Running JS before build

This is uncharted territory for me.

I need to run the following JS only on the server and then get the signed token to use in my content.

Can this be done with Hugo Pipes?

// you will need to install via 'npm install jsonwebtoken' or in your package.json

var jwt = require("jsonwebtoken");

var METABASE_SITE_URL = "https://metabase.gregory-ms.com";
var METABASE_SECRET_KEY = "yadayada";

var payload = {
  resource: { dashboard: 2 },
  params: {},
  exp: Math.round(Date.now() / 1000) + (10 * 60) // 10 minute expiration
};
var token = jwt.sign(payload, METABASE_SECRET_KEY);

var iframeUrl = METABASE_SITE_URL + "/embed/dashboard/" + token + "#bordered=true&titled=true";

Then on the content I will be using something like this

<iframe
    src="{{iframeUrl}}"
    frameborder="0"
    width="800"
    height="600"
    allowtransparency
></iframe>

Probably not the way you envision it :wink:

  • Attempt 1: I would put this script into modules (javascript modules) and then use the .Build command to let this script run on page load and fill the src of the iframe dynamically. Disadvantage of this method is, that the secret key will be in your javascript that is loaded.

  • Attempt 2: Move it into a node script and run BEFORE hugo build and save the result in a data/brunoamaral/setup/metabase.json and then access it via site.Data.brunoamaral.setup.metabase.url (if your json is { "url": "the URL"}

I am not sure though what exactly is going on there. You set a 10 minutes expiration key on the secret, so 10 minutes after you build the site the iframe will be unauthorized.

So maybe a little bit more context would be fine. But I think you might want to go with version 1 somehow.

@davidsneighbour I ended up going with number 2.

This is a site that rebuild every hour or so, and I adjusted the timestamp accordingly. This way I am always serving a valid token.

In case someone needs a similar solution, my code is here: gregory/build.py at main · brunoamaral/gregory · GitHub