package auth import ( "encoding/json" "fmt" "forge.cadoles.com/arcad/edge/cmd/storage-server/command/flag" "forge.cadoles.com/arcad/edge/pkg/jwtutil" "github.com/lestrrat-go/jwx/v2/jwa" "github.com/pkg/errors" "github.com/urfave/cli/v2" ) func CheckToken() *cli.Command { return &cli.Command{ Name: "check-token", Usage: "Validate and print the given token with the private key", Flags: []cli.Flag{ &cli.StringFlag{ Name: "token", Required: true, }, flag.PrivateKey, flag.PrivateKeySigningAlgorithm, flag.PrivateKeyDefaultSize, }, Action: func(ctx *cli.Context) error { privateKeyFile := flag.GetPrivateKey(ctx) signingAlgorithm := flag.GetSigningAlgorithm(ctx) privateKeyDefaultSize := flag.GetPrivateKeyDefaultSize(ctx) rawToken := ctx.String("token") if rawToken == "" { return errors.New("you must provide a value for --token flag") } privateKey, err := jwtutil.LoadOrGenerateKey( privateKeyFile, privateKeyDefaultSize, ) if err != nil { return errors.WithStack(err) } keySet, err := jwtutil.NewKeySet() if err != nil { return errors.WithStack(err) } err = jwtutil.AddKeyWithSigningAlgo(keySet, privateKey, jwa.SignatureAlgorithm(signingAlgorithm)) if err != nil { return errors.WithStack(err) } token, err := jwtutil.Parse([]byte(rawToken), keySet) if err != nil { return errors.WithStack(err) } claims, err := token.AsMap(ctx.Context) if err != nil { return errors.WithStack(err) } json, err := json.MarshalIndent(claims, "", " ") if err != nil { return errors.WithStack(err) } fmt.Println(string(json)) return nil }, } }