Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-11-21 05:53:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

Use an api key for the scanner

Browse Source
This commit is contained in:
Zoe Roux 2025-11-02 23:40:54 +01:00
parent 509e7c08cd
commit 31500dc3c5
No known key found for this signature in database
7 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.env.example
View File

@ -50,11 +50,11 @@ GUEST_CLAIMS='{"permissions": ["core.read", "core.play"], "verified": true}'
PROTECTED_CLAIMS="permissions,verified" PROTECTED_CLAIMS="permissions,verified"
# You can create apikeys at runtime via POST /apikey but you can also have some defined in the env. # You can create apikeys at runtime via POST /keys but you can also have some defined in the env.
# Replace $YOURNAME with the name of the key you want (only alpha are valid) # Replace $YOURNAME with the name of the key you want (only alpha are valid)
# The value will be the apikey (max 128 bytes) # The value will be the apikey (max 128 bytes)
# KEIBI_APIKEY_$YOURNAME=oaeushtaoesunthoaensuth KEIBI_APIKEY_SCANNER=EJqUB8robwKwLNt37SuHqdcsNGrtwpfYxeExfiAbokpxZVd4WctWr7gnSZ
# KEIBI_APIKEY_$YOURNAME_CLAIMS='{"permissions": ["users.read"]}' KEIBI_APIKEY_SCANNER_CLAIMS='{"permissions": ["core.write"]}'
# To debug the front end, you can set the following to an external backend # To debug the front end, you can set the following to an external backend
KYOO_URL= KYOO_URL=

2
auth/.env.example
View File

@ -19,7 +19,7 @@ PROTECTED_CLAIMS="permissions"
# The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance. # The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance.
PUBLIC_URL=http://localhost:8901 PUBLIC_URL=http://localhost:8901
# You can create apikeys at runtime via POST /apikey but you can also have some defined in the env. # You can create apikeys at runtime via POST /key but you can also have some defined in the env.
# Replace $YOURNAME with the name of the key you want (only alpha are valid) # Replace $YOURNAME with the name of the key you want (only alpha are valid)
# The value will be the apikey (max 128 bytes) # The value will be the apikey (max 128 bytes)
# KEIBI_APIKEY_$YOURNAME=oaeushtaoesunthoaensuth # KEIBI_APIKEY_$YOURNAME=oaeushtaoesunthoaensuth

4
auth/README.md
View File

@ -60,8 +60,8 @@ GET `/users/$id/sessions` can be used by admins to list others session
### Api keys ### Api keys
``` ```
Get `/apikeys` Get `/keys`
Post `/apikeys` {...claims} Create a new api keys with given claims Post `/keys` {...claims} Create a new api keys with given claims
``` ```
An api key can be used like an opaque token, calling /jwt with it will return a valid jwt with the claims you specified during the post request to create it. An api key can be used like an opaque token, calling /jwt with it will return a valid jwt with the claims you specified during the post request to create it.

1
auth/jwt.go
View File

@ -34,6 +34,7 @@ func (h *Handler) CreateJwt(c echo.Context) error {
if err != nil { if err != nil {
return err return err
} }
c.Response().Header().Add("Authorization", fmt.Sprintf("Bearer %s", token))
return c.JSON(http.StatusOK, Jwt{ return c.JSON(http.StatusOK, Jwt{
Token: &token, Token: &token,
}) })

1
docker-compose.dev.yml
View File

@ -120,6 +120,7 @@ services:
# Use this env var once we use mTLS for auth # Use this env var once we use mTLS for auth
# - KYOO_URL=${KYOO_URL:-http://api:3567/api} # - KYOO_URL=${KYOO_URL:-http://api:3567/api}
- KYOO_URL=${KYOO_URL:-http://traefik:8901/api} - KYOO_URL=${KYOO_URL:-http://traefik:8901/api}
- KYOO_APIKEY=scanner-$KEIBI_APIKEY_SCANNER
- JWKS_URL=http://auth:4568/.well-known/jwks.json - JWKS_URL=http://auth:4568/.well-known/jwks.json
- JWT_ISSUER=${PUBLIC_URL} - JWT_ISSUER=${PUBLIC_URL}
volumes: volumes:

1
docker-compose.yml
View File

@ -77,6 +77,7 @@ services:
# Use this env var once we use mTLS for auth # Use this env var once we use mTLS for auth
# - KYOO_URL=${KYOO_URL:-http://api:3567/api} # - KYOO_URL=${KYOO_URL:-http://api:3567/api}
- KYOO_URL=${KYOO_URL:-http://traefik:8901/api} - KYOO_URL=${KYOO_URL:-http://traefik:8901/api}
- KYOO_APIKEY=scanner-$KEIBI_APIKEY_SCANNER
- JWKS_URL=http://auth:4568/.well-known/jwks.json - JWKS_URL=http://auth:4568/.well-known/jwks.json
- JWT_ISSUER=${PUBLIC_URL} - JWT_ISSUER=${PUBLIC_URL}
volumes: volumes:

2
scanner/.env.example
View File

@ -11,7 +11,7 @@ LIBRARY_IGNORE_PATTERN=".*/[dD]ownloads?/.*"
THEMOVIEDB_API_ACCESS_TOKEN="" THEMOVIEDB_API_ACCESS_TOKEN=""
KYOO_URL="http://api:3567/api" KYOO_URL="http://api:3567/api"
KYOO_APIKEY="" KYOO_APIKEY=scanner-$KEIBI_APIKEY_SCANNER
JWKS_URL="http://auth:4568/.well-known/jwks.json" JWKS_URL="http://auth:4568/.well-known/jwks.json"
JWT_ISSUER=$PUBLIC_URL JWT_ISSUER=$PUBLIC_URL