diff --git a/README.md b/README.md index cc2b42f..c94e966 100644 --- a/README.md +++ b/README.md @@ -52,8 +52,9 @@ The service is configured via environment variables: Variable | Description | Required --- | --- | --- `LIVEKIT_URL` | The websocket URL of the LiveKit SFU | Yes -`LIVEKIT_KEY` or `LIVEKIT_KEY_FILE` | The API key or key file path for the LiveKit SFU | Yes -`LIVEKIT_SECRET` or `LIVEKIT_SECRET_FILE` | The secret or secret file path for the LiveKit SFU | Yes +`LIVEKIT_KEY` or `LIVEKIT_KEY_FROM_FILE` | The API key or key file path for the LiveKit SFU | Yes +`LIVEKIT_SECRET` or `LIVEKIT_SECRET_FROM_FILE` | The secret or secret file path for the LiveKit SFU | Yes +`LIVEKIT_KEY_FILE` | file path to LiveKit SFU key-file format (`APIkey: secret`) | mutually exclusive with `LIVEKIT_KEY` and `LIVEKIT_SECRET` `LIVEKIT_JWT_PORT` | The port the service listens on | No - defaults to 8080 ## Disable TLS verification diff --git a/main.go b/main.go index b2c8814..65a221c 100644 --- a/main.go +++ b/main.go @@ -24,6 +24,7 @@ import ( "net/http" "os" "crypto/tls" + "strings" "time" @@ -186,27 +187,49 @@ func (h *Handler) prepareMux() *http.ServeMux { } func readKeySecret() (string, string) { + // We initialize keys & secrets from environment variables key := os.Getenv("LIVEKIT_KEY") secret := os.Getenv("LIVEKIT_SECRET") - key_path := os.Getenv("LIVEKIT_KEY_FILE") - secret_path := os.Getenv("LIVEKIT_SECRET_FILE") - if key_path != "" { - if keyBytes, err := os.ReadFile(key_path); err != nil { + // We initialize potential key & secret path from environment variables + keyPath := os.Getenv("LIVEKIT_KEY_FROM_FILE") + secretPath := os.Getenv("LIVEKIT_SECRET_FROM_FILE") + keySecretPath := os.Getenv("LIVEKIT_KEY_FILE") + + // If keySecretPath is set we read the file and split it into two parts + // It takes over any other initialization + if keySecretPath != "" { + if keySecretBytes, err := os.ReadFile(keySecretPath); err != nil { log.Fatal(err) } else { - key = string(keyBytes) + key_secrets := strings.Split(string(keySecretBytes), ":") + if len(key_secrets) != 2 { + log.Fatalf("invalid key secret file format!") + } + key = key_secrets[0] + secret = key_secrets[1] } + } else { + // If keySecretPath is not set, we try to read the key and secret from files + // If those files are not set, we return the key & secret from the environment variables + if keyPath != "" { + if keyBytes, err := os.ReadFile(keyPath); err != nil { + log.Fatal(err) + } else { + key = string(keyBytes) + } + } + + if secretPath != "" { + if secretBytes, err := os.ReadFile(secretPath); err != nil { + log.Fatal(err) + } else { + secret = string(secretBytes) + } + } + } - if secret_path != "" { - if secretBytes, err := os.ReadFile(secret_path); err != nil { - log.Fatal(err) - } else { - secret = string(secretBytes) - } - } - - return key, secret + return strings.Trim(key, " \r\n"), strings.Trim(secret, " \r\n") } func main() { diff --git a/main_test.go b/main_test.go index a1b70ea..049a544 100644 --- a/main_test.go +++ b/main_test.go @@ -240,11 +240,19 @@ func TestReadKeySecret(t *testing.T) { expectedSecret: "from_env_ahb8eiwae0viey7gee4ieNgahgeeQuie", err: false, }, + { + name: "Read from livekit keysecret", + env: map[string]string{ + "LIVEKIT_KEY_FILE": "./tests/keysecret.yaml", + }, + expectedKey: "keysecret_iethuB2LeLiNuishiaKeephei9jaatio", + expectedSecret: "keysecret_xefaingo4oos6ohla9phiMieBu3ohJi2", + }, { name: "Read from file", env: map[string]string{ - "LIVEKIT_KEY_FILE": "./tests/key", - "LIVEKIT_SECRET_FILE": "./tests/secret", + "LIVEKIT_KEY_FROM_FILE": "./tests/key", + "LIVEKIT_SECRET_FROM_FILE": "./tests/secret", }, expectedKey: "from_file_oquusheiheiw4Iegah8te3Vienguus5a", expectedSecret: "from_file_vohmahH3eeyieghohSh3kee8feuPhaim", @@ -252,8 +260,8 @@ func TestReadKeySecret(t *testing.T) { { name: "Read from file key only", env: map[string]string{ - "LIVEKIT_KEY_FILE": "./tests/key", - "LIVEKIT_SECRET": "from_env_ahb8eiwae0viey7gee4ieNgahgeeQuie", + "LIVEKIT_KEY_FROM_FILE": "./tests/key", + "LIVEKIT_SECRET": "from_env_ahb8eiwae0viey7gee4ieNgahgeeQuie", }, expectedKey: "from_file_oquusheiheiw4Iegah8te3Vienguus5a", expectedSecret: "from_env_ahb8eiwae0viey7gee4ieNgahgeeQuie", @@ -261,8 +269,8 @@ func TestReadKeySecret(t *testing.T) { { name: "Read from file secret only", env: map[string]string{ - "LIVEKIT_SECRET_FILE": "./tests/secret", - "LIVEKIT_KEY": "from_env_qui8aiTopiekiechah9oocbeimeew2O", + "LIVEKIT_SECRET_FROM_FILE": "./tests/secret", + "LIVEKIT_KEY": "from_env_qui8aiTopiekiechah9oocbeimeew2O", }, expectedKey: "from_env_qui8aiTopiekiechah9oocbeimeew2O", expectedSecret: "from_file_vohmahH3eeyieghohSh3kee8feuPhaim", diff --git a/tests/key b/tests/key index 25abdee..25f83e1 100644 --- a/tests/key +++ b/tests/key @@ -1 +1 @@ -from_file_oquusheiheiw4Iegah8te3Vienguus5a \ No newline at end of file +from_file_oquusheiheiw4Iegah8te3Vienguus5a diff --git a/tests/keysecret.yaml b/tests/keysecret.yaml new file mode 100644 index 0000000..29d1c7b --- /dev/null +++ b/tests/keysecret.yaml @@ -0,0 +1 @@ +keysecret_iethuB2LeLiNuishiaKeephei9jaatio: keysecret_xefaingo4oos6ohla9phiMieBu3ohJi2 diff --git a/tests/secret b/tests/secret index 5b93767..58bf88f 100644 --- a/tests/secret +++ b/tests/secret @@ -1 +1 @@ -from_file_vohmahH3eeyieghohSh3kee8feuPhaim \ No newline at end of file +from_file_vohmahH3eeyieghohSh3kee8feuPhaim