add:

2026-02-23 20:36:21 +08:00
parent 4898aecd3b
commit fdbcde13b2
52 changed files with 11263 additions and 194 deletions
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# 生成 JWKS JSON 文件的脚本
+# 用于 Envoy JWT 验证
+
+set -e
+
+# 参数
+JWT_SECRET_KEY="${1:-your-secret-key-change-this-in-production}"
+OUTPUT_FILE="${2:-jwks.json}"
+KEY_ID="${3:-default-key-id}"
+
+echo "生成 JWKS JSON..."
+echo "- Secret Key: ${JWT_SECRET_KEY:0:10}..."
+echo "- Key ID: $KEY_ID"
+echo "- Output: $OUTPUT_FILE"
+
+# 对密钥进行 base64 编码（URL-safe 无填充）
+ENCODED_KEY=$(echo -n "$JWT_SECRET_KEY" | base64 | tr '+/' '-_' | sed 's/=//g')
+
+# 生成 JWKS JSON
+cat > "$OUTPUT_FILE" <<EOF
+{
+  "keys": [
+    {
+      "kty": "oct",
+      "use": "sig",
+      "kid": "$KEY_ID",
+      "k": "$ENCODED_KEY",
+      "alg": "HS256"
+    }
+  ]
+}
+EOF
+
+echo "✓ JWKS 文件已生成: $OUTPUT_FILE"
+echo ""
+echo "内容预览:"
+cat "$OUTPUT_FILE"
+echo ""
+echo ""
+echo "配置说明:"
+echo "1. 在 user-rpc 的 .well-known/jwks.json 端点暴露此文件"
+echo "2. 在 Envoy 中配置远程 JWKS URI:"
+echo "   remote_jwks:"
+echo "     http_uri:"
+echo "       uri: http://user-rpc-svc:9001/.well-known/jwks.json"
+echo ""