live_kit_server: Replace jwt with jsonwebtoken (#15302)

This PR replaces `live_kit_server`'s usage of `jwt` with `jsonwebtoken`. `jwt` hasn't been updated in 2 years and seems unmaintained. `jsonwebtoken` has significantly more downloads and appears to be a healthier crate overall. Release Notes: - N/A
2024-07-26 17:20:01 -04:00 · 2024-07-26 17:20:01 -04:00 · 03ebbcbef6
commit 03ebbcbef6
parent 27f97ba762
4 changed files with 47 additions and 23 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -5843,18 +5843,18 @@ dependencies = [
 ]

 [[package]]
-name = "jwt"
-version = "0.16.0"
+name = "jsonwebtoken"
+version = "9.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6204285f77fe7d9784db3fdc449ecce1a0114927a51d5a41c4c7a292011c015f"
+checksum = "b9ae10193d25051e74945f1ea2d0b42e03cc3b890f7e4cc5faa44997d808193f"
 dependencies = [
- "base64 0.13.1",
- "crypto-common",
- "digest",
- "hmac",
+ "base64 0.21.7",
+ "js-sys",
+ "pem",
+ "ring",
 "serde",
 "serde_json",
- "sha2",
+ "simple_asn1",
 ]

 [[package]]
@ -6275,15 +6275,13 @@ version = "0.1.0"
 dependencies = [
 "anyhow",
 "async-trait",
- "hmac",
- "jwt",
+ "jsonwebtoken",
 "log",
 "prost",
 "prost-build",
 "prost-types",
 "reqwest",
 "serde",
- "sha2",
 ]

 [[package]]
@ -7540,6 +7538,16 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"

+[[package]]
+name = "pem"
+version = "3.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e459365e590736a54c3fa561947c84837534b8e9af6fc5bf781307e82658fae"
+dependencies = [
+ "base64 0.22.0",
+ "serde",
+]
+
 [[package]]
 name = "pem-rfc7468"
 version = "0.7.0"
@ -9777,6 +9785,18 @@ version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1ad1d488a557b235fc46dae55512ffbfc429d2482b08b4d9435ab07384ca8aec"

+[[package]]
+name = "simple_asn1"
+version = "0.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "adc4e5204eb1910f40f9cfa375f6f05b68c3abac4b6fd879c8ff5e7ae8a0a085"
+dependencies = [
+ "num-bigint",
+ "num-traits",
+ "thiserror",
+ "time",
+]
+
 [[package]]
 name = "simplecss"
 version = "0.2.1"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -354,6 +354,7 @@ isahc = { version = "1.7.2", default-features = false, features = [
    "text-decoding",
 ] }
 itertools = "0.11.0"
+jsonwebtoken = "9.3"
 lazy_static = "1.4.0"
 libc = "0.2"
 linkify = "0.10.0"
--- a/crates/live_kit_server/Cargo.toml
+++ b/crates/live_kit_server/Cargo.toml
@ -16,14 +16,12 @@ doctest = false
 [dependencies]
 anyhow.workspace = true
 async-trait.workspace = true
-hmac = "0.12"
-jwt = "0.16"
+jsonwebtoken.workspace = true
 log.workspace = true
 prost.workspace = true
 prost-types.workspace = true
 reqwest = "0.11"
 serde.workspace = true
-sha2.workspace = true

 [build-dependencies]
 prost-build.workspace = true
--- a/crates/live_kit_server/src/token.rs
+++ b/crates/live_kit_server/src/token.rs
@ -1,15 +1,13 @@
 use anyhow::{anyhow, Result};
-use hmac::{Hmac, Mac};
-use jwt::{SignWithKey, VerifyWithKey};
+use jsonwebtoken::{DecodingKey, EncodingKey, Header, Validation};
 use serde::{Deserialize, Serialize};
-use sha2::Sha256;
 use std::{
    borrow::Cow,
    ops::Add,
    time::{Duration, SystemTime, UNIX_EPOCH},
 };

-static DEFAULT_TTL: Duration = Duration::from_secs(6 * 60 * 60); // 6 hours
+const DEFAULT_TTL: Duration = Duration::from_secs(6 * 60 * 60); // 6 hours

 #[derive(Default, Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
@ -81,8 +79,6 @@ pub fn create(
        ))?;
    }

-    let secret_key: Hmac<Sha256> = Hmac::new_from_slice(secret_key.as_bytes())?;
-
    let now = SystemTime::now();

    let claims = ClaimGrants {
@ -98,10 +94,19 @@ pub fn create(
        jwtid: identity.map(Cow::Borrowed),
        video: video_grant,
    };
-    Ok(claims.sign_with_key(&secret_key)?)
+    Ok(jsonwebtoken::encode(
+        &Header::default(),
+        &claims,
+        &EncodingKey::from_secret(secret_key.as_ref()),
+    )?)
 }

 pub fn validate<'a>(token: &'a str, secret_key: &str) -> Result<ClaimGrants<'a>> {
-    let secret_key: Hmac<Sha256> = Hmac::new_from_slice(secret_key.as_bytes())?;
-    Ok(token.verify_with_key(&secret_key)?)
+    let token = jsonwebtoken::decode(
+        token,
+        &DecodingKey::from_secret(secret_key.as_ref()),
+        &Validation::default(),
+    )?;
+
+    Ok(token.claims)
 }