frontend: streamline secret handling in guards and room service

2025-08-13 18:15:36 +02:00 · 2025-08-13 18:15:36 +02:00 · 25f3d9f887
commit 25f3d9f887
parent e926dc2de7
4 changed files with 18 additions and 30 deletions
--- a/frontend/projects/shared-meet-components/src/lib/guards/extract-query-params.guard.ts
+++ b/frontend/projects/shared-meet-components/src/lib/guards/extract-query-params.guard.ts
@ -10,14 +10,14 @@ export const extractRoomQueryParamsGuard: CanActivateFn = (route: ActivatedRoute
 	const participantService = inject(ParticipantService);
 	const sessionStorageService = inject(SessionStorageService);

-	const { roomId, participantName, secret, leaveRedirectUrl, showOnlyRecordings } = extractParams(route);
-	const storedSecret = sessionStorageService.getRoomSecret(roomId);
+	const { roomId, secret: querySecret, participantName, leaveRedirectUrl, showOnlyRecordings } = extractParams(route);
+	const secret = querySecret || sessionStorageService.getRoomSecret(roomId);

 	if (isValidUrl(leaveRedirectUrl)) {
 		navigationService.setLeaveRedirectUrl(leaveRedirectUrl);
 	}

-	if (!secret && !storedSecret) {
+	if (!secret) {
 		// If no secret is provided, redirect to the error page
 		return navigationService.redirectToErrorPage(ErrorReason.MISSING_ROOM_SECRET);
 	}
@ -57,11 +57,11 @@ export const extractRecordingQueryParamsGuard: CanActivateFn = (route: Activated
 };

 const extractParams = ({ params, queryParams }: ActivatedRouteSnapshot) => ({
-	roomId: params['room-id'],
-	participantName: queryParams[WebComponentProperty.PARTICIPANT_NAME],
-	secret: queryParams['secret'],
-	leaveRedirectUrl: queryParams[WebComponentProperty.LEAVE_REDIRECT_URL],
-	showOnlyRecordings: queryParams[WebComponentProperty.SHOW_ONLY_RECORDINGS] || 'false'
+	roomId: params['room-id'] as string,
+	secret: queryParams['secret'] as string,
+	participantName: queryParams[WebComponentProperty.PARTICIPANT_NAME] as string,
+	leaveRedirectUrl: queryParams[WebComponentProperty.LEAVE_REDIRECT_URL] as string,
+	showOnlyRecordings: (queryParams[WebComponentProperty.SHOW_ONLY_RECORDINGS] as string) || 'false'
 });

 const isValidUrl = (url: string) => {
--- a/frontend/projects/shared-meet-components/src/lib/guards/remove-secret.guard.ts
+++ b/frontend/projects/shared-meet-components/src/lib/guards/remove-secret.guard.ts
@ -1,18 +1,16 @@
 import { inject } from '@angular/core';
 import { CanActivateFn, NavigationEnd, Router } from '@angular/router';
-import { NavigationService, RoomService, SessionStorageService } from '@lib/services';
+import { NavigationService } from '@lib/services';
 import { filter, take } from 'rxjs';

 /**
 * Guard that intercepts navigation to remove the 'secret' query parameter from the URL
- * when a participant joins a room. The secret is stored in session storage for the current room,
- * and the URL is updated without the 'secret' parameter to enhance security.
+ * that determine the role of a participant when joining a room or accessing its recordings,
+ * in order to enhance security.
 */
 export const removeRoomSecretGuard: CanActivateFn = (route, _state) => {
 	const router = inject(Router);
-	const roomService = inject(RoomService);
 	const navigationService = inject(NavigationService);
-	const sessionStorageService = inject(SessionStorageService);

 	router.events
 		.pipe(
@ -20,11 +18,6 @@ export const removeRoomSecretGuard: CanActivateFn = (route, _state) => {
 			take(1)
 		)
 		.subscribe(async () => {
-			const roomId = roomService.getRoomId();
-			const secret = roomService.getRoomSecret();
-
-			// Store the secret in session storage for the current room and remove it from the URL
-			sessionStorageService.setRoomSecret(roomId, secret);
 			await navigationService.removeQueryParamFromUrl(route.queryParams, 'secret');
 		});

--- a/frontend/projects/shared-meet-components/src/lib/routes/base-routes.ts
+++ b/frontend/projects/shared-meet-components/src/lib/routes/base-routes.ts
@ -39,9 +39,9 @@ export const baseRoutes: Routes = [
 		canActivate: [
 			runGuardsSerially(
 				extractRoomQueryParamsGuard,
+				removeRoomSecretGuard,
 				checkParticipantRoleAndAuthGuard,
-				validateRoomAccessGuard,
-				removeRoomSecretGuard
+				validateRoomAccessGuard
 			)
 		]
 	},
@ -51,9 +51,9 @@ export const baseRoutes: Routes = [
 		canActivate: [
 			runGuardsSerially(
 				extractRecordingQueryParamsGuard,
+				removeRoomSecretGuard,
 				checkParticipantRoleAndAuthGuard,
-				validateRecordingAccessGuard,
-				removeRoomSecretGuard
+				validateRecordingAccessGuard
 			)
 		]
 	},
--- a/frontend/projects/shared-meet-components/src/lib/services/room.service.ts
+++ b/frontend/projects/shared-meet-components/src/lib/services/room.service.ts
@ -39,14 +39,9 @@ export class RoomService {
 		return this.roomId;
 	}

-	setRoomSecret(secret?: string) {
-		// If no secret is provided, check session storage for the current room's secret
-		if (!secret) {
-			const storedSecret = this.sessionStorageService.getRoomSecret(this.roomId);
-			this.roomSecret = storedSecret || '';
-		} else {
-			this.roomSecret = secret;
-		}
+	setRoomSecret(secret: string) {
+		this.roomSecret = secret;
+		this.sessionStorageService.setRoomSecret(this.roomId, secret);
 	}

 	getRoomSecret(): string {