more testing

Author: davidliu

livekit-android-sdk/src/main/java/io/livekit/android/token/CachingTokenSource.kt

@@ -120,7 +120,7 @@ private val defaultValidator: TokenValidator = { options, response ->
 /**
  * Validates whether the JWT token is still valid.
  */
-fun TokenSourceResponse.hasValidToken(tolerance: Duration = 60.seconds): Boolean {
+fun TokenSourceResponse.hasValidToken(tolerance: Duration = 60.seconds, date: Date = Date()): Boolean {
     try {
         val jwt = JWTPayload(participantToken)
         val now = Date()
@@ -130,7 +130,7 @@ fun TokenSourceResponse.hasValidToken(tolerance: Duration = 60.seconds): Boolean
         val isBefore = nbf != null && now.before(nbf)
         val hasExpired = expiresAt != null && now.after(Date(expiresAt.time + tolerance.inWholeMilliseconds))
 
-        return isBefore || hasExpired
+        return !isBefore && !hasExpired
     } catch (e: Exception) {
         LKLog.i(e) { "Could not validate existing token" }
         return false

livekit-android-sdk/src/main/java/io/livekit/android/token/EndpointTokenSource.kt

@@ -39,9 +39,15 @@ internal class EndpointTokenSourceImpl(
     override val headers: Map<String, String>,
 ) : EndpointTokenSource
 
-internal class SandboxTokenSource(sandboxId: String) : EndpointTokenSource {
-    override val url: URL = URL("https://cloud-api.livekit.io/api/sandbox/connection-details")
-    override val headers: Map<String, String> = mapOf("X-Sandbox-ID" to sandboxId)
+data class SandboxTokenServerOptions(
+    val baseUrl: String? = null,
+)
+
+internal class SandboxTokenSource(sandboxId: String, options: SandboxTokenServerOptions) : EndpointTokenSource {
+    override val url: URL = URL("${options.baseUrl ?: "https://cloud-api.livekit.io"}/api/v2/sandbox/connection-details")
+    override val headers: Map<String, String> = mapOf(
+        "X-Sandbox-ID" to sandboxId,
+    )
 }
 
 internal interface EndpointTokenSource : ConfigurableTokenSource {
@@ -60,18 +66,21 @@ internal interface EndpointTokenSource : ConfigurableTokenSource {
         try {
             val okHttpClient = globalOkHttpClient
 
-            val encodeJson = Json {
+            val snakeCaseJson = Json {
                 namingStrategy = JsonNamingStrategy.SnakeCase
                 ignoreUnknownKeys = true
             }
-            val decodeJson = Json {
+
+            // v1 token server returns camelCase keys
+            val camelCaseJson = Json {
                 ignoreUnknownKeys = true
             }
-            val body = encodeJson.encodeToString(options)
+            val body = snakeCaseJson.encodeToString(options)
 
             val request = Request.Builder()
                 .url(url)
                 .method(method, body.toRequestBody())
+                .addHeader("Content-Type", "application/json")
                 .apply {
                     headers.forEach { (key, value) ->
                         addHeader(key, value)
@@ -83,18 +92,26 @@ internal interface EndpointTokenSource : ConfigurableTokenSource {
             call.enqueue(
                 object : Callback {
                     override fun onResponse(call: Call, response: Response) {
-                        val body = response.body
-                        if (body == null) {
+                        val bodyStr = response.body?.string()
+                        if (bodyStr == null) {
                             continuation.resumeWithException(NullPointerException("No response returned from server"))
                             return
                         }
 
