npm - livekit-client - Versions diffs - 1.12.2 → 1.13.0 - Mend

livekit-client 1.12.2 → 1.13.0

Files changed (114) hide show

package/dist/livekit-client.e2ee.worker.js +1 -1
package/dist/livekit-client.e2ee.worker.js.map +1 -1
package/dist/livekit-client.e2ee.worker.mjs +83 -9
package/dist/livekit-client.e2ee.worker.mjs.map +1 -1
package/dist/livekit-client.esm.mjs +2239 -1975
package/dist/livekit-client.esm.mjs.map +1 -1
package/dist/livekit-client.umd.js +1 -1
package/dist/livekit-client.umd.js.map +1 -1
package/dist/src/api/SignalClient.d.ts +2 -5
package/dist/src/api/SignalClient.d.ts.map +1 -1
package/dist/src/connectionHelper/checks/turn.d.ts.map +1 -1
package/dist/src/connectionHelper/checks/webrtc.d.ts.map +1 -1
package/dist/src/connectionHelper/checks/websocket.d.ts.map +1 -1
package/dist/src/e2ee/E2eeManager.d.ts +5 -0
package/dist/src/e2ee/E2eeManager.d.ts.map +1 -1
package/dist/src/e2ee/KeyProvider.d.ts +4 -2
package/dist/src/e2ee/KeyProvider.d.ts.map +1 -1
package/dist/src/e2ee/constants.d.ts +2 -0
package/dist/src/e2ee/constants.d.ts.map +1 -1
package/dist/src/e2ee/types.d.ts +7 -1
package/dist/src/e2ee/types.d.ts.map +1 -1
package/dist/src/e2ee/utils.d.ts +1 -0
package/dist/src/e2ee/utils.d.ts.map +1 -1
package/dist/src/e2ee/worker/FrameCryptor.d.ts +4 -2
package/dist/src/e2ee/worker/FrameCryptor.d.ts.map +1 -1
package/dist/src/e2ee/worker/ParticipantKeyHandler.d.ts.map +1 -1
package/dist/src/e2ee/worker/SifGuard.d.ts +11 -0
package/dist/src/e2ee/worker/SifGuard.d.ts.map +1 -0
package/dist/src/options.d.ts +5 -0
package/dist/src/options.d.ts.map +1 -1
package/dist/src/proto/livekit_models_pb.d.ts.map +1 -1
package/dist/src/proto/livekit_rtc_pb.d.ts.map +1 -1
package/dist/src/room/DeviceManager.d.ts +1 -0
package/dist/src/room/DeviceManager.d.ts.map +1 -1
package/dist/src/room/RTCEngine.d.ts.map +1 -1
package/dist/src/room/Room.d.ts +1 -1
package/dist/src/room/Room.d.ts.map +1 -1
package/dist/src/room/defaults.d.ts.map +1 -1
package/dist/src/room/participant/LocalParticipant.d.ts.map +1 -1
package/dist/src/room/participant/Participant.d.ts +5 -0
package/dist/src/room/participant/Participant.d.ts.map +1 -1
package/dist/src/room/participant/RemoteParticipant.d.ts +0 -5
package/dist/src/room/participant/RemoteParticipant.d.ts.map +1 -1
package/dist/src/room/participant/publishUtils.d.ts +1 -1
package/dist/src/room/participant/publishUtils.d.ts.map +1 -1
package/dist/src/room/timers.d.ts +2 -2
package/dist/src/room/timers.d.ts.map +1 -1
package/dist/src/room/track/LocalAudioTrack.d.ts +9 -1
package/dist/src/room/track/LocalAudioTrack.d.ts.map +1 -1
package/dist/src/room/track/LocalTrack.d.ts +3 -3
package/dist/src/room/track/LocalTrack.d.ts.map +1 -1
package/dist/src/room/track/LocalVideoTrack.d.ts +6 -0
package/dist/src/room/track/LocalVideoTrack.d.ts.map +1 -1
package/dist/src/room/track/RemoteAudioTrack.d.ts.map +1 -1
package/dist/src/room/track/options.d.ts +1 -0
package/dist/src/room/track/options.d.ts.map +1 -1
package/dist/src/room/track/processor/types.d.ts +13 -2
package/dist/src/room/track/processor/types.d.ts.map +1 -1
package/dist/src/room/types.d.ts +1 -1
package/dist/src/room/types.d.ts.map +1 -1
package/dist/ts4.2/src/api/SignalClient.d.ts +2 -5
package/dist/ts4.2/src/e2ee/E2eeManager.d.ts +5 -0
package/dist/ts4.2/src/e2ee/KeyProvider.d.ts +4 -2
package/dist/ts4.2/src/e2ee/constants.d.ts +2 -0
package/dist/ts4.2/src/e2ee/types.d.ts +7 -1
