Pass access token via authentication header (#38)

Pass token using authentication header instead of URL parameter

Author: ladvoc

components/livekit/core/signaling.c

@@ -307,15 +307,33 @@ signal_err_t signal_connect(signal_handle_t handle, const char* server_url, cons
 
     char* url = NULL;
     url_build_options options = {
-        .server_url = server_url,
-        .token = token
+        .server_url = server_url
     };
     if (!url_build(&options, &url)) {
         return SIGNAL_ERR_INVALID_URL;
     }
+    ESP_LOGI(TAG, "Connecting to server: %s", url);
     esp_websocket_client_set_uri(sg->ws, url);
     free(url);
 
+    if (!sg->is_terminal_state) {
+        // Initial connection (transport not created yet)
+        char* auth_value = NULL;
+        if (asprintf(&auth_value, "Bearer %s", token) < 0) {
+            return SIGNAL_ERR_NO_MEM;
+        }
+        esp_websocket_client_append_header(sg->ws, "Authorization", auth_value);
+        free(auth_value);
+    } else {
+        // Subsequent connection (transport already created)
+        char* header_string = NULL;
+        if (asprintf(&header_string, "Authorization: Bearer %s\r\n", token) < 0) {
+            return SIGNAL_ERR_NO_MEM;
+        }
+        esp_websocket_client_set_headers(sg->ws, header_string);
+        free(header_string);
+    }
+
     if (esp_websocket_client_start(sg->ws) != ESP_OK) {
         ESP_LOGE(TAG, "Failed to start WebSocket");
         return SIGNAL_ERR_WEBSOCKET;

components/livekit/core/url.c

@@ -39,15 +39,13 @@ static const char *TAG = "livekit_url";
     "&os_version=%s" \
     "&device_model=%d" \
     "&auto_subscribe=false" \
-    "&protocol=" URL_PARAM_PROTOCOL \
-    "&access_token=%s" // Keep at the end for log redaction
+    "&protocol=" URL_PARAM_PROTOCOL
 
 bool url_build(const url_build_options *options, char **out_url)
 {
     if (out_url == NULL ||
         options == NULL ||
-        options->server_url == NULL ||
-        options->token == NULL) {
+        options->server_url == NULL) {
         return false;
     }
     size_t server_url_len = strlen(options->server_url);
@@ -69,19 +67,15 @@ bool url_build(const url_build_options *options, char **out_url)
     int model_code = chip_info.model;
     const char* idf_version = esp_get_idf_version();
 
+    // TODO: Now that token is not included in the URL, use a fixed size buffer
     int final_len = asprintf(out_url, URL_FORMAT,
         options->server_url,
         separator,
         idf_version,
-        model_code,
-        options->token
+        model_code
     );
     if (*out_url == NULL) {
         return false;
     }
-    // Token is redacted from logging for security
-    ESP_LOGI(TAG, "Built signaling URL: %.*s[REDACTED]",
-        (int)((size_t)final_len - strlen(options->token)),
-        *out_url);
     return true;
 }

components/livekit/core/url.h

@@ -25,7 +25,6 @@ extern "C" {
 /// Options for building a signaling URL.
 typedef struct {
     const char *server_url;
-    const char *token;
 } url_build_options;
 
 /// Constructs a signaling URL.