bretton.dev
A community based topic aggregation platform built on atproto
1#!/bin/bash
2#
3# Step 5: Create API Key for Aggregator
4#
5# This script guides you through generating an API key for your aggregator.
6# API keys are used for authentication instead of PDS JWTs.
7#
8# Prerequisites:
9# - Completed steps 1-4 (PDS account, .well-known, Coves registration, service declaration)
10# - Aggregator indexed by Coves (check: curl https://coves.social/xrpc/social.coves.aggregator.get?did=YOUR_DID)
11#
12# Usage: ./5-create-api-key.sh
13#
14
15set -e
16
17# Colors for output
18RED='\033[0;31m'
19GREEN='\033[0;32m'
20YELLOW='\033[1;33m'
21BLUE='\033[0;34m'
22NC='\033[0m' # No Color
23
24echo -e "${BLUE}╔════════════════════════════════════════════════════════════╗${NC}"
25echo -e "${BLUE}║ Coves Aggregator - Step 5: Create API Key ║${NC}"
26echo -e "${BLUE}╚════════════════════════════════════════════════════════════╝${NC}"
27echo
28
29# Load existing configuration
30CONFIG_FILE="aggregator-config.env"
31if [ -f "$CONFIG_FILE" ]; then
32 echo -e "${GREEN}✓${NC} Loading existing configuration from $CONFIG_FILE"
33 source "$CONFIG_FILE"
34else
35 echo -e "${YELLOW}⚠${NC} No $CONFIG_FILE found. Please run steps 1-4 first."
36 echo
37 read -p "Enter your Coves instance URL [https://coves.social]: " COVES_INSTANCE_URL
38 COVES_INSTANCE_URL=${COVES_INSTANCE_URL:-https://coves.social}
39fi
40
41echo
42echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
43echo -e "${YELLOW} API Key Generation Process${NC}"
44echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
45echo
46echo "API keys allow your aggregator to authenticate without managing"
47echo "OAuth token refresh. The key is shown ONCE and cannot be retrieved later."
48echo
49echo -e "${BLUE}Steps:${NC}"
50echo "1. Complete OAuth login in your browser"
51echo "2. Call the createApiKey endpoint"
52echo "3. Save the key securely"
53echo
54
55# Check if aggregator is indexed
56echo -e "${BLUE}Checking if aggregator is indexed...${NC}"
57if [ -n "$AGGREGATOR_DID" ]; then
58 AGGREGATOR_CHECK=$(curl -s "${COVES_INSTANCE_URL}/xrpc/social.coves.aggregator.get?did=${AGGREGATOR_DID}" 2>/dev/null || echo "error")
59 if echo "$AGGREGATOR_CHECK" | grep -q "error"; then
60 echo -e "${YELLOW}⚠${NC} Could not verify aggregator status. Proceeding anyway..."
61 else
62 echo -e "${GREEN}✓${NC} Aggregator found in Coves instance"
63 fi
64fi
65
66echo
67echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
68echo -e "${YELLOW} Step 5.1: OAuth Login${NC}"
69echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
70echo
71echo "Open this URL in your browser to authenticate:"
72echo
73AGGREGATOR_HANDLE=${AGGREGATOR_HANDLE:-"your-aggregator.example.com"}
74echo -e " ${BLUE}${COVES_INSTANCE_URL}/oauth/login?handle=${AGGREGATOR_HANDLE}${NC}"
75echo
76echo "This will:"
77echo " 1. Redirect you to your PDS for authentication"
78echo " 2. Return you to Coves with an OAuth session"
79echo
80echo -e "${YELLOW}After authenticating, press Enter to continue...${NC}"
81read
82
83echo
84echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
85echo -e "${YELLOW} Step 5.2: Create API Key${NC}"
86echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
87echo
88echo "In your browser's Developer Console (F12 → Console), run:"
89echo
90echo -e "${GREEN}fetch('/xrpc/social.coves.aggregator.createApiKey', {"
91echo " method: 'POST',"
92echo " credentials: 'include'"
93echo "})"
94echo ".then(r => r.json())"
95echo -e ".then(data => console.log('API Key:', data.key))${NC}"
96echo
97echo "This will return your API key. It looks like:"
98echo " ckapi_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
99echo
100echo -e "${RED}⚠ IMPORTANT: Save this key immediately! It cannot be retrieved again.${NC}"
101echo
102read -p "Enter the API key you received: " API_KEY
103
104# Validate API key format
105if [[ ! $API_KEY =~ ^ckapi_[a-f0-9]{64}$ ]]; then
106 echo -e "${RED}✗ Invalid API key format. Expected: ckapi_ followed by 64 hex characters${NC}"
107 echo " Example: ckapi_dcbdec0a0d1b3c440125547d21fe582bbf1587d2dcd364c56ad285af841cc934"
108 exit 1
109fi
110
111echo -e "${GREEN}✓${NC} API key format valid"
112
113# Save to config
114echo
115echo "COVES_API_KEY=\"$API_KEY\"" >> "$CONFIG_FILE"
116echo -e "${GREEN}✓${NC} API key saved to $CONFIG_FILE"
117
118echo
119echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
120echo -e "${YELLOW} Step 5.3: Update Your .env File${NC}"
121echo -e "${YELLOW}═══════════════════════════════════════════════════════════${NC}"
122echo
123echo "Update your aggregator's .env file with:"
124echo
125echo -e "${GREEN}COVES_API_KEY=${API_KEY}${NC}"
126echo -e "${GREEN}COVES_API_URL=${COVES_INSTANCE_URL}${NC}"
127echo
128echo "You can remove the old AGGREGATOR_HANDLE and AGGREGATOR_PASSWORD variables."
129echo
130
131echo
132echo -e "${GREEN}╔════════════════════════════════════════════════════════════╗${NC}"
133echo -e "${GREEN}║ Setup Complete! ║${NC}"
134echo -e "${GREEN}╚════════════════════════════════════════════════════════════╝${NC}"
135echo
136echo "Your aggregator is now configured with API key authentication."
137echo
138echo "Next steps:"
139echo " 1. Update your aggregator's .env file with COVES_API_KEY"
140echo " 2. Rebuild your Docker container: docker compose build --no-cache"
141echo " 3. Start the aggregator: docker compose up -d"
142echo " 4. Check logs: docker compose logs -f"
143echo
144echo -e "${YELLOW}Security Reminders:${NC}"
145echo " - Never commit your API key to version control"
146echo " - Store it securely (environment variables or secrets manager)"
147echo " - Rotate periodically by generating a new key (revokes the old one)"
148echo