Allow auto-generating a token.

rkistner · rkistner · commit 6ada82aa0116 · 2024-08-07T15:06:46.000+02:00
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/test-client/README.md b/test-client/README.md
@@ -1,6 +1,6 @@
 # Test Client
 
-This is a minimal client demonstrating direct usage of the sync api.
+This is a minimal client demonstrating direct usage of the HTTP stream sync api.
 
 For a full implementation, see our client SDKs.
 
@@ -10,9 +10,25 @@ For a full implementation, see our client SDKs.
 # In project root
 pnpm install
 pnpm build:packages
-# Here
+# In this folder
 pnpm build
 node dist/bin.js fetch-operations --token <token> --endpoint http://localhost:8080
+
+# More examples:
+
+# If the endpoint is present in token aud field, it can be omitted from args:
+node dist/bin.js fetch-operations --token <token>
+
+# If a local powersync.yaml is present with a configured HS256 key, this can be used:
+node dist/bin.js fetch-operations --config path/to/powersync.yaml --endpoint http://localhost:8080
+
+# Without endpoint, it defaults to http://127.0.0.1:<port> from the config:
+node dist/bin.js fetch-operations --config path/to/powersync.yaml
+
+# Use --sub to specify a user id in the generated token:
+node dist/bin.js fetch-operations --config path/to/powersync.yaml --sub test-user
 ```
 
 The script will normalize the data in each bucket to a single CLEAR operation, followed by the latest PUT operation for each row.
+
+To get the raw operations instead, which may additionally include CLEAR, MOVE, REMOVE and duplicate PUT operations, use the `--raw` flag.
diff --git a/test-client/package.json b/test-client/package.json
@@ -9,15 +9,18 @@
   "type": "module",
   "scripts": {
     "fetch-operations": "tsc -b && node dist/bin.js fetch-operations",
+    "generate-token": "tsc -b && node dist/bin.js generate-token",
     "build": "tsc -b",
     "clean": "rm -rf ./dist && tsc -b --clean"
   },
   "dependencies": {
     "@powersync/service-core": "workspace:*",
-    "commander": "^12.0.0"
+    "commander": "^12.0.0",
+    "jose": "^4.15.1",
+    "yaml": "^2.5.0"
   },
   "devDependencies": {
-    "typescript": "^5.2.2",
-    "@types/node": "18.11.11"
+    "@types/node": "18.11.11",
+    "typescript": "^5.2.2"
   }
 }
diff --git a/test-client/src/auth.ts b/test-client/src/auth.ts
@@ -0,0 +1,60 @@
+import * as jose from 'jose';
+import * as fs from 'node:fs/promises';
+import * as yaml from 'yaml';
+
+export interface CredentialsOptions {
+  token?: string;
+  endpoint?: string;
+  config?: string;
+  sub?: string;
+}
+
+export async function getCredentials(options: CredentialsOptions): Promise<{ endpoint: string; token: string }> {
+  if (options.token != null) {
+    if (options.endpoint != null) {
+      return { token: options.token, endpoint: options.endpoint };
+    } else {
+      const parsed = jose.decodeJwt(options.token);
+      const aud = Array.isArray(parsed.aud) ? parsed.aud[0] : parsed.aud;
+      if (!(aud ?? '').startsWith('http')) {
+        throw new Error(`Specify endpoint, or aud in the token`);
+      }
+      return {
+        token: options.token,
+        endpoint: aud!
+      };
+    }
+  } else if (options.config != null) {
+    const file = await fs.readFile(options.config, 'utf-8');
+    const parsed = await yaml.parse(file);
+    const keys = (parsed.client_auth?.jwks?.keys ?? []).filter((key: any) => key.alg == 'HS256');
+    if (keys.length == 0) {
+      throw new Error('No HS256 key found in the config');
+    }
+
+    let endpoint = options.endpoint;
+    if (endpoint == null) {
+      endpoint = `http://127.0.0.1:${parsed.port ?? 8080}`;
+    }
+
+    const aud = parsed.client_auth?.audience?.[0] ?? endpoint;
+
+    const rawKey = keys[0];
+    const key = await jose.importJWK(rawKey);
+
+    const sub = options.sub ?? 'test_user';
+
+    const token = await new jose.SignJWT({})
+      .setProtectedHeader({ alg: rawKey.alg, kid: rawKey.kid })
