Make media seekable

fixes to auth info

.github/workflows/release.yaml

@@ -34,4 +34,4 @@ jobs:
           context: .
           push: true
           tags: git.kaisei.app/amatsugu/aoba:${{ env.VERSION }}
-          build-args: VERSION=${ env.VERSION }
+          build-args: VERSION=${{ env.VERSION }}

AobaClient/build.rs

@@ -8,8 +8,13 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 		.build_server(false)
 		.build_client(true)
 		.compile_protos(
-			&["../AobaServer/Proto/Aoba.proto", "../AobaServer/Proto/Auth.proto"],
-			&["../AobaServer/Proto/"],
+			&[
+				"../AobaServer/Proto/Aoba.proto",
+				"../AobaServer/Proto/Auth.proto",
+				"../AobaServer/Proto/Metrics.proto",
+				"../AobaServer/Proto/Types.proto",
+			],
+			&["../AobaServer/"],
 		)?;
 	forward_env();
 	Ok(())

AobaClient/src/components/metrics_token.rs

@@ -0,0 +1,25 @@
+use dioxus::prelude::*;
+
+use crate::rpc::get_metrics_rpc_client;
+
+#[component]
+pub fn MetricsToken() -> Element {
+	let token = use_resource(async move || {
+		let response = get_metrics_rpc_client().get_token(()).await;
+
+		if let Ok(d) = response {
+			let jwt = d.into_inner();
+			return jwt.token;
+		}
+		return "".to_string();
+	});
+
+	let token_value = token.cloned().unwrap_or("".to_string());
+
+	return rsx! {
+		pre {
+			class: "codeSelect",
+			"{token_value}"
+		}
+	};
+}

AobaClient/src/components/mod.rs

@@ -1,11 +1,13 @@
 pub mod basic;
 mod media_grid;
 mod media_item;
+mod metrics_token;
 mod navbar;
 mod notif;
 mod search;
 pub use media_grid::*;
 pub use media_item::*;
+pub use metrics_token::*;
 pub use navbar::*;
 pub use notif::*;
 pub use search::*;

AobaClient/src/components/navbar.rs

@@ -1,5 +1,3 @@
-use std::env;
-
 use dioxus::prelude::*;
 
 use crate::{Route, contexts::AuthContext, env::APP_VERSION};

AobaClient/src/rpc.rs

@@ -1,19 +1,22 @@
 use std::sync::RwLock;
 
-use aoba::{aoba_rpc_client::AobaRpcClient, auth_rpc_client::AuthRpcClient};
+use aoba::aoba_rpc_client::AobaRpcClient;
 use tonic::service::{Interceptor, interceptor::InterceptedService};
 use tonic_web_wasm_client::Client;
 
-use crate::RPC_HOST;
+use crate::{
+	RPC_HOST,
+	rpc::aoba::{auth_rpc_client::AuthRpcClient, metrics_rpc_client::MetricsRpcClient},
+};
 
 pub mod aoba {
 	tonic::include_proto!("aoba");
-	tonic::include_proto!("aoba.auth");
 }
 
 static RPC_CLIENT: RpcConnection = RpcConnection {
 	aoba: RwLock::new(None),
 	auth: RwLock::new(None),
+	metrics: RwLock::new(None),
 	jwt: RwLock::new(None),
 };
 
@@ -21,6 +24,7 @@ static RPC_CLIENT: RpcConnection = RpcConnection {
 pub struct RpcConnection {
 	aoba: RwLock<Option<AobaRpcClient<InterceptedService<Client, AuthInterceptor>>>>,
 	auth: RwLock<Option<AuthRpcClient<Client>>>,
+	metrics: RwLock<Option<MetricsRpcClient<InterceptedService<Client, AuthInterceptor>>>>,
 	jwt: RwLock<Option<String>>,
 }
 
@@ -35,12 +39,19 @@ impl RpcConnection {
 		return self.auth.read().unwrap().clone().unwrap();
 	}
 
