From bfff40914271cf1da1b9de9b0da531b531ddd3f9 Mon Sep 17 00:00:00 2001 From: Arthur Jamet <60505370+Arthi-chaud@users.noreply.github.com> Date: Wed, 23 Jul 2025 13:49:52 +0100 Subject: [PATCH] Transcoder: If empty JWKS env var, do not enable JWKS (#1025) --- docker-compose.dev.yml | 2 ++ transcoder/main.go | 64 ++++++++++++++++++++------------------ transcoder/src/settings.go | 2 +- 3 files changed, 36 insertions(+), 32 deletions(-) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 1450533e..ba31ef90 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -10,6 +10,8 @@ x-transcoder: &transcoder-base - "7666:7666" restart: unless-stopped cpus: 1 + environment: + - JWKS_URL=http://auth:4568/.well-known/jwks.json env_file: - ./.env volumes: diff --git a/transcoder/main.go b/transcoder/main.go index a8492d25..84de3650 100644 --- a/transcoder/main.go +++ b/transcoder/main.go @@ -76,40 +76,42 @@ func main() { return } - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - jwks, err := jwk.NewCache(ctx, httprc.NewClient()) - if err != nil { - e.Logger.Fatal("failed to create jwk cache: ", err) - return - } - jwks.Register(ctx, src.Settings.JwksUrl) - g := e.Group("/video") - g.Use(echojwt.WithConfig(echojwt.Config{ - KeyFunc: func(token *jwt.Token) (any, error) { - keys, err := jwks.CachedSet(src.Settings.JwksUrl) - if err != nil { - return nil, err - } - kid, ok := token.Header["kid"].(string) - if !ok { - return nil, errors.New("missing kid in jwt") - } - key, found := keys.LookupKeyID(kid) - if !found { - return nil, fmt.Errorf("unable to find key %q", kid) - } - var pubkey interface{} - if err := jwk.Export(key, &pubkey); err != nil { - return nil, fmt.Errorf("Unable to get the public key. Error: %s", err.Error()) - } + if src.Settings.JwksUrl != "" { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() - return pubkey, nil - }, - })) + jwks, err := jwk.NewCache(ctx, httprc.NewClient()) + if err != nil { + e.Logger.Fatal("failed to create jwk cache: ", err) + return + } + jwks.Register(ctx, src.Settings.JwksUrl) + g.Use(echojwt.WithConfig(echojwt.Config{ + KeyFunc: func(token *jwt.Token) (any, error) { + keys, err := jwks.CachedSet(src.Settings.JwksUrl) + if err != nil { + return nil, err + } + kid, ok := token.Header["kid"].(string) + if !ok { + return nil, errors.New("missing kid in jwt") + } + key, found := keys.LookupKeyID(kid) + if !found { + return nil, fmt.Errorf("unable to find key %q", kid) + } + + var pubkey interface{} + if err := jwk.Export(key, &pubkey); err != nil { + return nil, fmt.Errorf("Unable to get the public key. Error: %s", err.Error()) + } + + return pubkey, nil + }, + })) + } api.RegisterStreamHandlers(g, transcoder) api.RegisterMetadataHandlers(g, metadata) diff --git a/transcoder/src/settings.go b/transcoder/src/settings.go index be2d1771..8df27585 100644 --- a/transcoder/src/settings.go +++ b/transcoder/src/settings.go @@ -32,6 +32,6 @@ var Settings = SettingsT{ // we manually add a folder to make sure we do not delete user data. Outpath: path.Join(GetEnvOr("GOCODER_CACHE_ROOT", "/cache"), "kyoo_cache"), SafePath: GetEnvOr("GOCODER_SAFE_PATH", "/video"), - JwksUrl: GetEnvOr("JWKS_URL", "http://auth:4568/.well-known/jwks.json"), + JwksUrl: os.Getenv("JWKS_URL"), HwAccel: DetectHardwareAccel(), }