+      .setSubject(sub)
+      .setIssuedAt()
+      .setIssuer('test-client')
+      .setAudience(aud)
+      .setExpirationTime('1h')
+      .sign(key);
+
+    return { token, endpoint };
+  } else {
+    throw new Error(`Specify token or config path`);
+  }
+}
diff --git a/test-client/src/bin.ts b/test-client/src/bin.ts
@@ -1,14 +1,32 @@
 import { program } from 'commander';
 import { getCheckpointData } from './client.js';
+import { getCredentials } from './auth.js';
+import * as jose from 'jose';
 
 program
   .command('fetch-operations')
-  .option('-t, --token [token]')
-  .option('-e, --endpoint [endpoint]')
-  .option('--raw')
+  .option('-t, --token [token]', 'JWT to use for authentication')
+  .option('-e, --endpoint [endpoint]', 'endpoint URI')
+  .option('-c, --config [config]', 'path to powersync.yaml, to auto-generate a token from a HS256 key')
+  .option('-u, --sub [sub]', 'sub field for auto-generated token')
+  .option('--raw', 'output operations as received, without normalizing')
   .action(async (options) => {
-    const data = await getCheckpointData({ endpoint: options.endpoint, token: options.token, raw: options.raw });
+    const credentials = await getCredentials(options);
+    const data = await getCheckpointData({ ...credentials, raw: options.raw });
     console.log(JSON.stringify(data, null, 2));
   });
 
+program
+  .command('generate-token')
+  .description('Generate a JWT from for a given powersync.yaml config file')
+  .option('-c, --config [config]', 'path to powersync.yaml')
+  .option('-u, --sub [sub]', 'sub field for auto-generated token')
+  .action(async (options) => {
+    const credentials = await getCredentials(options);
+    const decoded = await jose.decodeJwt(credentials.token);
+
+    console.error(`Payload:\n${JSON.stringify(decoded, null, 2)}\nToken:`);
+    console.log(credentials.token);
+  });
+
 await program.parseAsync();
diff --git a/test-client/src/client.ts b/test-client/src/client.ts
@@ -18,6 +18,7 @@ export async function getCheckpointData(options: GetCheckpointOptions) {
     body: JSON.stringify({
       raw_data: true,
       include_checksum: true,
+      // Client parameters can be specified here
       parameters: {}
     } satisfies types.StreamingSyncRequest)
   });
@@ -30,10 +31,12 @@ export async function getCheckpointData(options: GetCheckpointOptions) {
 
   for await (let chunk of ndjsonStream<types.StreamingSyncLine>(response.body!)) {
     if (isStreamingSyncData(chunk)) {
+      // Collect data
       data.push(chunk);
     } else if (isCheckpoint(chunk)) {
       checkpoint = chunk;
     } else if (isCheckpointComplete(chunk)) {
+      // Stop on the first checkpoint_complete message.
       break;
     }
   }
diff --git a/test-client/src/index.ts b/test-client/src/index.ts
@@ -0,0 +1,3 @@
+export * from './client.js';
+export * from './ndjson.js';
+export * from './util.js';
diff --git a/test-client/src/util.ts b/test-client/src/util.ts
@@ -2,6 +2,9 @@ import type * as types from '@powersync/service-core';
 
 export type BucketData = Record<string, types.OplogEntry[]>;
 
+/**
+ * Combine all chunks of received data, excluding any data after the checkpoint.
+ */
 export function normalizeData(
   checkpoint: types.StreamingSyncCheckpoint,
   chunks: types.StreamingSyncData[],
@@ -39,6 +42,7 @@ export function isStreamingSyncData(line: types.StreamingSyncLine): line is type
 export function isCheckpointComplete(line: types.StreamingSyncLine): line is types.StreamingSyncCheckpointComplete {
   return (line as types.StreamingSyncCheckpointComplete).checkpoint_complete != null;
 }
+
 export function isCheckpoint(line: types.StreamingSyncLine): line is types.StreamingSyncCheckpoint {
   return (line as types.StreamingSyncCheckpoint).checkpoint != null;
 }

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+export * from './client.js';`
	`2`	`+export * from './ndjson.js';`
	`3`	`+export * from './util.js';`