Security
API can be protected by setting the API key in the config. You will be required to enter key each time you visit UI.
When using API, you will also need to provide Authorization header:
Authorization: Bearer <api key>When API key is provided, stream API is protected using JSON Web Token.
You can also have different key for streaming API using security.streamApi.key config parameter.
Example usage:
import { sign } from 'jsonwebtoken'
const url = `/stream/${encodeURIComponent(
sign(
{
torrent: '08ada5a7a6183aae1e09d831df6748d566095a10',
fileType: 'video',
},
key
)
)}`This API will have encoded parameters, so it's safe to share it publicly. It will automatically expire (configurable via security.streamApi.maxAge).