tag/v2026.2.8-1/bin/generate-mercure-jwt.php

#!/usr/bin/env php
<?php declare(strict_types=1);

require __DIR__ . '/../vendor/autoload.php';

use Firebase\JWT\JWT;

$secret = bin2hex(random_bytes(32));

$publisherToken = JWT::encode(
    ['mercure' => ['publish' => ['*']]],
    $secret,
    'HS256'
);

$subscriberToken = JWT::encode(
    ['mercure' => ['subscribe' => ['*']]],
    $secret,
    'HS256'
);

echo PHP_EOL;
echo "# ── .env ──────────────────────────────────────────────────────────────" . PHP_EOL;
echo "MERCURE_JWT_SECRET=\"{$secret}\"" . PHP_EOL;
echo "MERCURE_JWT_TOKEN={$publisherToken}" . PHP_EOL;
echo "MERCURE_SUBSCRIBER_JWT={$subscriberToken}" . PHP_EOL;
echo PHP_EOL;
echo "# ── /etc/caddy/conf.d/mine.caddy  (inside the mercure {} block) ───────" . PHP_EOL;
echo "publisher_jwt  {$secret}  HS256" . PHP_EOL;
echo "subscriber_jwt {$secret}  HS256" . PHP_EOL;
echo PHP_EOL;
chg: pkg: add JWT generation script to make Mercure safe #4 2026-04-13 16:10:41 +02:00			`#!/usr/bin/env php`
			`<?php declare(strict_types=1);`

			`require __DIR__ . '/../vendor/autoload.php';`

			`use Firebase\JWT\JWT;`

			`$secret = bin2hex(random_bytes(32));`

			`$publisherToken = JWT::encode(`
			`['mercure' => ['publish' => ['*']]],`
			`$secret,`
			`'HS256'`
			`);`

			`$subscriberToken = JWT::encode(`
			`['mercure' => ['subscribe' => ['*']]],`
			`$secret,`
			`'HS256'`
			`);`

			`echo PHP_EOL;`
			`echo "# ── .env ──────────────────────────────────────────────────────────────" . PHP_EOL;`
			`echo "MERCURE_JWT_SECRET=\"{$secret}\"" . PHP_EOL;`
			`echo "MERCURE_JWT_TOKEN={$publisherToken}" . PHP_EOL;`
			`echo "MERCURE_SUBSCRIBER_JWT={$subscriberToken}" . PHP_EOL;`
			`echo PHP_EOL;`
			`echo "# ── /etc/caddy/conf.d/mine.caddy (inside the mercure {} block) ───────" . PHP_EOL;`
			`echo "publisher_jwt {$secret} HS256" . PHP_EOL;`
			`echo "subscriber_jwt {$secret} HS256" . PHP_EOL;`
			`echo PHP_EOL;`