auth

package
v0.0.0-...-6a2a05a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 23, 2025 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrKeysMissing = errors.New("missing API key or secret key")
)
View Source 
var ErrSensitiveCredentials = errors.New("room configuration should not contain sensitive credentials")

Functions

This section is empty.

Types

type APIKeyTokenVerifier 

type APIKeyTokenVerifier struct {
	// contains filtered or unexported fields
}

func ParseAPIToken 

func ParseAPIToken(raw string) (*APIKeyTokenVerifier, error)

ParseAPIToken parses an encoded JWT token and

func (*APIKeyTokenVerifier) APIKey 

func (v *APIKeyTokenVerifier) APIKey() string

APIKey returns the API key this token was signed with

func (*APIKeyTokenVerifier) Identity 

func (v *APIKeyTokenVerifier) Identity() string

func (*APIKeyTokenVerifier) Verify 

func (v *APIKeyTokenVerifier) Verify(key interface{}) (*ClaimGrants, error)

type AccessToken 

type AccessToken struct {
	// contains filtered or unexported fields
}

AccessToken produces token signed with API key and secret

func NewAccessToken 

func NewAccessToken(key string, secret string) *AccessToken

func (*AccessToken) AddGrant deprecated 

func (t *AccessToken) AddGrant(grant *VideoGrant) *AccessToken

Deprecated: use SetVideoGrant instead

func (*AccessToken) AddSIPGrant deprecated 

func (t *AccessToken) AddSIPGrant(grant *SIPGrant) *AccessToken

Deprecated: use SetSIPGrant instead

func (*AccessToken) GetGrants 

func (t *AccessToken) GetGrants() *ClaimGrants

func (*AccessToken) SetAgentGrant 

func (t *AccessToken) SetAgentGrant(grant *AgentGrant) *AccessToken

func (*AccessToken) SetAgents 

func (t *AccessToken) SetAgents(agents ...*livekit.RoomAgentDispatch) *AccessToken

SetAgents is a shortcut for setting agents in room configuration

func (*AccessToken) SetAllowSensitiveCredentials 

func (t *AccessToken) SetAllowSensitiveCredentials(allow bool) *AccessToken

SetAllowSensitiveCredentials enables the token to contain sensitive credentials, by default it is disabled. When tokens are issued to end-users, it's not a good idea to issue sensitive data such as API keys/secrets in them JWT tokens are not encrypted, so anything that is issued in them can be read by anyone. When the tokens are used in a server environment (i.e. connecting from SIP or Agents), you can bypass the credentials check by enabling this option.

func (*AccessToken) SetAttributes 

func (t *AccessToken) SetAttributes(attrs map[string]string) *AccessToken

func (*AccessToken) SetIdentity 

func (t *AccessToken) SetIdentity(identity string) *AccessToken

func (*AccessToken) SetInferenceGrant 

func (t *AccessToken) SetInferenceGrant(grant *InferenceGrant) *AccessToken

func (*AccessToken) SetKind 

func (t *AccessToken) SetKind(kind livekit.ParticipantInfo_Kind) *AccessToken

func (*AccessToken) SetMetadata 

func (t *AccessToken) SetMetadata(md string) *AccessToken

func (*AccessToken) SetName 

func (t *AccessToken) SetName(name string) *AccessToken

func (*AccessToken) SetObservabilityGrant 

func (t *AccessToken) SetObservabilityGrant(grant *ObservabilityGrant) *AccessToken

func (*AccessToken) SetRoomConfig 

func (t *AccessToken) SetRoomConfig(config *livekit.RoomConfiguration) *AccessToken

func (*AccessToken) SetRoomPreset 

func (t *AccessToken) SetRoomPreset(preset string) *AccessToken

func (*AccessToken) SetSIPGrant 

func (t *AccessToken) SetSIPGrant(grant *SIPGrant) *AccessToken

func (*AccessToken) SetSha256 

func (t *AccessToken) SetSha256(sha string) *AccessToken

func (*AccessToken) SetValidFor 

func (t *AccessToken) SetValidFor(duration time.Duration) *AccessToken

func (*AccessToken) SetVideoGrant 

func (t *AccessToken) SetVideoGrant(grant *VideoGrant) *AccessToken

func (*AccessToken) ToJWT 

func (t *AccessToken) ToJWT() (string, error)

type AgentGrant 

type AgentGrant struct {
	// Admin grants to create/update/delete Cloud Agents.
	Admin bool `json:"admin,omitempty"`
}

