56 lines
1.1 KiB
Bash
Executable File
56 lines
1.1 KiB
Bash
Executable File
#!/bin/sh
|
|
set -eu
|
|
|
|
# === config ===
|
|
JWT_EXP_ANON=3600
|
|
JWT_EXP_SERVICE=315360000 # 10 years
|
|
JWT_ISSUER="supabase"
|
|
|
|
# === helpers ===
|
|
b64url() {
|
|
openssl base64 -A | tr '+/' '-_' | tr -d '='
|
|
}
|
|
|
|
jwt_sign() {
|
|
header=$1
|
|
payload=$2
|
|
secret=$3
|
|
|
|
header_b64=$(printf '%s' "$header" | b64url)
|
|
payload_b64=$(printf '%s' "$payload" | b64url)
|
|
|
|
sig=$(printf '%s.%s' "$header_b64" "$payload_b64" |
|
|
openssl dgst -binary -sha256 -hmac "$secret" | b64url)
|
|
|
|
printf '%s.%s.%s\n' "$header_b64" "$payload_b64" "$sig"
|
|
}
|
|
|
|
# === generate JWT secret ===
|
|
JWT_SECRET=$(openssl rand -hex 32)
|
|
|
|
NOW=$(date +%s)
|
|
|
|
JWT_HEADER='{"alg":"HS256","typ":"JWT"}'
|
|
|
|
ANON_PAYLOAD=$(
|
|
cat <<EOF
|
|
{"role":"anon","iss":"$JWT_ISSUER","iat":$NOW,"exp":$((NOW + JWT_EXP_ANON))}
|
|
EOF
|
|
)
|
|
|
|
SERVICE_PAYLOAD=$(
|
|
cat <<EOF
|
|
{"role":"service_role","iss":"$JWT_ISSUER","iat":$NOW,"exp":$((NOW + JWT_EXP_SERVICE))}
|
|
EOF
|
|
)
|
|
|
|
ANON_KEY=$(jwt_sign "$JWT_HEADER" "$ANON_PAYLOAD" "$JWT_SECRET")
|
|
SERVICE_ROLE_KEY=$(jwt_sign "$JWT_HEADER" "$SERVICE_PAYLOAD" "$JWT_SECRET")
|
|
|
|
# === output .env-compatible ===
|
|
cat <<EOF
|
|
JWT_SECRET=$JWT_SECRET
|
|
ANON_KEY=$ANON_KEY
|
|
SERVICE_ROLE_KEY=$SERVICE_ROLE_KEY
|
|
EOF
|