bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb3ae4d78b4b38c9a774f019e0dec31a54f5df3a
bakery-ia/jwt_debug_script.sh
Urtzi Alfaro 6176d5c4d8 REFACTOR API gateway fix 3
2025-07-26 20:04:24 +02:00

230 lines
7.3 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# JWT Debug and Verification Script
# This script helps debug JWT token issues between gateway and auth service
set -e
# Configuration
API_BASE="http://localhost:8000"
AUTH_BASE="http://localhost:8001"
EMAIL="test@bakery.com"
PASSWORD="TestPassword123!"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
log_info() {
echo -e "${BLUE} $1${NC}"
}
log_success() {
echo -e "${GREEN}$1${NC}"
}
log_warning() {
echo -e "${YELLOW}⚠️ $1${NC}"
}
log_error() {
echo -e "${RED}$1${NC}"
}
log_step() {
echo -e "${BLUE}🔄 $1${NC}"
}
echo "🔍 JWT Token Debug and Verification Script"
echo "==========================================="
# Step 1: Check JWT Configuration
log_step "Step 1: Checking JWT Configuration Consistency"
log_info "Checking Gateway JWT Settings..."
GATEWAY_JWT_SECRET=$(docker-compose exec -T gateway env 2>/dev/null | grep JWT_SECRET_KEY || echo "NOT_SET")
GATEWAY_JWT_ALGO=$(docker-compose exec -T gateway env 2>/dev/null | grep JWT_ALGORITHM || echo "NOT_SET")
log_info "Checking Auth Service JWT Settings..."
AUTH_JWT_SECRET=$(docker-compose exec -T auth-service env 2>/dev/null | grep JWT_SECRET_KEY || echo "NOT_SET")
AUTH_JWT_ALGO=$(docker-compose exec -T auth-service env 2>/dev/null | grep JWT_ALGORITHM || echo "NOT_SET")
echo "Gateway JWT Secret: $GATEWAY_JWT_SECRET"
echo "Auth Service JWT Secret: $AUTH_JWT_SECRET"
echo "Gateway JWT Algorithm: $GATEWAY_JWT_ALGO"
echo "Auth Service JWT Algorithm: $AUTH_JWT_ALGO"
if [ "$GATEWAY_JWT_SECRET" = "$AUTH_JWT_SECRET" ]; then
log_success "JWT Secret Keys match!"
else
log_error "JWT Secret Keys DO NOT match!"
log_warning "This is likely the cause of the authentication issue"
fi
echo ""
# Step 2: Test Direct Auth Service
log_step "Step 2: Testing Direct Auth Service"
# Login directly to auth service
log_info "Logging in directly to auth service..."
AUTH_LOGIN_RESPONSE=$(curl -s -X POST "$AUTH_BASE/api/v1/auth/login" \
-H "Content-Type: application/json" \
-d "{
\"email\": \"$EMAIL\",
\"password\": \"$PASSWORD\"
}")
echo "Direct Auth Login Response:"
echo "$AUTH_LOGIN_RESPONSE" | jq '.' 2>/dev/null || echo "$AUTH_LOGIN_RESPONSE"
# Extract token
DIRECT_TOKEN=$(echo "$AUTH_LOGIN_RESPONSE" | jq -r '.access_token' 2>/dev/null)
if [ "$DIRECT_TOKEN" != "null" ] && [ "$DIRECT_TOKEN" != "" ]; then
log_success "Direct auth login successful!"
echo "Token: ${DIRECT_TOKEN:0:50}..."
# Test direct auth verification
log_info "Testing direct auth token verification..."
AUTH_VERIFY_RESPONSE=$(curl -s -X POST "$AUTH_BASE/api/v1/auth/verify" \
-H "Authorization: Bearer $DIRECT_TOKEN")
echo "Direct Auth Verify Response:"
echo "$AUTH_VERIFY_RESPONSE" | jq '.' 2>/dev/null || echo "$AUTH_VERIFY_RESPONSE"
# Test direct auth /users/me
log_info "Testing direct auth /users/me endpoint..."
AUTH_ME_RESPONSE=$(curl -s -X GET "$AUTH_BASE/api/v1/users/me" \
-H "Authorization: Bearer $DIRECT_TOKEN")
echo "Direct Auth /users/me Response:"
echo "$AUTH_ME_RESPONSE" | jq '.' 2>/dev/null || echo "$AUTH_ME_RESPONSE"
else
log_error "Direct auth login failed!"
exit 1
fi
echo ""
# Step 3: Test Gateway Login
log_step "Step 3: Testing Gateway Login"
GATEWAY_LOGIN_RESPONSE=$(curl -s -X POST "$API_BASE/api/v1/auth/login" \
-H "Content-Type: application/json" \
-d "{
\"email\": \"$EMAIL\",
\"password\": \"$PASSWORD\"
}")
echo "Gateway Login Response:"
echo "$GATEWAY_LOGIN_RESPONSE" | jq '.' 2>/dev/null || echo "$GATEWAY_LOGIN_RESPONSE"
GATEWAY_TOKEN=$(echo "$GATEWAY_LOGIN_RESPONSE" | jq -r '.access_token' 2>/dev/null)
if [ "$GATEWAY_TOKEN" != "null" ] && [ "$GATEWAY_TOKEN" != "" ]; then
log_success "Gateway login successful!"
