From d64d8a0d578bfe50fbd16b0bdbcdcfa39b4ca7cb Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Fri, 13 Feb 2026 15:02:20 -0700 Subject: [PATCH] feat: add internal API key for rSpace service-to-service auth pushShapesToCanvas now sends X-Internal-Key header from RSPACE_INTERNAL_KEY env var for authenticated canvas writes. Co-Authored-By: Claude Opus 4.6 --- docker-compose.yml | 1 + src/lib/canvas-sync.ts | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index a0cee7f..160c5e0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,7 @@ services: - NEXT_PUBLIC_RSPACE_URL=${NEXT_PUBLIC_RSPACE_URL:-https://rspace.online} - RSPACE_INTERNAL_URL=${RSPACE_INTERNAL_URL:-http://rspace-online:3000} - NEXT_PUBLIC_ENCRYPTID_SERVER_URL=${NEXT_PUBLIC_ENCRYPTID_SERVER_URL:-https://encryptid.jeffemmett.com} + - RSPACE_INTERNAL_KEY=${RSPACE_INTERNAL_KEY} volumes: - uploads_data:/app/uploads labels: diff --git a/src/lib/canvas-sync.ts b/src/lib/canvas-sync.ts index 2e9ef7e..da848ca 100644 --- a/src/lib/canvas-sync.ts +++ b/src/lib/canvas-sync.ts @@ -23,10 +23,17 @@ export async function pushShapesToCanvas( rspaceUrl?: string ): Promise { const baseUrl = rspaceUrl || process.env.RSPACE_INTERNAL_URL || 'http://rspace-online:3000'; + const headers: Record = { 'Content-Type': 'application/json' }; + + // Use internal API key for service-to-service auth + const internalKey = process.env.RSPACE_INTERNAL_KEY; + if (internalKey) { + headers['X-Internal-Key'] = internalKey; + } const response = await fetch(`${baseUrl}/api/communities/${canvasSlug}/shapes`, { method: 'POST', - headers: { 'Content-Type': 'application/json' }, + headers, body: JSON.stringify({ shapes }), });