Add API key authentication and TLS support

API Authentication (v4.2.1): - API key auth via X-API-Key header - Keys hashed (SHA-256) and stored in ~/.stegasoo/api_keys.json - Auth disabled when no keys configured - Protected endpoints: encode, decode, generate, channel/*, compare, etc. - Public endpoints: /, /docs, /modes, /auth/status, /channel/status TLS Support: - Auto-generates self-signed certs on first run - Certs include localhost, local IPs, hostname.local - Stored in ~/.stegasoo/certs/ CLI Commands: - stegasoo api keys list/create/delete - stegasoo api tls generate/info - stegasoo api serve (starts with TLS by default) Updated systemd service to use TLS. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-11 18:03:51 -05:00
parent 3b5ab41ce9
commit 34ede3815f
5 changed files with 699 additions and 15 deletions
--- a/aur/PKGBUILD
+++ b/aur/PKGBUILD
@@ -98,7 +98,7 @@ EOF

    install -Dm644 /dev/stdin "$pkgdir/usr/lib/systemd/system/stegasoo-api.service" <<EOF
 [Unit]
-Description=Stegasoo REST API
+Description=Stegasoo REST API (HTTPS)
 After=network.target

 [Service]
@@ -106,7 +106,11 @@ Type=simple
 User=stegasoo
 WorkingDirectory=/opt/stegasoo/venv/lib/python${pyver}/site-packages/frontends/api
 Environment="PATH=/opt/stegasoo/venv/bin"
-ExecStart=/opt/stegasoo/venv/bin/uvicorn main:app --host 127.0.0.1 --port 8000
+Environment="HOME=/opt/stegasoo"
+# TLS enabled by default - certs auto-generated on first run
+# Use stegasoo api tls generate to pre-generate certs
+# Use stegasoo api keys create <name> to create API keys
+ExecStart=/opt/stegasoo/venv/bin/stegasoo api serve --host 127.0.0.1 --port 8000
 Restart=on-failure
 RestartSec=5