package/dist/ts4.2/src/e2ee/utils.d.ts +1 -0
package/dist/ts4.2/src/e2ee/worker/FrameCryptor.d.ts +4 -2
package/dist/ts4.2/src/e2ee/worker/SifGuard.d.ts +11 -0
package/dist/ts4.2/src/options.d.ts +5 -0
package/dist/ts4.2/src/room/DeviceManager.d.ts +1 -0
package/dist/ts4.2/src/room/Room.d.ts +1 -1
package/dist/ts4.2/src/room/participant/Participant.d.ts +5 -0
package/dist/ts4.2/src/room/participant/RemoteParticipant.d.ts +0 -5
package/dist/ts4.2/src/room/participant/publishUtils.d.ts +1 -1
package/dist/ts4.2/src/room/timers.d.ts +2 -2
package/dist/ts4.2/src/room/track/LocalAudioTrack.d.ts +9 -1
package/dist/ts4.2/src/room/track/LocalTrack.d.ts +3 -3
package/dist/ts4.2/src/room/track/LocalVideoTrack.d.ts +6 -0
package/dist/ts4.2/src/room/track/options.d.ts +1 -0
package/dist/ts4.2/src/room/track/processor/types.d.ts +13 -2
package/dist/ts4.2/src/room/types.d.ts +1 -1
package/package.json +15 -16
package/src/api/SignalClient.ts +13 -9
package/src/connectionHelper/checks/turn.ts +1 -0
package/src/connectionHelper/checks/webrtc.ts +9 -7
package/src/connectionHelper/checks/websocket.ts +1 -0
package/src/e2ee/E2eeManager.ts +27 -2
package/src/e2ee/KeyProvider.ts +9 -4
package/src/e2ee/constants.ts +3 -0
package/src/e2ee/types.ts +9 -1
package/src/e2ee/utils.ts +9 -0
package/src/e2ee/worker/FrameCryptor.ts +46 -17
package/src/e2ee/worker/ParticipantKeyHandler.ts +1 -0
package/src/e2ee/worker/SifGuard.ts +47 -0
package/src/e2ee/worker/e2ee.worker.ts +14 -0
package/src/options.ts +6 -0
package/src/proto/livekit_models_pb.ts +14 -0
package/src/proto/livekit_rtc_pb.ts +14 -0
package/src/room/DeviceManager.ts +7 -2
package/src/room/RTCEngine.ts +7 -5
package/src/room/Room.ts +27 -7
package/src/room/defaults.ts +1 -0
package/src/room/participant/LocalParticipant.ts +14 -2
package/src/room/participant/Participant.ts +16 -0
package/src/room/participant/RemoteParticipant.ts +0 -12
package/src/room/participant/publishUtils.ts +4 -2
package/src/room/track/LocalAudioTrack.ts +45 -0
package/src/room/track/LocalTrack.ts +4 -4
package/src/room/track/LocalVideoTrack.ts +49 -8
package/src/room/track/RemoteAudioTrack.ts +9 -1
package/src/room/track/RemoteTrackPublication.ts +2 -2
package/src/room/track/options.ts +17 -16
package/src/room/track/processor/types.ts +17 -2
package/src/room/types.ts +5 -1

package/dist/livekit-client.e2ee.worker.mjs CHANGED Viewed

@@ -341,6 +341,8 @@ const KEY_PROVIDER_DEFAULTS = {
   ratchetWindowSize: 8,
   failureTolerance: DECRYPTION_FAILURE_TOLERANCE
 };
+const MAX_SIF_COUNT = 100;
+const MAX_SIF_DURATION = 2000;
 class LivekitError extends Error {
   constructor(code, message) {
@@ -865,6 +867,42 @@ function ratchet(material, salt) {
   });
 }
+class SifGuard {
+  constructor() {
+    this.consecutiveSifCount = 0;
+    this.lastSifReceivedAt = 0;
+    this.userFramesSinceSif = 0;
+  }
+  recordSif() {
+    var _a;
+    this.consecutiveSifCount += 1;
+    (_a = this.sifSequenceStartedAt) !== null && _a !== void 0 ? _a : this.sifSequenceStartedAt = Date.now();
+    this.lastSifReceivedAt = Date.now();
+  }
+  recordUserFrame() {
+    if (this.sifSequenceStartedAt === undefined) {
+      return;
+    } else {
+      this.userFramesSinceSif += 1;
+    }
+    if (
+    // reset if we received more user frames than SIFs
+    this.userFramesSinceSif > this.consecutiveSifCount ||
+    // also reset if we got a new user frame and the latest SIF frame hasn't been updated in a while