+	pub fn get_metrics_client(&self) -> MetricsRpcClient<InterceptedService<Client, AuthInterceptor>> {
+		self.ensure_client();
+		return self.metrics.read().unwrap().clone().unwrap();
+	}
+
 	fn ensure_client(&self) {
 		if self.aoba.read().unwrap().is_none() {
 			let wasm_client = Client::new(RPC_HOST.into());
 			let aoba_client = AobaRpcClient::with_interceptor(wasm_client.clone(), AuthInterceptor);
 			*self.aoba.write().unwrap() = Some(aoba_client);
 			*self.auth.write().unwrap() = Some(AuthRpcClient::new(wasm_client.clone()));
+			*self.metrics.write().unwrap() =
+				Some(MetricsRpcClient::with_interceptor(wasm_client.clone(), AuthInterceptor));
 		}
 	}
 }
@@ -66,6 +77,9 @@ pub fn get_auth_rpc_client() -> AuthRpcClient<Client> {
 	return RPC_CLIENT.get_auth_client();
 }
 
+pub fn get_metrics_rpc_client() -> MetricsRpcClient<InterceptedService<Client, AuthInterceptor>> {
+	return RPC_CLIENT.get_metrics_client();
+}
 pub fn login(jwt: String) {
 	*RPC_CLIENT.jwt.write().unwrap() = Some(jwt);
 }

AobaClient/src/views/settings.rs

@@ -1,6 +1,6 @@
 use dioxus::prelude::*;
 
-use crate::rpc::get_rpc_client;
+use crate::{components::MetricsToken, rpc::get_rpc_client};
 
 #[component]
 pub fn Settings() -> Element {
@@ -27,5 +27,6 @@ pub fn Settings() -> Element {
 		div {
 			pre { class: "codeSelect", "{d}" }
 		}
+		MetricsToken {  }
 	}
 }

AobaCore/Extensions.cs

@@ -16,15 +16,9 @@ using System.Threading.Tasks;
 namespace AobaCore;
 public static class Extensions
 {
-	public static IServiceCollection AddAoba(this IServiceCollection services, string dbString)
+	public static IServiceCollection AddAoba(this IServiceCollection services)
 	{
-		var settings = MongoClientSettings.FromConnectionString(dbString);
-		settings.ClusterConfigurator = cb => cb.Subscribe(new DiagnosticsActivityEventSubscriber());
-		var dbClient = new MongoClient(settings);
-		var db = dbClient.GetDatabase("Aoba");
 		
-		services.AddSingleton(dbClient);
-		services.AddSingleton<IMongoDatabase>(db);
 		services.AddSingleton<AobaService>();
         services.AddSingleton<ThumbnailService>();
 		services.AddSingleton<AccountsService>();

AobaCore/Models/Media.cs

@@ -50,6 +50,10 @@ public class Media
 			{ ".xml", MediaType.Code },
 			{ ".json", MediaType.Code },
 			{ ".py", MediaType.Code },
+			{ ".rs", MediaType.Code },
+			{ ".zed", MediaType.Code },
+			{ ".ts", MediaType.Code },
+			{ ".astro", MediaType.Code },
 		};
 
 	[BsonConstructor]

AobaCore/Services/AobaService.cs

@@ -2,13 +2,15 @@ using AobaCore.Models;
 
 using MaybeError.Errors;
 
+using Microsoft.Extensions.Logging;
+
 using MongoDB.Bson;
 using MongoDB.Driver;
 using MongoDB.Driver.GridFS;
 
 namespace AobaCore.Services;
 
-public class AobaService(IMongoDatabase db)
+public class AobaService(IMongoDatabase db, ThumbnailService thumbnailService, ILogger<AobaService> logger)
 {
 	private readonly IMongoCollection<Media> _media = db.GetCollection<Media>("media");
 	private readonly GridFSBucket _gridFs = new(db);
@@ -69,6 +71,7 @@ public class AobaService(IMongoDatabase db)
 		{
 			var fileId = await _gridFs.UploadFromStreamAsync(filename, data, cancellationToken: cancellationToken);
 			var media = new Media(fileId, filename, owner);
+			
 			await AddMediaAsync(media, cancellationToken);
 			return media;
 		}

