Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-07-31 14:33:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

Transcoder: If empty JWKS env var, do not enable JWKS (#1025)

Browse Source
This commit is contained in:
Arthur Jamet 2025-07-23 13:49:52 +01:00 committed by GitHub
parent e9a34967f1
commit bfff409142
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 36 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose.dev.yml
View File

@ -10,6 +10,8 @@ x-transcoder: &transcoder-base
- "7666:7666" - "7666:7666"
restart: unless-stopped restart: unless-stopped
cpus: 1 cpus: 1
environment:
- JWKS_URL=http://auth:4568/.well-known/jwks.json
env_file: env_file:
- ./.env - ./.env
volumes: volumes:

64
transcoder/main.go
View File

@ -76,40 +76,42 @@ func main() {
return return
} }
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
jwks, err := jwk.NewCache(ctx, httprc.NewClient())
if err != nil {
e.Logger.Fatal("failed to create jwk cache: ", err)
return
}
jwks.Register(ctx, src.Settings.JwksUrl)
g := e.Group("/video") g := e.Group("/video")
g.Use(echojwt.WithConfig(echojwt.Config{
KeyFunc: func(token *jwt.Token) (any, error) {
keys, err := jwks.CachedSet(src.Settings.JwksUrl)
if err != nil {
return nil, err
}
kid, ok := token.Header["kid"].(string)
if !ok {
return nil, errors.New("missing kid in jwt")
}
key, found := keys.LookupKeyID(kid)
if !found {
return nil, fmt.Errorf("unable to find key %q", kid)
}
var pubkey interface{} if src.Settings.JwksUrl != "" {
if err := jwk.Export(key, &pubkey); err != nil { ctx, cancel := context.WithCancel(context.Background())
return nil, fmt.Errorf("Unable to get the public key. Error: %s", err.Error()) defer cancel()
}
return pubkey, nil jwks, err := jwk.NewCache(ctx, httprc.NewClient())
}, if err != nil {
})) e.Logger.Fatal("failed to create jwk cache: ", err)
return
}
jwks.Register(ctx, src.Settings.JwksUrl)
g.Use(echojwt.WithConfig(echojwt.Config{
KeyFunc: func(token *jwt.Token) (any, error) {
keys, err := jwks.CachedSet(src.Settings.JwksUrl)
if err != nil {
return nil, err
}
kid, ok := token.Header["kid"].(string)
if !ok {
return nil, errors.New("missing kid in jwt")
}
key, found := keys.LookupKeyID(kid)
if !found {
return nil, fmt.Errorf("unable to find key %q", kid)
}
var pubkey interface{}
if err := jwk.Export(key, &pubkey); err != nil {
return nil, fmt.Errorf("Unable to get the public key. Error: %s", err.Error())
}
return pubkey, nil
},
}))
}
api.RegisterStreamHandlers(g, transcoder) api.RegisterStreamHandlers(g, transcoder)
api.RegisterMetadataHandlers(g, metadata) api.RegisterMetadataHandlers(g, metadata)

2
transcoder/src/settings.go
View File

@ -32,6 +32,6 @@ var Settings = SettingsT{
// we manually add a folder to make sure we do not delete user data. // we manually add a folder to make sure we do not delete user data.
Outpath: path.Join(GetEnvOr("GOCODER_CACHE_ROOT", "/cache"), "kyoo_cache"), Outpath: path.Join(GetEnvOr("GOCODER_CACHE_ROOT", "/cache"), "kyoo_cache"),
SafePath: GetEnvOr("GOCODER_SAFE_PATH", "/video"), SafePath: GetEnvOr("GOCODER_SAFE_PATH", "/video"),
JwksUrl: GetEnvOr("JWKS_URL", "http://auth:4568/.well-known/jwks.json"), JwksUrl: os.Getenv("JWKS_URL"),
HwAccel: DetectHardwareAccel(), HwAccel: DetectHardwareAccel(),
} }