JaaS JWT creation and retrieval

reszkojr · reszkojr · commit ff9353206f0b · 2024-02-28T01:37:21.000-03:00
diff --git a/.gitignore b/.gitignore
@@ -126,4 +126,6 @@ local_settings.py
 
 .env
 .venv/
-db.sqlite3
+db.sqlite3
+jitsi_key.pem
+jitsi-key.pem
diff --git a/authentication/jaasjwt.py b/authentication/jaasjwt.py
@@ -0,0 +1,175 @@
+# https://github.com/8x8/jaas_demo/blob/main/jaas-jwt-samples/python/jass-jwt.py
+
+import sys
+import os
+import time
+import uuid
+from authlib.jose import jwt
+
+
+class JaaSJwtBuilder:
+    """
+        The JaaSJwtBuilder class helps with the generation of the JaaS JWT.
+    """
+
+    EXP_TIME_DELAY_SEC = 7200
+    # Used as a delay for the exp claim value.
+
+    NBF_TIME_DELAY_SEC = 10
+    # Used as a delay for the nbf claim value.
+
+    def __init__(self) -> None:
+        self.header = {'alg': 'RS256'}
+        self.userClaims = {}
+        self.featureClaims = {}
+        self.payloadClaims = {}
+
+    def withDefaults(self):
+        """Returns the JaaSJwtBuilder with default valued claims."""
+        return self.withExpTime(int(time.time() + JaaSJwtBuilder.EXP_TIME_DELAY_SEC)) \
+            .withNbfTime(int(time.time() - JaaSJwtBuilder.NBF_TIME_DELAY_SEC)) \
+            .withLiveStreamingEnabled(False) \
+            .withRecordingEnabled(False) \
+            .withOutboundCallEnabled(False) \
+            .withTranscriptionEnabled(False) \
+            .withModerator(True) \
+            .withRoomName('*') \
+            .withUserId(str(uuid.uuid4()))
+
+    def withApiKey(self, apiKey):
+        """
+        Returns the JaaSJwtBuilder with the kid claim(apiKey) set.
+
+        :param apiKey A string as the API Key https://jaas.8x8.vc/#/apikeys
+        """
+        self.header['kid'] = apiKey
+        return self
+
+    def withUserAvatar(self, avatarUrl):
+        """
+        Returns the JaaSJwtBuilder with the avatar claim set.
+
+        :param avatarUrl A string representing the url to get the user avatar.
+        """
+        self.userClaims['avatar'] = avatarUrl
+        return self
+
+    def withModerator(self, isModerator):
+        """
+        Returns the JaaSJwtBuilder with the moderator claim set.
+
+        :param isModerator A boolean if set to True, user is moderator and False otherwise.
+        """
+        self.userClaims['moderator'] = 'true' if isModerator == True else 'false'
+        return self
+
+    def withUserName(self, userName):
+        """
+        Returns the JaaSJwtBuilder with the name claim set.
+
+        :param userName A string representing the user's name.
+        """
+        self.userClaims['name'] = userName
+        return self
+
+    def withUserEmail(self, userEmail):
+        """
+        Returns the JaaSJwtBuilder with the email claim set.
+
+        :param userEmail A string representing the user's email address.
+        """
+        self.userClaims['email'] = userEmail
+        return self
+
+    def withLiveStreamingEnabled(self, isEnabled):
+        """
+        Returns the JaaSJwtBuilder with the livestreaming claim set.
+
+        :param isEnabled A boolean if set to True, live streaming is enabled and False otherwise.
+        """
+        self.featureClaims['livestreaming'] = 'true' if isEnabled == True else 'false'
+        return self
+
+    def withRecordingEnabled(self, isEnabled):
+        """
+        Returns the JaaSJwtBuilder with the recording claim set.
+
+        :param isEnabled A boolean if set to True, recording is enabled and False otherwise.
+        """
+        self.featureClaims['recording'] = 'true' if isEnabled == True else 'false'
+        return self
+
+    def withTranscriptionEnabled(self, isEnabled):
+        """
+        Returns the JaaSJwtBuilder with the transcription claim set.
+
+        :param isEnabled A boolean if set to True, transcription is enabled and False otherwise.
+        """
+        self.featureClaims['transcription'] = 'true' if isEnabled == True else 'false'
+        return self
+
+    def withOutboundCallEnabled(self, isEnabled):
+        """
+        Returns the JaaSJwtBuilder with the outbound-call claim set.
+
+        :param isEnabled A boolean if set to True, outbound calls are enabled and False otherwise.
