Skip to content

Commit

Permalink
Use pointers for perms in order to allow nil (#11)
Browse files Browse the repository at this point in the history 
* nullable permission grants

* nil perms, canPublishData

* convenience setters
  • Loading branch information
@davidzhao
davidzhao authored Aug 19, 2021
1 parent 4632182 commit d60d683
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 18 deletions.
17 changes: 15 additions & 2 deletions auth/grants.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,9 @@ type VideoGrant struct {

// permissions within a room, if none of the permissions are set
// it's interpreted as both are permissible
CanPublish bool `json:"canPublish,omitempty"`
CanSubscribe bool `json:"canSubscribe,omitempty"`
CanPublish *bool `json:"canPublish,omitempty"`
CanSubscribe *bool `json:"canSubscribe,omitempty"`
CanPublishData *bool `json:"canPublishData,omitempty"`

// used for recording
Hidden bool `json:"hidden,omitempty"`
Expand All @@ -27,3 +28,15 @@ type ClaimGrants struct {
Sha256 string `json:"sha256,omitempty"`
Metadata string `json:"metadata,omitempty"`
}

func (v *VideoGrant) SetCanPublish(val bool) {
v.CanPublish = &val
}

func (v *VideoGrant) SetCanPublishData(val bool) {
v.CanPublishData = &val
}

func (v *VideoGrant) SetCanSubscribe(val bool) {
v.CanSubscribe = &val
}
51 changes: 35 additions & 16 deletions auth/verifier_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"testing"
"time"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gopkg.in/square/go-jose.v2/json"

Expand All @@ -17,22 +16,22 @@ func TestVerifier(t *testing.T) {
accessToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MDg5MzAzMDgsImlzcyI6IkFQSUQzQjY3dXhrNE5qMkdLaVJQaWJBWjkiLCJuYmYiOjE2MDg5MjY3MDgsInJvb21fam9pbiI6dHJ1ZSwicm9vbV9zaWQiOiJteWlkIiwic3ViIjoiQVBJRDNCNjd1eGs0TmoyR0tpUlBpYkFaOSJ9.cmHEBq0MLyRqphmVLM2cLXg5ao5Sro7am8yXhcYKcwE"
t.Run("cannot decode with incorrect key", func(t *testing.T) {
v, err := auth.ParseAPIToken(accessToken)
assert.NoError(t, err)
require.NoError(t, err)

assert.Equal(t, apiKey, v.APIKey())
require.Equal(t, apiKey, v.APIKey())
_, err = v.Verify("")
assert.Error(t, err)
require.Error(t, err)

_, err = v.Verify("anothersecret")
assert.Error(t, err)
require.Error(t, err)
})

t.Run("key has expired", func(t *testing.T) {
v, err := auth.ParseAPIToken(accessToken)
require.NoError(t, err)

_, err = v.Verify(secret)
assert.Error(t, err)
require.Error(t, err)
})

t.Run("unexpired token is verified", func(t *testing.T) {
Expand All @@ -42,16 +41,16 @@ func TestVerifier(t *testing.T) {
SetValidFor(time.Minute).
SetIdentity("me")
authToken, err := at.ToJWT()
assert.NoError(t, err)
require.NoError(t, err)

v, err := auth.ParseAPIToken(authToken)
assert.NoError(t, err)
assert.Equal(t, apiKey, v.APIKey())
assert.Equal(t, "me", v.Identity())
require.NoError(t, err)
require.Equal(t, apiKey, v.APIKey())
require.Equal(t, "me", v.Identity())

decoded, err := v.Verify(secret)
assert.NoError(t, err)
assert.Equal(t, &claim, decoded.Video)
require.NoError(t, err)
require.Equal(t, &claim, decoded.Video)
})

t.Run("ensure metadata can be passed through", func(t *testing.T) {
Expand All @@ -68,14 +67,34 @@ func TestVerifier(t *testing.T) {
SetMetadata(string(md))

authToken, err := at.ToJWT()
assert.NoError(t, err)
require.NoError(t, err)

v, err := auth.ParseAPIToken(authToken)
assert.NoError(t, err)
require.NoError(t, err)

decoded, err := v.Verify(secret)
require.NoError(t, err)

require.EqualValues(t, string(md), decoded.Metadata)
})

t.Run("nil permissions are handled", func(t *testing.T) {
grant := &auth.VideoGrant{
Room: "myroom",
RoomJoin: true,
}
grant.SetCanPublishData(false)
at := auth.NewAccessToken(apiKey, secret).
AddGrant(grant)
token, err := at.ToJWT()
require.NoError(t, err)

v, err := auth.ParseAPIToken(token)
decoded, err := v.Verify(secret)
assert.NoError(t, err)
require.NoError(t, err)

assert.EqualValues(t, string(md), decoded.Metadata)
require.Nil(t, decoded.Video.CanSubscribe)
require.Nil(t, decoded.Video.CanPublish)
require.False(t, *decoded.Video.CanPublishData)
})
}
2 changes: 2 additions & 0 deletions livekit_room.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,8 @@ message ParticipantPermission {
bool can_subscribe = 1;
// allow participant to publish new tracks to room
bool can_publish = 2;
// allow participant to publish data
bool can_publish_data = 3;
}

message UpdateParticipantRequest {
Expand Down

0 comments on commit d60d683

Please sign in to comment.