Skip to content

Security

Jump to bottom
KiraLT edited this page Sep 13, 2021 · 8 revisions

UI & API protection

Authorization

API can be protected by setting the API key in the config. You will be required to enter a key each time you visit UI.

When using API, you will also need to provide Authorization header:

Authorization: Bearer <api key>

Steam API

When API key is provided, stream API is protected using JSON Web Token.

You can also have different key for streaming API using security.streamApi.key config parameter.

Example usage:

import { sign } from 'jsonwebtoken'

const url = `/stream/${encodeURIComponent(
    sign(
        {
            torrent: '08ada5a7a6183aae1e09d831df6748d566095a10',
            fileType: 'video',
        },
        key
    )
)}`

This API will have encoded parameters, so it's safe to share it publicly. It will automatically expire (configurable via security.streamApi.maxAge).

Clone this wiki locally