
|
print(token)
|
|
PYTHON_SCRIPT
|
|
)
|
|
|
|
if [ -n "$TOKEN" ]; then
|
|
echo ""
|
|
info "JWT Token generated successfully!"
|
|
echo ""
|
|
echo "Token: $TOKEN"
|
|
echo ""
|
|
echo "Usage:"
|
|
echo " curl -k -H 'Authorization: Bearer $TOKEN' \\"
|
|
echo " -H 'Content-Type: application/json' \\"
|
|
echo " -d '{\"jsonrpc\":\"2.0\",\"method\":\"eth_chainId\",\"params\":[],\"id\":1}' \\"
|
|
echo " https://rpc-http-prv.d-bis.org"
|
|
echo ""
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
# If neither Node.js nor Python is available, provide instructions
|
|
error "Neither Node.js nor Python3 is available for JWT generation."
|
|
echo ""
|
|
warn "Please install one of the following:"
|
|
echo " sudo apt install nodejs npm # For Node.js"
|
|
echo " sudo apt install python3 # For Python (usually pre-installed)"
|
|
echo ""
|
|
warn "Or use an online JWT generator with:"
|
|
echo " Header: {\"alg\":\"HS256\",\"typ\":\"JWT\"}"
|
|
echo " Payload: ${PAYLOAD}"
|
|
echo " Secret: ${JWT_SECRET}"
|
|
exit 1
|
|
|