chg: pkg: add JWT generation script to make Mercure safe #4

bin/generate-mercure-jwt.php

@@ -0,0 +1,31 @@
+#!/usr/bin/env php
+<?php declare(strict_types=1);
+
+require __DIR__ . '/../vendor/autoload.php';
+
+use Firebase\JWT\JWT;
+
+$secret = bin2hex(random_bytes(32));
+
+$publisherToken = JWT::encode(
+    ['mercure' => ['publish' => ['*']]],
+    $secret,
+    'HS256'
+);
+
+$subscriberToken = JWT::encode(
+    ['mercure' => ['subscribe' => ['*']]],
+    $secret,
+    'HS256'
+);
+
+echo PHP_EOL;
+echo "# ── .env ──────────────────────────────────────────────────────────────" . PHP_EOL;
+echo "MERCURE_JWT_SECRET=\"{$secret}\"" . PHP_EOL;
+echo "MERCURE_JWT_TOKEN={$publisherToken}" . PHP_EOL;
+echo "MERCURE_SUBSCRIBER_JWT={$subscriberToken}" . PHP_EOL;
+echo PHP_EOL;
+echo "# ── /etc/caddy/conf.d/mine.caddy  (inside the mercure {} block) ───────" . PHP_EOL;
+echo "publisher_jwt  {$secret}  HS256" . PHP_EOL;
+echo "subscriber_jwt {$secret}  HS256" . PHP_EOL;
+echo PHP_EOL;