+        """
+        self.featureClaims['outbound-call'] = 'true' if isEnabled == True else 'false'
+        return self
+
+    def withExpTime(self, expTime):
+        """
+        Returns the JaaSJwtBuilder with exp claim set. Use the defaults, you won't have to change this value too much.
+
+        :param expTime Unix time in seconds since epochs plus a delay. Expiration time of the JWT.
+        """
+        self.payloadClaims['exp'] = expTime
+        return self
+
+    def withNbfTime(self, nbfTime):
+        """
+        Returns the JaaSJwtBuilder with nbf claim set. Use the defaults, you won't have to change this value too much.
+
+        :param nbfTime Unix time in seconds since epochs.
+        """
+        self.payloadClaims['nbfTime'] = nbfTime
+        return self
+
+    def withRoomName(self, roomName):
+        """
+        Returns the JaaSJwtBuilder with room claim set.
+
+        :param roomName A string representing the room to join.
+        """
+        self.payloadClaims['room'] = roomName
+        return self
+
+    def withAppID(self, AppId):
+        """
+        Returns the JaaSJwtBuilder with the sub claim set.
+
+        :param AppId A string representing the unique AppID (previously tenant).
+        """
+        self.payloadClaims['sub'] = AppId
+        return self
+
+    def withUserId(self, userId):
+        """
+        Returns the JaaSJwtBuilder with the id claim set.
+
+        :param A string representing the user, should be unique from your side.
+        """
+        self.userClaims['id'] = userId
+        return self
+
+    def signWith(self, key):
+        """
+        Returns a signed JWT.
+
+        :param key A string representing the private key in PEM format.
+        """
+        context = {'user': self.userClaims, 'features': self.featureClaims}
+        self.payloadClaims['context'] = context
+        self.payloadClaims['iss'] = 'chat'
+        self.payloadClaims['aud'] = 'jitsi'
+        return jwt.encode(self.header, self.payloadClaims, key)
diff --git a/authentication/urls.py b/authentication/urls.py
@@ -8,7 +8,9 @@
 urlpatterns = [
     path("register/", views.RegisterView.as_view()),
     path("token/", views.MyTokenObtainPairView.as_view(), name="token_obtain_pair"),
+    path("token/jaas", views.RetrieveJaasToken.as_view(), name="jaas_jwt"),
     path("token/refresh", TokenRefreshView.as_view(), name="token_refresh"),
     path("token/check", TokenVerifyView.as_view(), name="token_check"),
-    path("me/", views.UserInformation.as_view(), name="my_profile"), 
+    path("me/", views.UserInformation.as_view(), name="my_profile"),
+
 ]
diff --git a/authentication/views.py b/authentication/views.py
@@ -1,10 +1,14 @@
+import os
 from rest_framework import views, permissions, status, generics
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework_simplejwt.views import TokenObtainPairView
 from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
 
+from pathlib import Path
+
 from authentication.models import ManthanoUser
+from .jaasjwt import JaaSJwtBuilder
 from . import serializers
 
 
@@ -32,3 +36,32 @@ class UserInformation(APIView):
     def get(self, request):
         serializer = serializers.UserSerializer(request.user)
         return Response(serializer.data)
+
+
+class RetrieveJaasToken(APIView):
+    permission_classes = [permissions.IsAuthenticated]
+
+    def get(self, request):
+        from decouple import config
+
+        try:
+            BASE_DIR = Path(__file__).resolve().parent.parent
+            fp = os.path.join(BASE_DIR, 'jitsi-key.pem')
+            private_key = open(fp, 'r')
+        except Exception as e:
+            print(e)
+            return Response('There was an error while reading Jitsi private API key.', status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+
+        user = request.user
+
+        jaasJWT = JaaSJwtBuilder()
+
+        token = jaasJWT.withDefaults() \
+            .withUserName(user.username) \
+            .withUserEmail(user.email) \
+            .withUserId(user.id) \
+            .withApiKey(config('JITSI_API_KEY')) \
+            .withAppID(config('JITSI_APP_ID')) \
+            .signWith(private_key.read())
+
+        return Response(token)
