master/php/generateJwt_8php_source.html

<?php

use MediaWiki\Maintenance\Maintenance;

use MediaWiki\Utils\MWTimestamp;


// @codeCoverageIgnoreStart

require_once __DIR__ . '/Maintenance.php';

// @codeCoverageIgnoreEnd


class GenerateJwt extends Maintenance {


    public function __construct() {

        parent::__construct();

        $this->addDescription( 'Generate a JWT token from a JSON file or a JSON string' );

        $this->addOption( 'file', 'A filename with claims stored as JSON', false, true );

        $this->addOption( 'json', 'A json string with claims', false, true );

        $this->addOption( 'include-default-claims', 'Inject default claims: iss, iat, jti and sxp', false );

        $this->addOption( 'validate', 'Validate if JWT has all required fields (iss, sub)', false );

        $this->addOption( 'verbose', 'Be verbose and output the claims array', false );

    }


    protected function getDefaultClaims() {

        return [

            'iss' => $this->getServiceContainer()->getUrlUtils()->getCanonicalServer(),

            'iat' => MWTimestamp::time(),

            'jti' => base64_encode( random_bytes( 16 ) ),

            'sxp' => MWTimestamp::time() + 3600,

        ];

    }


    private function validateClaims( array $claims ) {

        foreach ( [ 'iss', 'sub' ] as $requiredClaim ) {

            if ( !array_key_exists( $requiredClaim, $claims ) ) {

                $this->fatalError( 'Missing required claim: ' . $requiredClaim );

            }

        }

    }


    private function readClaimsFromInput(): array {

        $file = $this->getOption( 'file' );

        $json = $this->getOption( 'json' );

        if ( $file === null && $json === null ) {

            $this->fatalError( 'Either --file or --json must be specified' );

        }

        if ( $file ) {

            if ( !file_exists( $file ) ) {

                $this->fatalError( 'File does not exist: ' . $file );

            }

            $this->output( 'Reading claims from file: ' . $file . PHP_EOL );

            $content = file_get_contents( $file );

        } else {

            $content = $json;

        }

        if ( strlen( $content ) == 0 ) {

            $this->fatalError( 'Empty content, cannot decode' );

        }

        $claims = json_decode( $content, true );

        $lastError = json_last_error();

        if ( $lastError !== JSON_ERROR_NONE ) {

            $this->fatalError( 'Invalid JSON: ' . json_last_error_msg() );

        }

        if ( !is_array( $claims ) ) {

            $this->fatalError( 'Decoded claims structure is not an array' );

        }

        return $claims;

    }


    public function execute() {

        $jwtCodec = $this->getServiceContainer()->getJwtCodec();

        if ( !$jwtCodec->isEnabled() ) {

            $this->fatalError( 'JWT is not enabled on this wiki. Please setup JwtPublicKey and JwtPrivateKey' );

        }


        $claims = $this->readClaimsFromInput();


        if ( $this->hasOption( 'include-default-claims' ) ) {

            $claims = $this->getDefaultClaims() + $claims;

        }


        if ( $this->getOption( 'verbose' ) ) {

            $this->output( 'Decoded Claims: ' . PHP_EOL );

            $this->output( json_encode( $claims, JSON_PRETTY_PRINT ) . PHP_EOL );

        }


        if ( $this->getOption( 'validate' ) ) {

            $this->validateClaims( $claims );

        }


        $token = $jwtCodec->create( $claims );

        $this->output( $token . PHP_EOL );

    }


}


// @codeCoverageIgnoreStart

$maintClass = GenerateJWT::class;

require_once RUN_MAINTENANCE_IF_MAIN;

// @codeCoverageIgnoreEnd

GenerateJwt
Maintenance script to generate a JWT token.
Definition generateJwt.php:23

GenerateJwt\__construct
__construct()
Default constructor.
Definition generateJwt.php:25

GenerateJwt\execute
execute()
Do the actual work.
Definition generateJwt.php:97

GenerateJwt\getDefaultClaims
getDefaultClaims()
Retrieve default claims to inject into the JWT token.
Definition generateJwt.php:40

MediaWiki\Maintenance\Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition Maintenance.php:65

MediaWiki\Maintenance\Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition Maintenance.php:486

MediaWiki\Maintenance\Maintenance\fatalError
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Definition Maintenance.php:551

MediaWiki\Maintenance\Maintenance\addOption
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
Definition Maintenance.php:266

MediaWiki\Maintenance\Maintenance\getOption
getOption( $name, $default=null)
Get an option, or return the default.
Definition Maintenance.php:300

MediaWiki\Maintenance\Maintenance\getServiceContainer
getServiceContainer()
Returns the main service container.
Definition Maintenance.php:680

MediaWiki\Maintenance\Maintenance\addDescription
addDescription( $text)
Set the description text.
Definition Maintenance.php:336

MediaWiki\Utils\MWTimestamp
Library for creating and parsing MW-style timestamps.
Definition MWTimestamp.php:36

$maintClass
$maintClass
Definition generateJwt.php:124