-                        val tokenResponse: TokenSourceResponse
+                        var tokenResponse: TokenSourceResponse? = null
                         try {
-                            tokenResponse = decodeJson.decodeFromString<TokenSourceResponse>(body.string())
+                            tokenResponse = snakeCaseJson.decodeFromString<TokenSourceResponse>(bodyStr)
                         } catch (e: Exception) {
-                            continuation.resumeWithException(e)
-                            return
+                        }
+
+                        if (tokenResponse == null) {
+                            // snake_case decoding failed, try camelCase decoding for v1 back compatibility
+                            try {
+                                tokenResponse = camelCaseJson.decodeFromString<TokenSourceResponse>(bodyStr)
+                            } catch (e: Exception) {
+                                continuation.resumeWithException(IllegalArgumentException("Failed to decode response from token server", e))
+                                return
+                            }
                         }
 
                         continuation.resume(tokenResponse)

livekit-android-sdk/src/main/java/io/livekit/android/token/JWTPayload.kt

@@ -32,8 +32,7 @@ class JWTPayload(token: String) {
 
     /**
      * Date specifying the time
-     * [before which this token is invalid](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25#section-4.1.5)
-     * .
+     * [before which this token is invalid](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25#section-4.1.5).
      */
     val notBefore: Date?
 

livekit-android-sdk/src/main/java/io/livekit/android/token/TokenSource.kt

@@ -52,6 +52,7 @@ data class RoomAgentDispatch(
     val metadata: String,
 )
 
+@SuppressLint("UnsafeOptInUsageError")
 @Serializable
 data class TokenSourceResponse(val serverUrl: String, val participantToken: String)
 
@@ -64,25 +65,43 @@ interface TokenSource {
         fun fromLiteral(serverUrl: String, participantToken: String): FixedTokenSource = LiteralTokenSource(serverUrl, participantToken)
 
         /**
-         * Creates a [ConfigurableTokenSource] that executes [block] to fetch the [TokenSourceResponse].
+         * Creates a custom [ConfigurableTokenSource] that executes [block] to fetch the credentials..
          */
         fun fromCustom(block: suspend (options: TokenRequestOptions) -> TokenSourceResponse): ConfigurableTokenSource = CustomTokenSource(block)
 
+        /**
+         * Creates a [ConfigurableTokenSource] that fetches from a given [url] using the standard token server format.
+         */
         fun fromEndpoint(url: URL, method: String = "POST", headers: Map<String, String> = emptyMap()): ConfigurableTokenSource = EndpointTokenSourceImpl(
             url = url,
             method = method,
             headers = headers,
         )
+
+        /**
+         * Creates a [ConfigurableTokenSource] that fetches from a sandbox token server for credentials,
+         * which supports quick prototyping/getting started types of use cases.
+         *
+         * Note: This token provider is **insecure** and should **not** be used in production.
+         */
+        fun fromSandboxTokenServer(sandboxId: String, options: SandboxTokenServerOptions = SandboxTokenServerOptions()): ConfigurableTokenSource = SandboxTokenSource(
+            sandboxId = sandboxId,
+            options = options,
+        )
+
     }
 }
 
 /**
- * A non-configurable token source that
+ * A non-configurable token source that does not take any options.
  */
 interface FixedTokenSource : TokenSource {
     suspend fun fetch(): TokenSourceResponse
 }
 
+/**
+ * A configurable token source takes in a [TokenRequestOptions] when requesting credentials.
+ */
 interface ConfigurableTokenSource : TokenSource {
-    suspend fun fetch(options: TokenRequestOptions): TokenSourceResponse
+    suspend fun fetch(options: TokenRequestOptions = TokenRequestOptions()): TokenSourceResponse
 }

livekit-android-test/src/test/java/io/livekit/android/token/CachingTokenSourceTest.kt

