Add traefik middleware for phantom-tokens

api/.env.example

@@ -1,6 +1,8 @@
 # vi: ft=sh
 # shellcheck disable=SC2034
 
+KYOO_PREFIX=/api
+
 # either an hard-coded secret to decode jwts or empty to use keibi's public secret.
 # this should only be used in tests
 JWT_SECRET=

api/Dockerfile

@@ -24,6 +24,6 @@ WORKDIR /app
 COPY --from=builder /app/server server
 
 ENV NODE_ENV=production
-EXPOSE 3000
+EXPOSE 3567
 CMD ["./server"]
 

api/Dockerfile.dev

@@ -0,0 +1,10 @@
+FROM oven/bun AS builder
+WORKDIR /app
+
+COPY package.json bun.lock .
+COPY patches patches
+RUN bun install --production
+
+EXPOSE 3567
+CMD ["bun", "dev"]
+

api/src/elysia.ts

@@ -46,7 +46,7 @@ export const base = new Elysia({ name: "base" })
 	})
 	.as("plugin");
 
-export const app = new Elysia()
+export const app = new Elysia({ prefix: process.env.KYOO_PREFIX })
 	.use(base)
 	.use(showsH)
 	.use(movies)

api/src/index.ts

@@ -77,6 +77,6 @@ app
 			},
 		}),
 	)
-	.listen(3000);
+	.listen(3567);
 
 console.log(`Api running at ${app.server?.hostname}:${app.server?.port}`);

docker-compose.dev-v5.yml

@@ -0,0 +1,186 @@
+x-transcoder: &transcoder-base
+  build:
+    context: ./transcoder
+    dockerfile: Dockerfile.dev
+  networks:
+    default:
+      aliases:
+        - transcoder
+  ports:
+    - "7666:7666"
+  restart: on-failure
+  cpus: 1
+  env_file:
+    - ./.env
+  environment:
+    - GOCODER_PREFIX=/video
+  volumes:
+    - ./transcoder:/app
+    - ${LIBRARY_ROOT}:/video:ro
+    - ${CACHE_ROOT}:/cache
+    - transcoder_metadata:/metadata
+
+services:
+  front:
+    build:
+      context: ./front
+      dockerfile: Dockerfile.dev
+    volumes:
+      - ./front:/app
+      - /app/.yarn
+      - /app/node_modules
+      - /app/apps/mobile/node_modules
+      - /app/apps/web/.next/
+      - /app/apps/mobile/.expo/
+    ports:
+      - "3000:3000"
+      - "8081:8081"
+    restart: on-failure
+    environment:
+      - KYOO_URL=${KYOO_URL:-http://back:5000/api}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.front.rule=PathPrefix(`/`)"
+
+  auth:
+    build:
+      context: ./auth
+      dockerfile: Dockerfile.dev
+    restart: on-failure
+    depends_on:
+      postgres:
+        condition: service_healthy
+    ports:
+      - "4568:4568"
+    env_file:
+      - ./.env
+    environment:
+      - KEIBI_PREFIX=/auth
+    volumes:
+      - ./auth:/app
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.auth.rule=PathPrefix(`/auth/`)"
+
+  api:
+    build:
+      context: ./api
+      dockerfile: Dockerfile.dev
+    restart: on-failure
+    depends_on:
+      postgres:
+        condition: service_healthy
+    volumes:
+      - ./api:/app
+      - /app/node_modules
+    ports:
+      - "3567:3567"
+    environment:
+      - KYOO_PREFIX=/api
+    env_file:
+      - ./.env
+    labels:
+      - "traefik.http.routers.api.middlewares=api-sp"
+
+  # scanner:
+  #   build: ./scanner
+  #   restart: on-failure
+  #   depends_on:
+  #     back:
+  #       condition: service_healthy
+  #   env_file:
+  #     - ./.env
+  #   environment:
+  #     - KYOO_URL=${KYOO_URL:-http://back:5000/api}
+  #   volumes:
+  #     - ${LIBRARY_ROOT}:/video:ro
+  #
+  # matcher:
+  #   build: ./scanner
+  #   command: matcher
+  #   restart: on-failure
+  #   depends_on:
+  #     back:
+  #       condition: service_healthy
+  #   env_file:
+  #     - ./.env
+  #   environment:
+  #     - KYOO_URL=${KYOO_URL:-http://back:5000/api}
+
+  transcoder:
+    <<: *transcoder-base
+    profiles: ['', 'cpu']
+
+  transcoder-nvidia:
+    <<: *transcoder-base
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - capabilities: [gpu]
+              driver: cdi
+              device_ids:
+                - nvidia.com/gpu=all
+    environment:
+      - GOCODER_PREFIX=/video
+      - GOCODER_HWACCEL=nvidia
+    profiles: ['nvidia']
+
+  transcoder-vaapi:
+    <<: *transcoder-base
+    devices:
+      - /dev/dri:/dev/dri
+    environment:
+      - GOCODER_PREFIX=/video
+      - GOCODER_HWACCEL=vaapi
+      - GOCODER_VAAPI_RENDERER=${GOCODER_VAAPI_RENDERER:-/dev/dri/renderD128}
+    profiles: ['vaapi']
+  # qsv is the same setup as vaapi but with the hwaccel env var different
+  transcoder-qsv:
+    <<: *transcoder-base
+    devices:
+      - /dev/dri:/dev/dri
+    environment:
+      - GOCODER_PREFIX=/video
+      - GOCODER_HWACCEL=qsv
+      - GOCODER_VAAPI_RENDERER=${GOCODER_VAAPI_RENDERER:-/dev/dri/renderD128}
+    profiles: ['qsv']
+
+  traefik:
+    image: traefik:v3.3
+    restart: on-failure
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entryPoints.web.address=:8901"
+      - "--accesslog=true"
+    ports:
+      - "8901:8901"
+    labels:
+       - "traefik.http.middlewares.phantom-token.forwardauth.address=https://auth/auth"
+       - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization"
+       - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authroization,X-Api-Key"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+  postgres:
+    image: postgres:15
+    restart: on-failure
+    env_file:
+      - ./.env
+    volumes:
+      - db:/var/lib/postgresql/data
+    ports:
+      - "5432:5432"
+    environment:
+     - POSTGRES_HOST_AUTH_METHOD=trust
+    command: ["postgres", "-c", "log_statement=all"]
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  db:
+  transcoder_metadata: