-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathportal_curl
executable file
·93 lines (77 loc) · 2.48 KB
/
portal_curl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/bash
#
# replace with your tokens
#
refresh_token=''
access_token=''
authorization_url='https://portal.dc7bycecolo.com/api/v1/refresh_access_token'
echoerr() { echo "$@" 1>&2; }
# check dependencies
which curl > /dev/null
if [[ $? -ne 0 ]]
then
echoerr "Missing dependency: curl"
exit 1;
fi
which jq > /dev/null
if [[ $? -ne 0 ]]
then
echoerr "Missing dependency: jq"
exit 1;
fi
# fix sed syntax on MacOS
if [[ $OSTYPE == 'darwin'* ]]; then
sed_flags=(-i '')
else
sed_flags=(-i)
fi
script_path="`pwd`/$0"
# first argument is raw token
check_token_expiration () {
token=`echo $1 | sed -n 's/\(.*\)\.\(.*\)\.\(.*\)/\2/p'`
# base64 requires token to be correct length (multiple of 4)
exp=`echo "$token"==== | fold -w 4 | sed '$ d' | tr -d '\n' | base64 --d | jq '.exp'`
time_now=`date +%s`
if [[ $exp -lt $time_now && !($exp == "null") ]]
then
echo 1
else
echo 0
fi
}
refresh_access_token () {
refresh_response=`curl -X POST -L -H "Authorization: $refresh_token" -H "Accept: application/json" "$authorization_url" 2>/dev/null`
errors=`jq '.errors' <<< "$refresh_response"`
if [[ "$errors" == null ]]
then
# grep is used to sanitize new tokens before replacing tokens in the script file, this should prevent code injection from remote server
new_access_token=`echo $refresh_response | jq '.access_token' | grep -o '[A-Za-z0-9_\.-]' | tr -d '\n'`
new_refresh_token=`echo $refresh_response | jq '.refresh_token' | grep -o '[A-Za-z0-9_\.-]' | tr -d '\n'`
# update this file with new tokens
echoerr "Refresh successful, storing new tokens"
sed "${sed_flags[@]}" "s/$access_token/$new_access_token/g; s/$refresh_token/$new_refresh_token/g" "$script_path"
access_token=$new_access_token
else
echoerr "Token refresh attempt failed. Errors: $errors"
exit 1
fi
}
access_token_expired=`check_token_expiration $access_token`
if [[ $access_token_expired -ne 0 ]]
then
echoerr "Access token is expired, will try to refresh"
refresh_token_expired=`check_token_expiration $refresh_token`
if [[ $refresh_token_expired -ne 0 ]]
then
echoerr "Refresh token is expired, unable to continue."
exit 1
else
echoerr "Refresh token is valid, will proceed with access token refresh"
refresh_access_token
access_token_expired=`check_token_expiration $access_token`
fi
fi
if [[ $access_token_expired -eq 0 ]]
then
curl -L -H "Authorization: $access_token" -H "Content-Type: application/json" -H "Accept: application/json" "$@"
fi