Add jwt verification on the api

api/.env.example

@@ -1,6 +1,11 @@
 # vi: ft=sh
 # shellcheck disable=SC2034
 
+# either an hard-coded secret to decode jwts or empty to use keibi's public secret.
+# this should only be used in tests
+JWT_SECRET=
+# keibi's server to retrive the public jwt secret
+AUHT_SERVER=http://auth:4568
 
 POSTGRES_USER=kyoo
 POSTGRES_PASSWORD=password

api/package.json

@@ -8,6 +8,7 @@
 		"test": "bun test"
 	},
 	"dependencies": {
+		"@elysiajs/jwt": "^1.1.1",
 		"@elysiajs/swagger": "^1.1.5",
 		"drizzle-kit": "^0.26.2",
 		"drizzle-orm": "^0.35.3",

api/src/index.ts

@@ -3,10 +3,25 @@ import { swagger } from "@elysiajs/swagger";
 import { db } from "./db";
 import { migrate } from "drizzle-orm/node-postgres/migrator";
 import { movies } from "./controllers/movies";
+import jwt from "@elysiajs/jwt";
 
 await migrate(db, { migrationsFolder: "" });
 
+let secret = process.env.JWT_SECRET;
+if (!secret) {
+	const auth = process.env.AUTH_SERVER ?? "http://auth:4568";
+	const ret = await fetch(`${auth}/info`);
+	const info = await ret.json();
+	secret = info.publicKey;
+}
+
+if (!secret) {
+	console.error("missing jwt secret or auth server. exiting");
+	process.exit(1);
+}
+
 const app = new Elysia()
+	.use(jwt({ secret }))
 	.use(swagger())
 	.get("/", () => "Hello Elysia")
 	.use(movies)