@@ -0,0 +1,119 @@
+package io.livekit.android.token
+
+import io.livekit.android.test.BaseTest
+import kotlinx.coroutines.ExperimentalCoroutinesApi
+import okhttp3.mockwebserver.MockResponse
+import okhttp3.mockwebserver.MockWebServer
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNotEquals
+import org.junit.Assert.assertTrue
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import java.util.Date
+
+@OptIn(ExperimentalCoroutinesApi::class)
+// JWTPayload requires Android Base64 implementation, so robolectric runner needed.
+@RunWith(RobolectricTestRunner::class)
+class CachingTokenSourceTest : BaseTest() {
+
+    @Test
+    fun tokenIsValid() {
+        val tokenResponse = TokenSourceResponse(
+            "wss://www.example.com",
+            JWTPayloadTest.TEST_TOKEN,
+        )
+
+        assertTrue(tokenResponse.hasValidToken(date = Date(5000000000000)))
+    }
+
+    @Test
+    fun tokenBeforeNbfIsInvalid() {
+        val tokenResponse = TokenSourceResponse(
+            "wss://www.example.com",
+            JWTPayloadTest.TEST_TOKEN,
+        )
+
+        assertTrue(tokenResponse.hasValidToken(date = Date(0)))
+    }
+
+    @Test
+    fun tokenAfterExpIsInvalid() {
+        val tokenResponse = TokenSourceResponse(
+            "wss://www.example.com",
+            JWTPayloadTest.TEST_TOKEN,
+        )
+
+        assertTrue(tokenResponse.hasValidToken(date = Date(9999999990000)))
+    }
+
+    @Test
+    fun cachedValidTokenOnlyFetchedOnce() = runTest {
+
+        val server = MockWebServer()
+        server.enqueue(
+            MockResponse().setBody(
+                """{
+    "serverUrl": "wss://www.example.com",
+    "roomName": "room-name",
+    "participantName": "participant-name",
+    "participantToken": "${JWTPayloadTest.TEST_TOKEN}"
+}""",
+            ),
+        )
+
+        val source = TokenSource
+            .fromEndpoint(server.url("/").toUrl())
+            .cached()
+
+
+        val firstResponse = source.fetch()
+        val secondResponse = source.fetch()
+
+        assertEquals(firstResponse, secondResponse)
+        assertEquals(1, server.requestCount)
+    }
+
+    @Test
+    fun cachedInvalidTokenRefetched() = runTest {
+
+        val server = MockWebServer()
+        server.enqueue(
+            MockResponse().setBody(
+                """{
+    "serverUrl": "wss://www.example.com",
+    "roomName": "room-name",
+    "participantName": "participant-name",
+    "participantToken": "${EXPIRED_TOKEN}"
+}""",
+            ),
+        )
+        server.enqueue(
+            MockResponse().setBody(
+                """{
+    "serverUrl": "wss://www.example.com",
+    "roomName": "room-name",
+    "participantName": "participant-name",
+    "participantToken": "${JWTPayloadTest.TEST_TOKEN}"
+}""",
+            ),
+        )
+
+        val source = TokenSource
+            .fromEndpoint(server.url("/").toUrl())
+            .cached()
+
+        val firstResponse = source.fetch()
+        val secondResponse = source.fetch()
+
+        assertNotEquals(firstResponse, secondResponse)
+        assertEquals(2, server.requestCount)
+    }
+
+    companion object {
+        // Token with an nbf and exp of 0 seconds.
+        const val EXPIRED_TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjlhMzJiZTg2NzkyZTM3Nm" +
+            "I3ZTBlMmIyNjVjMjY1YTA5In0.eyJpYXQiOjAsIm5iZiI6MCwiZXhwIjowfQ.8oV9K-CeULScAjFIK2O7sxEGUD7" +
+            "su3kCQv3Q8rhk0Hg_AuzQixJfz2Pt0rJUwLWhF0mSlcYMUKdR0yp12RfrdA"
+    }
+}

livekit-android-test/src/test/java/io/livekit/android/token/JWTPayloadTest.kt

@@ -26,6 +26,10 @@ import java.util.Date
 @RunWith(RobolectricTestRunner::class)
 class JWTPayloadTest {
     companion object {
+        // Test JWT created for test purposes only.
+        // Does not actually auth against anything.
+        // Nbf date set at 1234567890 seconds (Fri Feb 13 2009 23:31:30 GMT+0000)
+        // Exp date set at 9876543210 seconds (Fri Dec 22 2282 20:13:30 GMT+0000)
         const val TEST_TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImRiY2UzNm" +
             "JkNjBjZDI5NWM2ODExNTBiMGU2OGFjNGU5In0.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZXhwIjo" +
             "5ODc2NTQzMjEwLCJuYmYiOjEyMzQ1Njc4OTAsImlhdCI6MTIzNDU2Nzg5MH0.sYQ-blJC16BL" +