func (*AgentGrant) Clone 

func (s *AgentGrant) Clone() *AgentGrant

func (*AgentGrant) MarshalLogObject 

func (s *AgentGrant) MarshalLogObject(e zapcore.ObjectEncoder) error

type ClaimGrants 

type ClaimGrants struct {
	Identity      string              `json:"identity,omitempty"`
	Name          string              `json:"name,omitempty"`
	Kind          string              `json:"kind,omitempty"`
	Video         *VideoGrant         `json:"video,omitempty"`
	SIP           *SIPGrant           `json:"sip,omitempty"`
	Agent         *AgentGrant         `json:"agent,omitempty"`
	Inference     *InferenceGrant     `json:"inference,omitempty"`
	Observability *ObservabilityGrant `json:"observability,omitempty"`
	// Room configuration to use if this participant initiates the room
	RoomConfig *RoomConfiguration `json:"roomConfig,omitempty"`
	// Cloud-only, config preset to use
	// when both room and roomPreset are set, parameters in room overrides the preset
	RoomPreset string `json:"roomPreset,omitempty"`
	// for verifying integrity of the message body
	Sha256   string `json:"sha256,omitempty"`
	Metadata string `json:"metadata,omitempty"`
	// Key/value attributes to attach to the participant
	Attributes map[string]string `json:"attributes,omitempty"`
}

func (*ClaimGrants) Clone 

func (c *ClaimGrants) Clone() *ClaimGrants

func (*ClaimGrants) GetParticipantKind 

func (c *ClaimGrants) GetParticipantKind() livekit.ParticipantInfo_Kind

func (*ClaimGrants) GetRoomConfiguration 

func (c *ClaimGrants) GetRoomConfiguration() *livekit.RoomConfiguration

func (*ClaimGrants) MarshalLogObject 

func (c *ClaimGrants) MarshalLogObject(e zapcore.ObjectEncoder) error

func (*ClaimGrants) SetParticipantKind 

func (c *ClaimGrants) SetParticipantKind(kind livekit.ParticipantInfo_Kind)

type FileBasedKeyProvider 

type FileBasedKeyProvider struct {
	// contains filtered or unexported fields
}

func NewFileBasedKeyProviderFromMap 

func NewFileBasedKeyProviderFromMap(keys map[string]string) *FileBasedKeyProvider

func NewFileBasedKeyProviderFromReader 

func NewFileBasedKeyProviderFromReader(r io.Reader) (p *FileBasedKeyProvider, err error)

func (*FileBasedKeyProvider) GetSecret 

func (p *FileBasedKeyProvider) GetSecret(key string) string

func (*FileBasedKeyProvider) NumKeys 

func (p *FileBasedKeyProvider) NumKeys() int

type InferenceGrant 

type InferenceGrant struct {
	// Perform grants to all inference features (LLM, STT, TTS)
	Perform bool `json:"perform,omitempty"`
}

func (*InferenceGrant) Clone 

func (s *InferenceGrant) Clone() *InferenceGrant

func (*InferenceGrant) MarshalLogObject 

func (s *InferenceGrant) MarshalLogObject(e zapcore.ObjectEncoder) error

type KeyProvider 

type KeyProvider interface {
	GetSecret(key string) string
	NumKeys() int
}

type ObservabilityGrant 

type ObservabilityGrant struct {
	// Write grants to publish observability data
	Write bool `json:"write,omitempty"`
}

func (*ObservabilityGrant) Clone 

func (s *ObservabilityGrant) Clone() *ObservabilityGrant

func (*ObservabilityGrant) MarshalLogObject 

func (s *ObservabilityGrant) MarshalLogObject(e zapcore.ObjectEncoder) error

type RoomConfiguration 

type RoomConfiguration livekit.RoomConfiguration

func (*RoomConfiguration) CheckCredentials 

func (c *RoomConfiguration) CheckCredentials() error

CheckCredentials checks if the room configuration contains sensitive credentials and returns an error if it does.

This is used to prevent sensitive credentials from being leaked to the client. It is not used to validate the credentials themselves, as that is done by the egress service.

func (*RoomConfiguration) Clone 

func (c *RoomConfiguration) Clone() *RoomConfiguration

func (*RoomConfiguration) MarshalJSON 

func (c *RoomConfiguration) MarshalJSON() ([]byte, error)

func (*RoomConfiguration) UnmarshalJSON 

func (c *RoomConfiguration) UnmarshalJSON(data []byte) error

type SIPGrant 

type SIPGrant struct {
	// Admin grants access to all SIP features.
	Admin bool `json:"admin,omitempty"`

