Project

General

Profile

« Previous | Next » 

Revision d7e48c58

Added by koszko almost 2 years ago

Add complete firefox extension upload and download functionality

View differences:

shell_utils.sh
6 6 
ENDL="
7 7 
"
8 8 

  		




  
  9
  
    
# A "raw" echo, interprets neither backclash escapes nor command-line options.


  		




  
  10
  
    
# Does not emit trailing newline.


  		




  
  11
  
    
ech() {


  		




  
  12
  
    
    printf %s "$*"


  		




  
  13
  
    
}


  		




  
  14
  
    

  		




  9
  15
  
    
errcho() {


  		




  10
  16
  
    
    echo "$@" >&2


  		




  11
  17
  
    
}


  		












  

    
      upload_amo.sh
    
  





  24
  24
  
    

  		




  25
  25
  
    
set -e


  		




  26
  26
  
    

  		




  
  27
  
    
. ./shell_utils.sh


  		




  
  28
  
    

  		




  
  29
  
    
_PROG_NAME="$0"


  		




  
  30
  
    
OPERATION="$1"


  		




  
  31
  
    
API_KEY="$2"


  		




  
  32
  
    
SECRET="$3"


  		




  
  33
  
    
XPI_PATH="$4"


  		




  
  34
  
    

  		




  27
  35
  
    
base64url() {


  		




  28
  
  
    
    echo -n "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='


  		




  
  36
  
    
    ech "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='


  		




  29
  37
  
    
}


  		




  30
  38
  
    

  		




  31
  39
  
    
sha256hmac() {


  		




  32
  
  
    
    base64url "$(echo -n "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"


  		




  
  40
  
    
    base64url "$(ech "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"


  		




  33
  41
  
    
}


  		




  34
  42
  
    

  		




  35
  
  
    
if [ $# != 3 ]; then


  		




  36
  
  
    
   echo "Usage:  $0 API_KEY SECRET XPI_PATH" 1>&2


  		




  37
  
  
    
   exit 1


  		




  38
  
  
    
fi


  		




  
  43
  
    
escape_regex_special() {


  		




  
  44
  
    
    ech "$1" | sed 's/\([]\.*?{},()[-]\)/\\\1/g'


  		




  
  45
  
    
}


  		




  
  46
  
    

  		




  
  47
  
    
# Note: We don't actually parse JSON. We extract needed keys with sed regexes


  		




  
  48
  
    
# which does not work in the general case but is sufficient for now.


  		




  
  49
  
    
get_json_key() {


  		




  
  50
  
    
    local KEY_REG="$(escape_regex_special "$1")"


  		




  
  51
  
    
    ech "$2" |


  		




  
  52
  
    
	sed 's/\(.*"'"$KEY_REG"'"[[:space:]]*:[[:space:]]*"\([^"]*\)"\)\?.*/\2/' |


  		




  
  53
  
    
	grep . | head -1


  		




  
  54
  
    
}


  		




  
  55
  
    

  		




  
  56
  
    
get_manifest_key() {


  		




  
  57
  
    
    get_json_key "$1" "$(unzip -p "$2" manifest.json)"


  		




  
  58
  
    
}


  		




  39
  59
  
    

  		




  40
  
  
    
API_KEY="$1"


  		




  41
  
  
    
SECRET="$2"


  		




  42
  
  
    
XPI_PATH="$3"


  		




  43
  
  
    
JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'


  		




  44
  
  
    
JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)


  		




  45
  
  
    
ISSUED_AT_TIME=$(date -u +%s)


  		




  46
  
  
    
EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))


  		




  47
  
  
    
JWT_PAYLOAD=$(cat <<EOF


  		




  
  60
  
    
generate_jwt() {


  		




  
  61
  
    
    local JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'


  		




  
  62
  
    
    local JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)


  		




  
  63
  
    
    local ISSUED_AT_TIME=$(date -u +%s)


  		




  
  64
  
    
    local EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))


  		




  
  65
  
    
    local JWT_PAYLOAD="$(cat <<EOF


  		




  48
  66
  
    
{


  		




  49
  67
  
    
    "iss": "$API_KEY",


  		




  50
  68
  
    
    "jti": "$JWT_ID",


  		




  ......




