From c3f3499a42e04a24c8a63c3f174bd68aff9b4e5d Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 20 Oct 2024 10:35:05 +0000
Subject: [PATCH] api/util: add script to generate secure `JWT_SECRET`

---
 api/package.json                    |  3 ++-
 api/src/util/generate-jwt-secret.js | 13 +++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 api/src/util/generate-jwt-secret.js

diff --git a/api/package.json b/api/package.json
index 339d383f..ba346f39 100644
--- a/api/package.json
+++ b/api/package.json
@@ -12,7 +12,8 @@
         "start": "node src/cobalt",
         "setup": "node src/util/setup",
         "test": "node src/util/test",
-        "token:youtube": "node src/util/generate-youtube-tokens"
+        "token:youtube": "node src/util/generate-youtube-tokens",
+        "token:jwt": "node src/util/generate-jwt-secret"
     },
     "repository": {
         "type": "git",
diff --git a/api/src/util/generate-jwt-secret.js b/api/src/util/generate-jwt-secret.js
new file mode 100644
index 00000000..83f0aa5b
--- /dev/null
+++ b/api/src/util/generate-jwt-secret.js
@@ -0,0 +1,13 @@
+// run with `pnpm -r token:jwt`
+
+const makeSecureString = (length = 64) => {
+    const alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-';
+    const out = [];
+
+    for (const byte of crypto.getRandomValues(new Uint8Array(length)))
+        out.push(alphabet[byte % alphabet.length]);
+
+    return out.join('');
+}
+
+console.log(`JWT_SECRET: ${JSON.stringify(makeSecureString(64))}`)