Generate JWT tokens

local-network/.gitignore

@@ -1,5 +1,3 @@
-.DS_Store
-.idea
 .env
 .cache/
 data/

local-network/README.md

@@ -57,6 +57,8 @@ a non-empty balance. So you can use them to issue transactions on EL.
     * wavesnode-1: http://127.0.0.1:16869/
     * wavesnode-2: http://127.0.0.1:26869/
 
+If you need a JWT token for authenticated APIs, use [generate.sh](configs/ec-common/generate.sh).
+
 # How to set up Metamask
 
 Settings:

local-network/configs/ec-common/.gitignore

@@ -0,0 +1 @@
+jwt-token-*.hex

local-network/configs/ec-common/generate.sh

@@ -3,21 +3,25 @@
 DIR="$(cd "$(dirname "$0")" && pwd)"
 cd "${DIR}" || exit
 
-for N in {1..5}; do
-  p2p_file="p2p-key-${N}"
-  jwt_file="jwtsecret-${N}"
+for N in {1..4}; do
+  p2p_file="p2p-key-${N}.hex"
+  jwt_file="jwt-secret-${N}.hex"
+  jwt_token_file="jwt-token-${N}.hex"
 
+  # Generate p2p key without newline
   if [ ! -f "$p2p_file" ]; then
-    openssl rand 32 | xxd -p -c 32 > "$p2p_file"
+    openssl rand 32 | xxd -p -c 32 | tr -d '\n' > "$p2p_file"
     echo "Created $p2p_file"
-  else
-    echo "$p2p_file already exists, skipping..."
   fi
 
+  # Generate JWT secret without newline
   if [ ! -f "$jwt_file" ]; then
-    openssl rand 32 | xxd -p -c 32 > "$jwt_file"
+    openssl rand 32 | xxd -p -c 32 | tr -d '\n' > "$jwt_file"
     echo "Created $jwt_file"
-  else
-    echo "$jwt_file already exists, skipping..."
   fi
+
+  # Generate JWT token
+  secret=$(cat "$jwt_file")
+  ./jwt-token-generate.sh "$secret" > "$jwt_token_file"
+  echo "Generated JWT token in $jwt_token_file"
 done

local-network/configs/ec-common/jwtsecret-1.hex → local-network/configs/ec-common/jwt-secret-1.hex

@@ -1 +1 @@
-ed292c1b8df420f0fed62f9e83e3ca176b88e5723218b83d9e1b36df375e4ac4
+ed292c1b8df420f0fed62f9e83e3ca176b88e5723218b83d9e1b36df375e4ac4

local-network/configs/ec-common/jwtsecret-2.hex → local-network/configs/ec-common/jwt-secret-2.hex

@@ -1 +1 @@
-a59c7150d727e228fceabfc4497c21d6acbdd083e0063dadcb20e2be661cefb2
+a59c7150d727e228fceabfc4497c21d6acbdd083e0063dadcb20e2be661cefb2

local-network/configs/ec-common/jwtsecret-3.hex → local-network/configs/ec-common/jwt-secret-3.hex

@@ -1 +1 @@
-2703dcfc67b9a772756c4d354e2943fd7e3d8a2cb95b2129faa497b09662780d
+2703dcfc67b9a772756c4d354e2943fd7e3d8a2cb95b2129faa497b09662780d

local-network/configs/ec-common/jwt-token-generate.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+if [ -z "$1" ]; then
+  echo "Usage: $0 <hex_secret>"
+  exit 1
+fi
+
+hexsecret=$(echo -n "$1" | tr -d '\n')
+
+# Construct the header
+jwt_header=$(echo -n '{"alg":"HS256","typ":"JWT"}' | base64 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//)
+
+# Get the current Unix timestamp (seconds since 1970-01-01)
+iat=$(date +%s)
+
+# Construct the payload with 'iat' claim
+payload=$(echo -n "{\"iat\":${iat}}" | base64 | sed s/\+/-/g | sed 's/\//_/g' |  sed -E s/=+$//)
+
+# Calculate hmac signature -- note option to pass in the key as hex bytes
+hmac_signature=$(echo -n "${jwt_header}.${payload}" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$hexsecret -binary | base64 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//)
+
+# Create the full token
+jwt="${jwt_header}.${payload}.${hmac_signature}"
+
+# Output the generated JWT token
+echo -n $jwt

local-network/configs/ec-common/p2p-key-3.hex

@@ -1 +1 @@
-244bb704084d2a49b4fc2da3b27a1c1c76329d7cac6fbadfd8c1a615730d6f77
+244bb704084d2a49b4fc2da3b27a1c1c76329d7cac6fbadfd8c1a615730d6f77

local-network/configs/ec-common/p2p-key-4.hex

@@ -1 +1 @@
-7c2d9d0bb13ac806701462ab2e1bbcc54eb7b5e8f6658610a6e06dcc30e0aa47
+7c2d9d0bb13ac806701462ab2e1bbcc54eb7b5e8f6658610a6e06dcc30e0aa47

local-network/configs/ec-common/p2p-key-bootnode.hex

@@ -1 +1 @@
-dc51ae50601364b0d9354bad516acd16261447f89bde416399fa4ae5f2cbe8ab
+dc51ae50601364b0d9354bad516acd16261447f89bde416399fa4ae5f2cbe8ab