  52
  70
  
    
    "exp": $EXPIRATION_TIME


  		




  53
  71
  
    
}


  		




  54
  72
  
    
EOF


  		




  55
  
  
    
	   )


  		




  56
  
  
    
JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")


  		




  57
  
  
    
JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")


  		




  58
  
  
    
JWT=$JWT_MESSAGE.$JWT_SIGNATURE


  		




  
  73
  
    
	  )"


  		




  
  74
  
    
    local JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")


  		




  
  75
  
    
    local JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")


  		




  
  76
  
    
    local JWT=$JWT_MESSAGE.$JWT_SIGNATURE


  		




  
  77
  
    
    errcho "Using JWT: $JWT"


  		




  
  78
  
    
    ech $JWT


  		




  
  79
  
    
}


  		




  
  80
  
    

  		




  
  81
  
    
get_extension_url() {


  		




  
  82
  
    
    EXTENSION_ID="$(get_manifest_key id "$XPI_PATH")"


  		




  
  83
  
    
    EXTENSION_VER="$(get_manifest_key version "$XPI_PATH")"


  		




  59
  84
  
    

  		




  60
  
  
    
# Query one of Mozilla endpoints to verify that JWT authentication works.


  		




  61
  
  
    
curl "https://addons.mozilla.org/api/v5/accounts/profile/" \


  		




  62
  
  
    
     -H "Authorization: JWT $JWT"


  		




  
  85
  
    
    if [ -z "$EXTENSION_ID" -o -z "$EXTENSION_VER" ]; then


  		




  
  86
  
    
	errcho "Couldn't extract extension id and version. Please check if $XPI_PATH contains proper manifest.json file."


  		




  
  87
  
    
	exit 1


  		




  
  88
  
    
    fi


  		




  63
  89
  
    

  		




  64
  
  
    
# TODO: Do the actual upload.


  		




  
  90
  
    
    ech "https://addons.mozilla.org/api/v4/addons/$EXTENSION_ID/versions/$EXTENSION_VER/"


  		




  
  91
  
    
}


  		




  
  92
  
    

  		




  
  93
  
    
usage() {


  		




  
  94
  
    
   errcho "Usage:  $_PROG_NAME upload|check|test API_KEY SECRET XPI_PATH"


  		




  
  95
  
    
}


  		




  
  96
  
    

  		




  
  97
  
    
if [ $# != 4 ]; then


  		




  
  98
  
    
    usage


  		




  
  99
  
    
    exit 1


  		




  
  100
  
    
fi


  		




  
  101
  
    

  		




  
  102
  
    
unset RETURNED_DATA


  		




  
  103
  
    

  		




  
  104
  
    
case "$OPERATION" in


  		




  
  105
  
    
    test)


  		




  
  106
  
    
	curl "https://addons.mozilla.org/api/v4/accounts/profile/" \


  		




  
  107
  
    
	     -g -H "Authorization: JWT $(generate_jwt)"


  		




  
  108
  
    
	echo


  		




  
  109
  
    
	;;


  		




  
  110
  
    
    check)


  		




  
  111
  
    
	RETURNED_DATA="$(curl $(get_extension_url) \


  		




  
  112
  
    
			      -g -H "Authorization: JWT $(generate_jwt)")"


  		




  
  113
  
    
	;;


  		




  
  114
  
    
    upload)


  		




  
  115
  
    
	RETURNED_DATA="$(curl $(get_extension_url) \


  		




  
  116
  
    
			      -g -XPUT --form "upload=@$XPI_PATH" \


  		




  
  117
  
    
			      -H "Authorization: JWT $(generate_jwt)")"


  		




  
  118
  
    
	;;


  		




  
  119
  
    
    *)


  		




  
  120
  
    
	usage


  		




  
  121
  
    
	exit 1


  		




  
  122
  
    
	;;


  		




  
  123
  
    
esac


  		




  
  124
  
    

  		




  
  125
  
    
if [ -n "$RETURNED_DATA" ]; then


  		




  
  126
  
    
    printf "addons.mozilla.org says:\n%s\n" "$RETURNED_DATA"


  		




  
  127
  
    
    DOWNLOAD_URL="$(get_json_key download_url "$RETURNED_DATA")"


  		




  
  128
  
    
    if [ -n "$DOWNLOAD_URL" ]; then


  		




  
  129
  
    
	printf "Downloading extension file from %s\n" "$DOWNLOAD_URL"


  		




  
  130
  
    
	curl "$DOWNLOAD_URL" -g -H "Authorization: JWT $(generate_jwt)" -O


  		




  
  131
  
    
    fi


  		




  
  132
  
    
fi


  		












Also available in:  Unified diff