	// Call allows making outbound SIP calls.
	Call bool `json:"call,omitempty"`
}

func (*SIPGrant) Clone 

func (s *SIPGrant) Clone() *SIPGrant

func (*SIPGrant) MarshalLogObject 

func (s *SIPGrant) MarshalLogObject(e zapcore.ObjectEncoder) error

type SimpleKeyProvider 

type SimpleKeyProvider struct {
	// contains filtered or unexported fields
}

func NewSimpleKeyProvider 

func NewSimpleKeyProvider(apiKey, apiSecret string) *SimpleKeyProvider

func (*SimpleKeyProvider) GetSecret 

func (p *SimpleKeyProvider) GetSecret(key string) string

func (*SimpleKeyProvider) NumKeys 

func (p *SimpleKeyProvider) NumKeys() int

type TokenVerifier 

type TokenVerifier interface {
	Identity() string
	Verify(key interface{}) (*ClaimGrants, error)
}

type VideoGrant 

type VideoGrant struct {
	// actions on rooms
	RoomCreate bool `json:"roomCreate,omitempty"`
	RoomList   bool `json:"roomList,omitempty"`
	RoomRecord bool `json:"roomRecord,omitempty"`

	// actions on a particular room
	RoomAdmin bool   `json:"roomAdmin,omitempty"`
	RoomJoin  bool   `json:"roomJoin,omitempty"`
	Room      string `json:"room,omitempty"`

	// permissions within a room, if none of the permissions are set explicitly
	// it will be granted with all publish and subscribe permissions
	CanPublish     *bool `json:"canPublish,omitempty"`
	CanSubscribe   *bool `json:"canSubscribe,omitempty"`
	CanPublishData *bool `json:"canPublishData,omitempty"`
	// TrackSource types that a participant may publish.
	// When set, it supersedes CanPublish. Only sources explicitly set here can be published
	CanPublishSources []string `json:"canPublishSources,omitempty"` // keys keep track of each source
	// by default, a participant is not allowed to update its own metadata
	CanUpdateOwnMetadata *bool `json:"canUpdateOwnMetadata,omitempty"`

	// actions on ingresses
	IngressAdmin bool `json:"ingressAdmin,omitempty"` // applies to all ingress

	// participant is not visible to other participants
	Hidden bool `json:"hidden,omitempty"`
	// indicates to the room that current participant is a recorder
	Recorder bool `json:"recorder,omitempty"`
	// indicates that the holder can register as an Agent framework worker
	Agent bool `json:"agent,omitempty"`

	// if a participant can subscribe to metrics
	CanSubscribeMetrics *bool `json:"canSubscribeMetrics,omitempty"`

	// destination room which this participant can forward to
	DestinationRoom string `json:"destinationRoom,omitempty"`
}

func (*VideoGrant) Clone 

func (v *VideoGrant) Clone() *VideoGrant

func (*VideoGrant) GetCanPublish 

func (v *VideoGrant) GetCanPublish() bool

func (*VideoGrant) GetCanPublishData 

func (v *VideoGrant) GetCanPublishData() bool

func (*VideoGrant) GetCanPublishSource 

func (v *VideoGrant) GetCanPublishSource(source livekit.TrackSource) bool

func (*VideoGrant) GetCanPublishSources 

func (v *VideoGrant) GetCanPublishSources() []livekit.TrackSource

func (*VideoGrant) GetCanSubscribe 

func (v *VideoGrant) GetCanSubscribe() bool

func (*VideoGrant) GetCanSubscribeMetrics 

func (v *VideoGrant) GetCanSubscribeMetrics() bool

func (*VideoGrant) GetCanUpdateOwnMetadata 

func (v *VideoGrant) GetCanUpdateOwnMetadata() bool

func (*VideoGrant) MarshalLogObject 

func (v *VideoGrant) MarshalLogObject(e zapcore.ObjectEncoder) error

func (*VideoGrant) MatchesPermission 

func (v *VideoGrant) MatchesPermission(permission *livekit.ParticipantPermission) bool

func (*VideoGrant) SetCanPublish 

func (v *VideoGrant) SetCanPublish(val bool)

func (*VideoGrant) SetCanPublishData 

func (v *VideoGrant) SetCanPublishData(val bool)

func (*VideoGrant) SetCanPublishSources 

func (v *VideoGrant) SetCanPublishSources(sources []livekit.TrackSource)

func (*VideoGrant) SetCanSubscribe 

func (v *VideoGrant) SetCanSubscribe(val bool)

func (*VideoGrant) SetCanSubscribeMetrics 

func (v *VideoGrant) SetCanSubscribeMetrics(val bool)

func (*VideoGrant) SetCanUpdateOwnMetadata 

func (v *VideoGrant) SetCanUpdateOwnMetadata(val bool)

func (*VideoGrant) ToPermission 

func (v *VideoGrant) ToPermission() *livekit.ParticipantPermission

func (*VideoGrant) UpdateFromPermission 

func (v *VideoGrant) UpdateFromPermission(permission *livekit.ParticipantPermission)

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.