feat(livekit): more permission handling

crates/core/database/src/events/client.rs

@@ -236,7 +236,7 @@ pub enum EventV1 {
     UserVoiceStateUpdate {
         id: String,
         channel_id: String,
-        data: PartialUserVoiceState
+        data: PartialUserVoiceState,
     }
 }
 

crates/core/database/src/models/server_members/model.rs

@@ -32,11 +32,11 @@ auto_derived_partial!(
         pub timeout: Option<Timestamp>,
 
         /// Whether the member is server-wide voice muted
-        #[serde(skip_serializing_if = "if_false")]
-        pub can_publish: bool,
+        #[serde(skip_serializing_if = "Option::is_none")]
+        pub can_publish: Option<bool>,
         /// Whether the member is server-wide voice deafened
-        #[serde(skip_serializing_if = "if_false")]
-        pub can_receive: bool,
+        #[serde(skip_serializing_if = "Option::is_none")]
+        pub can_receive: Option<bool>,
     },
     "PartialMember"
 );
@@ -57,6 +57,8 @@ auto_derived!(
         Avatar,
         Roles,
         Timeout,
+        CanReceive,
+        CanPublish,
     }
 
     /// Member removal intention
@@ -76,8 +78,8 @@ impl Default for Member {
             avatar: None,
             roles: vec![],
             timeout: None,
-            can_publish: false,
-            can_receive: false,
+            can_publish: None,
+            can_receive: None,
         }
     }
 }
@@ -199,6 +201,8 @@ impl Member {
             FieldsMember::Nickname => self.nickname = None,
             FieldsMember::Roles => self.roles.clear(),
             FieldsMember::Timeout => self.timeout = None,
+            FieldsMember::CanReceive => self.can_receive = None,
+            FieldsMember::CanPublish => self.can_publish = None
         }
     }
 

crates/core/database/src/models/server_members/ops/mongodb.rs

@@ -173,6 +173,8 @@ impl IntoDocumentPath for FieldsMember {
             FieldsMember::Nickname => "nickname",
             FieldsMember::Roles => "roles",
             FieldsMember::Timeout => "timeout",
+            FieldsMember::CanPublish => "can_publish",
+            FieldsMember::CanReceive => "can_receive"
         })
     }
 }

crates/core/database/src/util/bridge/v0.rs

@@ -690,6 +690,8 @@ impl From<crate::FieldsMember> for FieldsMember {
             crate::FieldsMember::Nickname => FieldsMember::Nickname,
             crate::FieldsMember::Roles => FieldsMember::Roles,
             crate::FieldsMember::Timeout => FieldsMember::Timeout,
+            crate::FieldsMember::CanReceive => FieldsMember::CanReceive,
+            crate::FieldsMember::CanPublish => FieldsMember::CanPublish,
         }
     }
 }
@@ -701,6 +703,8 @@ impl From<FieldsMember> for crate::FieldsMember {
             FieldsMember::Nickname => crate::FieldsMember::Nickname,
             FieldsMember::Roles => crate::FieldsMember::Roles,
             FieldsMember::Timeout => crate::FieldsMember::Timeout,
+            FieldsMember::CanReceive => crate::FieldsMember::CanReceive,
+            FieldsMember::CanPublish => crate::FieldsMember::CanPublish,
         }
     }
 }

crates/core/database/src/util/permissions.rs

@@ -179,6 +179,22 @@ impl PermissionQuery for DatabasePermissionQuery<'_> {
         }
     }
 
+    async fn do_we_have_publish_overwrites(&mut self) -> bool {
+        if let Some(member) = &self.member {
+            member.can_publish.unwrap_or(true)
+        } else {
+            false
+        }
+    }
+
+    async fn do_we_have_receive_overwrites(&mut self) -> bool {
+        if let Some(member) = &self.member {
+            member.can_receive.unwrap_or(true)
+        } else {
+            false
+        }
+    }
+
     // * For calculating channel permission
 
     /// Get the type of the channel

crates/core/models/src/v0/server_members.rs

@@ -60,11 +60,11 @@ auto_derived_partial!(
         pub timeout: Option<Timestamp>,
 
         /// Whether the member is server-wide voice muted
-        #[serde(skip_serializing_if = "if_false")]
-        pub can_publish: bool,
+        #[serde(skip_serializing_if = "Option::is_none")]
+        pub can_publish: Option<bool>,
         /// Whether the member is server-wide voice deafened
-        #[serde(skip_serializing_if = "if_false")]
-        pub can_receive: bool,
+        #[serde(skip_serializing_if = "Option::is_none")]
+        pub can_receive: Option<bool>,
     },
     "PartialMember"
 );
@@ -85,6 +85,8 @@ auto_derived!(
         Avatar,
         Roles,
         Timeout,
+        CanReceive,
+        CanPublish,
     }
 
