From a625cb3d9977c170687db22145a3f2e643e3f620 Mon Sep 17 00:00:00 2001
From: Dat <dat.nguyen@wikimedia.de>
Date: Wed, 19 Feb 2025 14:31:28 +0100
Subject: [PATCH] Add OAuth public and private key in setting

---
 dist-persist/wbstack/src/Settings/LocalSettings.php | 5 +++--
 dist/wbstack/src/Settings/LocalSettings.php         | 5 +++--
 jwtRS256.sh                                         | 7 +++++++
 3 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 jwtRS256.sh

diff --git a/dist-persist/wbstack/src/Settings/LocalSettings.php b/dist-persist/wbstack/src/Settings/LocalSettings.php
index 909c91edc..ca41f293f 100644
--- a/dist-persist/wbstack/src/Settings/LocalSettings.php
+++ b/dist-persist/wbstack/src/Settings/LocalSettings.php
@@ -29,7 +29,6 @@
 $wwIsPhpUnit = isset( $maintClass ) && $maintClass === 'PHPUnitMaintClass';
 $wwIsLocalisationRebuild = basename( $_SERVER['SCRIPT_NAME'] ) === 'rebuildLocalisationCache.php';
 $wwLocalization = new Localization( $wgExtensionMessagesFiles, $wgMessagesDirs, $wgBaseDirectory, $wwIsLocalisationRebuild );
-$wwDockerCompose = getenv('WBSTACK_DOCKER_COMPOSE') === 'yes';
 
 $wwUseMailgunExtension = true; // default for wbstack
 if (getenv('MW_MAILGUN_DISABLED') === 'yes') {
@@ -94,7 +93,7 @@
     ];
 }
 
-if ( $wwDockerCompose ) {
+if ( $wwDomainSaysLocal ) {
     $wgServer = "http://" . $wikiInfo->domain;
 } else {
     $wgServer = "https://" . $wikiInfo->domain;
@@ -325,6 +324,8 @@ function onBeforePageDisplay( &$out, &$skin ) {
 $wgGroupPermissions['platform']['mwoauthmanageconsumer'] = true;
 $wgGroupPermissions['platform']['mwoauthviewprivate'] = true;
 $wgGroupPermissions['platform']['mwoauthupdateownconsumer'] = true;
+$wgOAuth2PrivateKey = '/mediawiki/jwtRS256.key';
+$wgOAuth2PublicKey = '/mediawiki/jwtRS256.key.pub';
 
 #######################################
 ## ---          Skins            --- ##
diff --git a/dist/wbstack/src/Settings/LocalSettings.php b/dist/wbstack/src/Settings/LocalSettings.php
index 909c91edc..ca41f293f 100644
--- a/dist/wbstack/src/Settings/LocalSettings.php
+++ b/dist/wbstack/src/Settings/LocalSettings.php
@@ -29,7 +29,6 @@
 $wwIsPhpUnit = isset( $maintClass ) && $maintClass === 'PHPUnitMaintClass';
 $wwIsLocalisationRebuild = basename( $_SERVER['SCRIPT_NAME'] ) === 'rebuildLocalisationCache.php';
 $wwLocalization = new Localization( $wgExtensionMessagesFiles, $wgMessagesDirs, $wgBaseDirectory, $wwIsLocalisationRebuild );
-$wwDockerCompose = getenv('WBSTACK_DOCKER_COMPOSE') === 'yes';
 
 $wwUseMailgunExtension = true; // default for wbstack
 if (getenv('MW_MAILGUN_DISABLED') === 'yes') {
@@ -94,7 +93,7 @@
     ];
 }
 
-if ( $wwDockerCompose ) {
+if ( $wwDomainSaysLocal ) {
     $wgServer = "http://" . $wikiInfo->domain;
 } else {
     $wgServer = "https://" . $wikiInfo->domain;
@@ -325,6 +324,8 @@ function onBeforePageDisplay( &$out, &$skin ) {
 $wgGroupPermissions['platform']['mwoauthmanageconsumer'] = true;
 $wgGroupPermissions['platform']['mwoauthviewprivate'] = true;
 $wgGroupPermissions['platform']['mwoauthupdateownconsumer'] = true;
+$wgOAuth2PrivateKey = '/mediawiki/jwtRS256.key';
+$wgOAuth2PublicKey = '/mediawiki/jwtRS256.key.pub';
 
 #######################################
 ## ---          Skins            --- ##
diff --git a/jwtRS256.sh b/jwtRS256.sh
new file mode 100644
index 000000000..b4c85d641
--- /dev/null
+++ b/jwtRS256.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
+# Don't add passphrase
+openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
+cat jwtRS256.key
+cat jwtRS256.key.pub