diff --git a/.github/workflows/check_license.yml b/.github/workflows/check_license.yml index 831dc45..df728a0 100755 --- a/.github/workflows/check_license.yml +++ b/.github/workflows/check_license.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # required to grab the history of the PR fetch-depth: 0 diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index fb1b4ed..69eda9d 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -11,11 +11,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # required to grab the history of the PR fetch-depth: 0 - - uses: actions/setup-python@v3 - - uses: pre-commit/action@v3.0.0 + - uses: actions/setup-python@v5 + with: + python-version: '3.10' + - uses: pre-commit/action@v3.0.1 with: extra_args: --color=always --from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }} diff --git a/jwt/README.md b/jwt/README.md index db486c3..e321bc3 100644 --- a/jwt/README.md +++ b/jwt/README.md @@ -5,14 +5,12 @@ For more information on token format see [documentation](./authorization.md). ## Available tokens - * `actuate-provide-all.token` - gives access to set target value and actual value for all signals * `provide-all.token` - gives access to set actual value for all signals, but not target value * `read-all.token` - gives access to read actual and current value for all signals * `provide-vehicle-speed.token` - gives access to write and read actual value for Vehicle.Speed. Does not give access to other signals * `read-vehicle-speed.token` - gives access to read actual value for Vehicle.Speed. Does not give access to other signals - ## Create new tokens Two helper scripts exist for generating keys and tokens @@ -20,11 +18,9 @@ Two helper scripts exist for generating keys and tokens * [recreateJWTkeyPair.sh](recreateJWTkeyPair.sh) to regenerate the JWT keys used for signing * [createToken.py](createToken.py) to create signed tokens, requires `*.json` files as parameters -Note that token generation must take place from the directory containing `createToken.py` - An example is shown below: ``` pip install -r requirements.txt -python -m createToken actuate-provide-all.json +python -m createToken actuate-provide-all.json ``` diff --git a/jwt/createToken.py b/jwt/createToken.py index 55e26d1..bb3ddee 100755 --- a/jwt/createToken.py +++ b/jwt/createToken.py @@ -17,21 +17,28 @@ ######################################################################## import argparse +import sys +from os import path + import json import jwt -from os import path + +def error_exit(msg): + print(msg, file=sys.stderr) + sys.exit(1) -def createJWTToken(input_filename, priv_key): +def createJWTToken(input_filename, priv_key, output_filename=None): print("Reading JWT payload from {}".format(input_filename)) with open(input_filename, "r") as file: payload = json.load(file) encoded = jwt.encode(payload, priv_key, algorithm="RS256") - output_filename = input_filename[:-5] if input_filename.endswith(".json") else input_filename - output_filename += ".token" + if output_filename is None: + output_filename = input_filename[:-5] if input_filename.endswith(".json") else input_filename + output_filename += ".token" print("Writing signed access token to {}".format(output_filename)) with open(output_filename, "w") as output: @@ -41,17 +48,25 @@ def createJWTToken(input_filename, priv_key): def main(): parser = argparse.ArgumentParser() parser.add_argument("files", help="Read JWT payload from these files", nargs="+") + script_dir = path.abspath(path.dirname(__file__)) + default_key_filename = path.join(script_dir, "jwt.key") + + parser.add_argument("--key", help="Private key location", dest="priv_key_filename", default=default_key_filename) + parser.add_argument("--output", help="Name of the output file to store token to", dest="output") args = parser.parse_args() - script_dir = path.abspath(path.dirname(__file__)) - priv_key_filename = path.join(script_dir, "jwt.key") + if args.output is not None and len(args.files) > 1: + error_exit(""" + Both --output option and multiple files have been specified. + Output filename can be specified for single input file only! + """) print("Reading private key from {}".format("jwt.key")) - with open(priv_key_filename, "r") as file: + with open(args.priv_key_filename, "r") as file: priv_key = file.read() - for input in args.files: - createJWTToken(input, priv_key) + for input_file in args.files: + createJWTToken(input_file, priv_key, args.output) if __name__ == "__main__":