From 9f1ee615626dfb2d0e96d32355d99d2e714244ab Mon Sep 17 00:00:00 2001 From: Valere Date: Thu, 2 Apr 2026 11:39:04 +0200 Subject: [PATCH] refactor rtc transport discovery and auth --- src/livekit/openIDSFU.ts | 98 +++-- .../localMember/LocalTransport.ts | 371 ++++++------------ .../RtcTransportAutoDiscovery.test.ts | 233 +++++++++++ .../localMember/RtcTransportAutoDiscovery.ts | 162 ++++++++ 4 files changed, 553 insertions(+), 311 deletions(-) create mode 100644 src/state/CallViewModel/localMember/RtcTransportAutoDiscovery.test.ts create mode 100644 src/state/CallViewModel/localMember/RtcTransportAutoDiscovery.ts diff --git a/src/livekit/openIDSFU.ts b/src/livekit/openIDSFU.ts index d3756e6c..d1f6d451 100644 --- a/src/livekit/openIDSFU.ts +++ b/src/livekit/openIDSFU.ts @@ -5,11 +5,7 @@ SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial Please see LICENSE in the repository root for full details. */ -import { - retryNetworkOperation, - type IOpenIDToken, - type MatrixClient, -} from "matrix-js-sdk"; +import { type IOpenIDToken, type MatrixClient } from "matrix-js-sdk"; import { type CallMembershipIdentityParts } from "matrix-js-sdk/lib/matrixrtc/EncryptionManager"; import { type Logger } from "matrix-js-sdk/lib/logger"; @@ -70,6 +66,7 @@ export type OpenIDClientParts = Pick< MatrixClient, "getOpenIdToken" | "getDeviceId" >; + /** * Gets a bearer token from the homeserver and then use it to authenticate * to the matrix RTC backend in order to get acces to the SFU. @@ -113,9 +110,6 @@ export async function getSFUConfigWithOpenID( ); } logger?.debug("Got openID token", openIdToken); - - logger?.info(`Trying to get JWT for focus ${serviceUrl}...`); - let sfuConfig: { url: string; jwt: string } | undefined; const tryBothJwtEndpoints = opts?.forceJwtEndpoint === undefined; // This is for SFUs where we do not publish. @@ -127,7 +121,10 @@ export async function getSFUConfigWithOpenID( // if we can use both or if we are forced to use the new one. if (tryBothJwtEndpoints || forceMatrix2Jwt) { try { - sfuConfig = await getLiveKitJWTWithDelayDelegation( + logger?.info( + `Trying to get JWT with delegation for focus ${serviceUrl}...`, + ); + const sfuConfig = await getLiveKitJWTWithDelayDelegation( membership, serviceUrl, roomId, @@ -135,33 +132,36 @@ export async function getSFUConfigWithOpenID( opts?.delayEndpointBaseUrl, opts?.delayId, ); - logger?.info(`Got JWT from call's active focus URL.`); + + return extractFullConfigFromToken(sfuConfig); } catch (e) { logger?.debug(`Failed fetching jwt with matrix 2.0 endpoint:`, e); - if (e instanceof NotSupportedError) { - logger?.warn( - `Failed fetching jwt with matrix 2.0 endpoint (retry with legacy) Not supported`, - e, - ); - sfuConfig = undefined; - } else { - logger?.warn( - `Failed fetching jwt with matrix 2.0 endpoint other issues ->`, - `(not going to try with legacy endpoint: forceOldJwtEndpoint is set to false, we did not get a not supported error from the sfu)`, - e, - ); - // Make this throw a hard error in case we force the matrix2.0 endpoint. - if (forceMatrix2Jwt) - throw new NoMatrix2AuthorizationService(e as Error); - // NEVER get bejond this point if we forceMatrix2 and it failed! - } + // Make this throw a hard error in case we force the matrix2.0 endpoint. + if (forceMatrix2Jwt) throw new NoMatrix2AuthorizationService(e as Error); + + // if (e instanceof NotSupportedError) { + // logger?.warn( + // `Failed fetching jwt with matrix 2.0 endpoint (retry with legacy) Not supported`, + // e, + // ); + // } else { + // logger?.warn( + // `Failed fetching jwt with matrix 2.0 endpoint other issues ->`, + // `(not going to try with legacy endpoint: forceOldJwtEndpoint is set to false, we did not get a not supported error from the sfu)`, + // e, + // ); + // // NEVER get bejond this point if we forceMatrix2 and it failed! + // } } } // DEPRECATED - // here we either have a sfuConfig or we alredy exited because of `if (forceMatrix2) throw ...` + // here we either have a sfuConfig or we already exited because of `if (forceMatrix2) throw ...