Project

General

Profile

« Previous | Next » 

Revision d7e48c58

Added by koszko almost 2 years ago

Add complete firefox extension upload and download functionality

View differences:

upload_amo.sh
24 24

  
25 25
set -e
26 26

  
27
. ./shell_utils.sh
28

  
29
_PROG_NAME="$0"
30
OPERATION="$1"
31
API_KEY="$2"
32
SECRET="$3"
33
XPI_PATH="$4"
34

  
27 35
base64url() {
28
    echo -n "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='
36
    ech "$1" | base64 -w 0 | tr '/+' '_-' | tr -d '='
29 37
}
30 38

  
31 39
sha256hmac() {
32
    base64url "$(echo -n "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"
40
    base64url "$(ech "$2" | openssl dgst -sha256 -hmac "$1" -binary -)"
33 41
}
34 42

  
35
if [ $# != 3 ]; then
36
   echo "Usage:  $0 API_KEY SECRET XPI_PATH" 1>&2
37
   exit 1
38
fi
43
escape_regex_special() {
44
    ech "$1" | sed 's/\([]\.*?{},()[-]\)/\\\1/g'
45
}
46

  
47
# Note: We don't actually parse JSON. We extract needed keys with sed regexes
48
# which does not work in the general case but is sufficient for now.
49
get_json_key() {
50
    local KEY_REG="$(escape_regex_special "$1")"
51
    ech "$2" |
52
	sed 's/\(.*"'"$KEY_REG"'"[[:space:]]*:[[:space:]]*"\([^"]*\)"\)\?.*/\2/' |
53
	grep . | head -1
54
}
55

  
56
get_manifest_key() {
57
    get_json_key "$1" "$(unzip -p "$2" manifest.json)"
58
}
39 59

  
40
API_KEY="$1"
41
SECRET="$2"
42
XPI_PATH="$3"
43
JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'
44
JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)
45
ISSUED_AT_TIME=$(date -u +%s)
46
EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))
47
JWT_PAYLOAD=$(cat <<EOF
60
generate_jwt() {
61
    local JWT_HEAD='{"alg":"HS256", "typ":"JWT"}'
62
    local JWT_ID=$(dd if=/dev/random bs=21 count=1 2>/dev/null | base64)
63
    local ISSUED_AT_TIME=$(date -u +%s)
64
    local EXPIRATION_TIME=$((ISSUED_AT_TIME + 300))
65
    local JWT_PAYLOAD="$(cat <<EOF
48 66
{
49 67
    "iss": "$API_KEY",
50 68
    "jti": "$JWT_ID",
......
52 70
    "exp": $EXPIRATION_TIME
53 71
}
54 72
EOF
55
	   )
56
JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")
57
JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")
58
JWT=$JWT_MESSAGE.$JWT_SIGNATURE
73
	  )"
74
    local JWT_MESSAGE=$(base64url "$JWT_HEAD").$(base64url "$JWT_PAYLOAD")
75
    local JWT_SIGNATURE=$(sha256hmac "$SECRET" "$JWT_MESSAGE")
76
    local JWT=$JWT_MESSAGE.$JWT_SIGNATURE
77
    errcho "Using JWT: $JWT"
78
    ech $JWT
79
}
80

  
81
get_extension_url() {
82
    EXTENSION_ID="$(get_manifest_key id "$XPI_PATH")"
83
    EXTENSION_VER="$(get_manifest_key version "$XPI_PATH")"
59 84

  
60
# Query one of Mozilla endpoints to verify that JWT authentication works.
61
curl "https://addons.mozilla.org/api/v5/accounts/profile/" \
62
     -H "Authorization: JWT $JWT"
85
    if [ -z "$EXTENSION_ID" -o -z "$EXTENSION_VER" ]; then
86
	errcho "Couldn't extract extension id and version. Please check if $XPI_PATH contains proper manifest.json file."
87
	exit 1
88
    fi
63 89

  
64
# TODO: Do the actual upload.
90
    ech "https://addons.mozilla.org/api/v4/addons/$EXTENSION_ID/versions/$EXTENSION_VER/"
91
}
92

  
93
usage() {
94
   errcho "Usage:  $_PROG_NAME upload|check|test API_KEY SECRET XPI_PATH"
95
}
96

  
97
if [ $# != 4 ]; then
98
    usage
99
    exit 1
100
fi
101

  
102
unset RETURNED_DATA
103

  
104
case "$OPERATION" in
105
    test)
106
	curl "https://addons.mozilla.org/api/v4/accounts/profile/" \
107
	     -g -H "Authorization: JWT $(generate_jwt)"
108
	echo
109
	;;
110
    check)
111
	RETURNED_DATA="$(curl $(get_extension_url) \
112
			      -g -H "Authorization: JWT $(generate_jwt)")"
113
	;;
114
    upload)
115
	RETURNED_DATA="$(curl $(get_extension_url) \
116
			      -g -XPUT --form "upload=@$XPI_PATH" \
117
			      -H "Authorization: JWT $(generate_jwt)")"
118
	;;
119
    *)
120
	usage
121
	exit 1
122
	;;
123
esac
124

  
125
if [ -n "$RETURNED_DATA" ]; then
126
    printf "addons.mozilla.org says:\n%s\n" "$RETURNED_DATA"
127
    DOWNLOAD_URL="$(get_json_key download_url "$RETURNED_DATA")"
128
    if [ -n "$DOWNLOAD_URL" ]; then
129
	printf "Downloading extension file from %s\n" "$DOWNLOAD_URL"
130
	curl "$DOWNLOAD_URL" -g -H "Authorization: JWT $(generate_jwt)" -O
131
    fi
132
fi

Also available in: Unified diff