Switch system token usage to the new mechanism (#7)

src/Site.php

@@ -6,12 +6,15 @@
 
 namespace Garden\Sites;
 
+use Carbon\Carbon;
+use Firebase\JWT\JWT;
 use Garden\Http\CurlHandler;
 use Garden\Http\HttpHandlerInterface;
 use Garden\Sites\Clients\SiteHttpClient;
 use Garden\Sites\Exceptions\BadApiCredentialsException;
 use Garden\Sites\Exceptions\ClusterNotFoundException;
 use Garden\Utils\ArrayUtils;
+use Garden\Utils\ContextException;
 
 /**
  * Interface classes representing a site.
@@ -22,6 +25,7 @@
 abstract class Site implements \JsonSerializable
 {
     const CONF_SYSTEM_ACCESS_TOKEN = "APIv2.SystemAccessToken";
+    const CONF_JWT_SECRET = "Context.Secret";
 
     protected SiteRecord $siteRecord;
 
@@ -177,12 +181,23 @@ public function hasSystemAccessToken(): bool
      */
     public function getSystemAccessToken(): string
     {
-        $apiToken = $this->getConfigValueByKey(self::CONF_SYSTEM_ACCESS_TOKEN);
-        if (empty($apiToken)) {
-            throw new BadApiCredentialsException("Site did not have SystemAccessToken configured.");
+        $secret = $this->getConfigValueByKey(self::CONF_JWT_SECRET);
+        if ($secret === null) {
+            throw new BadApiCredentialsException("Secret not found in site config", 500, [
+                "siteID" => $this->getSiteID(),
+            ]);
         }
 
-        return $apiToken;
+        $token = JWT::encode(
+            [
+                "svc" => $this->siteProvider->getUserAgent(),
+                "iat" => time(),
+                "exp" => time() + 60 * 5,
+            ],
+            $secret,
+            "HS512",
+        );
+        return "vnla_sys.{$token}";
     }
 
     /**

tests/configs/config.php

@@ -4,4 +4,4 @@
 $Configuration["Nested"]["Nested2"] = "valnested2";
 $Configuration["Vanilla"]["SiteID"] = 100;
 $Configuration["Vanilla"]["AccountID"] = 100;
-$Configuration["APIv2"]["SystemAccessToken"] = "tokenhere";
+$Configuration["Context"]["Secret"] = "tokenhere";

tests/configs/e2e-tests.vanilla.localhost/site1.php

@@ -10,4 +10,4 @@
 $Configuration["Vanilla"]["SiteID"] = 102;
 $Configuration["Vanilla"]["AccountID"] = 102;
 $Configuration["SomeArr"] = [3, 4, 5];
-$Configuration["APIv2"]["SystemAccessToken"] = "tokenhere";
+$Configuration["Context"]["Secret"] = "tokenhere";

tests/configs/other-cluster.php

@@ -10,4 +10,4 @@
 $Configuration["Vanilla"]["SiteID"] = 105;
 $Configuration["Vanilla"]["AccountID"] = 105;
 $Configuration["Vanilla"]["ClusterID"] = "cl00001";
-$Configuration["APIv2"]["SystemAccessToken"] = "tokenhere";
+$Configuration["Context"]["Secret"] = "tokenhere";

tests/configs/vanilla.localhost/hub.php

@@ -7,7 +7,7 @@
 $Configuration["Vanilla"]["SiteID"] = 10000;
 $Configuration["Vanilla"]["AccountID"] = 10000;
 $Configuration["EnabledPlugins"]["sitehubshared"] = true;
-$Configuration["APIv2"]["SystemAccessToken"] = "tokenhere";
+$Configuration["Context"]["Secret"] = "tokenhere";
 $Configuration["Config1"] = "val1";
 $Configuration["Nested"]["Nested1"] = "valnested1";
 $Configuration["Nested"]["Nested2"] = "valnested2";

tests/configs/vanilla.localhost/node1.php

@@ -7,7 +7,7 @@
 $Configuration["Vanilla"]["SiteID"] = 10001;
 $Configuration["Vanilla"]["AccountID"] = 10000;
 $Configuration["EnabledPlugins"]["sitehubshared"] = true;
-$Configuration["APIv2"]["SystemAccessToken"] = "tokenhere";
+$Configuration["Context"]["Secret"] = "tokenhere";
 $Configuration["Config1"] = "val1";
 $Configuration["Nested"]["Nested1"] = "valnested1";
 $Configuration["Nested"]["Nested2"] = "valnested2";

tests/configs/vanilla.localhost/valid.php

@@ -11,4 +11,4 @@
 $Configuration["Vanilla"]["AccountID"] = 101;
 $Configuration["MergeWithMe"]["Key2"] = "val2";
 $Configuration["SomeArr"] = [3, 4, 5];
-$Configuration["APIv2"]["SystemAccessToken"] = "tokenhere";
+$Configuration["Context"]["Secret"] = "tokenhere";

tests/mock-orch/site/context/get/?siteid=100.json

@@ -22,8 +22,8 @@
             "allsite": {
                 "havethis": "everyone"
             },
-            "APIv2": {
-                "SystemAccessToken": "systemaccess"
+            "Context": {
+                "Secret": "systemaccess"
             },
             "ReplaceByCluster": [1, 2, 3],
             "MergeWithCluster": {

tests/mock-orch/site/context/get/?siteid=4000001.json

@@ -22,8 +22,8 @@
             "allsite": {
                 "havethis": "everyone"
             },
-            "APIv2": {
-                "SystemAccessToken": "systemaccess"
+            "Context": {
+                "Secret": "systemaccess"
             },
             "ReplaceByCluster": [1, 2, 3],
             "MergeWithCluster": {

tests/mock-orch/site/context/get/?siteid=4000002.json

@@ -22,8 +22,8 @@
             "allsite": {
                 "havethis": "everyone"
             },
-            "APIv2": {
-                "SystemAccessToken": "systemaccess"
+            "Context": {
+                "Secret": "systemaccess"
             },
             "ReplaceByCluster": [1, 2, 3],
             "MergeWithCluster": {

tests/mock-orch/site/context/get/?siteid=4000003.json

@@ -22,8 +22,8 @@
             "allsite": {
                 "havethis": "everyone"
             },
-            "APIv2": {
-                "SystemAccessToken": "systemaccess"
+            "Context": {
+                "Secret": "systemaccess"
             },
             "ReplaceByCluster": [1, 2, 3],
             "MergeWithCluster": {

tests/mock-orch/site/context/get/?siteid=4000004.json

@@ -22,8 +22,8 @@
             "allsite": {
                 "havethis": "everyone"
             },
-            "APIv2": {
-                "SystemAccessToken": "systemaccess"
+            "Context": {
+                "Secret": "systemaccess"
             },
             "ReplaceByCluster": [1, 2, 3],
             "MergeWithCluster": {