` // The only case we can get into this condition is, if `forceMatrix2` is `false` - if (sfuConfig === undefined) { + try { + logger?.info( + `Trying to get JWT with legacy endpoint for focus ${serviceUrl}...`, + ); sfuConfig = await getLiveKitJWT( membership.deviceId, serviceUrl, @@ -169,15 +169,19 @@ export async function getSFUConfigWithOpenID( openIdToken, ); logger?.info(`Got JWT from call's active focus URL.`); + return extractFullConfigFromToken(sfuConfig); + } catch (ex) { + throw new FailToGetOpenIdToken( + ex instanceof Error ? ex : new Error(`Unknown error ${ex}`), + ); } +} - if (!sfuConfig) { - throw new Error("No `sfuConfig` after trying with old and new endpoints"); - } - - // Pull the details from the JWT +function extractFullConfigFromToken(sfuConfig: { + url: string; + jwt: string; +}): SFUConfig { const [, payloadStr] = sfuConfig.jwt.split("."); - // TODO: Prefer Uint8Array.fromBase64 when widely available const payload = JSON.parse(global.atob(payloadStr)) as SFUJWTPayload; return { jwt: sfuConfig.jwt, @@ -189,16 +193,15 @@ export async function getSFUConfigWithOpenID( livekitIdentity: payload.sub, }; } -const RETRIES = 4; + async function getLiveKitJWT( deviceId: string, livekitServiceURL: string, matrixRoomId: string, openIDToken: IOpenIDToken, ): Promise<{ url: string; jwt: string }> { - let res: Response | undefined; - await retryNetworkOperation(RETRIES, async () => { - res = await fetch(livekitServiceURL + "/sfu/get", { + const res = await doNetworkOperationWithRetry(async () => { + return await fetch(livekitServiceURL + "/sfu/get", { method: "POST", headers: { "Content-Type": "application/json", @@ -211,11 +214,7 @@ async function getLiveKitJWT( }), }); }); - if (!res) { - throw new Error( - `Network error while connecting to jwt service after ${RETRIES} retries`, - ); - } + if (!res.ok) { throw new Error("SFU Config fetch failed with status code " + res.status); } @@ -262,10 +261,8 @@ export async function getLiveKitJWTWithDelayDelegation( }; } - let res: Response | undefined; - - await retryNetworkOperation(RETRIES, async () => { - res = await fetch(livekitServiceURL + "/get_token", { + const res = await doNetworkOperationWithRetry(async () => { + return await fetch(livekitServiceURL + "/get_token", { method: "POST", headers: { "Content-Type": "application/json", @@ -274,11 +271,6 @@ export async function getLiveKitJWTWithDelayDelegation( }); }); - if (!res) { - throw new Error( - `Network error while connecting to jwt service after ${RETRIES} retries`, - ); - } if (!res.ok) { const msg = "SFU Config fetch failed with status code " + res.status; if (res.status === 404) { diff --git a/src/state/CallViewModel/localMember/LocalTransport.ts b/src/state/CallViewModel/localMember/LocalTransport.ts index cda62948..99fe1cbb 100644 --- a/src/state/CallViewModel/localMember/LocalTransport.ts +++ b/src/state/CallViewModel/localMember/LocalTransport.ts @@ -8,11 +8,11 @@ Please see LICENSE in the repository root for full details. import { type CallMembership, isLivekitTransportConfig, - type Transport, type LivekitTransportConfig, } from "matrix-js-sdk/lib/matrixrtc"; -import { MatrixError, type MatrixClient } from "matrix-js-sdk"; +import { type MatrixClient } from "matrix-js-sdk"; import { + combineLatest, distinctUntilChanged, first, from, @@ -42,6 +42,7 @@ import { } from "../../../livekit/openIDSFU.ts"; import { areLivekitTransportsEqual } from "../remoteMembers/MatrixLivekitMembers.ts"; import { customLivekitUrl } from "../../../settings/settings.ts"; +import { RtcTransportAutoDiscovery } from "./RtcTransportAutoDiscovery.ts"; const logger = rootLogger.getChild("[LocalTransport]"); @@ -171,57 +172,82 @@ export const createLocalTransport$ = ({ ), ); - /** - * The transport that we would personally prefer to publish on (if not for the - * transport preferences of others, perhaps). `null` until fetched and - * validated. - * - * @throws MatrixRTCTransportMissingError | FailToGetOpenIdToken - */ - const preferredTransport$ = - scope.behavior( - // preferredTransport$ (used for multi sfu) needs to know if we are using the old or new - // jwt