# Copyright 2016 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#  Example of calling a Google Cloud Endpoint API with a JWT signed by
# a Google API Service Account.

require "optparse"
require "rest-client"
require "json"
require "signet/oauth_2/client"
require "openssl"

options = {}

optparse = OptionParser.new do |opts|
  opts.on("-h", "--host HOST",
          "Your API host, e.g. https://your-project.appspot.com.") do |host|
    options[:host] = host
  end
  opts.on "-k", "--api_key KEY", "Your API key." do |api_key|
    options[:api_key] = api_key
  end
  opts.on("-s", "--service_account_file FILE",
          "The path to your service account json file.") do |file_path|
    options[:service_account_file] = file_path
  end
  opts.on "-m", "--message MESSAGE", "Message to echo." do |message|
    options[:message] = message
  end
end

optparse.parse!

unless options[:host]
  puts optparse
  puts "Missing argument: host"
  exit
end

unless options[:api_key]
  puts optparse
  puts "Missing argument: api_key"
  exit
end

unless options[:service_account_file]
  puts optparse
  puts "Missing argument: service_account_file"
  exit
end

# Generate a signed JSON Web Token using a Google API Service Account.
service_account = JSON.parse File.read(options[:service_account_file])

oauth = Signet::OAuth2::Client.new(
  issuer:               "jwt-client.endpoints.sample.google.com",
  audience:             "echo.endpoints.sample.google.com",
  scope:                "email",
  authorization_uri:    "https://accounts.google.com/o/oauth2/auth",
  token_credential_uri: "https://www.googleapis.com/oauth2/v4/token",
  client_id:            service_account["client_id"],
  signing_key:          OpenSSL::PKey::RSA.new(service_account["private_key"]),
  sub:                  "123456"
)

jwt = oauth.to_jwt

# Makes a request to the auth info endpoint for Google JWTs.

url = "#{options[:host]}/auth/info/googlejwt?key=#{options[:api_key]}"

begin
  response = RestClient.get url, Authorization: "Bearer #{jwt}"
  puts response.code
  puts response.body
rescue StandardError => e
  if e.respond_to? :response
    puts e.response.code
    puts e.response.body
  else
    puts e
  end
end