feat(template-helpers): Add more parameters to jwt helper

- jwt without parameter now generate a real jwt - keep length parameter as is for backward compatibility - add secret and payload parameters - payload properties iss, iat, exp are automaticly set if not provided
2025-06-26 18:27:59 +00:00 · 2025-04-21 15:59:49 +02:00
parent bc17991580
commit 11b9cee73d
2 changed files with 69 additions and 10 deletions
--- a/packages/server/src/templates/index.ts
+++ b/packages/server/src/templates/index.ts
@@ -1,4 +1,4 @@
-import { randomBytes } from "node:crypto";
+import { randomBytes, createHmac } from "node:crypto";
 import { existsSync } from "node:fs";
 import { mkdir, readFile, writeFile } from "node:fs/promises";
 import { join } from "node:path";
@@ -9,7 +9,7 @@ import { fetchTemplateFiles } from "./github";
 export interface Schema {
 	serverIp: string;
 	projectName: string;
-}
+};

 export type DomainSchema = Pick<Domain, "host" | "port" | "serviceName"> & {
 	path?: string;
@@ -22,6 +22,12 @@ export interface Template {
 		content: string;
 	}>;
 	domains: DomainSchema[];
+};
+
+export interface GenerateJWTOptions {
+	length?: number;
+	secret?: string;
+	payload?: Record<string, unknown> | undefined;
 }

 export const generateRandomDomain = ({
@@ -59,10 +65,41 @@ export const generatePassword = (quantity = 16): string => {
 */
 export function generateBase64(bytes = 32): string {
 	return randomBytes(bytes).toString("base64");
-}
+};

-export function generateJwt(length = 256): string {
-	return randomBytes(length).toString("hex");
+function safeBase64(str: string): string {
+	return str
+		.replace(/=/g, "")
+		.replace(/\+/g, "-")
+		.replace(/\//g, "_");
+};
+function objToJWTBase64(obj: any): string {
+	return safeBase64(Buffer.from(JSON.stringify(obj), "utf8").toString("base64"));
+};
+
+export function generateJwt(options: GenerateJWTOptions = {}): string {
+	let { length, secret, payload = {} } = options;
+	if (length) {
+		return randomBytes(length).toString("hex");
+	}
+	const encodedHeader = objToJWTBase64({
+		alg: "HS256",
+		typ: "JWT",
+	});
+	payload.iss || (payload.iss = "dokploy");
+	payload.iat || (payload.iat = Math.floor(Date.now() / 1000));
+	payload.exp || (payload.exp = Math.floor(new Date("2030-01-01T00:00:00Z").getTime() / 1000));
+	const encodedPayload = objToJWTBase64({
+		iat: Math.floor(Date.now() / 1000),
+		exp: Math.floor(new Date("2030-01-01T00:00:00Z").getTime() / 1000),
+		...payload,
+	});
+	secret || (secret = randomBytes(32).toString("hex"));
+	const signature = safeBase64(createHmac("SHA256", secret)
+		.update(`${encodedHeader}.${encodedPayload}`)
+		.digest("base64"));
+
+	return `${encodedHeader}.${encodedPayload}.${signature}`;
 }

 /**
--- a/packages/server/src/templates/processors.ts
+++ b/packages/server/src/templates/processors.ts
@@ -65,7 +65,7 @@ export interface Template {
 /**
 * Process a string value and replace variables
 */
-function processValue(
+export function processValue(
 	value: string,
 	variables: Record<string, string>,
 	schema: Schema,
@@ -84,11 +84,11 @@ function processValue(
 			const length = Number.parseInt(varName.split(":")[1], 10) || 32;
 			return generateBase64(length);
 		}
+
 		if (varName.startsWith("password:")) {
 			const length = Number.parseInt(varName.split(":")[1], 10) || 16;
 			return generatePassword(length);
 		}
-
 		if (varName === "password") {
 			return generatePassword(16);
 		}
@@ -114,8 +114,30 @@ function processValue(
 		}

 		if (varName.startsWith("jwt:")) {
-			const length = Number.parseInt(varName.split(":")[1], 10) || 256;
-			return generateJwt(length);
+			const params:string[] = varName.split(":").slice(1);
+			if (params.length === 1 && params[0] && params[0].match(/^\d{1,3}$/)) {
+				return generateJwt({length: Number.parseInt(params[0], 10)});
+			}
+			let [secret, payload] = params;
+			if (typeof payload === "string" && variables[payload]) {
+				payload = variables[payload];
+			}
+			if (typeof payload === "string" && payload.startsWith("{") && payload.endsWith("}")) {
+				try {
+					payload = JSON.parse(payload);
+				} catch (e) {
+					// If payload is not a valid JSON, invalid it
+					payload = undefined;
+					console.error("Invalid JWT payload", e);
+				}
+			}
+			if (typeof payload !== 'object') {
+				payload = undefined;
+			}
+			return generateJwt({
+				secret: secret ? (variables[secret] || secret) : undefined,
+				payload: payload as any
+			});
 		}

 		if (varName === "username") {
@@ -147,7 +169,7 @@ export function processVariables(
 ): Record<string, string> {
 	const variables: Record<string, string> = {};

-	// First pass: Process variables that don't depend on other variables
+	// First pass: Process some variables that don't depend on other variables
 	for (const [key, value] of Object.entries(template.variables)) {
 		if (typeof value !== "string") continue;