endpoint (`get_token` vs `sfu/get`) based on that the jwt endpoint will compute the rtcBackendIdentity - // differently. (sha(`${userId}|${deviceId}|${memberId}`) vs `${userId}|${deviceId}|${memberId}`) - // When using sticky events (we need to use the new endpoint). - customLivekitUrl.value$.pipe( - switchMap((customUrl) => - startWith(null)( - // Fetch the SFU config, and repeat this asynchronously for every - // change in delay ID. - delayId$.pipe( - switchMap(async (delayId) => { - logger.info( - "Creating preferred transport based on: ", - "customUrl: ", - customUrl, - "delayId: ", - delayId, - "forceJwtEndpoint: ", - forceJwtEndpoint, - ); - return makeTransport( - client, - ownMembershipIdentity, - roomId, - customUrl, - forceJwtEndpoint, - delayId ?? undefined, - ); - }), - // We deliberately hide any changes to the SFU config because we - // do not actually want the app to reconnect whenever the JWT - // token changes due to us delegating a new delayed event. The - // initial SFU config for the transport is all the app needs. - distinctUntilChanged((prev, next) => - areLivekitTransportsEqual(prev.transport, next.transport), - ), - ), - ), - ), - ), + const transportDiscovery = new RtcTransportAutoDiscovery({ + client: client, + resolvedConfig: Config.get(), + wellKnownFetcher: AutoDiscovery.getRawClientConfig.bind(AutoDiscovery), + logger: logger, + }); + + const discoveredTransport$ = from( + transportDiscovery.discoverPreferredTransport(), + ); + + const preferredConfig$ = customLivekitUrl.value$ + .pipe( + startWith(null), + switchMap((customUrl) => { + if (customUrl) { + return of({ + type: "livekit", + livekit_service_url: customUrl, + } as LivekitTransportConfig); + } else { + return discoveredTransport$; + } + }), + ) + .pipe( + map((config) => { + if (!config) { + // Bubbled up from the preferredConfig$ observable. + throw new MatrixRTCTransportMissingError(client.getDomain() ?? ""); + } + return config; + }), + distinctUntilChanged(areLivekitTransportsEqual), ); + const preferredTransport$ = combineLatest([preferredConfig$, delayId$]).pipe( + switchMap(async ([transport, delayId]) => { + try { + return await doOpenIdAndJWTFromUrl( + transport.livekit_service_url, + forceJwtEndpoint, + ownMembershipIdentity, + roomId, + client, + delayId ?? undefined, + ); + } catch (e) { + if ( + e instanceof FailToGetOpenIdToken || + e instanceof NoMatrix2AuthorizationService + ) { + // rethrow as is + throw e; + } + // Catch others and rethrow as FailToGetOpenIdToken that has user friendly message. + logger.error("Failed to get JWT from preferred transport", e); + throw new FailToGetOpenIdToken( + e instanceof Error ? e : new Error(String(e)), + ); + } + }), + // TODO: I don't think this is needed anymore. + // TODO: The advertised$ will filter distinct until changed to ignore delayId, because + // we just want to check that we can authenticate with the transport, not that we + // can use the "credentials" to publish. + + // We deliberately hide any changes to the SFU config because we + // do not actually want the app to reconnect whenever the JWT + // token changes due to us delegating a new delayed event. The + // initial SFU config for the transport is all the app needs. + // distinctUntilChanged((prev, next) => + // areLivekitTransportsEqual(prev.transport, next.transport), + // ), + ); + if (useOldestMember) { // --- Oldest member mode --- return { @@ -232,7 +258,7 @@ export const createLocalTransport$ = ({ advertised$: scope.behavior( merge( oldestMemberTransport$, - preferredTransport$.pipe(map((t) => t?.transport ?? null)), + preferredTransport$.pipe(map((t) => t.transport)), ).pipe( first((t) => t !