livekit-android-test/src/test/java/io/livekit/android/token/TokenSourceTest.kt

@@ -25,9 +25,15 @@ import okhttp3.mockwebserver.MockResponse
 import okhttp3.mockwebserver.MockWebServer
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertTrue
+import org.junit.Ignore
 import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+import java.util.Date
 
 @OptIn(ExperimentalCoroutinesApi::class)
+// JWTPayload requires Android Base64 implementation, so robolectric runner needed.
+@RunWith(RobolectricTestRunner::class)
 class TokenSourceTest : BaseTest() {
 
     @Test
@@ -68,7 +74,7 @@ class TokenSourceTest : BaseTest() {
     "serverUrl": "wss://www.example.com",
     "roomName": "room-name",
     "participantName": "participant-name",
-    "participantToken": "$TEST_TOKEN"
+    "participantToken": "token"
 }""",
             ),
         )
@@ -101,9 +107,13 @@ class TokenSourceTest : BaseTest() {
 
         val response = source.fetch(options)
         assertEquals("wss://www.example.com", response.serverUrl)
-        assertEquals(TEST_TOKEN, response.participantToken)
+        assertEquals("token", response.participantToken)
 
         val request = server.takeRequest()
+
+        assertEquals("POST", request.method)
+        assertEquals("world", request.headers["hello"])
+
         val requestBody = request.body.readUtf8()
 
         println(requestBody)
@@ -114,12 +124,38 @@ class TokenSourceTest : BaseTest() {
         assertEquals("room-name", json["room_name"]?.jsonPrimitive?.content)
     }
 
-    companion object {
-        // Test JWT created for test purposes only.
-        // Does not actually auth against anything.
-        const val TEST_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3NTkyMzczNDcsImlkZW50aXR5IjoiaW1tdX" +
-            "RhYmxlLXZhdWx0IiwiaXNzIjoiQVBJWFJ1eG1WM2ZBWlFMIiwibmJmIjoxNzU5MjM2NDQ3LCJzdWIiOiJpbW11dGFibGUtdmF1bHQi" +
-            "LCJ2aWRlbyI6eyJjYW5VcGRhdGVPd25NZXRhZGF0YSI6dHJ1ZSwicm9vbSI6ImhlbGxvIiwicm9vbUpvaW4iOnRydWUsInJvb21MaX" +
-            "N0Ijp0cnVlfX0.Oy2vTdWyOP3n7swwMhM2zHA_uB9S75iaDTT-IN-eWss"
+
+    @Ignore("For manual testing only.")
+    @Test
+    fun testTokenServer() = runTest {
+        val source = TokenSource.fromSandboxTokenServer(
+            "", // Put sandboxId here to test manually.
+        )
+        val options = TokenRequestOptions(
+            roomName = "room-name",
+            participantName = "participant-name",
+            participantIdentity = "participant-identity",
+            participantMetadata = "participant-metadata",
+            roomConfiguration = RoomConfiguration(
+                name = "room-name",
+                emptyTimeout = 10,
+                departureTimeout = 10,
+                maxParticipants = 100,
+                metadata = "room-metadata",
+                minPlayoutDelay = 1,
+                maxPlayoutDelay = 1,
+                syncStreams = 1,
+                agents = RoomAgentDispatch(
+                    agentName = "agent-name",
+                    metadata = "agent-metadata",
+                ),
+            ),
+        )
+
+        val response = source.fetch(options)
+        println(response)
+
+        assertTrue(response.hasValidToken())
     }
+
 }