Update room alias handling in token generation for LegacySfuRequest (#147)

* Update room alias handling in token generation for LegacySfuRequest

* update test for room alias handling in token generation for LegacySfuRequest

* Update main.go

Co-authored-by: Timo <16718859+toger5@users.noreply.github.com>

* doc update

* rephrase doc

---------

Co-authored-by: Timo <16718859+toger5@users.noreply.github.com>

Author: fkwp

main.go

@@ -226,7 +226,21 @@ func (h *Handler) processLegacySFURequest(r *http.Request, req *LegacySFURequest
 
     // TODO: is DeviceID required? If so then we should have validated at the start
     lkIdentity := userInfo.Sub + ":" + req.DeviceID
-    token, err := getJoinToken(h.key, h.secret, req.Room, lkIdentity)
+    
+	// We can hard-code the slotId since for the m.call application only the m.call#ROOM slot is defined. 
+	// This ensures that the same LiveKit room alias being derived for the same Matrix room for both the 
+	// LegacySFURequest (/sfu/get endpoint) and the SFURequest (/get_token endpoint). 
+    // 
+	// Note a mismatch between the legacy livekit_alias (which is the Matrix roomId) field in the MatrixRTC 
+	// membership state event and the actual lkRoomAlias (as derived below and used on the SFU) which is 
+	// part of the LiveKit JWT Token does in general NOT confuse clients as the JWT token is passed as is
+	// to the livekit-client SDK.
+	// 
+    // This change ensures compatibility with clients using pseudonymous livekit_aliases.
+    slotId := "m.call#ROOM"
+    lkRoomAliasHash := sha256.Sum256([]byte(req.Room + "|" + slotId))
+    lkRoomAlias := unpaddedBase64.EncodeToString(lkRoomAliasHash[:])
+    token, err := getJoinToken(h.key, h.secret, lkRoomAlias, lkIdentity)
     if err != nil {
 		return nil, &MatrixErrorResponse{
 			Status: http.StatusInternalServerError,
@@ -236,7 +250,7 @@ func (h *Handler) processLegacySFURequest(r *http.Request, req *LegacySFURequest
     }
 
     if isFullAccessUser {
-        if err := createLiveKitRoom(r.Context(), h, req.Room, userInfo.Sub, lkIdentity); err != nil {
+        if err := createLiveKitRoom(r.Context(), h, lkRoomAlias, userInfo.Sub, lkIdentity); err != nil {
 			return nil, &MatrixErrorResponse{
 				Status: http.StatusInternalServerError,
 				ErrCode: "M_UNKNOWN",

main_test.go

@@ -250,9 +250,10 @@ func TestLegacyHandlePost(t *testing.T) {
 	u, _ := url.Parse(testServer.URL)
 
 	matrixServerName = u.Host
+	matrixRoom := "testRoom"
 
 	testCase := map[string]interface{}{
-		"room": "testRoom",
+		"room": matrixRoom,
 		"openid_token": map[string]interface{}{
 			"access_token":       "testAccessToken",
 			"token_type":         "testTokenType",
@@ -313,9 +314,13 @@ func TestLegacyHandlePost(t *testing.T) {
 			t.Errorf("unexpected sub: got %v want %v", claims["sub"], "@user:"+matrixServerName+":testDevice")
 		}
 
+		slotId := "m.call#ROOM"
+		lkRoomAliasHash := sha256.Sum256([]byte(matrixRoom + "|" + slotId))
+		lkRoomAlias := unpaddedBase64.EncodeToString(lkRoomAliasHash[:])
+
 		// should have permission for the room
-		if claims["video"].(map[string]interface{})["room"] != "testRoom" {
-			t.Errorf("unexpected room: got %v want %v", claims["room"], "testRoom")
+		if claims["video"].(map[string]interface{})["room"] != lkRoomAlias {
+			t.Errorf("unexpected room: got %v want %v", claims["room"], lkRoomAlias)
 		}
 }