This pull request introduces server-side API key passthrough for the Discord helper bot, enabling secure, programmatic authentication for backend requests and SignalR connections. The main changes ensure that the helper bot receives the API key from the server environment and automatically attaches it to outgoing requests, resolving previous authentication failures in production.
Authentication and Networking Improvements:
- The
DiscordBotService(listenarr.api/Services/DiscordBotService.cs) now injects theLISTENARR_API_KEYfrom the startup configuration into the helper bot's environment, allowing the bot to authenticate API requests without manual login. - In
tools/discord-bot/index.js, the bot readsLISTENARR_API_KEYand wraps thefetchfunction to automatically add the API key to request headers unless explicitly overridden. - SignalR connections from the helper bot now use the API key as the access token via
accessTokenFactory, ensuring successful negotiation and connection in authenticated deployments.
Release and Documentation:
- The
CHANGELOG.mddocuments the new API key passthrough feature, the networking/auth changes, and the resolution of 401 authentication failures observed in production.The DiscordBotService now injects the LISTENARR_API_KEY into the helper process when available, allowing the Node helper to authenticate backend requests automatically. The helper reads the API key from the environment and attaches it to outgoing fetch requests and SignalR connections, resolving authentication failures in production where programmatic bot flows previously received 401 errors.
Automated canary build