AobaCore/Services/ThumbnailService.cs

@@ -24,7 +24,6 @@ namespace AobaCore.Services;
 public class ThumbnailService(IMongoDatabase db, AobaService aobaService)
 {
 	private readonly GridFSBucket _gridfs = new GridFSBucket(db);
-	private Lock _lock = new();
 
 	/// <summary>
 	///
@@ -121,11 +120,17 @@ public class ThumbnailService(IMongoDatabase db, AobaService aobaService)
 	public Maybe<Stream> GenerateVideoThumbnail(Stream data, ThumbnailSize size, CancellationToken cancellationToken = default)
 	{
 		var w = (int)size;
-		var source = new MemoryStream();
+		var fn = ObjectId.GenerateNewId().ToString();
+		var filePath = $"/tmp/{fn}.in";
+		using var source = new FileStream(filePath, FileMode.CreateNew);
 		data.CopyTo(source);
-		source.Position = 0;
+		source.Flush();
+		source.Dispose();
+		data.Dispose();
+		try
+		{
 			var output = new MemoryStream();
-		FFMpegArguments.FromPipeInput(new StreamPipeSource(source), opt =>
+			FFMpegArguments.FromFileInput(filePath, false, opt =>
 			{
 				opt.WithCustomArgument("-t 5");
 			}).OutputToPipe(new StreamPipeSink(output), opt =>
@@ -136,6 +141,15 @@ public class ThumbnailService(IMongoDatabase db, AobaService aobaService)
 			output.Position = 0;
 			return output;
 		}
+		catch(Exception ex)
+		{
+			return ex;
+		}
+		finally
+		{
+			File.Delete(filePath);
+		}
+	}
 
 	public async Task<Maybe<Stream>> GenerateDocumentThumbnailAsync(Stream data, ThumbnailSize size, CancellationToken cancellationToken = default)
 	{

AobaServer/AobaServer.csproj

@@ -34,6 +34,8 @@
   <ItemGroup>
 	  <Protobuf Include="Proto\Aoba.proto"></Protobuf>
 	  <Protobuf Include="Proto\Auth.proto"></Protobuf>
+	  <Protobuf Include="Proto\Metrics.proto"></Protobuf>
+	  <Protobuf Include="Proto\Types.proto"></Protobuf>
   </ItemGroup>
 
 </Project>

AobaServer/Controllers/AuthController.cs

@@ -1,6 +1,7 @@
 using AobaCore.Services;
 
 using AobaServer.Models;
+using AobaServer.Services;
 using AobaServer.Utils;
 
 using Microsoft.AspNetCore.Authorization;
@@ -16,7 +17,7 @@ namespace AobaServer.Controllers;
 #if DEBUG
 [AllowAnonymous]
 [Route("auth")]
-public class AuthController(AccountsService accountsService, AuthInfo authInfo) : Controller
+public class AuthController(AccountsService accountsService, AuthConfigService authConfig) : Controller
 {
 	[HttpPost("login")]
 	public async Task<IActionResult> Login([FromForm] string username, [FromForm] string password, CancellationToken cancellationToken)
@@ -25,6 +26,7 @@ public class AuthController(AccountsService accountsService, AuthInfo authInfo)
 
 		if (user == null)
 			return Problem("Invalid login Credentials", statusCode: StatusCodes.Status400BadRequest);
+		var authInfo = await authConfig.GetDefaultAuthInfoAsync();
 		Response.Cookies.Append("token", user.GetToken(authInfo), new CookieOptions
 		{
 			IsEssential = true,