echo "Token: ${GATEWAY_TOKEN:0:50}..."
else
log_error "Gateway login failed!"
exit 1
fi
echo ""
# Step 4: Compare Tokens
log_step "Step 4: Comparing Tokens"
if [ "$DIRECT_TOKEN" = "$GATEWAY_TOKEN" ]; then
log_success "Tokens are identical (expected)"
else
log_warning "Tokens are different (unexpected if same login)"
fi
# Decode tokens for comparison
log_info "Decoding direct auth token payload..."
DIRECT_PAYLOAD=$(echo "$DIRECT_TOKEN" | cut -d'.' -f2)
# Add padding if needed
while [ $((${#DIRECT_PAYLOAD} % 4)) -ne 0 ]; do
DIRECT_PAYLOAD="${DIRECT_PAYLOAD}="
done
echo "$DIRECT_PAYLOAD" | base64 -d 2>/dev/null | jq '.' || echo "Failed to decode"
log_info "Decoding gateway token payload..."
GATEWAY_PAYLOAD=$(echo "$GATEWAY_TOKEN" | cut -d'.' -f2)
# Add padding if needed
while [ $((${#GATEWAY_PAYLOAD} % 4)) -ne 0 ]; do
GATEWAY_PAYLOAD="${GATEWAY_PAYLOAD}="
done
echo "$GATEWAY_PAYLOAD" | base64 -d 2>/dev/null | jq '.' || echo "Failed to decode"
echo ""
# Step 5: Test Gateway Authentication
log_step "Step 5: Testing Gateway Authentication Middleware"
# Test gateway token verification
log_info "Testing gateway token verification..."
GATEWAY_VERIFY_RESPONSE=$(curl -s -X POST "$API_BASE/api/v1/auth/verify" \
-H "Authorization: Bearer $GATEWAY_TOKEN")
echo "Gateway Verify Response:"
echo "$GATEWAY_VERIFY_RESPONSE" | jq '.' 2>/dev/null || echo "$GATEWAY_VERIFY_RESPONSE"
# Test gateway /users/me (this is where the issue occurs)
log_info "Testing gateway /users/me endpoint (THE FAILING ENDPOINT)..."
GATEWAY_ME_RESPONSE=$(curl -s -w "\nHTTP_CODE:%{http_code}\n" -X GET "$API_BASE/api/v1/users/me" \
-H "Authorization: Bearer $GATEWAY_TOKEN")
echo "Gateway /users/me Response:"
echo "$GATEWAY_ME_RESPONSE"
# Check if successful
if echo "$GATEWAY_ME_RESPONSE" | grep -q "HTTP_CODE:200"; then
log_success "Gateway /users/me endpoint working!"
elif echo "$GATEWAY_ME_RESPONSE" | grep -q "HTTP_CODE:401"; then
log_error "Gateway /users/me endpoint returning 401 Unauthorized"
log_warning "This confirms the JWT middleware issue"
else
log_warning "Gateway /users/me endpoint returned unexpected response"
fi
echo ""
# Step 6: Test with verbose curl to see middleware behavior
log_step "Step 6: Verbose Gateway Request Analysis"
log_info "Making verbose request to gateway /users/me..."
curl -v -X GET "$API_BASE/api/v1/users/me" \
-H "Authorization: Bearer $GATEWAY_TOKEN" 2>&1 | head -20
echo ""
# Step 7: Recommendations
log_step "Step 7: Recommendations"
if [ "$GATEWAY_JWT_SECRET" != "$AUTH_JWT_SECRET" ]; then
log_error "CRITICAL: JWT secrets don't match between services"
echo "Fix: Update your .env file and restart services:"
echo "export JWT_SECRET_KEY='your-super-secret-jwt-key-change-in-production-min-32-characters-long'"
echo "docker-compose down && docker-compose up -d"
elif echo "$GATEWAY_ME_RESPONSE" | grep -q "HTTP_CODE:401"; then
log_warning "JWT secrets match but gateway middleware is still failing"
echo "Possible causes:"
echo "1. Gateway middleware token validation logic issue"
echo "2. Token payload structure mismatch"
echo "3. Gateway not using updated shared JWT handler"
echo ""
echo "Recommended fixes:"
echo "1. Apply the fixed gateway auth middleware"
echo "2. Apply the fixed shared JWT handler"
echo "3. Restart gateway service: docker-compose restart gateway"
else
log_success "All tests passed! JWT authentication is working correctly."
fi
echo ""
echo "🏁 Debug script completed!"
Reference in New Issue View Git Blame Copy Permalink