instrumentisto · evdokimovs · Jan 4, 2021 · Dec 24, 2020 · Dec 24, 2020 · Dec 24, 2020
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -29,7 +29,8 @@ All user visible changes to this project will be documented in this file. This p
     - gRPC Control API callbacks:
         - `on_join` ([#63], [#153]);
         - `on_leave` ([#63]).
-    - Configuration of `Member`'s Client API RPC settings ([#95]).
+    - Configuration of `Member`'s Client API RPC settings ([#95]);
+    - Hashed `Member` credentials support ([#168]).
 - Signalling:
     - Dynamic `Peer`s creation when client connects ([#28]);
     - Auto-removing `Peer`s when `Member` disconnects ([#28]);
@@ -87,6 +88,7 @@ All user visible changes to this project will be documented in this file. This p
 [#153]: /../../pull/153
 [#155]: /../../pull/155
 [#156]: /../../pull/156
+[#168]: /../../pull/168
 
 
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -32,6 +32,7 @@ actix = "0.10"
 actix-http = "2.0"
 actix-web = "3.0"
 actix-web-actors = "3.0"
+argon2 = { version = "0.8", package = "rust-argon2", default-features = false }
 async-trait = "0.1"
 bytes = "0.5"
 chrono = "0.4"
@@ -57,6 +58,7 @@ slog-json = "2.3"
 slog-scope = "4.3"
 slog-stdlog = "4.0"
 smart-default = "0.6"
+subtle = { version = "2.2", default-features = false }
 tokio = { version = "0.2", features = ["signal", "time"] }
 toml = "0.5"
 tonic = "0.3"

diff --git a/_dev/specs/all-media-types-required-call.yml b/_dev/specs/all-media-types-required-call.yml
@@ -4,7 +4,8 @@ spec:
   pipeline:
     caller:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       spec:
         pipeline:
           publish:
@@ -21,7 +22,8 @@ spec:
               src: "local://all-media-types-required-call/responder/publish"
     responder:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       spec:
         pipeline:
           publish:

diff --git a/_dev/specs/audio-call.yml b/_dev/specs/audio-call.yml
@@ -4,7 +4,8 @@ spec:
   pipeline:
     member-1:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       on_join: "grpc://127.0.0.1:9099"
       on_leave: "grpc://127.0.0.1:9099"
       idle_timeout: 1m
@@ -24,7 +25,8 @@ spec:
               src: "local://audio-call/member-2/publish"
     member-2:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       on_join: "grpc://127.0.0.1:9099"
       on_leave: "grpc://127.0.0.1:9099"
       idle_timeout: 1m

diff --git a/_dev/specs/pub-pub-video-call.yml b/_dev/specs/pub-pub-video-call.yml
@@ -5,7 +5,8 @@ spec:
     # Here we're defining a member who initiates video call.
     caller:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       on_join: "grpc://127.0.0.1:9099"
       on_leave: "grpc://127.0.0.1:9099"
       idle_timeout: 1m
@@ -28,7 +29,8 @@ spec:
               src: "local://pub-pub-video-call/responder/publish"
     responder:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       on_join: "grpc://127.0.0.1:9099"
       on_leave: "grpc://127.0.0.1:9099"
       idle_timeout: 1m

diff --git a/_dev/specs/pub-sub-video-call.yml b/_dev/specs/pub-sub-video-call.yml
@@ -5,7 +5,8 @@ spec:
     # Here we're defining a member who initiates video call.
     publisher:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       on_join: "grpc://127.0.0.1:9099"
       on_leave: "grpc://127.0.0.1:9099"
       spec:
@@ -19,7 +20,8 @@ spec:
               p2p: Always
     subscriber:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       on_join: "grpc://127.0.0.1:9099"
       on_leave: "grpc://127.0.0.1:9099"
       spec:

diff --git a/_dev/specs/relay-pub-pub-video-call.yml b/_dev/specs/relay-pub-pub-video-call.yml
@@ -4,7 +4,8 @@ spec:
   pipeline:
     caller:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       on_join: "grpc://127.0.0.1:9099"
       on_leave: "grpc://127.0.0.1:9099"
       spec:
@@ -21,7 +22,8 @@ spec:
               force_relay: true
     responder:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       on_join: "grpc://127.0.0.1:9099"
       on_leave: "grpc://127.0.0.1:9099"
       spec:

diff --git a/_dev/specs/three-members-conference.yml b/_dev/specs/three-members-conference.yml
@@ -5,7 +5,8 @@ spec:
     # Here we're defining a member who initiates video call.
     caller:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       spec:
         pipeline:
           # Media element which is able to receive media data from client
@@ -27,7 +28,8 @@ spec:
               src: "local://three-members-conference/responder-2/publish"
     responder-1:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       spec:
         pipeline:
           publish:
@@ -44,7 +46,8 @@ spec:
               src: "local://three-members-conference/responder-2/publish"
     responder-2:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       spec:
         pipeline:
           publish:

diff --git a/_dev/specs/video-call-1.yml b/_dev/specs/video-call-1.yml
@@ -5,7 +5,8 @@ spec:
     # Here we're defining a member who initiates video call.
     caller:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       spec:
         pipeline:
           # Media element which is able to receive media data from client
@@ -23,7 +24,8 @@ spec:
               src: "local://video-call-1/responder/publish"
     responder:
       kind: Member
-      credentials: test
+      credentials:
+        plain: test
       spec:
         pipeline:
           publish:

diff --git a/jason/demo/index.html b/jason/demo/index.html
@@ -184,7 +184,7 @@
         url: controlUrl + roomId + '/' + memberId,
         data: {
           kind: 'Member',
-          credentials: 'test',
+          credentials: { plain: 'test' },
           pipeline: pipeline,
         },
       });

