feat: added auth by api key

2026-03-23 12:07:57 +03:00
parent 71d5a38f21
commit f26135ca25
4 changed files with 46 additions and 19 deletions
@@ -39,6 +39,10 @@ struct Args {
    /// OIDC Session Secret (32+ chars, for HMAC). Random if not provided.
    #[arg(long, env = "FURUMI_PLAYER_OIDC_SESSION_SECRET")]
    oidc_session_secret: Option<String>,
+
+    /// API key for x-api-key header auth (alternative to OIDC session)
+    #[arg(long, env = "FURUMI_PLAYER_API_KEY")]
+    api_key: Option<String>,
 }

 #[tokio::main]
@@ -90,10 +94,15 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
        std::process::exit(1);
    });

+    if args.api_key.is_some() {
+        tracing::info!("x-api-key auth: enabled");
+    }
+
    let state = Arc::new(web::AppState {
        pool,
        storage_dir: Arc::new(args.storage_dir),
        oidc: oidc_state,
+        api_key: args.api_key,
    });

    tracing::info!("Web player: http://{}", bind_addr);