🚧(backend) introduce a lobby system

Implement lobby service using cache as LiveKit doesn't natively support secure lobby functionality. Their teams recommended to create our own system in our app's backend. The lobby system is totally independant of the DRF session IDs, making the request_entry endpoint authentication agnostic. This decoupling prevents future DRF changes from breaking lobby functionality and makes participant tracking more explicit. Security audit is needed as current LiveKit tokens have excessive privileges for unprivileged users. I'll offer more option ASAP for the admin to control participant privileges. Race condition handling also requires improvements, but should not be critical at this point. A great enhancement, would be to add a webhook, notifying the backend when the room is closed, to reset cache. This commit makes redis a prerequesite to run the suite of tests. The readme and CI will be updated in dedicated commits.
2025-02-18 22:09:02 +01:00
parent 710d7964ee
commit 4d961ed162
10 changed files with 1928 additions and 15 deletions
--- a/src/backend/core/api/viewsets.py
+++ b/src/backend/core/api/viewsets.py
@@ -9,12 +9,7 @@ from django.http import Http404
 from django.shortcuts import get_object_or_404
 from django.utils.text import slugify

-from rest_framework import (
-    decorators,
-    mixins,
-    pagination,
-    viewsets,
-)
+from rest_framework import decorators, mixins, pagination, throttling, viewsets
 from rest_framework import (
    exceptions as drf_exceptions,
 )
@@ -44,6 +39,10 @@ from core.recording.worker.factories import (
 from core.recording.worker.mediator import (
    WorkerServiceMediator,
 )
+from core.services.lobby_service import (
+    LobbyParticipantNotFound,
+    LobbyService,
+)

 from . import permissions, serializers

@@ -178,6 +177,12 @@ class UserViewSet(
        )


+class RequestEntryAnonRateThrottle(throttling.AnonRateThrottle):
+    """Throttle Anonymous user requesting room entry"""
+
+    scope = "request_entry"
+
+
 class RoomViewSet(
    mixins.CreateModelMixin,
    mixins.DestroyModelMixin,
@@ -343,6 +348,89 @@ class RoomViewSet(
            {"message": f"Recording stopped for room {room.slug}."}
        )

+    @decorators.action(
+        detail=True,
+        methods=["POST"],
+        url_path="request-entry",
+        permission_classes=[],
+        throttle_classes=[RequestEntryAnonRateThrottle],
+    )
+    def request_entry(self, request, pk=None):  # pylint: disable=unused-argument
+        """Request entry to a room"""
+
+        serializer = serializers.RequestEntrySerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        room = self.get_object()
+        lobby_service = LobbyService()
+
+        participant, livekit = lobby_service.request_entry(
+            room=room,
+            request=request,
+            **serializer.validated_data,
+        )
+        response = drf_response.Response({**participant.to_dict(), "livekit": livekit})
+        lobby_service.prepare_response(response, participant.id)
+
+        return response
+
+    @decorators.action(
+        detail=True,
+        methods=["post"],
+        url_path="enter",
+        permission_classes=[
+            permissions.HasPrivilegesOnRoom,
+        ],
+    )
+    def allow_participant_to_enter(self, request, pk=None):  # pylint: disable=unused-argument
+        """Accept or deny a participant's entry request."""
+
+        serializer = serializers.ParticipantEntrySerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        room = self.get_object()
+
+        if room.is_public:
+            return drf_response.Response(
+                {"message": "Room has no lobby system."},
+                status=drf_status.HTTP_404_NOT_FOUND,
+            )
+
+        lobby_service = LobbyService()
+
+        try:
+            lobby_service.handle_participant_entry(
+                room_id=room.id,
+                **serializer.validated_data,
+            )
+            return drf_response.Response({"message": "Participant was updated."})
+
+        except LobbyParticipantNotFound:
+            return drf_response.Response(
+                {"message": "Participant not found."},
+                status=drf_status.HTTP_404_NOT_FOUND,
+            )
+
+    @decorators.action(
+        detail=True,
+        methods=["GET"],
+        url_path="waiting-participants",
+        permission_classes=[
+            permissions.HasPrivilegesOnRoom,
+        ],
+    )
+    def list_waiting_participants(self, request, pk=None):  # pylint: disable=unused-argument
+        """List waiting participants."""
+        room = self.get_object()
+
+        if room.is_public:
+            return drf_response.Response({"participants": []})
+
+        lobby_service = LobbyService()
+
+        participants = lobby_service.list_waiting_participants(room.id)
+        return drf_response.Response({"participants": participants})
+

 class ResourceAccessListModelMixin:
    """List mixin for resource access API."""