Matrix/element-call-Github
1
0
Fork 0
mirror of https://github.com/vector-im/element-call.git synced 2026-03-28 06:50:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Actually validate lk-jwt-service response

Browse Source
This commit is contained in:
Hugh Nimmo-Smith
2025-01-22 15:47:47 +00:00
parent 4ca99f0e59
commit 3899901c34
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/livekit/openIDSFU.ts
View File

@@ -122,7 +122,23 @@ async function getLiveKitJWT(
}
try {
return await res.json();
const json = await res.json();
if (typeof json.jwt !== "string") {
// We don't need to check that the JWT is valid, because we pass it through to
// the SFU opaquely.
throw new Error("Invalid jwt field in server response: not string");
}
if (typeof json.url !== "string") {
throw new Error("Invalid url field in server response: not string");
}
if (!json.url.startsWith("wss://")) {
throw new Error("Invalid url field in server response: not a wss:// URL");
}
return {
jwt: json.jwt,
url: json.url,
};
} catch (e) {
throw new InvalidServerResponseError(url, e);
}