+    Date.now() - this.lastSifReceivedAt > MAX_SIF_DURATION) {
+      this.reset();
+    }
+  }
+  isSifAllowed() {
+    return this.consecutiveSifCount < MAX_SIF_COUNT && (this.sifSequenceStartedAt === undefined || Date.now() - this.sifSequenceStartedAt < MAX_SIF_DURATION);
+  }
+  reset() {
+    this.userFramesSinceSif = 0;
+    this.consecutiveSifCount = 0;
+    this.sifSequenceStartedAt = undefined;
+  }
+}
 class BaseFrameCryptor extends eventsExports.EventEmitter {
   encodeFunction(encodedFrame, controller) {
     throw Error('not implemented for subclass');
@@ -886,7 +924,8 @@ class FrameCryptor extends BaseFrameCryptor {
     this.participantId = opts.participantId;
     this.rtpMap = new Map();
     this.keyProviderOptions = opts.keyProviderOptions;
-    this.unencryptedFrameByteTrailer = (_a = opts.unencryptedFrameBytes) !== null && _a !== void 0 ? _a : new TextEncoder().encode('LKROCKS');
+    this.sifTrailer = (_a = opts.sifTrailer) !== null && _a !== void 0 ? _a : Uint8Array.from([]);
+    this.sifGuard = new SifGuard();
   }
   /**
    * Assign a different participant to the cryptor.
@@ -897,6 +936,7 @@ class FrameCryptor extends BaseFrameCryptor {
   setParticipant(id, keys) {
     this.participantId = id;
     this.keys = keys;
+    this.sifGuard.reset();
   }
   unsetParticipant() {
     this.participantId = undefined;
@@ -923,7 +963,9 @@ class FrameCryptor extends BaseFrameCryptor {
   }
   setupTransform(operation, readable, writable, trackId, codec) {
     if (codec) {
-      console.info('setting codec on cryptor to', codec);
+      workerLogger.info('setting codec on cryptor to', {
+        codec
+      });
       this.videoCodec = codec;
     }
     const transformFn = operation === 'encode' ? this.encodeFunction : this.decodeFunction;
@@ -931,7 +973,7 @@ class FrameCryptor extends BaseFrameCryptor {
       transform: transformFn.bind(this)
     });
     readable.pipeThrough(transformStream).pipeTo(writable).catch(e => {
-      console.error(e);
+      workerLogger.warn(e);
       this.emit('cryptorError', e instanceof CryptorError ? e : new CryptorError(e.message));
     });
     this.trackId = trackId;
@@ -1018,11 +1060,21 @@ class FrameCryptor extends BaseFrameCryptor {
     return __awaiter(this, void 0, void 0, function* () {
       if (!this.keys.isEnabled() ||
       // skip for decryption for empty dtx frames
-      encodedFrame.data.byteLength === 0 ||
-      // skip decryption if frame is server injected
-      isFrameServerInjected(encodedFrame.data, this.unencryptedFrameByteTrailer)) {
+      encodedFrame.data.byteLength === 0) {
+        this.sifGuard.recordUserFrame();
         return controller.enqueue(encodedFrame);
       }
+      if (isFrameServerInjected(encodedFrame.data, this.sifTrailer)) {
+        this.sifGuard.recordSif();
+        if (this.sifGuard.isSifAllowed()) {
+          return controller.enqueue(encodedFrame);
+        } else {
+          workerLogger.warn('SIF limit reached, dropping frame');
+          return;
+        }
+      } else {
+        this.sifGuard.recordUserFrame();
+      }
       const data = new Uint8Array(encodedFrame.data);
       const keyIndex = data[encodedFrame.data.byteLength - 1];
       if (this.keys.getKeySet(keyIndex) && this.keys.hasValidKey) {
@@ -1045,8 +1097,11 @@ class FrameCryptor extends BaseFrameCryptor {
             });
           }
         }
