Experimental stuff with GitHub App Authorization

protegeproject · May 24, 2024 · 14c36f5 · 14c36f5
1 parent 0172ef7
commit 14c36f5
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 4 deletions.
diff --git a/pom.xml b/pom.xml
@@ -95,6 +95,24 @@
             <version>1.316</version>
         </dependency>
 
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.10.5</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.10.5</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.10.5</version>
+            <scope>runtime</scope>
+        </dependency>
+
 
         <dependency>
             <groupId>org.springframework.boot</groupId>

diff --git a/src/main/java/edu/stanford/protege/issues/service/AuthUtil.java b/src/main/java/edu/stanford/protege/issues/service/AuthUtil.java
@@ -0,0 +1,73 @@
+package edu.stanford.protege.issues.service;
+
+import io.jsonwebtoken.JwtBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Date;
+
+/**
+ * Matthew Horridge
+ * Stanford Center for Biomedical Informatics Research
+ * 2024-05-23
+ */
+public class AuthUtil {
+
+    private static final Logger logger = LoggerFactory.getLogger(AuthUtil.class);
+
+    protected static final String RSA_ALGORITHM = "RSA";
+
+    static PrivateKey get(Path pathToPrivateKeyDerFile) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+        byte[] keyBytes = Files.readAllBytes(pathToPrivateKeyDerFile);
+        logger.info("Read private key file: {} bytes", keyBytes.length);
+        var spec = new PKCS8EncodedKeySpec(keyBytes);
+        var kf = KeyFactory.getInstance(RSA_ALGORITHM);
+        return kf.generatePrivate(spec);
+    }
+
+    static String createJWT(String githubAppId, long ttlMillis) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+        //The JWT signature algorithm we will be using to sign the token
+        var signatureAlgorithm = SignatureAlgorithm.RS256;
+
+        long nowMillis = System.currentTimeMillis();
+        var now = new Date(nowMillis);
+
+        //We will sign our JWT with our private key
+        var pathToPrivateKeyDerFile = Path.of("/run/secrets/gh_private_key");
+
+        Key signingKey = get(pathToPrivateKeyDerFile);
+
+        //Let's set the JWT Claims
+        JwtBuilder builder = Jwts.builder()
+                                 .setIssuedAt(now)
+                                 .setIssuer(githubAppId)
+                                 .signWith(signingKey, signatureAlgorithm);
+
+        //if it has been specified, let's add the expiration
+        if (ttlMillis > 0) {
+            long expMillis = nowMillis + ttlMillis;
+            Date exp = new Date(expMillis);
+            builder.setExpiration(exp);
+        }
+
+        //Builds the JWT and serializes it to a compact, URL-safe string
+        return builder.compact();
+    }
+//
+//    public static void main(String[] args) throws Exception {
+//        String jwtToken = createJWT("44435", 600000); //sdk-github-api-app-test
+//        GitHub gitHubApp = new GitHubBuilder().withJwtToken(jwtToken).build();
+//    }
+
+}
diff --git a/src/main/java/edu/stanford/protege/issues/service/LocalIssueStoreManager.java b/src/main/java/edu/stanford/protege/issues/service/LocalIssueStoreManager.java
@@ -66,7 +66,7 @@ var record = linkRepository.findById(projectId);
                     var replacementRecord = theRecord.withUpdatedStatus(Instant.now(), false);
                     linkRepository.save(replacementRecord);
                 } catch (IOException e) {
-                    logger.info("Unable to update repository");
+                    logger.info("Unable to update repository due to error: {}", e.getMessage(), e);
                     var updateFailed = theRecord.withUpdateFailed(e.getMessage());
                     linkRepository.save(updateFailed);
                 }

diff --git a/src/main/java/edu/stanford/protege/issues/service/WebprotegeGhIssuesServiceApplication.java b/src/main/java/edu/stanford/protege/issues/service/WebprotegeGhIssuesServiceApplication.java
@@ -10,6 +10,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -19,6 +20,10 @@
 import uk.ac.manchester.cs.owl.owlapi.OWLClassImpl;
 
 import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+
+import static edu.stanford.protege.issues.service.AuthUtil.createJWT;
 
 @SpringBootApplication
 @Import({WebProtegeIpcApplication.class, WebProtegeJacksonApplication.class})
@@ -31,8 +36,13 @@ public static void main(String[] args) {
     }
 
     @Bean
-    public GitHub gitHub() throws IOException {
-        return GitHubBuilder.fromEnvironment().build();
+    public GitHub gitHub(@Value("${gh.app.id}") String gitHubAppId) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+    var envMap = System.getenv();
+    logger.info("Env: " + envMap);
+    logger.info("Creating GitHub client");
+        var jwtToken = createJWT(gitHubAppId, 600000); //sdk-github-api-app-test
+        logger.info("Created JWT for GitHub");
+        return new GitHubBuilder().withJwtToken(jwtToken).build();
     }
 
     @Autowired
@@ -41,7 +51,13 @@ public GitHub gitHub() throws IOException {
     @Override
     public void run(String... args) throws Exception {
         logger.warn("Forcing linked repo");
-        context.getBean(GitHubRepositoryLinkRecordStore.class)
+        var bean = context.getBean(GitHubRepositoryLinkRecordStore.class);
+        bean
                 .save(new GitHubRepositoryLinkRecord(ProjectId.valueOf("c6a5fed1-47eb-4be1-9570-7d3eefd9b579"), new GitHubRepositoryCoordinates("matthewhorridge", "testrepo"), null, true));
+
+        bean
+                .save(new GitHubRepositoryLinkRecord(ProjectId.valueOf("e1e130b0-388e-490d-99f6-1aeda4a926f3"), new GitHubRepositoryCoordinates("geneontology", "go-ontology"), null, true));
+
+
     }
 }