diff --git a/jason/e2e-demo/js/index.js b/jason/e2e-demo/js/index.js
@@ -65,7 +65,7 @@ async function createRoom(roomId, memberId) {
       pipeline: {
         [memberId]: {
           kind: 'Member',
-          credentials: 'test',
+          credentials: { plain: 'test' },
           pipeline: pipeline,
           on_join: 'grpc://127.0.0.1:9099',
           on_leave: 'grpc://127.0.0.1:9099'
@@ -130,7 +130,7 @@ async function createMember(roomId, memberId) {
     url: controlUrl + roomId + '/' + memberId,
     data: {
       kind: 'Member',
-      credentials: 'test',
+      credentials: { plain: 'test' },
       pipeline: pipeline,
       on_join: 'grpc://127.0.0.1:9099',
       on_leave: 'grpc://127.0.0.1:9099'

diff --git a/jason/src/api/room.rs b/jason/src/api/room.rs
@@ -337,8 +337,12 @@ impl RoomHandle {
             .map(|inner| inner.on_connection_loss.set_func(f))
     }
 
-    /// Performs entering to a [`Room`] with the preconfigured authorization
-    /// `token` for connection with media server.
+    /// Connects media server and enters [`Room`] with provided authorization
+    /// `token`.
+    ///
+    /// Authorization token has fixed format:
+    /// `{{ Host URL }}/{{ Room ID }}/{{ Member ID }}?token={{ Auth Token }}`
+    /// (e.g. `wss://medea.com/MyConf1/Alice?token=777`).
     ///
     /// Establishes connection with media server (if it doesn't already exist).
     /// Fails if:

diff --git a/jason/src/rpc/mod.rs b/jason/src/rpc/mod.rs
@@ -88,6 +88,10 @@ pub enum ConnectionInfoParseError {
     /// Provided URL doesn't have important segments.
     #[display(fmt = "Provided URL doesn't have important segments")]
     NotEnoughSegments,
+
+    /// Provided URL doesn't contain auth token.
+    #[display(fmt = "Provided URL does not contain auth token")]
+    NoToken,
 }
 
 impl FromStr for ConnectionInfo {
@@ -98,18 +102,22 @@ impl FromStr for ConnectionInfo {
 
         let mut url =
             Url::parse(s).map_err(|err| tracerr::new!(E::UrlParse(err)))?;
+
+        let credential = url
+            .query_pairs()
+            .find(|(key, _)| key.as_ref() == "token")
+            .ok_or_else(|| tracerr::new!(E::NoToken))?
+            .1
+            .to_owned()
+            .into();
+
         url.set_fragment(None);
         url.set_query(None);
 
         let mut segments = url
             .path_segments()
             .ok_or_else(|| tracerr::new!(E::NotEnoughSegments))?
             .rev();
-        let credential = segments
-            .next()
-            .ok_or_else(|| tracerr::new!(E::NotEnoughSegments))?
-            .to_owned()
-            .into();
         let member_id = segments
             .next()
             .ok_or_else(|| tracerr::new!(E::NotEnoughSegments))?
@@ -121,9 +129,9 @@ impl FromStr for ConnectionInfo {
             .to_owned()
             .into();
 
-        // Remove last three segments. Safe to unwrap cause we already made all
+        // Remove last two segments. Safe to unwrap cause we already made all
         // necessary checks.
-        url.path_segments_mut().unwrap().pop().pop().pop();
+        url.path_segments_mut().unwrap().pop().pop();
 
         Ok(ConnectionInfo {
             url: url.into(),

diff --git a/jason/src/rpc/rpc_session.rs b/jason/src/rpc/rpc_session.rs
@@ -40,7 +40,7 @@ pub enum SessionError {
     NoCredentials,
 
     /// [`WebSocketRpcSession`] authorization on the server was failed.
-    #[display(fmt = "RPC Session authorization on the server was failed")]
+    #[display(fmt = "Failed to authorize RPC session")]
     AuthorizationFailed,
 
     /// [`WebSocketRpcClient`] returned [`RpcClientError`].

diff --git a/jason/tests/api/mod.rs b/jason/tests/api/mod.rs
@@ -205,11 +205,9 @@ async fn room_dispose_works() {
             });
         }
     });
-    JsFuture::from(
-        another_room.join(
-            "ws://example.com/another_room_id/member_id/token".to_string(),
-        ),
-    )
+    JsFuture::from(another_room.join(
+        "ws://example.com/another_room_id/member_id?token=token".to_string(),
+    ))
     .await
     .unwrap();
 

diff --git a/jason/tests/rpc/rpc_session.rs b/jason/tests/rpc/rpc_session.rs
@@ -160,8 +160,10 @@ async fn could_not_open_transport() {
     let mut on_connection_loss = session.on_connection_loss().fuse();
 
     let connect_fut = Rc::clone(&session).connect(
-        ConnectionInfo::from_str("ws://localhost:55555/some/fake/endpoint")
-            .unwrap(),
+        ConnectionInfo::from_str(
+            "ws://localhost:55555/some/fake?token=endpoint",
+        )
+        .unwrap(),
     );
 
     // connect resolve with err

diff --git a/jason/tests/web.rs b/jason/tests/web.rs
@@ -235,7 +235,7 @@ pub fn get_test_recv_tracks() -> (Track, Track) {
     )
 }
 
-const TEST_ROOM_URL: &str = "ws://example.com/room_id/member_id/token";
+const TEST_ROOM_URL: &str = "ws://example.com/room_id/member_id?token=token";
 
 pub fn join_room_url() -> ApiUrl {
     Url::parse("ws://example.com/ws").unwrap().into()