cleanup jwtgen scripts

Author: devksingh4

generate_jwt.js

@@ -1,8 +1,39 @@
 import jwt from "jsonwebtoken";
-import * as dotenv from "dotenv";
-dotenv.config();
+import {
+  SecretsManagerClient,
+  GetSecretValueCommand,
+} from "@aws-sdk/client-secrets-manager";
+import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts";
 
-const username = process.env.JWTGEN_USERNAME || "[email protected]"
+export const getSecretValue = async (secretId) => {
+  const smClient = new SecretsManagerClient();
+  const data = await smClient.send(
+    new GetSecretValueCommand({ SecretId: secretId }),
+  );
+  if (!data.SecretString) {
+    return null;
+  }
+  try {
+    return JSON.parse(data.SecretString);
+  } catch {
+    return null;
+  }
+};
+
+const secrets = await getSecretValue("infra-core-api-config");
+const client = new STSClient({ region: "us-east-1" });
+const command = new GetCallerIdentityCommand({});
+let data;
+try {
+  data = await client.send(command);
+} catch {
+  console.error(
+    `Could not get AWS STS credentials: are you logged in to AWS? Run "aws configure sso" to log in.`,
+  );
+  process.exit(1);
+}
+
+const username = process.env.JWTGEN_USERNAME || data.UserId?.split(":")[1];
 const payload = {
   aud: "custom_jwt",
   iss: "custom_jwt",
@@ -29,8 +60,9 @@ const payload = {
   ver: "1.0",
 };
 
-const secretKey = process.env.JwtSigningKey;
-const token = jwt.sign(payload, secretKey, { algorithm: "HS256" });
+const token = jwt.sign(payload, secrets["jwt_key"], {
+  algorithm: "HS256",
+});
 console.log(`USERNAME=${username}`);
 console.log("=====================");
 console.log(token);

get_msft_jwt.js

@@ -1,28 +1,28 @@
-import request from 'request';
+import request from "request";
 
 const client_secret = process.env.AadClientSecret;
 if (!client_secret) {
-    console.error("Did not find client secret in environment.");
-    process.exit(1);
+  console.error("Did not find client secret in environment.");
+  process.exit(1);
 }
 
 var options = {
-    'method': 'POST',
-    'url': 'https://login.microsoftonline.com/c8d9148f-9a59-4db3-827d-42ea0c2b6e2e/oauth2/token',
-    'headers': {
-      'Content-Type': 'application/x-www-form-urlencoded',
-      'Cookie': 'esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYx8m4odNFiSkFXBDxAsyDVihl0yV2geMRVf-xYZ_GI34ZgJzPlzsLI4IyGrHFUcRyt_kOrGgfKtxKD_l8Shb9DAyh2xT4JeGXJhIyqsMO-lMmpvDuGjePONePVhmPE4TzQuQUh6V8Y4yWwBV10HljcSWz0Jp0DGs5MB4wMCl3CVwgAA; fpc=Asmn40XcT3RJkq8G_zKhA64gJa0wAQAAANHbRN4OAAAADPYZNQMAAADZ20TeDgAAABa8tnsBAAAAeN1E3g4AAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd'
-    },
-    form: {
-      'grant_type': 'client_credentials',
-      'client_id': '519866d4-45a8-44ae-9925-9fb61b85074e',
-      'client_secret': client_secret,
-      'resource': 'api://5e08cf0f-53bb-4e09-9df2-e9bdc3467296',
-      'scope': 'api://5e08cf0f-53bb-4e09-9df2-e9bdc3467296/ACM.Events.Login'
-    }
-  };
-  request(options, function (error, response) {
-    if (error) throw new Error(error);
-    console.log(JSON.parse(response.body)['access_token']);
-  });
-  
+  method: "POST",
+  url: "https://login.microsoftonline.com/c8d9148f-9a59-4db3-827d-42ea0c2b6e2e/oauth2/token",
+  headers: {
+    "Content-Type": "application/x-www-form-urlencoded",
+    Cookie:
+      "esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYx8m4odNFiSkFXBDxAsyDVihl0yV2geMRVf-xYZ_GI34ZgJzPlzsLI4IyGrHFUcRyt_kOrGgfKtxKD_l8Shb9DAyh2xT4JeGXJhIyqsMO-lMmpvDuGjePONePVhmPE4TzQuQUh6V8Y4yWwBV10HljcSWz0Jp0DGs5MB4wMCl3CVwgAA; fpc=Asmn40XcT3RJkq8G_zKhA64gJa0wAQAAANHbRN4OAAAADPYZNQMAAADZ20TeDgAAABa8tnsBAAAAeN1E3g4AAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd",
+  },
+  form: {
+    grant_type: "client_credentials",
+    client_id: "519866d4-45a8-44ae-9925-9fb61b85074e",
+    client_secret: client_secret,
+    resource: "api://5e08cf0f-53bb-4e09-9df2-e9bdc3467296",
+    scope: "api://5e08cf0f-53bb-4e09-9df2-e9bdc3467296/ACM.Events.Login",
+  },
+};
+request(options, function (error, response) {
+  if (error) throw new Error(error);
+  console.log(JSON.parse(response.body)["access_token"]);
+});