livekit-server-sdk
Version:
Server-side SDK for LiveKit
101 lines (84 loc) • 3.07 kB
text/typescript
// SPDX-FileCopyrightText: 2024 LiveKit, Inc.
//
// SPDX-License-Identifier: Apache-2.0
import * as jose from 'jose';
import { describe, expect, it } from 'vitest';
import { AccessToken, TokenVerifier } from './AccessToken';
import type { ClaimGrants } from './grants';
const testApiKey = 'abcdefg';
const testSecret = 'abababa';
describe('encoded tokens are valid', () => {
const t = new AccessToken(testApiKey, testSecret, {
identity: 'me',
name: 'myname',
});
t.addGrant({ room: 'myroom' });
const EncodedTestSecret = new TextEncoder().encode(testSecret);
it('can be decoded', async () => {
const { payload } = await jose.jwtVerify(await t.toJwt(), EncodedTestSecret, {
issuer: testApiKey,
});
expect(payload).not.toBe(undefined);
});
it('has name set', async () => {
const { payload } = await jose.jwtVerify(await t.toJwt(), EncodedTestSecret, {
issuer: testApiKey,
});
expect(payload.name).toBe('myname');
});
it('has video grants set', async () => {
const { payload } = await jose.jwtVerify(await t.toJwt(), EncodedTestSecret, {
issuer: testApiKey,
});
expect(payload.video).toBeTruthy();
expect((payload as ClaimGrants).video?.room).toEqual('myroom');
});
});
describe('identity is required for only join grants', () => {
it('allows empty identity for create', async () => {
const t = new AccessToken(testApiKey, testSecret);
t.addGrant({ roomCreate: true });
expect(await t.toJwt()).toBeTruthy();
});
it('throws error when identity is not provided for join', async () => {
const t = new AccessToken(testApiKey, testSecret);
t.addGrant({ roomJoin: true });
await expect(async () => {
await t.toJwt();
}).rejects.toThrow();
});
});
describe('verify token is valid', () => {
it('can decode encoded token', async () => {
const t = new AccessToken(testApiKey, testSecret);
t.sha256 = 'abcdefg';
t.kind = 'agent';
t.addGrant({ roomCreate: true });
t.attributes = { foo: 'bar', live: 'kit' };
const v = new TokenVerifier(testApiKey, testSecret);
const decoded = await v.verify(await t.toJwt());
expect(decoded).not.toBe(undefined);
expect(decoded.sha256).toEqual('abcdefg');
expect(decoded.video?.roomCreate).toBeTruthy();
expect(decoded.kind).toEqual('agent');
expect(decoded.attributes).toEqual(t.attributes);
});
});
describe('adding grants should not overwrite existing grants', () => {
const EncodedTestSecret = new TextEncoder().encode(testSecret);
it('should not overwrite existing grants', async () => {
const t = new AccessToken(testApiKey, testSecret, {
identity: 'me',
name: 'myname',
});
t.addGrant({ roomCreate: true });
t.addGrant({ roomJoin: true });
const { payload }: jose.JWTVerifyResult<ClaimGrants> = await jose.jwtVerify(
await t.toJwt(),
EncodedTestSecret,
{ issuer: testApiKey },
);
expect(payload.video?.roomCreate).toBeTruthy();
expect(payload.video?.roomJoin).toBeTruthy();
});
});