|
| 1 | +# Token Forge |
| 2 | + |
| 3 | +**Token Forge** is a lightweight command-line tool for generating and verifying HMAC-signed tokens using Rust. It is inspired by the concept of JSON Web Tokens (JWT), but deliberately simpler and customized for learning, experimentation, and personal use. |
| 4 | + |
| 5 | +This project is not meant for production environments. It exists as a fun and educational exploration of cryptographic primitives, CLI design, and Rust development best practices. |
| 6 | + |
| 7 | +## Features |
| 8 | + |
| 9 | +- Generate HMAC SHA-256 signed tokens from arbitrary JSON payloads |
| 10 | +- Optional token expiration support |
| 11 | +- CLI-driven interface with ergonomic flags |
| 12 | +- Load payloads from file |
| 13 | +- Inspect and verify token contents |
| 14 | +- Built-in demo that walks through token generation, expiration, and decoding |
| 15 | +- Full test suite covering common and edge scenarios |
| 16 | +- CI support for GitHub, GitLab, and Bitbucket |
| 17 | + |
| 18 | +## Project Structure |
| 19 | + |
| 20 | +``` |
| 21 | +prodesquare-token-forge/ |
| 22 | +├── src/ # Rust source code |
| 23 | +├── tests/ # Integration tests |
| 24 | +├── .env.example # Sample environment config |
| 25 | +├── Cargo.toml # Crate manifest |
| 26 | +├── bitbucket-pipelines.yml |
| 27 | +├── .gitlab-ci.yml |
| 28 | +└── .github/workflows/ |
| 29 | + └── rust.yml |
| 30 | +``` |
| 31 | + |
| 32 | +## Getting Started |
| 33 | + |
| 34 | +### Prerequisites |
| 35 | + |
| 36 | +- [Rust](https://www.rust-lang.org/tools/install) |
| 37 | +- [Cargo](https://doc.rust-lang.org/cargo/getting-started/installation.html) |
| 38 | + |
| 39 | +### Installation |
| 40 | + |
| 41 | +1. Clone the repository: |
| 42 | + |
| 43 | +```bash |
| 44 | +git clone https://github.com/prodesquare/token-forge.git |
| 45 | +cd token-forge |
| 46 | +``` |
| 47 | + |
| 48 | +2. Setup Environment Variables: |
| 49 | + |
| 50 | +```bash |
| 51 | +cp .env.example .env |
| 52 | +``` |
| 53 | + |
| 54 | +3. Build: |
| 55 | + |
| 56 | +```bash |
| 57 | +cargo build --release |
| 58 | +``` |
| 59 | + |
| 60 | +## Environment Variables |
| 61 | + |
| 62 | +Token Forge **does not compile your secret into the binary**. This is intentional. You must provide the signing key (`SECRET`) at runtime via an environment variable. |
| 63 | + |
| 64 | +There are two common ways to set it: |
| 65 | + |
| 66 | +1. Temporary (per session): |
| 67 | + |
| 68 | +You can export it in your shell before running the binary: |
| 69 | + |
| 70 | +```bash |
| 71 | +export SECRET="my_signing_key" |
| 72 | +# run token-forge now |
| 73 | +``` |
| 74 | + |
| 75 | +2. Persistent (per user/system): |
| 76 | + |
| 77 | +Add it to your shell's configuration file (e.g., `.bashrc`, `.zshrc`, etc.): |
| 78 | + |
| 79 | +```bash |
| 80 | +export SECRET="my_signing_key" |
| 81 | +``` |
| 82 | + |
| 83 | +You can also set it in your `~/.profile` or `~/.bash_profile` file. |
| 84 | + |
| 85 | +## Usage |
| 86 | + |
| 87 | +1. Copy the binary to a location in your `$PATH` or run directly from the project directory: |
| 88 | + |
| 89 | +```bash |
| 90 | +cp target/release/token-forge /usr/local/bin |
| 91 | +token-forge --help |
| 92 | +``` |
| 93 | + |
| 94 | +2. Generate a token: |
| 95 | + |
| 96 | +```bash |
| 97 | +token-forge generate --file <path_to_json_file> --expiry <expiration_in_seconds> |
| 98 | +# OR USING SHORTHAND FLAGS |
| 99 | +token-forge generate -f <path_to_json_file> -e <expiration_in_seconds> |
| 100 | +``` |
| 101 | + |
| 102 | +Use `--verbose` (`-v`) to print timestamps (`iat`, `exp`) during token generation. |
| 103 | + |
| 104 | +3. Decode a token: |
| 105 | + |
| 106 | +```bash |
| 107 | +token-forge decode --token <token> |
| 108 | +# OR USING SHORTHAND FLAGS |
| 109 | +token-forge decode -t <token> |
| 110 | +``` |
| 111 | + |
| 112 | +Use `--verbose` (`-v`) to print timestamps (`iat`, `exp`) during token decoding. |
| 113 | + |
| 114 | +4. Run the demo: |
| 115 | + |
| 116 | +```bash |
| 117 | +token-forge demo |
| 118 | +``` |
| 119 | + |
| 120 | +## Development & Testing |
| 121 | + |
| 122 | +To run tests: |
| 123 | + |
| 124 | +```bash |
| 125 | +cargo test |
| 126 | +``` |
| 127 | + |
| 128 | +CI runs on: |
| 129 | + |
| 130 | +- GitHub Actions |
| 131 | +- GitLab CI |
| 132 | +- Bitbucket Pipelines |
| 133 | + |
| 134 | +All of them execute standard build and test steps using the latest Rust toolchain. |
| 135 | + |
| 136 | +## Notes |
| 137 | + |
| 138 | +- Token Forge uses a simplified format (`HS256` + custom header) and should not be confused with full JWT standards. |
| 139 | +- All tokens are encoded using URL-safe base64 without padding. |
| 140 | +- Only the custom `TOK` type is supported in headers to keep the validation strict and simple. |
| 141 | + |
| 142 | +This tool is not designed with production security considerations in mind. Please use vetted libraries and standards like `jwt` for real-world use cases. |
| 143 | + |
| 144 | +## License |
| 145 | + |
| 146 | +This project is licensed under the GNU General Public License v3.0 (GPL-3.0) - see the [LICENSE](LICENSE) file for details. |
| 147 | + |
| 148 | +## Acknowledgments |
| 149 | + |
| 150 | +This project was built as a fun weekend experiment to better understand tokenization, base64 encoding, HMAC signing, and CLI ergonomics in Rust. Inspired loosely by JWTs, but intentionally lighter. |
| 151 | + |
| 152 | +## Support |
| 153 | + |
| 154 | +- BTC: `18Hd1waYh5uG6nWRboXGD3Q3vaPzWRMgQH` |
| 155 | +- ETH: `0x90b3f1495724e9e6a18372cb939df1d7166337b9` |
0 commit comments