+      } else if (!this.keys.getKeySet(keyIndex) && this.keys.hasValidKey) {
+        // emit an error in case the key index is out of bounds but the key handler thinks we still have a valid key
+        workerLogger.warn('skipping decryption due to missing key at index');
+        this.emit(CryptorEvent.Error, new CryptorError("missing key at index for participant ".concat(this.participantId), CryptorErrorReason.MissingKey));
       }
-      return controller.enqueue(encodedFrame);
     });
   }
   /**
@@ -1119,7 +1174,7 @@ class FrameCryptor extends BaseFrameCryptor {
               this.keys.setKeyFromMaterial(initialMaterial.material, keyIndex);
             }
             workerLogger.warn('maximum ratchet attempts exceeded, resetting key');
-            this.emit(CryptorEvent.Error, new CryptorError("valid key missing for participant ".concat(this.participantId), CryptorErrorReason.MissingKey));
+            throw new CryptorError("valid key missing for participant ".concat(this.participantId), CryptorErrorReason.InvalidKey);
           }
         } else {
           throw new CryptorError('Decryption failed, most likely because of an invalid key', CryptorErrorReason.InvalidKey);
@@ -1210,6 +1265,9 @@ class FrameCryptor extends BaseFrameCryptor {
     const codec = payloadType ? this.rtpMap.get(payloadType) : undefined;
     return codec;
   }
+  setSifTrailer(trailer) {
+    this.sifTrailer = trailer;
+  }
 }
 /**
  * Slice the NALUs present in the supplied buffer, assuming it is already byte-aligned
@@ -1291,6 +1349,9 @@ var NALUType;
  * @internal
  */
 function isFrameServerInjected(frameData, trailerBytes) {
+  if (trailerBytes.byteLength === 0) {
+    return false;
+  }
   const frameTrailer = new Uint8Array(frameData.slice(frameData.byteLength - trailerBytes.byteLength));
   return trailerBytes.every((value, index) => value === frameTrailer[index]);
 }
@@ -1330,6 +1391,7 @@ class ParticipantKeyHandler extends eventsExports.EventEmitter {
     }
     this.decryptionFailureCount += 1;
     if (this.decryptionFailureCount > this.keyProviderOptions.failureTolerance) {
+      workerLogger.warn("key for ".concat(this.participantId, " is being marked as invalid"));
       this._hasValidKey = false;
     }
   }
@@ -1445,6 +1507,7 @@ let publisherKeys;
 let isEncryptionEnabled = false;
 let useSharedKey = false;
 let sharedKey;
+let sifTrailer;
 let keyProviderOptions = KEY_PROVIDER_DEFAULTS;
 workerLogger.setDefaultLevel('info');
 onmessage = ev => {
@@ -1505,6 +1568,10 @@ onmessage = ev => {
       break;
     case 'ratchetRequest':
       handleRatchetRequest(data);
+      break;
+    case 'setSifTrailer':
+      handleSifTrailer(data.trailer);
+      break;
   }
 };
 function handleRatchetRequest(data) {
@@ -1526,7 +1593,8 @@ function getTrackCryptor(participantId, trackId) {
     cryptor = new FrameCryptor({
       participantId,
       keys: getParticipantKeyHandler(participantId),
-      keyProviderOptions
+      keyProviderOptions,
+      sifTrailer
     });
     setupCryptorErrorEvents(cryptor);
     participantCryptors.push(cryptor);
@@ -1608,6 +1676,12 @@ function emitRatchetedKeys(material, keyIndex) {
   };
   postMessage(msg);
 }
+function handleSifTrailer(trailer) {
+  sifTrailer = trailer;
+  participantCryptors.forEach(c => {
+    c.setSifTrailer(trailer);
+  });
+}
 // Operations using RTCRtpScriptTransform.
 // @ts-ignore
 if (self.RTCTransformEvent) {