diff --git a/.env.example b/.env.example index 7e5647d5..3cd7a0ef 100644 --- a/.env.example +++ b/.env.example @@ -50,11 +50,11 @@ GUEST_CLAIMS='{"permissions": ["core.read", "core.play"], "verified": true}' PROTECTED_CLAIMS="permissions,verified" -# You can create apikeys at runtime via POST /apikey but you can also have some defined in the env. +# You can create apikeys at runtime via POST /keys but you can also have some defined in the env. # Replace $YOURNAME with the name of the key you want (only alpha are valid) # The value will be the apikey (max 128 bytes) -# KEIBI_APIKEY_$YOURNAME=oaeushtaoesunthoaensuth -# KEIBI_APIKEY_$YOURNAME_CLAIMS='{"permissions": ["users.read"]}' +KEIBI_APIKEY_SCANNER=EJqUB8robwKwLNt37SuHqdcsNGrtwpfYxeExfiAbokpxZVd4WctWr7gnSZ +KEIBI_APIKEY_SCANNER_CLAIMS='{"permissions": ["core.write"]}' # To debug the front end, you can set the following to an external backend KYOO_URL= diff --git a/auth/.env.example b/auth/.env.example index d842cb5a..e0bb34a8 100644 --- a/auth/.env.example +++ b/auth/.env.example @@ -19,7 +19,7 @@ PROTECTED_CLAIMS="permissions" # The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance. PUBLIC_URL=http://localhost:8901 -# You can create apikeys at runtime via POST /apikey but you can also have some defined in the env. +# You can create apikeys at runtime via POST /key but you can also have some defined in the env. # Replace $YOURNAME with the name of the key you want (only alpha are valid) # The value will be the apikey (max 128 bytes) # KEIBI_APIKEY_$YOURNAME=oaeushtaoesunthoaensuth diff --git a/auth/README.md b/auth/README.md index 0b446249..0e5feaf8 100644 --- a/auth/README.md +++ b/auth/README.md @@ -60,8 +60,8 @@ GET `/users/$id/sessions` can be used by admins to list others session ### Api keys ``` -Get `/apikeys` -Post `/apikeys` {...claims} Create a new api keys with given claims +Get `/keys` +Post `/keys` {...claims} Create a new api keys with given claims ``` An api key can be used like an opaque token, calling /jwt with it will return a valid jwt with the claims you specified during the post request to create it. diff --git a/auth/jwt.go b/auth/jwt.go index 7e78f875..4337bca9 100644 --- a/auth/jwt.go +++ b/auth/jwt.go @@ -34,6 +34,7 @@ func (h *Handler) CreateJwt(c echo.Context) error { if err != nil { return err } + c.Response().Header().Add("Authorization", fmt.Sprintf("Bearer %s", token)) return c.JSON(http.StatusOK, Jwt{ Token: &token, }) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index b02600d6..db6631d4 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -120,6 +120,7 @@ services: # Use this env var once we use mTLS for auth # - KYOO_URL=${KYOO_URL:-http://api:3567/api} - KYOO_URL=${KYOO_URL:-http://traefik:8901/api} + - KYOO_APIKEY=scanner-$KEIBI_APIKEY_SCANNER - JWKS_URL=http://auth:4568/.well-known/jwks.json - JWT_ISSUER=${PUBLIC_URL} volumes: diff --git a/docker-compose.yml b/docker-compose.yml index b8cd7c5e..c167991c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -77,6 +77,7 @@ services: # Use this env var once we use mTLS for auth # - KYOO_URL=${KYOO_URL:-http://api:3567/api} - KYOO_URL=${KYOO_URL:-http://traefik:8901/api} + - KYOO_APIKEY=scanner-$KEIBI_APIKEY_SCANNER - JWKS_URL=http://auth:4568/.well-known/jwks.json - JWT_ISSUER=${PUBLIC_URL} volumes: diff --git a/scanner/.env.example b/scanner/.env.example index 15b1a847..c547a8aa 100644 --- a/scanner/.env.example +++ b/scanner/.env.example @@ -11,7 +11,7 @@ LIBRARY_IGNORE_PATTERN=".*/[dD]ownloads?/.*" THEMOVIEDB_API_ACCESS_TOKEN="" KYOO_URL="http://api:3567/api" -KYOO_APIKEY="" +KYOO_APIKEY=scanner-$KEIBI_APIKEY_SCANNER JWKS_URL="http://auth:4568/.well-known/jwks.json" JWT_ISSUER=$PUBLIC_URL