Use an api key for the scanner

.env.example

@@ -50,11 +50,11 @@ GUEST_CLAIMS='{"permissions": ["core.read", "core.play"], "verified": true}'
 PROTECTED_CLAIMS="permissions,verified"
 
 
-# You can create apikeys at runtime via POST /apikey but you can also have some defined in the env.
+# You can create apikeys at runtime via POST /keys but you can also have some defined in the env.
 # Replace $YOURNAME with the name of the key you want (only alpha are valid)
 # The value will be the apikey (max 128 bytes)
-# KEIBI_APIKEY_$YOURNAME=oaeushtaoesunthoaensuth
+KEIBI_APIKEY_SCANNER=EJqUB8robwKwLNt37SuHqdcsNGrtwpfYxeExfiAbokpxZVd4WctWr7gnSZ
-# KEIBI_APIKEY_$YOURNAME_CLAIMS='{"permissions": ["users.read"]}'
+KEIBI_APIKEY_SCANNER_CLAIMS='{"permissions": ["core.write"]}'
 
 # To debug the front end, you can set the following to an external backend
 KYOO_URL=

auth/.env.example

@@ -19,7 +19,7 @@ PROTECTED_CLAIMS="permissions"
 # The url you can use to reach your kyoo instance. This is used during oidc to redirect users to your instance.
 PUBLIC_URL=http://localhost:8901
 
-# You can create apikeys at runtime via POST /apikey but you can also have some defined in the env.
+# You can create apikeys at runtime via POST /key but you can also have some defined in the env.
 # Replace $YOURNAME with the name of the key you want (only alpha are valid)
 # The value will be the apikey (max 128 bytes)
 # KEIBI_APIKEY_$YOURNAME=oaeushtaoesunthoaensuth

auth/README.md

@@ -60,8 +60,8 @@ GET `/users/$id/sessions` can be used by admins to list others session
 ### Api keys
 
 ```
-Get `/apikeys`
+Get `/keys`
-Post `/apikeys` {...claims} Create a new api keys with given claims
+Post `/keys` {...claims} Create a new api keys with given claims
 ```
 
 An api key can be used like an opaque token, calling /jwt with it will return a valid jwt with the claims you specified during the post request to create it.

auth/jwt.go

@@ -34,6 +34,7 @@ func (h *Handler) CreateJwt(c echo.Context) error {
 		if err != nil {
 			return err
 		}
+		c.Response().Header().Add("Authorization", fmt.Sprintf("Bearer %s", token))
 		return c.JSON(http.StatusOK, Jwt{
 			Token: &token,
 		})

docker-compose.dev.yml

@@ -120,6 +120,7 @@ services:
       # Use this env var once we use mTLS for auth
       # - KYOO_URL=${KYOO_URL:-http://api:3567/api}
       - KYOO_URL=${KYOO_URL:-http://traefik:8901/api}
+      - KYOO_APIKEY=scanner-$KEIBI_APIKEY_SCANNER
       - JWKS_URL=http://auth:4568/.well-known/jwks.json
       - JWT_ISSUER=${PUBLIC_URL}
     volumes:

docker-compose.yml

@@ -77,6 +77,7 @@ services:
       # Use this env var once we use mTLS for auth
       # - KYOO_URL=${KYOO_URL:-http://api:3567/api}
       - KYOO_URL=${KYOO_URL:-http://traefik:8901/api}
+      - KYOO_APIKEY=scanner-$KEIBI_APIKEY_SCANNER
       - JWKS_URL=http://auth:4568/.well-known/jwks.json
       - JWT_ISSUER=${PUBLIC_URL}
     volumes:

scanner/.env.example

@@ -11,7 +11,7 @@ LIBRARY_IGNORE_PATTERN=".*/[dD]ownloads?/.*"
 THEMOVIEDB_API_ACCESS_TOKEN=""
 
 KYOO_URL="http://api:3567/api"
-KYOO_APIKEY=""
+KYOO_APIKEY=scanner-$KEIBI_APIKEY_SCANNER
 
 JWKS_URL="http://auth:4568/.well-known/jwks.json"
 JWT_ISSUER=$PUBLIC_URL