idaa/video_conferences: issue JWT to all verified Novi users

Previously only moderators received a JWT; non-moderators joined anonymously. Now all verified Novi users get a JWT with the is_moderator flag set appropriately, allowing the Jitsi server to enforce authentication and respect context.user.moderator for all participants. Also adds JWT payload decode logging (client-side, signature not verified) so the moderator flag and user identity can be confirmed in the browser console during testing.
2026-04-02 12:51:05 -04:00
parent 75d85bf904
commit fd5d5e371b
1 changed files with 27 additions and 24 deletions
--- a/src/routes/idaa/(idaa)/video_conferences/+page.svelte
+++ b/src/routes/idaa/(idaa)/video_conferences/+page.svelte
@@ -841,30 +841,33 @@ async function init_jitsi() {
    const url_params = data.params;

    // --- Initialize Jitsi ---
-    // TODO: Issue JWT to all verified Novi users once Jitsi server is configured to enforce
-    // JWT auth and respect context.user.moderator (set allow_empty_token = false in Prosody).
-    // For now, only moderators get a JWT — non-moderators join anonymously.
-    let jwt_token = null;
-    if (is_moderator) {
-        console.log('Jitsi: Attempting to get JWT for moderator...');
-        jwt_token = await get_jitsi_jwt(
-            display_name,
-            email,
-            is_moderator,
-            room_name,
-            user_id
-        );
-        if (!jwt_token) {
-            const container = document.getElementById(jitsi_container_id);
-            if (container)
-                container.innerHTML =
-                    '<h1>Authentication Failed. Please try again.</h1>';
-            console.error('Jitsi: Authentication failed. JWT not received.');
-            return;
-        }
-        console.log('Jitsi: Successfully received JWT.');
-    } else {
-        console.log('Jitsi: Non-moderator joining without JWT (temporary — pending Jitsi server config fix).');
+    // Issue JWT to all verified Novi users. The token's moderator flag controls
+    // whether the user gets host privileges in the Jitsi room.
+    console.log(`Jitsi: Attempting to get JWT (is_moderator=${is_moderator})...`);
+    const jwt_token = await get_jitsi_jwt(
+        display_name,
+        email,
+        is_moderator,
+        room_name,
+        user_id
+    );
+    if (!jwt_token) {
+        const container = document.getElementById(jitsi_container_id);
+        if (container)
+            container.innerHTML =
+                '<h1>Authentication Failed. Please try again.</h1>';
+        console.error('Jitsi: Authentication failed. JWT not received.');
+        return;
+    }
+    console.log('Jitsi: Successfully received JWT.');
+    try {
+        // Decode JWT payload (base64url → JSON) for debug verification.
+        // This does NOT verify the signature — for logging only.
+        const jwt_payload = JSON.parse(atob(jwt_token.split('.')[1].replace(/-/g, '+').replace(/_/g, '/')));
+        console.log('%cJitsi JWT decoded payload:', 'font-weight:bold;color:#4f8ef7', jwt_payload);
+        console.log(`Jitsi JWT: user=${jwt_payload?.context?.user?.name ?? jwt_payload?.name}, moderator=${jwt_payload?.context?.user?.moderator ?? jwt_payload?.user?.moderator}, room=${jwt_payload?.room ?? jwt_payload?.context?.room}`);
+    } catch (e) {
+        console.warn('Jitsi: Could not decode JWT payload for debug logging.', e);
    }

    const disabled_sounds = [