Add jwt verification on the api

2025-12-06 06:36:25 +00:00 · 2024-11-07 11:34:22 +01:00
parent 6d13f0610b
commit e7ed36caff
4 changed files with 21 additions and 0 deletions
--- a/api/.env.example
+++ b/api/.env.example
@@ -1,6 +1,11 @@
 # vi: ft=sh
 # shellcheck disable=SC2034

+# either an hard-coded secret to decode jwts or empty to use keibi's public secret.
+# this should only be used in tests
+JWT_SECRET=
+# keibi's server to retrive the public jwt secret
+AUHT_SERVER=http://auth:4568

 POSTGRES_USER=kyoo
 POSTGRES_PASSWORD=password