From be5148915fe8663f17524da955237324f070b49c Mon Sep 17 00:00:00 2001
From: Frank Hamand <frankhamand@gmail.com>
Date: Wed, 19 Jun 2024 14:25:55 +0200
Subject: [PATCH] feat: add api_token to livestream jwt claims (#23082)

* feat: add api_token to livestream jwt claim

this will allow us to drop the postgres dependency soon

* add continuous deployment for livestream
---
 .github/workflows/livestream-docker-image.yml | 54 +++++++++----------
 livestream/configs.go                         |  7 +++
 livestream/jwt.go                             |  2 +-
 livestream/main.go                            |  6 +--
 posthog/api/team.py                           |  2 +-
 5 files changed, 37 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/livestream-docker-image.yml b/.github/workflows/livestream-docker-image.yml
index b9874bb75a8..231a76ddaf5 100644
--- a/.github/workflows/livestream-docker-image.yml
+++ b/.github/workflows/livestream-docker-image.yml
@@ -58,31 +58,31 @@ jobs:
                   tags: ${{ steps.meta.outputs.tags }}
                   labels: ${{ steps.meta.outputs.labels }}
 
-    # deploy:
-    #   runs-on: ubuntu-latest
-    #   needs: build
-    #   steps:
-    #   - name: get deployer token
-    #     id: deployer
-    #     uses: getsentry/action-github-app-token@v3
-    #     with:
-    #         app_id: ${{ secrets.DEPLOYER_APP_ID }}
-    #         private_key: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
+    deploy:
+        runs-on: ubuntu-latest
+        needs: build
+        steps:
+            - name: get deployer token
+              id: deployer
+              uses: getsentry/action-github-app-token@v3
+              with:
+                  app_id: ${{ secrets.DEPLOYER_APP_ID }}
+                  private_key: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
 
-    #   - name: Trigger livestream deployment
-    #     uses: peter-evans/repository-dispatch@v3
-    #     with:
-    #         token: ${{ steps.deployer.outputs.token }}
-    #         repository: PostHog/charts
-    #         event-type: commit_state_update
-    #         client-payload: |
-    #             {
-    #               "values": {
-    #                 "image": {
-    #                   "sha": "${{ needs.build.outputs.sha }}"
-    #                 }
-    #               },
-    #               "release": "livestream",
-    #               "commit": ${{ toJson(github.event.head_commit) }},
-    #               "repository": ${{ toJson(github.repository) }}
-    #             }
+            - name: Trigger livestream deployment
+              uses: peter-evans/repository-dispatch@v3
+              with:
+                  token: ${{ steps.deployer.outputs.token }}
+                  repository: PostHog/charts
+                  event-type: commit_state_update
+                  client-payload: |
+                      {
+                        "values": {
+                          "image": {
+                            "sha": "${{ needs.build.outputs.sha }}"
+                          }
+                        },
+                        "release": "livestream",
+                        "commit": ${{ toJson(github.event.head_commit) }},
+                        "repository": ${{ toJson(github.repository) }}
+                      }
diff --git a/livestream/configs.go b/livestream/configs.go
index 3b704bb0ed5..8aa6cce0329 100644
--- a/livestream/configs.go
+++ b/livestream/configs.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/fsnotify/fsnotify"
 	"github.com/spf13/viper"
@@ -23,4 +24,10 @@ func loadConfigs() {
 		fmt.Println("Config file changed:", e.Name)
 	})
 	viper.WatchConfig()
+
+	viper.SetEnvPrefix("livestream") // will be uppercased automatically
+	replacer := strings.NewReplacer(".", "_")
+	viper.SetEnvKeyReplacer(replacer)
+	viper.BindEnv("jwt.secret")   // read from LIVESTREAM_JWT_SECRET
+	viper.BindEnv("postgres.url") // read from LIVESTREAM_POSTGRES_URL
 }
diff --git a/livestream/jwt.go b/livestream/jwt.go
index 7adbefed296..7ddb73d05d0 100644
--- a/livestream/jwt.go
+++ b/livestream/jwt.go
@@ -31,7 +31,7 @@ func decodeAuthToken(authHeader string) (jwt.MapClaims, error) {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
 		// Here you should specify the secret used to sign your JWTs.
-		return []byte(viper.GetString("jwt.token")), nil
+		return []byte(viper.GetString("jwt.secret")), nil
 	})
 
 	if err != nil {
diff --git a/livestream/main.go b/livestream/main.go
index c059ce23283..08b4cc850db 100644
--- a/livestream/main.go
+++ b/livestream/main.go
@@ -264,9 +264,5 @@ func main() {
 		}
 	})
 
-	if !isProd {
-		e.Logger.Fatal(e.Start(":8080"))
-	} else {
-		e.Logger.Fatal(e.StartAutoTLS(":443"))
-	}
+	e.Logger.Fatal(e.Start(":8080"))
 }
diff --git a/posthog/api/team.py b/posthog/api/team.py
index e96ab0820eb..0b2d7b85001 100644
--- a/posthog/api/team.py
+++ b/posthog/api/team.py
@@ -199,7 +199,7 @@ class TeamSerializer(serializers.ModelSerializer, UserPermissionsSerializerMixin
 
     def get_live_events_token(self, team: Team) -> Optional[str]:
         return encode_jwt(
-            {"team_id": team.id},
+            {"team_id": team.id, "api_token": team.api_token},
             timedelta(days=7),
             PosthogJwtAudience.LIVESTREAM,
         )