AobaServer/Controllers/MediaController.cs

@@ -17,7 +17,7 @@ public class MediaController(AobaService aobaService, ILogger<MediaController> l
 	[ResponseCache(Duration = int.MaxValue)]
 	public async Task<IActionResult> MediaAsync(ObjectId id, [FromServices] MongoClient client, CancellationToken cancellationToken)
 	{
-		var file = await aobaService.GetFileStreamAsync(id, cancellationToken: cancellationToken);
+		var file = await aobaService.GetFileStreamAsync(id, seekable: true, cancellationToken: cancellationToken);
 		if (file.HasError)
 		{
 			logger.LogError(file.Error.Exception, "Failed to load media stream");

AobaServer/Dockerfile

@@ -32,13 +32,14 @@ RUN dx bundle --platform web
 # Server Build
 # This stage is used when running from VS in fast mode (Default for Debug configuration)
 FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
+RUN apt-get update && apt-get install -y ffmpeg
 USER $APP_UID
 WORKDIR /app
 EXPOSE 8080
 EXPOSE 8081
 
 # This stage is used to build the service project
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:9.0-noble AS build
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
 COPY ["AobaServer/AobaServer.csproj", "AobaServer/"]
@@ -47,7 +48,7 @@ COPY . .
 # Copy Built bundle from client builder
 COPY --from=client-builder /app/AobaClient/target/dx/aoba-client/release/web/public /src/AobaServer/wwwroot
 WORKDIR "/src/AobaServer"
-RUN dotnet build "./AobaServer.csproj" -c $BUILD_CONFIGURATION -o /app/build
+# RUN dotnet build "./AobaServer.csproj" -c $BUILD_CONFIGURATION #-o /app/build
 
 # This stage is used to publish the service project to be copied to the final stage
 FROM build AS publish
@@ -57,8 +58,8 @@ RUN dotnet publish "./AobaServer.csproj" -c $BUILD_CONFIGURATION -o /app/publish
 # This stage is used in production or when running from VS in regular mode (Default when not using the Debug configuration)
 FROM base AS final
 WORKDIR /app
-
 COPY --from=publish /app/publish .
-COPY --from=client-builder /bin/ffmpeg /bin/ffprobe /bin/ffplay /usr/bin/
+ARG VERSION
+
 ENV APP_VERSION=$VERSION
 ENTRYPOINT ["dotnet", "AobaServer.dll"]

AobaServer/Models/AuthInfo.cs

@@ -1,4 +1,6 @@
-using MongoDB.Bson.IO;
+using MongoDB.Bson;
+using MongoDB.Bson.IO;
+using MongoDB.Bson.Serialization.Attributes;
 
 using System.Security.Cryptography;
 using System.Text.Json;
@@ -7,6 +9,8 @@ namespace AobaServer.Models;
 
 public class AuthInfo
 {
+	[BsonId]
+	public ObjectId Id { get; set; }
 	public required string Issuer { get; set; }
 	public required string Audience { get; set; }
 	public required byte[] SecureKey { get; set; }

AobaServer/Program.cs

@@ -10,6 +10,9 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.IdentityModel.Tokens;
 
+using MongoDB.Driver;
+using MongoDB.Driver.Core.Extensions.DiagnosticSources;
+
 var builder = WebApplication.CreateBuilder(args);
 
 builder.WebHost.ConfigureKestrel(o =>
@@ -33,8 +36,21 @@ builder.Services.AddControllers(opt => opt.ModelBinderProviders.Add(new BsonIdMo
 builder.Services.AddObersability(builder.Configuration);
 builder.Services.AddGrpc();
 