     /// Member removal intention

crates/core/permissions/src/impl.rs

@@ -61,6 +61,14 @@ pub async fn calculate_server_permissions<P: PermissionQuery>(query: &mut P) ->
         permissions.apply(role_override);
     }
 
+    if !query.do_we_have_publish_overwrites().await {
+        permissions.revoke(ChannelPermission::Speak as u64);
+    }
+
+    if !query.do_we_have_receive_overwrites().await {
+        permissions.revoke(ChannelPermission::Listen as u64);
+    }
+
     if query.are_we_timed_out().await {
         permissions.restrict(*ALLOW_IN_TIMEOUT);
     }

crates/core/permissions/src/models/channel.rs

@@ -89,6 +89,8 @@ pub enum ChannelPermission {
     DeafenMembers = 1 << 34,
     /// Move members between voice channels
     MoveMembers = 1 << 35,
+    /// Listen to other users
+    Listen = 1 << 36,
 
     // * Misc. permissions
     // % Bits 36 to 52: free area
@@ -124,7 +126,8 @@ pub static DEFAULT_PERMISSION: Lazy<u64> = Lazy::new(|| {
             + ChannelPermission::SendEmbeds
             + ChannelPermission::UploadFiles
             + ChannelPermission::Connect
-            + ChannelPermission::Speak,
+            + ChannelPermission::Speak
+            + ChannelPermission::Listen
     )
 });
 

crates/core/permissions/src/test.rs

@@ -64,6 +64,14 @@ async fn validate_user_permissions() {
             unreachable!()
         }
 
+        async fn do_we_have_publish_overwrites(&mut self) -> bool {
+            true
+        }
+
+        async fn do_we_have_receive_overwrites(&mut self) -> bool {
+            true
+        }
+
         async fn get_channel_type(&mut self) -> ChannelType {
             ChannelType::DirectMessage
         }
@@ -153,6 +161,14 @@ async fn validate_group_permissions() {
             unreachable!()
         }
 
+        async fn do_we_have_publish_overwrites(&mut self) -> bool {
+            true
+        }
+
+        async fn do_we_have_receive_overwrites(&mut self) -> bool {
+            true
+        }
+
         async fn get_channel_type(&mut self) -> ChannelType {
             ChannelType::Group
         }
@@ -254,6 +270,14 @@ async fn validate_server_permissions() {
             false
         }
 
+        async fn do_we_have_publish_overwrites(&mut self) -> bool {
+            true
+        }
+
+        async fn do_we_have_receive_overwrites(&mut self) -> bool {
+            true
+        }
+
         async fn get_channel_type(&mut self) -> ChannelType {
             ChannelType::ServerChannel
         }
@@ -346,6 +370,14 @@ async fn validate_timed_out_member() {
             true
         }
 
+        async fn do_we_have_publish_overwrites(&mut self) -> bool {
+            true
+        }
+
+        async fn do_we_have_receive_overwrites(&mut self) -> bool {
+            true
+        }
+
         async fn get_channel_type(&mut self) -> ChannelType {
             ChannelType::ServerChannel
         }

crates/core/permissions/src/trait.rs

@@ -39,6 +39,12 @@ pub trait PermissionQuery {
     /// Is our perspective user timed out on this server?
     async fn are_we_timed_out(&mut self) -> bool;
 
+    /// Is the member muted?
+    async fn do_we_have_publish_overwrites(&mut self) -> bool;
+
+    /// Is the member deafend?
+    async fn do_we_have_receive_overwrites(&mut self) -> bool;
+
     // * For calculating channel permission
 
     /// Get the type of the channel

crates/core/result/Cargo.toml

@@ -28,3 +28,6 @@ schemars = { version = "0.8.8", optional = true }
 rocket = { optional = true, version = "0.5.0-rc.2", default-features = false }
 revolt_rocket_okapi = { version = "0.9.1", optional = true }
 revolt_okapi = { version = "0.9.1", optional = true }
+
+# utilities
+log = "0.4"

crates/core/result/src/lib.rs

@@ -181,9 +181,11 @@ pub trait ToRevoltError<T> {
     fn to_internal_error(self) -> Result<T, Error>;
 }
 
-impl<T, E> ToRevoltError<T> for Result<T, E> {
+impl<T, E: std::fmt::Debug> ToRevoltError<T> for Result<T, E> {
     fn to_internal_error(self) -> Result<T, Error> {
-        self.map_err(|_| {
+        self
+        .inspect_err(|e| log::error!("{e:?}"))
+        .map_err(|_| {
             let loc = Location::caller();
 
