fix(web): use a UUID participantId for session viewers (not useId)#27
Merged
Conversation
Web session viewers set participantId via React useId(), which returns opaque ids like ":r0:". /api/livekit/token (and the signal routes) validate participantId with z.string().uuid(), so opening a desktop join link on the web SFU path failed with "Invalid participant ID" / Connection Failed. (It "worked earlier" only because P2P viewers never hit the token route; the SFU host migration routed web viewers through it.) Generate a real, render-stable UUID instead: useState(() => crypto.randomUUID()). Applied to both the P2P and SFU viewers (signal routes validate uuid too). Tests: assert each viewer is handed a UUID participantId. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
vu1nz Security Review0 finding(s) in PR #? No security issues found. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug
Opening a desktop join link on the web (
/session/<id>) failed: Connection Failed — Invalid participant ID.Web session viewers set
participantIdvia ReactuseId(), which returns opaque ids like:r0:. But/api/livekit/token(and the signal routes) validateparticipantIdwithz.string().uuid()— so the SFU viewer's id was rejected.It "worked earlier" only because P2P viewers never hit the token route. The recent SFU host migration routes web viewers through
SFUSessionViewer→useWebRTCSFU→/api/livekit/token, which exposed the mismatch.Fix
Generate a real, render-stable UUID instead of
useId():Applied to both the P2P and SFU viewers (the signal routes validate
uuidtoo).crypto.randomUUIDis available in the browser (https / secure context) and on the SSR side (Node).Tests
Capture the options each WebRTC hook receives and assert
participantIdmatches the UUID format the routes require — for both the SFU and P2P viewer paths. 22/22 in the file pass; lint clean.🤖 Generated with Claude Code