✨(backend) introduce a creation callback endpoint

Necessary in cross browser context situation, where we need to pass data of a room newly created between two different windows. This happens in Calendar integration.
2025-03-28 19:59:39 +01:00
parent 1f603ce17b
commit 4e1a4be650
6 changed files with 236 additions and 1 deletions
--- a/src/backend/core/api/serializers.py
+++ b/src/backend/core/api/serializers.py
@@ -209,3 +209,17 @@ class ParticipantEntrySerializer(serializers.Serializer):
    def update(self, instance, validated_data):
        """Not implemented as this is a validation-only serializer."""
        raise NotImplementedError("StartRecordingSerializer is validation-only")
+
+
+class CreationCallbackSerializer(serializers.Serializer):
+    """Validate room creation callback data."""
+
+    callback_id = serializers.CharField(required=True)
+
+    def create(self, validated_data):
+        """Not implemented as this is a validation-only serializer."""
+        raise NotImplementedError("StartRecordingSerializer is validation-only")
+
+    def update(self, instance, validated_data):
+        """Not implemented as this is a validation-only serializer."""
+        raise NotImplementedError("StartRecordingSerializer is validation-only")
--- a/src/backend/core/api/viewsets.py
+++ b/src/backend/core/api/viewsets.py
@@ -47,6 +47,7 @@ from core.services.lobby import (
    LobbyParticipantNotFound,
    LobbyService,
 )
+from core.services.room_creation import RoomCreation

 from . import permissions, serializers

@@ -186,6 +187,12 @@ class RequestEntryAnonRateThrottle(throttling.AnonRateThrottle):
    scope = "request_entry"


+class CreationCallbackAnonRateThrottle(throttling.AnonRateThrottle):
+    """Throttle Anonymous user requesting room generation callback"""
+
+    scope = "creation_callback"
+
+
 class RoomViewSet(
    mixins.CreateModelMixin,
    mixins.DestroyModelMixin,
@@ -268,6 +275,9 @@ class RoomViewSet(
            role=models.RoleChoices.OWNER,
        )

+        if callback_id := self.request.data.get("callback_id"):
+            RoomCreation().persist_callback_state(callback_id, room)
+
    @decorators.action(
        detail=True,
        methods=["post"],
@@ -460,6 +470,31 @@ class RoomViewSet(
                {"status": "error", "message": str(e)}, status=status_code
            )

+    @decorators.action(
+        detail=False,
+        methods=["POST"],
+        url_path="creation-callback",
+        permission_classes=[],
+        throttle_classes=[CreationCallbackAnonRateThrottle],
+    )
+    def creation_callback(self, request):
+        """Retrieve cached room data via an unauthenticated request with a unique ID.
+
+        Designed for interoperability across iframes, popups, and other contexts,
+        even on the same domain, bypassing browser security restrictions on direct communication.
+        """
+
+        serializer = serializers.CreationCallbackSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        room = RoomCreation().get_callback_state(
+            callback_id=serializer.validated_data.get("callback_id")
+        )
+
+        return drf_response.Response(
+            {"status": "success", "room": room}, status=drf_status.HTTP_200_OK
+        )
+

 class ResourceAccessListModelMixin:
    """List mixin for resource access API."""