== null), tap((t) => @@ -268,6 +294,7 @@ export const createLocalTransport$ = ({ ), ), ), + null, ), }; } @@ -280,222 +307,50 @@ export const createLocalTransport$ = ({ map((t) => t?.transport ?? null), distinctUntilChanged(areLivekitTransportsEqual), ), + null, ), - active$: preferredTransport$, + active$: scope.behavior(preferredTransport$, null), }; }; -const FOCI_WK_KEY = "org.matrix.msc4143.rtc_foci"; - -/** - * Determine the correct Transport for the current session, including - * validating auth against the service to ensure it's correct. - * Prefers in order: - * - - * 1. The `urlFromDevSettings` value. If this cannot be validated, the function will throw. - * 2. The transports returned via the homeserver. - * 3. The transports returned via .well-known. - * 4. The transport configured in Element Call's config. - * - * @param client The authenticated Matrix client for the current user - * @param membership The membership identity of the user. - * @param roomId The ID of the room to be connected to. - * @param urlFromDevSettings Override URL provided by the user's local config. - * @param forceJwtEndpoint Whether to force a specific JWT endpoint - * - `Legacy` / `Matrix_2_0` - * - `get_token` / `sfu/get` - * - not hashing / hashing the backendIdentity - * @param delayId the delay id passed to the jwt service. - * - * @returns A fully validated transport config. - * @throws MatrixRTCTransportMissingError | FailToGetOpenIdToken - */ -async function makeTransport( +// Utility to ensure the user can authenticate with the SFU. +// +// We will call `getSFUConfigWithOpenID` once per transport here as it's our +// only mechanism of validation. This means we will also ask the +// homeserver for a OpenID token a few times. Since OpenID tokens are single +// use we don't want to risk any issues by re-using a token. +// +// If the OpenID request were to fail, then it's acceptable for us to fail +// this function early, as we assume the homeserver has got some problems. +async function doOpenIdAndJWTFromUrl( + url: string, + forceJwtEndpoint: JwtEndpointVersion, + membership: CallMembershipIdentityParts, + roomId: string, client: Pick< MatrixClient, "getDomain" | "baseUrl" | "_unstable_getRTCTransports" | "getAccessToken" > & OpenIDClientParts, - membership: CallMembershipIdentityParts, - roomId: string, - urlFromDevSettings: string | null, - forceJwtEndpoint: JwtEndpointVersion, delayId?: string, ): Promise { - logger.trace("Searching for a preferred transport"); - - async function doOpenIdAndJWTFromUrl( - url: string, - ): Promise { - const sfuConfig = await getSFUConfigWithOpenID( - client, - membership, - url, - roomId, - { - forceJwtEndpoint: forceJwtEndpoint, - delayEndpointBaseUrl: client.baseUrl, - delayId, - }, - logger, - ); - return { - transport: { - type: "livekit", - livekit_service_url: url, - }, - sfuConfig, - }; - } - // We will call `getSFUConfigWithOpenID` once per transport here as it's our - // only mechanism of valiation. This means we will also ask the - // homeserver for a OpenID token a few times. Since OpenID tokens are single - // use we don't want to risk any issues by re-using a token. - // - // If the OpenID request were to fail then it's acceptable for us to fail - // this function early, as we assume the homeserver has got some problems. - - // DEVTOOL: Highest priority: Load from devtool setting - if (urlFromDevSettings !== null) { - // Validate that the SFU is up. Otherwise, we want to fail on this - // as we don't permit other SFUs. - // This will call the jwt/sfu/get endpoint to pre create the livekit room. - logger.info("Using LiveKit transport from dev tools: ", urlFromDevSettings); - return await doOpenIdAndJWTFromUrl(urlFromDevSettings); - } - - async function getFirstUsableTransport( - transports: Transport[], - ): Promise { - for (const potentialTransport of transports) { - if (isLivekitTransportConfig(potentialTransport)) { - try { - logger.info( - `makeTransport: check transport authentication for "${potentialTransport.livekit_service_url}"`, - ); - // This will call the jwt/sfu/get endpoint to pre create the livekit room. - return await doOpenIdAndJWTFromUrl( - potentialTransport.livekit_service_url, - ); - } catch (ex) { - logger.debug( - `makeTransport: Could not use SFU service "${potentialTransport.livekit_service_url}" as SFU`, - ex, - ); - // Explictly throw these - if (ex instanceof FailToGetOpenIdToken) { - throw ex; - } - if (ex instanceof NoMatrix2AuthorizationService) { - throw ex; - } - } - } else { - logger.info( - `makeTransport: "${potentialTransport.livekit_service_url}" is not a valid livekit transport as SFU`, - ); - } - } - return null; - } - - let lastError: Error | undefined = undefined; - // MSC4143: Attempt to fetch transports from backend. - // TODO: Workaround for an issue in the js-sdk RoomWidgetClient that - // is not yet implementing _unstable_getRTCTransports properly (via widget API new action). - // For now we just skip this call if we are in a widget. - // In widget mode the client is a `RoomWidgetClient` which has no access token (it is using the widget API). - // Could be removed once the js-sdk is fixed (https://github.com/matrix-org/matrix-js-sdk/issues/5245) - const isSPA = !!client.getAccessToken(); - if (isSPA && "_unstable_getRTCTransports" in client) { - logger.info( - "makeTransport: First try to use getRTCTransports end point ...", - ); - try { - // TODO This should also check for server support? - const transportList = await client._unstable_getRTCTransports(); - const selectedTransport = await getFirstUsableTransport(transportList); - if (selectedTransport) { - logger.info( - "makeTransport: ...Using backend-configured (client.getRTCTransports) SFU", - selectedTransport, - ); - return selectedTransport; - } - } catch (ex) { - lastError = ex as Error; - if (ex instanceof MatrixError && ex.httpStatus === 404) { - // Expected, this is an unstable endpoint and it's not required. - // There will be expected 404 errors in the console. When we check if synapse supports the endpoint. - logger.debug( - "Matrix homeserver does not provide any RTC transports via `/rtc/transports` (will retry with well-known.)", - ); - } else if (ex instanceof FailToGetOpenIdToken) { - logger.error(`makeTransport: Failed to validate backend SFU`, ex); - throw ex; - } else { - // We got an error that wasn't just missing support for the feature, so log it loudly. - logger.error( - "Unexpected error fetching RTC transports from backend", - ex, - ); - } - } - } - - logger.info( - `makeTransport: Trying to get transports from .well-known/matrix/client on domain ${client.getDomain()} ...`, + const sfuConfig = await getSFUConfigWithOpenID( + client, + membership, + url, + roomId, + { + forceJwtEndpoint: forceJwtEndpoint, + delayEndpointBaseUrl: client.baseUrl, + delayId, + }, + logger, ); - - // Legacy MSC4143 (to be removed) WELL_KNOWN: Prioritize the .well-known/matrix/client, if available. - const domain = client.getDomain(); - if (domain) { - // we use AutoDiscovery instead of relying on the MatrixClient having already - // been fully configured and started - const wellKnownFoci = (await AutoDiscovery.getRawClientConfig(domain))?.[ - FOCI_WK_KEY - ]; - let selectedTransport: LocalTransportWithSFUConfig | null = null; - if (Array.isArray(wellKnownFoci)) { - try { - selectedTransport = await getFirstUsableTransport(wellKnownFoci); - } catch (ex) { - lastError = ex as Error; - if (ex instanceof FailToGetOpenIdToken) { - throw ex; - } - logger.error(`makeTransport: Failed to validate .well-known SFU`, ex); - } - } else { - selectedTransport = null; - } - if (selectedTransport) { - logger.info("Using .well-known SFU", selectedTransport); - return selectedTransport; - } - } - - logger.info( - `makeTransport: No valid transport found via backend or .well-known, falling back to config if available.`, - ); - - // CONFIG: Least prioritized; Load from config file - const urlFromConf = Config.get().livekit?.livekit_service_url; - if (urlFromConf) { - try { - // This will call the jwt/sfu/get endpoint to pre create the livekit room. - logger.info("Using config SFU", urlFromConf); - return await doOpenIdAndJWTFromUrl(urlFromConf); - } catch (ex) { - if (ex instanceof FailToGetOpenIdToken) { - throw ex; - } - lastError = ex as Error; - logger.error("Failed to validate config SFU", ex); - } - } - - // If we do not have returned a transport by now we throw an error - throw new MatrixRTCTransportMissingError(domain ?? "", lastError); + return { + transport: { + type: "livekit", + livekit_service_url: url, + }, + sfuConfig, + }; } diff --git a/src/state/CallViewModel/localMember/RtcTransportAutoDiscovery.test.ts b/src/state/CallViewModel/localMember/RtcTransportAutoDiscovery.test.ts new file mode 100644 index 00000000..9314b993 --- /dev/null +++ b/src/state/CallViewModel/localMember/RtcTransportAutoDiscovery.test.ts @@ -0,0 +1,233 @@ +/* +Copyright 2025 Element Creations Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial +Please see LICENSE in the repository root for full details. +*/ + +import { + beforeEach, + describe, + expect, + it, + type MockedObject, + vi, +} from "vitest"; +import { type IClientWellKnown, MatrixError } from "matrix-js-sdk"; +import { logger as rootLogger } from "matrix-js-sdk/lib/logger"; +import { + type LivekitTransportConfig, + type Transport, +} from "matrix-js-sdk/lib/matrixrtc"; + +import type { ResolvedConfigOptions } from "../../../config/ConfigOptions.ts"; +import { + RtcTransportAutoDiscovery, + type RtcTransportAutoDiscoveryProps, +} from "./RtcTransportAutoDiscovery.ts"; + +type DiscoveryClient = RtcTransportAutoDiscoveryProps["client"]; + +const backendTransport: LivekitTransportConfig = { + type: "livekit", + livekit_service_url: "https://backend.example.org", +}; + +const wellKnownTransport: LivekitTransportConfig = { + type: "livekit", + livekit_service_url: "https://well-known.example.org", +}; + +function makeClient(): MockedObject { + return { + getDomain: vi.fn().mockReturnValue("example.org"), + baseUrl: "https://matrix.example.org", + _unstable_getRTCTransports: vi.fn().mockResolvedValue([]), + getAccessToken: vi.fn().mockReturnValue("access_token"), + getOpenIdToken: vi.fn(), + getDeviceId: vi.fn(), + } as unknown as MockedObject; +} + +function makeResolvedConfig(livekitServiceUrl?: string): ResolvedConfigOptions { + return { + livekit: livekitServiceUrl + ? { + livekit_service_url: livekitServiceUrl, + } + : undefined, + } as ResolvedConfigOptions; +} + +function makeWellKnown(rtcFoci?: Transport[]): IClientWellKnown { + return { + "org.matrix.msc4143.rtc_foci": rtcFoci, + } as unknown as IClientWellKnown; +} + +describe("RtcTransportAutoDiscovery", () => { + beforeEach(() => { + vi.clearAllMocks(); + }); + const VALID_TEST_CASES: Array<{ transports: Transport[] }> = [ + { transports: [backendTransport] }, + // will pick the first livekit transport in the list, even if there are other non-livekit transports + { transports: [{ type: "not_livekit" }, backendTransport] }, + ]; + it.each(VALID_TEST_CASES)( + "prefers backend transport over well-known and app config $transports", + async ({ transports }) => { + // it("prefers backend transport over well-known and app config", async () => { + const client = makeClient(); + client._unstable_getRTCTransports.mockResolvedValue(transports); + + const wellKnownFetcher = vi + .fn<(domain: string) => Promise>() + .mockResolvedValue(makeWellKnown([wellKnownTransport])); + + const discovery = new RtcTransportAutoDiscovery({ + client, + resolvedConfig: makeResolvedConfig("https://config.example.org"), + wellKnownFetcher, + logger: rootLogger, + }); + + await expect( + discovery.discoverPreferredTransport(), + ).resolves.toStrictEqual(backendTransport); + + expect(client._unstable_getRTCTransports).toHaveBeenCalledTimes(1); + expect(wellKnownFetcher).not.toHaveBeenCalled(); + }, + ); + + it("Retries limit_exceeded backend transport over well-known", async () => { + const client = makeClient(); + client._unstable_getRTCTransports + .mockRejectedValueOnce( + new MatrixError( + { + errcode: "M_LIMIT_EXCEEDED", + error: "Too many requests", + retry_after_ms: 100, + }, + 429, + ), + ) + .mockResolvedValue([backendTransport]); + + const wellKnownFetcher = vi + .fn<(domain: string) => Promise>() + .mockResolvedValue(makeWellKnown([wellKnownTransport])); + + const discovery = new RtcTransportAutoDiscovery({ + client, + resolvedConfig: makeResolvedConfig("https://config.example.org"), + wellKnownFetcher, + logger: rootLogger, + }); + + await expect(discovery.discoverPreferredTransport()).resolves.toStrictEqual( + backendTransport, + ); + + expect(client._unstable_getRTCTransports).toHaveBeenCalledTimes(2); + expect(wellKnownFetcher).not.toHaveBeenCalled(); + }); + + const