apiVersion: capsule.dev/v0.1
kind: Capsule
name: lkmeet-livekit-auth-api
version: 0.1.0
type: subsystem
purpose:
summary: 'Provides a backend API endpoint for generating LiveKit participant access
tokens. This capsule handles authentication logic and token creation, which is
a critical part of any LiveKit application.
'
owns:
- API endpoint for connection details
does_not_own:
- Client-side token usage
- LiveKit server configuration
interfaces:
provides:
- kind: http_api
name: /api/connection-details
description: Endpoint to request LiveKit connection details and participant token.
dependencies:
capsules:
- name: lkmeet-livekit-client-utils
version: '>=0.1.0'
agent:
summary_for_ai: 'This capsule is a Next.js API route that uses `livekit-server-sdk`
to create access tokens. It reads environment variables for LiveKit credentials
and relies on `lkmeet-livekit-client-utils` for helper functions like `randomString`
and `getLiveKitURL`. Focus on token generation logic and secure handling of LiveKit
API keys.
'
verification:
invariants:
- Requires valid LIVEKIT_API_KEY, LIVEKIT_API_SECRET, and LIVEKIT_URL to function.
- Generated tokens must grant appropriate video permissions for room joining, publishing,
and subscribing.
- The `COOKIE_KEY` for participant postfix must remain consistent for session continuity.
x-reuse:
notes: 'The `COOKIE_KEY` (''random-participant-postfix'') is hardcoded and might
need to be parameterized or changed for different projects. The `getCookieExpirationTime()`
function sets a fixed expiration, which might need to be configurable. The `createParticipantToken`
function grants broad permissions (`canPublish`, `canPublishData`, `canSubscribe`),
which might need to be restricted based on application-specific roles.
'
x-reconstruct:
install: install.json