forked from coracle/zooid
mplorentz
145 lines
3.3 KiB
Go
145 lines
3.3 KiB
Go
package zooid
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
"sync"
|
|
|
|
"fiatjaf.com/nostr"
|
|
"github.com/livekit/protocol/auth"
|
|
)
|
|
|
|
var (
|
|
livekitHTTPClient = &http.Client{}
|
|
livekitRooms = make(map[string]bool)
|
|
livekitRoomsMu sync.RWMutex
|
|
)
|
|
|
|
type TokenEndpointResponse struct {
|
|
ServerURL string `json:"server_url"`
|
|
ParticipantToken string `json:"participant_token"`
|
|
}
|
|
|
|
func generateLivekitToken(apiKey, apiSecret, room string, pubkey nostr.PubKey) string {
|
|
grant := &auth.VideoGrant{
|
|
RoomJoin: true,
|
|
Room: room,
|
|
}
|
|
grant.SetCanPublish(true)
|
|
grant.SetCanSubscribe(true)
|
|
|
|
at := auth.NewAccessToken(apiKey, apiSecret)
|
|
at.SetVideoGrant(grant)
|
|
at.SetIdentity(pubkey.Hex())
|
|
|
|
jwt, _ := at.ToJWT()
|
|
return jwt
|
|
}
|
|
|
|
func generateLivekitServerToken(apiKey, apiSecret string) string {
|
|
at := auth.NewAccessToken(apiKey, apiSecret)
|
|
at.SetVideoGrant(&auth.VideoGrant{
|
|
RoomCreate: true,
|
|
RoomList: true,
|
|
RoomAdmin: true,
|
|
})
|
|
|
|
jwt, _ := at.ToJWT()
|
|
return jwt
|
|
}
|
|
|
|
func ensureLivekitRoom(apiKey, apiSecret, serverURL, roomName string) error {
|
|
livekitRoomsMu.RLock()
|
|
if livekitRooms[roomName] {
|
|
livekitRoomsMu.RUnlock()
|
|
return nil
|
|
}
|
|
livekitRoomsMu.RUnlock()
|
|
|
|
httpURL := strings.Replace(strings.Replace(serverURL, "wss://", "https://", 1), "ws://", "http://", 1)
|
|
url := fmt.Sprintf("%s/twirp/livekit.RoomService/CreateRoom", httpURL)
|
|
|
|
reqBody, _ := json.Marshal(map[string]interface{}{
|
|
"name": roomName,
|
|
})
|
|
|
|
req, err := http.NewRequest("POST", url, bytes.NewBuffer(reqBody))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
req.Header.Set("Content-Type", "application/json")
|
|
req.Header.Set("Authorization", "Bearer "+generateLivekitServerToken(apiKey, apiSecret))
|
|
|
|
resp, err := livekitHTTPClient.Do(req)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusConflict {
|
|
livekitRoomsMu.Lock()
|
|
livekitRooms[roomName] = true
|
|
livekitRoomsMu.Unlock()
|
|
return nil
|
|
}
|
|
|
|
return fmt.Errorf("failed to create room: %s", resp.Status)
|
|
}
|
|
|
|
func (instance *Instance) livekitTokenHandler(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Access-Control-Allow-Origin", "*")
|
|
w.Header().Set("Access-Control-Allow-Headers", "Authorization")
|
|
w.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS")
|
|
|
|
if r.Method == http.MethodOptions {
|
|
return
|
|
}
|
|
|
|
cfg := instance.Config.Livekit
|
|
if cfg.APIKey == "" {
|
|
http.NotFound(w, r)
|
|
return
|
|
}
|
|
|
|
groupId := r.PathValue("groupId")
|
|
|
|
pubkey, err := validateNIP98Auth(r)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
meta, found := instance.Groups.GetMetadata(groupId)
|
|
if !found {
|
|
http.Error(w, "group not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
if !HasTag(meta.Tags, "livekit") {
|
|
http.Error(w, "livekit not enabled for this group", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
if !instance.Groups.HasAccess(groupId, pubkey) {
|
|
http.Error(w, "not a group member", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
if err := ensureLivekitRoom(cfg.APIKey, cfg.APISecret, cfg.ServerURL, groupId); err != nil {
|
|
http.Error(w, "failed to create room", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
token := generateLivekitToken(cfg.APIKey, cfg.APISecret, groupId, pubkey)
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(TokenEndpointResponse{
|
|
ServerURL: cfg.ServerURL,
|
|
ParticipantToken: token,
|
|
})
|
|
}
|