INVALID_TEST_CASES: Array<{ transports: Transport[] }> = [ + { transports: [] }, + { transports: [{ type: "not_livekit" }] }, + ]; + it.each(INVALID_TEST_CASES)( + "falls back to well-known when backend has no (valid) livekit transports $transports", + async ({ transports }) => { + const client = makeClient(); + client._unstable_getRTCTransports.mockResolvedValue(transports); + + const wellKnownFetcher = vi + .fn<(domain: string) => Promise>() + .mockResolvedValue(makeWellKnown([wellKnownTransport])); + + const discovery = new RtcTransportAutoDiscovery({ + client, + resolvedConfig: makeResolvedConfig("https://config.example.org"), + wellKnownFetcher, + logger: rootLogger, + }); + + await expect( + discovery.discoverPreferredTransport(), + ).resolves.toStrictEqual(wellKnownTransport); + + expect(wellKnownFetcher).toHaveBeenCalledWith("example.org"); + }, + ); + + it("skips backend discovery in widget mode and uses well-known", async () => { + const client = makeClient(); + // widget mode is detected by the absence of an access token + client.getAccessToken.mockReturnValue(null); + + const wellKnownFetcher = vi + .fn<(domain: string) => Promise>() + .mockResolvedValue(makeWellKnown([wellKnownTransport])); + + const discovery = new RtcTransportAutoDiscovery({ + client, + resolvedConfig: makeResolvedConfig("https://config.example.org"), + wellKnownFetcher, + logger: rootLogger, + }); + + await expect(discovery.discoverPreferredTransport()).resolves.toStrictEqual( + wellKnownTransport, + ); + + expect(client._unstable_getRTCTransports).not.toHaveBeenCalled(); + expect(wellKnownFetcher).toHaveBeenCalledWith("example.org"); + }); + + it("falls back to app config when backend fails and well-known has no rtc_foci", async () => { + const client = makeClient(); + client._unstable_getRTCTransports.mockRejectedValue( + new MatrixError({ errcode: "M_UNKNOWN" }, 404), + ); + + const wellKnownFetcher = vi + .fn<(domain: string) => Promise>() + .mockResolvedValue({} as IClientWellKnown); + + const discovery = new RtcTransportAutoDiscovery({ + client, + resolvedConfig: makeResolvedConfig("https://config.example.org"), + wellKnownFetcher, + logger: rootLogger, + }); + + await expect(discovery.discoverPreferredTransport()).resolves.toStrictEqual( + { + type: "livekit", + livekit_service_url: "https://config.example.org", + }, + ); + }); + + it("returns null when backend, well-known and config are all unavailable", async () => { + const client = makeClient(); + client._unstable_getRTCTransports.mockResolvedValue([]); + + const wellKnownFetcher = vi + .fn<(domain: string) => Promise>() + .mockResolvedValue({} as IClientWellKnown); + + const discovery = new RtcTransportAutoDiscovery({ + client, + resolvedConfig: makeResolvedConfig(undefined), + wellKnownFetcher, + logger: rootLogger, + }); + + await expect(discovery.discoverPreferredTransport()).resolves.toBeNull(); + }); +}); diff --git a/src/state/CallViewModel/localMember/RtcTransportAutoDiscovery.ts b/src/state/CallViewModel/localMember/RtcTransportAutoDiscovery.ts new file mode 100644 index 00000000..f642a3ff --- /dev/null +++ b/src/state/CallViewModel/localMember/RtcTransportAutoDiscovery.ts @@ -0,0 +1,162 @@ +/* +Copyright 2026 Element Creations Ltd. + +SPDX-License-IdFentifier: AGPL-3.0-only OR LicenseRef-Element-Commercial +Please see LICENSE in the repository root for full details. +*/ +import { + isLivekitTransportConfig, + type LivekitTransportConfig, +} from "matrix-js-sdk/lib/matrixrtc"; +import { type IClientWellKnown, type MatrixClient } from "matrix-js-sdk"; +import { type Logger } from "matrix-js-sdk/lib/logger"; + +import type { ResolvedConfigOptions } from "../../../config/ConfigOptions.ts"; +import { doNetworkOperationWithRetry } from "../../../utils/matrix.ts"; + +type TransportDiscoveryClient = Pick< + MatrixClient, + "getDomain" | "_unstable_getRTCTransports" | "getAccessToken" +>; + +export interface RtcTransportAutoDiscoveryProps { + client: TransportDiscoveryClient; + resolvedConfig: ResolvedConfigOptions; + wellKnownFetcher: (domain: string) => Promise; + logger: Logger; +} + +export class RtcTransportAutoDiscovery { + private readonly client: TransportDiscoveryClient; + private readonly resolvedConfig: ResolvedConfigOptions; + private readonly wellKnownFetcher: ( + domain: string, + ) => Promise; + private readonly logger: Logger; + + public constructor({ + client, + resolvedConfig, + wellKnownFetcher, + logger, + }: RtcTransportAutoDiscoveryProps) { + this.client = client; + this.resolvedConfig = resolvedConfig; + this.wellKnownFetcher = wellKnownFetcher; + this.logger = logger.getChild("[RtcTransportAutoDiscovery]"); + } + + public async discoverPreferredTransport(): Promise { + // 1) backend transports + const backendTransport = await this.tryBackendTransports(); + if (backendTransport) { + this.logger.info( + `Found backend transport: ${backendTransport.livekit_service_url}`, + ); + return backendTransport; + } + + this.logger.info("No backend transport found, falling back to well-known"); + // 2) .well-known transports + const wellKnownTransport = await this.tryWellKnownTransports(); + if (wellKnownTransport) { + this.logger.info( + `Found .well-known transport: ${wellKnownTransport.livekit_service_url}`, + ); + return wellKnownTransport; + } + + this.logger.info( + "No .well-known transport found, falling back to app config", + ); + + // 3) app config URL + const configTransport = this.tryConfigTransport(); + if (configTransport) { + this.logger.info( + `Found app config transport: ${configTransport.livekit_service_url}`, + ); + return configTransport; + } + + return null; + } + + private async tryBackendTransports(): Promise { + const client = this.client; + // MSC4143: Attempt to fetch transports from backend. + // TODO: Workaround for an issue in the js-sdk RoomWidgetClient that + // is not yet implementing _unstable_getRTCTransports properly (via widget API new action). + // For now we just skip this call if we are in a widget. + // In widget mode the client is a `RoomWidgetClient` which has no access token (it is using the widget API). + // Could be removed once the js-sdk is fixed (https://github.com/matrix-org/matrix-js-sdk/issues/5245) + const isSPA = !!client.getAccessToken(); + if (isSPA && "_unstable_getRTCTransports" in client) { + this.logger.info("First try to use getRTCTransports end point ..."); + try { + const transportList = await doNetworkOperationWithRetry(async () => + client._unstable_getRTCTransports(), + ); + const first = transportList.filter(isLivekitTransportConfig)[0]; + if (first) { + return first; + } else { + this.logger.info( + `No livekit transport found in getRTCTransports end point`, + transportList, + ); + } + } catch (ex) { + this.logger.info(`Failed to use getRTCTransports end point: ${ex}`); + } + } else { + this.logger.debug(`getRTCTransports end point not available`); + } + + return null; + } + + private async tryWellKnownTransports(): Promise { + // Legacy MSC4143 (to be removed) WELL_KNOWN: Prioritize the .well-known/matrix/client, if available. + const client = this.client; + const domain = client.getDomain(); + if (domain) { + // we use AutoDiscovery instead of relying on the MatrixClient having already + // been fully configured and started + + const wellKnownFoci = await this.wellKnownFetcher(domain); + + const fociConfig = wellKnownFoci["org.matrix.msc4143.rtc_foci"]; + if (fociConfig) { + if (!Array.isArray(fociConfig)) { + this.logger.warn( + `org.matrix.msc4143.rtc_foci is not an array in .well-known`, + ); + } else { + return fociConfig[0]; + } + } else { + this.logger.info( + `No .well-known "org.matrix.msc4143.rtc_foci" found for ${domain}`, + wellKnownFoci, + ); + } + } else { + // Should never happen, but just in case + this.logger.warn(`No domain configured for client`); + } + + return null; + } + + private tryConfigTransport(): LivekitTransportConfig | null { + const url = this.resolvedConfig.livekit?.livekit_service_url; + if (url) { + return { + type: "livekit", + livekit_service_url: url, + }; + } + return null; + } +}