             Error {

crates/core/voice/src/lib.rs

@@ -1,5 +1,5 @@
-use livekit_api::{access_token::{AccessToken, VideoGrants}, services::room::{CreateRoomOptions, RoomClient}};
-use livekit_protocol::Room;
+use livekit_api::{access_token::{AccessToken, VideoGrants}, services::room::{CreateRoomOptions, RoomClient, UpdateParticipantOptions}};
+use livekit_protocol::{ParticipantInfo, ParticipantPermission, Room};
 use redis_kiss::{get_connection, redis::Pipeline, AsyncCommands};
 use revolt_database::{Channel, User};
 use revolt_models::v0::{self, PartialUserVoiceState, UserVoiceState};
@@ -31,6 +31,22 @@ pub async fn raise_if_in_voice(user: &User, target: &str) -> Result<()> {
     }
 }
 
+pub async fn get_user_voice_channel_in_server(user_id: &str, server_id: &str) -> Result<Option<String>> {
+    let mut conn = get_connection()
+        .await
+        .to_internal_error()?;
+
+    let unique_key = format!(
+        "{}-{}",
+        user_id,
+        server_id
+    );
+
+    conn.get::<&str, Option<String>>(&unique_key)
+        .await
+        .to_internal_error()
+}
+
 pub fn get_allowed_sources(permissions: PermissionValue) -> Vec<String> {
     let mut allowed_sources = Vec::new();
 
@@ -67,6 +83,7 @@ pub async fn create_voice_state(channel_id: &str, server_id: Option<&str>, user_
     Pipeline::new()
         .sadd(format!("vc-members-{channel_id}"), user_id)
         .sadd(format!("vc-{user_id}"), channel_id)
+        .set(&unique_key, channel_id)
         .set(format!("can_publish-{unique_key}"), voice_state.can_publish)
         .set(format!("can_receive-{unique_key}"), voice_state.can_receive)
         .set(format!("screensharing-{unique_key}"), voice_state.screensharing)
@@ -96,6 +113,7 @@ pub async fn delete_voice_state(channel_id: &str, server_id: Option<&str>, user_
             format!("can_receive-{unique_key}"),
             format!("screensharing-{unique_key}"),
             format!("camera-{unique_key}"),
+            unique_key.clone(),
         ])
         .query_async(&mut get_connection()
             .await
@@ -243,6 +261,7 @@ impl VoiceClient {
             .with_grants(VideoGrants {
                 room_join: true,
                 can_publish_sources: allowed_sources,
+                can_subscribe: permissions.has_channel_permission(ChannelPermission::Listen),
                 room: channel.id().to_string(),
                 ..Default::default()
             })
@@ -261,6 +280,21 @@ impl VoiceClient {
             ..Default::default()
         })
         .await
-        .map_err(|_| create_error!(InternalError))
+        .to_internal_error()
+    }
+
+    pub async fn update_permissions(&self, user: &User, channel_id: &str, new_permissions: ParticipantPermission) -> Result<ParticipantInfo> {
+        self.rooms
+            .update_participant(
+                channel_id,
+                &user.id,
+                UpdateParticipantOptions {
+                    permission: Some(new_permissions),
+                    name: "".to_string(),
+                    metadata: "".to_string(),
+                },
+            )
+            .await
+            .to_internal_error()
     }
 }

crates/delta/src/routes/root.rs

@@ -105,8 +105,8 @@ pub async fn root() -> Result<Json<RevoltConfig>> {
                 url: config.hosts.january,
             },
             livekit: VoiceFeature {
-                enabled: !config.api.livekit.url.is_empty(),
-                url: config.api.livekit.url.to_string(),
+                enabled: !config.hosts.livekit.is_empty(),
+                url: config.hosts.livekit.to_string(),
             },
         },
         ws: config.hosts.events,

crates/delta/src/routes/servers/ban_create.rs

@@ -5,11 +5,11 @@ use revolt_database::{
 use revolt_models::v0;
 
 use revolt_permissions::{
-    calculate_channel_permissions, calculate_server_permissions, ChannelPermission,
+    calculate_server_permissions, ChannelPermission,
 };
 use revolt_result::{create_error, Result};
+use revolt_voice::{delete_voice_state, get_user_voice_channel_in_server, VoiceClient};
 use rocket::{serde::json::Json, State};
-use serde::{Deserialize, Serialize};
 use validator::Validate;
 
 /// # Ban User
@@ -19,6 +19,7 @@ use validator::Validate;
 #[put("/<server>/bans/<target>", data = "<data>")]
 pub async fn ban(
     db: &State<Database>,
+    voice: &State<VoiceClient>,
     user: User,
     server: Reference,
     target: Reference,
@@ -57,6 +58,11 @@ pub async fn ban(
         member
             .remove(db, &server, RemovalIntention::Ban, false)
             .await?;
+
+        // If the member is in a voice channel while banned kick them from the voice channel
+        if let Some(channel_id) = get_user_voice_channel_in_server(&user.id, &server.id).await? {
+            delete_voice_state(&channel_id, Some(&server.id), &user.id).await?
+        }
     }
 
     ServerBan::create(db, &server, &target.id, data.reason)