Fix the powersync key generation

This still needs to be clean up (specially the key generation, at the moment we
use a new dependency, but all this can be also done with the library we currently
use)

Author: rolandgeider

requirements.txt

@@ -27,6 +27,7 @@ icalendar==5.0.13
 invoke==2.2.0
 openfoodfacts==0.4.0
 pillow==10.4.0
+python_jose==3.3.0
 reportlab==4.2.2
 requests==2.32.3
 tqdm==4.66.4

wger/core/api/views.py

@@ -1,5 +1,4 @@
 # -*- coding: utf-8 -*-
-
 # This file is part of wger Workout Manager.
 #
 # wger Workout Manager is free software: you can redistribute it and/or modify
@@ -16,11 +15,13 @@
 # along with Workout Manager.  If not, see <http://www.gnu.org/licenses/>.
 
 # Standard Library
+import json
 import logging
+import time
+from base64 import urlsafe_b64decode
 
 # Django
 from django.conf import settings
-from django.contrib.auth.decorators import login_required
 from django.contrib.auth.models import User
 from django.http import (
     HttpResponseForbidden,
@@ -38,6 +39,9 @@
     extend_schema,
     inline_serializer,
 )
+from jose.constants import ALGORITHMS
+from jose.exceptions import JWKError
+from jose.jwt import encode
 from rest_framework import (
     status,
     viewsets,
@@ -414,30 +418,52 @@ class RoutineWeightUnitViewSet(viewsets.ReadOnlyModelViewSet):
     filterset_fields = ('name',)
 
 
+def create_jwt_token(user_id):
+    power_sync_private_key_bytes = urlsafe_b64decode(settings.POWERSYNC_JWKS_PRIVATE_KEY)
+    power_sync_private_key_json = json.loads(power_sync_private_key_bytes.decode('utf-8'))
+
+    try:
+        jwt_header = {
+            'alg': power_sync_private_key_json['alg'],
+            'kid': power_sync_private_key_json['kid'],
+        }
+
+        jwt_payload = {
+            'sub': user_id,
+            'iat': time.time(),
+            'aud': 'powersync',
+            'exp': int(time.time()) + 300,  # 5 minutes expiration
+        }
+
+        token = encode(
+            jwt_payload, power_sync_private_key_json, algorithm=ALGORITHMS.RS256, headers=jwt_header
+        )
+
+        return token
+
+    except (JWKError, ValueError, KeyError) as e:
+        raise Exception(f'Error creating JWT token: {str(e)}')
+
+
 @api_view()
-def get_token_for_user(request):
+def get_powersync_token(request):
     if not request.user.is_authenticated:
         return HttpResponseForbidden()
 
-    token = AccessToken.for_user(request.user)
+    token = create_jwt_token(request.user.id)
 
-    return JsonResponse(
-        data={
-            'token': str(token),
-            'type': str(token.token_type),
-            'user': request.user.username,
-            'powersync_url': 'http://powersync:8080',
-        }
-    )
+    try:
+        return JsonResponse({'token': token, 'powersync_url': settings.POWERSYNC_URL}, status=200)
+    except Exception as e:
+        return JsonResponse({'error': str(e)}, status=500)
 
 
 @api_view()
 def get_powersync_keys(request):
-    if not request.user.is_authenticated:
-        return HttpResponseForbidden()
+    power_sync_public_key_bytes = urlsafe_b64decode(settings.POWERSYNC_JWKS_PUBLIC_KEY)
 
     return JsonResponse(
-        {'keys': [settings.POWERSYNC_JWKS_PUBLIC_KEY]},
+        {'keys': [json.loads(power_sync_public_key_bytes.decode('utf-8'))]},
         status=200,
     )
 

wger/urls.py

@@ -279,7 +279,7 @@
     ),
     path(
         'api/v2/powersync-token',
-        core_api_views.get_token_for_user,
+        core_api_views.get_powersync_token,
         name='get_token',
     ),
     path(
@@ -290,7 +290,7 @@
     path(
         'api/v2/upload-powersync-data',
         core_api_views.upload_powersync_data,
-        name='powersync-keys',
+        name='powersync-data',
     ),
     # Api documentation
     path(