Skip to content
Snippets Groups Projects
Select Git revision
  • renovate/google-beta-6.x
  • renovate/google-6.x
  • main default protected
  • renovate/helmet-8.x-lockfile
  • production protected
  • renovate/graphql-mesh
  • renovate/europe-north1-docker.pkg.dev-holi-shared-docker-hub-remote-node-23.x
  • renovate/graphql-16.x-lockfile
  • posthog-feature-flags
  • NOISSUE_upgrade-graphql-mesh
  • HOTFIX-remove-translation-api-cache
  • HOLI-6362-private-hmac-endpoint
  • HOLI-4677-snyk-scanning
  • release/1.6.0
  • NOISSUE_update-graphql-mesh-deps
  • HOLI-10281_build-reproducable-docker-container
  • release/1.51.0
  • release/1.50.0
  • release/1.49.0
  • release/1.48.0
  • release/1.47.0
  • release/1.46.0
  • release/1.44.0
  • release/1.43.0
  • release/1.42.0
  • release/1.41.0
  • release/1.40.0
  • release/1.39.0
  • release/1.38.0
  • release/1.37.0
  • release/1.36.1
  • release/1.36.0
  • release/1.35.0
  • release/1.32.0
  • release/1.31.0
  • release/1.29.0
36 results
Blame Permalink
server.ts 2.56 KiB 
import express from 'express'
import { Request } from 'express'
import helmet from 'helmet'
import http from 'http'
import { createProxyMiddleware } from 'http-proxy-middleware'
import { exit } from 'process'
import jwt from 'jsonwebtoken'

import { createBuiltMeshHTTPHandler } from './.mesh'

const asNumber = (str?: string) => (str ? Number(str) : undefined)

const port = asNumber(process.env.GRAPHQL_PORT) || 4000
const matrixServerUrl = process.env.MATRIX_SERVER_BASE_URL
if (!matrixServerUrl) {
  console.error('Environment variable MATRIX_SERVER_BASE_URL is not specified. Exiting.')
  exit(1)
}

console.debug(`Server starting on port ${port}`)

const matrixLoginProxyConfig = {
  target: matrixServerUrl,
  changeOrigin: true,
  onProxyReq: (proxyReq: http.ClientRequest, req: Request) => {
    const oldBody = req.body
    if (!oldBody) return

    // TODO - This is a hack to get the token from the authorization header
    const jwt = req.get('authorization')
    if (!oldBody.token && jwt && jwt.startsWith('Bearer ')) {
      oldBody.token = jwt.slice(7)
    }
    const newBody = JSON.stringify(oldBody)
    proxyReq.setHeader('Content-Length', Buffer.byteLength(newBody))
    proxyReq.end(newBody)
  },
}

const app = express()

// It is necessary to disable the Content-Security-Policy in the development environments to enable Yoga GraphiQL.
app.use(helmet({ contentSecurityPolicy: process.env.ENVIRONMENT_ID === 'production' }))

app.use('/graphql', createBuiltMeshHTTPHandler())

// add authorization token to login requests
const loginUrl = '/_matrix/client/r0/login'
app.post(loginUrl, express.json()) // this is needed to make the JSON body accessible
app.post(loginUrl, createProxyMiddleware(matrixLoginProxyConfig))

const createJitsiJWT = (userId, userName) => {
  const context = {
    id: `holi_${userId}`,
    email: `${userId}@holi.team`,
    name: userName,
  }
  const claims = {
    context,
    aud: 'jitsi',
    iss: 'jitsi',
    sub: 'holi',
    room: '*',
  }
  return jwt.sign(claims, process.env.JITSI_JWT_SECRET, { expiresIn: '24h' })
}

// add JWT before redirecting to video call for logged in users
app.get('/video-call/:roomName', (req, res) => {
  const roomName = req.params.roomName
  const userId = req.headers['x-holi-user-id']
  const userName = req.headers['x-holi-user-name']

  const jwt = userId && userId !== 'anonymous' && createJitsiJWT(userId, userName)
  const queryParameter = jwt ? `?jwt=${jwt}` : ''
  res.redirect(process.env.VIDEOCALL_URL + '/' + roomName + queryParameter)
})

app.listen(port, () => {
  console.info(`Server listening on port ${port}`)
})