const express = require('express'); const router = express.Router(); const { AccessToken } = require('livekit-server-sdk'); const db = require('../db'); // Middleware to check permissions? // For now, simpler: assuming user is logged in (via x-user-id header check in frontend) // Real implementation should use the checkPermission middleware or verify session router.post('/token', async (req, res) => { const { channelId } = req.body; const userId = req.headers['x-user-id']; // Sent by frontend // Default fallback if no user (should rely on auth middleware ideally) if (!userId) { return res.status(401).json({ error: 'Unauthorized' }); } try { // 1. Get Username (for display) const userRes = await db.query('SELECT username FROM users WHERE id = $1', [userId]); if (userRes.rows.length === 0) { return res.status(404).json({ error: 'User not found' }); } const username = userRes.rows[0].username; // 2. Get Channel Name (Optional, for room name check) // Ensure channel exists and is of type 'voice' const channelRes = await db.query('SELECT id, type FROM channels WHERE id = $1', [channelId]); if (channelRes.rows.length === 0) { return res.status(404).json({ error: 'Channel not found' }); } if (channelRes.rows[0].type !== 'voice') { return res.status(400).json({ error: 'Not a voice channel' }); } // 3. Generate Token // API Key/Secret from env const apiKey = process.env.LIVEKIT_API_KEY || 'devkey'; const apiSecret = process.env.LIVEKIT_API_SECRET || 'secret'; const at = new AccessToken(apiKey, apiSecret, { identity: userId, name: username, }); at.addGrant({ roomJoin: true, room: channelId, canPublish: true, canSubscribe: true, }); const token = await at.toJwt(); res.json({ token }); } catch (err) { console.error('Error creating voice token:', err); res.status(500).json({ error: 'Server error' }); } }); module.exports = router;