-var authInfo = AuthInfo.LoadOrCreate("Auth.json", "aobaV2", "aoba");
-builder.Services.AddSingleton(authInfo);
+//DB
+var dbString = config["DB_STRING"];
+var settings = MongoClientSettings.FromConnectionString(dbString);
+settings.ClusterConfigurator = cb => cb.Subscribe(new DiagnosticsActivityEventSubscriber());
+var dbClient = new MongoClient(settings);
+var db = dbClient.GetDatabase("Aoba");
+
+builder.Services.AddSingleton(dbClient);
+builder.Services.AddSingleton<IMongoDatabase>(db);
+
+var authCfg = new AuthConfigService(db);
+builder.Services.AddSingleton(authCfg);
+
+
+var authInfo = authCfg.GetDefaultAuthInfoAsync().GetAwaiter().GetResult();
 var signingKey = new SymmetricSecurityKey(authInfo.SecureKey);
 
 var validationParams = new TokenValidationParameters
@@ -66,6 +82,7 @@ builder.Services.AddCors(o =>
 	});
 });
 
+var metricsAuthInfo = authCfg.GetAuthInfoAsync("aoba", "metrics").GetAwaiter().GetResult();
 builder.Services.AddAuthentication(options =>
 {
 	options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -73,7 +90,7 @@ builder.Services.AddAuthentication(options =>
 }).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => //Bearer auth
 {
 	options.TokenValidationParameters = validationParams;
-	options.TokenHandlers.Add(new MetricsTokenValidator(authInfo));
+	options.TokenHandlers.Add(new MetricsTokenValidator(metricsAuthInfo));
 	options.Events = new JwtBearerEvents
 	{
 		OnMessageReceived = ctx => //Retreive token from cookie if not found in headers
@@ -102,8 +119,8 @@ builder.Services.AddAuthentication(options =>
 	};
 }).AddScheme<AuthenticationSchemeOptions, AobaAuthenticationHandler>("Aoba", null);
 
-var dbString = config["DB_STRING"];
-builder.Services.AddAoba(dbString ?? "mongodb://localhost:27017");
+
+builder.Services.AddAoba();
 builder.Services.Configure<FormOptions>(opt =>
 {
 	opt.ValueLengthLimit = int.MaxValue;
@@ -136,6 +153,9 @@ app.MapObserability();
 app.MapGrpcService<AobaRpcService>()
 	.RequireAuthorization()
 	.RequireCors("RPC");
+app.MapGrpcService<MetricsRpcService>()
+	.RequireAuthorization()
+	.RequireCors("RPC");
 app.MapGrpcService<AobaAuthService>()
 	.AllowAnonymous()
 	.RequireCors("RPC");

AobaServer/Proto/Aoba.proto

@@ -3,6 +3,7 @@ import "google/protobuf/empty.proto";
 
 option csharp_namespace = "Aoba.RPC";
 package aoba;
+import "Proto/Types.proto";
 
 service AobaRpc {
   rpc GetMedia (Id) returns (MediaResponse);
@@ -13,73 +14,3 @@ service AobaRpc {
   rpc GetShareXDestination(google.protobuf.Empty) returns (ShareXResponse);
 }
 
-message PageFilter {
-	optional int32 page = 1;
-	optional int32 pageSize = 2;
-	optional string query = 3;
-}
-
-message Id {
-	string value = 1;
-}
-
-message MediaResponse {
-	oneof result {
-		MediaModel value = 1;
-		google.protobuf.Empty empty = 2;
-	}
-}
-
-message ListResponse {
-	repeated MediaModel items = 1;
-	Pagination pagination = 2;
-}
-
-message Pagination {
-	int32 page = 1;
-	int32 pageSize = 2;
-	int64 totalPages = 3;
-	int64 totalItems = 4;
-	optional string query = 5;
-}
-
-message UserResponse {
-	oneof userResult {
-		UserModel user = 1;
-		google.protobuf.Empty empty = 2;
-	}
-}
-
-message UserModel {
-	Id id = 1;
-	string username = 2;
-	string email = 3;
-	bool isAdmin = 4;
-}
-
-
-message MediaModel {
-	Id id = 1;
-	string fileName = 2;
-	MediaType mediaType = 3;
-	string ext = 4;
-	int32 viewCount = 5;
-	Id owner = 6;
-	string thumbUrl = 7;
-}
-
-enum MediaType {
-	Image = 0;
-	Audio = 1;
-	Video = 2;
-	Text = 3;
-	Code = 4;
-	Raw = 5;
-}
-
-message ShareXResponse {
-	oneof dstResult {
-		string destination = 1;
-		string error = 2;
-	}
-}

