Initial support for getting SFO config using OIDC

* Change `jwt_service_url` to `livekit_service_url`
 * Make it a POST so we can send the openID token sensibly
 * Get an OIDC token & pass it with the request
 * Read the SFU URL from there too

and convert the auth server accordingly, althugh with no actual OIDC
support yet, it just issues tokens blindly just as before and ignores
the openid token completely.

We'll need to update configs & the JWT service before merging this.

backend/auth/server.go

@@ -15,41 +15,74 @@ type Handler struct {
 	key, secret string
 }
 
+type OpenIDTokenType struct {
+}
+
+type SFURequest struct {
+	Room           string          `json:"room"`
+	OpenIDToken    OpenIDTokenType `json:"openid_token"`
+	DeviceID       string          `json:"device_id"`
+	RemoveMeUserID string          `json:"remove_me_user_id"` // we'll get this from OIDC
+}
+
+type SFUResponse struct {
+	URL string `json:"url"`
+	JWT string `json:"jwt"`
+}
+
 func (h *Handler) handle(w http.ResponseWriter, r *http.Request) {
 	log.Printf("Request from %s", r.RemoteAddr)
 
 	// Set the CORS headers
 	w.Header().Set("Access-Control-Allow-Origin", "*")
-	w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
-	w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
+	w.Header().Set("Access-Control-Allow-Methods", "POST")
+	w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token")
 
 	// Handle preflight request (CORS)
 	if r.Method == "OPTIONS" {
 		w.WriteHeader(http.StatusOK)
 		return
+	} else if r.Method == "POST" {
+		var body SFURequest
+		err := json.NewDecoder(r.Body).Decode(&body)
+		if err != nil {
+			log.Printf("Error decoding JSON: %v", err)
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+
+		if body.Room == "" {
+			log.Printf("Request missing room")
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+
+		token, err := getJoinToken(h.key, h.secret, body.Room, body.RemoveMeUserID+":"+body.DeviceID)
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+
+		res := SFUResponse{URL: "http://localhost:7880/", JWT: token}
+
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(res)
+	} else {
+		w.WriteHeader(http.StatusMethodNotAllowed)
 	}
 
-	roomName := r.URL.Query().Get("roomName")
-	name := r.URL.Query().Get("name")
-	identity := r.URL.Query().Get("identity")
+	/*
+		roomName := r.URL.Query().Get("roomName")
+		name := r.URL.Query().Get("name")
+		identity := r.URL.Query().Get("identity")
 
-	log.Printf("roomName: %s, name: %s, identity: %s", roomName, name, identity)
+		log.Printf("roomName: %s, name: %s, identity: %s", roomName, name, identity)
 
-	if roomName == "" || name == "" || identity == "" {
-		w.WriteHeader(http.StatusBadRequest)
-		return
-	}
-
-	token, err := getJoinToken(h.key, h.secret, roomName, identity, name)
-	if err != nil {
-		w.WriteHeader(http.StatusInternalServerError)
-		return
-	}
-
-	res := Response{token}
-
-	w.Header().Set("Content-Type", "application/json")
-	json.NewEncoder(w).Encode(res)
+		if roomName == "" || name == "" || identity == "" {
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+	*/
 }
 
 func main() {
@@ -68,15 +101,11 @@ func main() {
 		secret: secret,
 	}
 
-	http.HandleFunc("/token", handler.handle)
+	http.HandleFunc("/sfu/get", handler.handle)
 	log.Fatal(http.ListenAndServe(":8080", nil))
 }
 
-type Response struct {
-	Token string `json:"accessToken"`
-}
-
-func getJoinToken(apiKey, apiSecret, room, identity, name string) (string, error) {
+func getJoinToken(apiKey, apiSecret, room, identity string) (string, error) {
 	at := auth.NewAccessToken(apiKey, apiSecret)
 
 	canPublish := true
@@ -91,8 +120,7 @@ func getJoinToken(apiKey, apiSecret, room, identity, name string) (string, error
 
 	at.AddGrant(grant).
 		SetIdentity(identity).
-		SetValidFor(time.Hour).
-		SetName(name)
+		SetValidFor(time.Hour)
 
 	return at.ToJWT()
 }