AobaServer/Proto/Auth.proto

@@ -1,33 +1,12 @@
 syntax = "proto3";
 
 option csharp_namespace = "Aoba.RPC.Auth";
-package aoba.Auth;
+package aoba;
+
+import "Proto/Types.proto";
 
 service AuthRpc {
 	rpc Login(Credentials) returns (LoginResponse);
 	rpc LoginPasskey(PassKeyPayload) returns (LoginResponse);
 }
 
-message Credentials{
-	string user = 1;
-	string password = 2;
-}
-
-message PassKeyPayload {
-
-}
-
-message Jwt{
-	string token = 1;
-}
-
-message LoginResponse{
-	oneof result {
-		Jwt jwt = 1;
-		LoginError error = 2;
-	}
-}
-
-message LoginError{
-	string message = 1;
-}

AobaServer/Proto/Metrics.proto

@@ -0,0 +1,12 @@
+syntax = "proto3";
+
+option csharp_namespace = "Aoba.RPC.Metrics";
+package aoba;
+
+import "google/protobuf/empty.proto";
+import "Proto/Types.proto";
+
+
+service MetricsRpc {
+	rpc GetToken(google.protobuf.Empty) returns (Jwt);
+}

AobaServer/Proto/Types.proto

@@ -0,0 +1,101 @@
+syntax = "proto3";
+
+option csharp_namespace = "Aoba.RPC";
+package aoba;
+import "google/protobuf/empty.proto";
+
+message Credentials{
+	string user = 1;
+	string password = 2;
+}
+
+message PassKeyPayload {
+
+}
+
+
+message Jwt{
+	string token = 1;
+}
+
+message LoginResponse{
+	oneof result {
+		Jwt jwt = 1;
+		LoginError error = 2;
+	}
+}
+
+message LoginError{
+	string message = 1;
+}
+
+message PageFilter {
+	optional int32 page = 1;
+	optional int32 pageSize = 2;
+	optional string query = 3;
+}
+
+message Id {
+	string value = 1;
+}
+
+message MediaResponse {
+	oneof result {
+		MediaModel value = 1;
+		google.protobuf.Empty empty = 2;
+	}
+}
+
+message ListResponse {
+	repeated MediaModel items = 1;
+	Pagination pagination = 2;
+}
+
+message Pagination {
+	int32 page = 1;
+	int32 pageSize = 2;
+	int64 totalPages = 3;
+	int64 totalItems = 4;
+	optional string query = 5;
+}
+
+message UserResponse {
+	oneof userResult {
+		UserModel user = 1;
+		google.protobuf.Empty empty = 2;
+	}
+}
+
+message UserModel {
+	Id id = 1;
+	string username = 2;
+	string email = 3;
+	bool isAdmin = 4;
+}
+
+
+message MediaModel {
+	Id id = 1;
+	string fileName = 2;
+	MediaType mediaType = 3;
+	string ext = 4;
+	int32 viewCount = 5;
+	Id owner = 6;
+	string thumbUrl = 7;
+}
+
+enum MediaType {
+	Image = 0;
+	Audio = 1;
+	Video = 2;
+	Text = 3;
+	Code = 4;
+	Raw = 5;
+}
+
+message ShareXResponse {
+	oneof dstResult {
+		string destination = 1;
+		string error = 2;
+	}
+}

AobaServer/Services/AobaAuthService.cs

@@ -9,13 +9,12 @@ using AobaServer.Utils;
 using Grpc.Core;
 
 using Microsoft.AspNetCore.Authorization;
-using Microsoft.IdentityModel.Tokens;
+using Aoba.RPC;
 
-using System.IdentityModel.Tokens.Jwt;
 
 namespace AobaServer.Services;
 
-public class AobaAuthService(AccountsService accountsService, AuthInfo authInfo) : Aoba.RPC.Auth.AuthRpc.AuthRpcBase
+public class AobaAuthService(AccountsService accountsService, AuthConfigService authConfig) : AuthRpc.AuthRpcBase
 {
 	[AllowAnonymous]
 	public override async Task<LoginResponse> Login(Credentials request, ServerCallContext context)
@@ -29,10 +28,11 @@ public class AobaAuthService(AccountsService accountsService, AuthInfo authInfo)
 					Message = "Invalid login credentials"
 				}
 			};
+		var authInfo = await authConfig.GetDefaultAuthInfoAsync();
 		var token = user.GetToken(authInfo);
 		return new LoginResponse
 		{
-			Jwt = new Jwt
+			Jwt = new ()
 			{
 				Token = token
 			}

AobaServer/Services/AobaRpcService.cs

@@ -16,7 +16,7 @@ using System.Text.Json.Serialization;
 
 namespace AobaServer.Services;
 
-public class AobaRpcService(AobaService aobaService, AccountsService accountsService, AuthInfo authInfo) : AobaRpc.AobaRpcBase
+public class AobaRpcService(AobaService aobaService, AccountsService accountsService, AuthConfigService authConfig) : AobaRpc.AobaRpcBase
 {
 	public override async Task<MediaResponse> GetMedia(Id request, ServerCallContext context)
 	{
@@ -37,6 +37,7 @@ public class AobaRpcService(AobaService aobaService, AccountsService accountsSer
 		var user = await accountsService.GetUserAsync(userId, context.CancellationToken);
 		if (user == null)
 			return new ShareXResponse { Error = "User does not exist" };
+		var authInfo = await authConfig.GetDefaultAuthInfoAsync();
 		var token = user.GetToken(authInfo);
 		var dest = new ShareXDestination
 		{

AobaServer/Services/AuthConfigService.cs

@@ -0,0 +1,26 @@
+using AobaServer.Models;
+
+using MongoDB.Driver;
+
+namespace AobaServer.Services;
+
+public class AuthConfigService(IMongoDatabase db)
+{
+	public IMongoCollection<AuthInfo> _authInfo = db.GetCollection<AuthInfo>("auth_config");
+
+	public async Task<AuthInfo> GetAuthInfoAsync(string issuer, string audience)
+	{
+		var info = await _authInfo.Find("{}").FirstOrDefaultAsync();
+		if(info != null)
+			return info;
+
+		info = AuthInfo.Create(issuer, audience);
+		await _authInfo.InsertOneAsync(info);
+		return info;
+	}
+
+	public Task<AuthInfo> GetDefaultAuthInfoAsync()
+	{
+		return GetAuthInfoAsync("aobaV2", "aoba");
+	}
+}

AobaServer/Services/MetricsRpcService.cs

@@ -0,0 +1,32 @@
+using Aoba.RPC;
+using Aoba.RPC.Auth;
+
+using Google.Protobuf.WellKnownTypes;
+
+using Grpc.Core;
+
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.IdentityModel.Tokens;
+
+using System.IdentityModel.Tokens.Jwt;
+
+namespace AobaServer.Services;
+
+public class MetricsRpcService(AuthConfigService authConfig): Aoba.RPC.Metrics.MetricsRpc.MetricsRpcBase
+{
+	public override async Task<Jwt> GetToken(Empty request, ServerCallContext context)
+	{
+		var authInfo = await authConfig.GetAuthInfoAsync("aoba", "metrics");
+		var handler = new JwtSecurityTokenHandler();
+
+		var jwt = handler.CreateEncodedJwt(new SecurityTokenDescriptor
+		{
+			Audience = authInfo.Audience,
+			Issuer = authInfo.Issuer,
+			IssuedAt = DateTime.UtcNow,
+			SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(authInfo.SecureKey), SecurityAlgorithms.HmacSha256)
+		});
+
+		return new Jwt { Token = jwt };
+	}
+}