From 93a3e3b2f6a6c9f4aa64e41af554b04fa8f0c162 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?The=CC=81o=20Monnom?= <theo.monnom@outlook.com>
Date: Wed, 18 Oct 2023 00:40:16 -0700
Subject: [PATCH 1/4] fix relative /rtc & remove sensitive logs

---
 Cargo.lock                                     | 2 +-
 livekit-api/src/signal_client/mod.rs           | 7 +++++--
 livekit-api/src/signal_client/signal_stream.rs | 2 --
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 0efa3eaf..b04b012c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1076,7 +1076,7 @@ dependencies = [
 
 [[package]]
 name = "livekit-ffi"
-version = "0.3.9"
+version = "0.3.10"
 dependencies = [
  "console-subscriber",
  "dashmap",
diff --git a/livekit-api/src/signal_client/mod.rs b/livekit-api/src/signal_client/mod.rs
index b43c72db..c925cf78 100644
--- a/livekit-api/src/signal_client/mod.rs
+++ b/livekit-api/src/signal_client/mod.rs
@@ -150,7 +150,9 @@ impl SignalClient {
                 "http"
             })
             .unwrap();
-        ws_url.set_path("/rtc/validate");
+
+        let path = ws_url.path();
+        ws_url.set_path(&format!("{}/rtc/validate", path));
 
         if let Ok(res) = reqwest::get(ws_url.as_str()).await {
             let status = res.status();
@@ -299,7 +301,8 @@ fn is_queuable(signal: &proto::signal_request::Message) -> bool {
 
 fn get_livekit_url(url: &str, token: &str, options: &SignalOptions) -> SignalResult<url::Url> {
     let mut lk_url = url::Url::parse(url)?;
-    lk_url.set_path("/rtc");
+    let path = lk_url.path();
+    lk_url.set_path(&format!("{}/rtc", path));
     lk_url
         .query_pairs_mut()
         .append_pair("sdk", "rust")
diff --git a/livekit-api/src/signal_client/signal_stream.rs b/livekit-api/src/signal_client/signal_stream.rs
index 11628dc5..723f2383 100644
--- a/livekit-api/src/signal_client/signal_stream.rs
+++ b/livekit-api/src/signal_client/signal_stream.rs
@@ -59,8 +59,6 @@ impl SignalStream {
         Self,
         mpsc::UnboundedReceiver<Box<proto::signal_response::Message>>,
     )> {
-        log::info!("connecting to SignalClient: {}", url);
-
         // Automatically switch to websocket scheme when using http
         if url.scheme() == "https" {
             url.set_scheme("wss").unwrap();

From 245a89919d30164b11dab5dd9422f2d4d7a667a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?The=CC=81o=20Monnom?= <theo.monnom@outlook.com>
Date: Wed, 18 Oct 2023 00:42:46 -0700
Subject: [PATCH 2/4] shorten

---
 livekit-api/src/signal_client/mod.rs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/livekit-api/src/signal_client/mod.rs b/livekit-api/src/signal_client/mod.rs
index c925cf78..e06f6561 100644
--- a/livekit-api/src/signal_client/mod.rs
+++ b/livekit-api/src/signal_client/mod.rs
@@ -151,8 +151,7 @@ impl SignalClient {
             })
             .unwrap();
 
-        let path = ws_url.path();
-        ws_url.set_path(&format!("{}/rtc/validate", path));
+        ws_url.set_path(&format!("{}/rtc/validate", ws_url.path()));
 
         if let Ok(res) = reqwest::get(ws_url.as_str()).await {
             let status = res.status();
@@ -301,8 +300,7 @@ fn is_queuable(signal: &proto::signal_request::Message) -> bool {
 
 fn get_livekit_url(url: &str, token: &str, options: &SignalOptions) -> SignalResult<url::Url> {
     let mut lk_url = url::Url::parse(url)?;
-    let path = lk_url.path();
-    lk_url.set_path(&format!("{}/rtc", path));
+    lk_url.set_path(&format!("{}/rtc", lk_url.path()));
     lk_url
         .query_pairs_mut()
         .append_pair("sdk", "rust")

From 7355292337949a67af8890989a2bd1e3acf19b8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?The=CC=81o=20Monnom?= <theo.monnom@outlook.com>
Date: Wed, 18 Oct 2023 10:44:38 -0700
Subject: [PATCH 3/4] proper fix

---
 livekit-api/src/signal_client/mod.rs           | 10 ++++++++--
 livekit-api/src/signal_client/signal_stream.rs |  7 +++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/livekit-api/src/signal_client/mod.rs b/livekit-api/src/signal_client/mod.rs
index e06f6561..e6a848ba 100644
--- a/livekit-api/src/signal_client/mod.rs
+++ b/livekit-api/src/signal_client/mod.rs
@@ -151,7 +151,9 @@ impl SignalClient {
             })
             .unwrap();
 
-        ws_url.set_path(&format!("{}/rtc/validate", ws_url.path()));
+        if let Ok(mut segs) = ws_url.path_segments_mut() {
+            segs.extend(&["rtc", "validate"]);
+        }
 
         if let Ok(res) = reqwest::get(ws_url.as_str()).await {
             let status = res.status();
@@ -300,7 +302,11 @@ fn is_queuable(signal: &proto::signal_request::Message) -> bool {
 
 fn get_livekit_url(url: &str, token: &str, options: &SignalOptions) -> SignalResult<url::Url> {
     let mut lk_url = url::Url::parse(url)?;
-    lk_url.set_path(&format!("{}/rtc", lk_url.path()));
+
+    if let Ok(mut segs) = lk_url.path_segments_mut() {
+        segs.push("rtc");
+    }
+
     lk_url
         .query_pairs_mut()
         .append_pair("sdk", "rust")
diff --git a/livekit-api/src/signal_client/signal_stream.rs b/livekit-api/src/signal_client/signal_stream.rs
index 723f2383..e52179cb 100644
--- a/livekit-api/src/signal_client/signal_stream.rs
+++ b/livekit-api/src/signal_client/signal_stream.rs
@@ -59,6 +59,13 @@ impl SignalStream {
         Self,
         mpsc::UnboundedReceiver<Box<proto::signal_response::Message>>,
     )> {
+        {
+            // Don't log the access token
+            let mut durl = url.clone();
+            durl.query_pairs_mut().clear();
+            log::info!("connecting to {}", durl);
+        }
+
         // Automatically switch to websocket scheme when using http
         if url.scheme() == "https" {
             url.set_scheme("wss").unwrap();

From 0085097caa9486d29b5119aa7fa8238999f8cf9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?The=CC=81o=20Monnom?= <theo.monnom@outlook.com>
Date: Wed, 18 Oct 2023 11:18:39 -0700
Subject: [PATCH 4/4] Update signal_stream.rs

---
 .../src/signal_client/signal_stream.rs        | 24 +++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/livekit-api/src/signal_client/signal_stream.rs b/livekit-api/src/signal_client/signal_stream.rs
index e52179cb..26f08132 100644
--- a/livekit-api/src/signal_client/signal_stream.rs
+++ b/livekit-api/src/signal_client/signal_stream.rs
@@ -22,6 +22,7 @@ use tokio::sync::{mpsc, oneshot};
 use tokio::task::JoinHandle;
 use tokio_tungstenite::tungstenite::Message;
 use tokio_tungstenite::{connect_async, MaybeTlsStream, WebSocketStream};
+use url::form_urlencoded;
 
 type WebSocket = WebSocketStream<MaybeTlsStream<TcpStream>>;
 
@@ -60,10 +61,25 @@ impl SignalStream {
         mpsc::UnboundedReceiver<Box<proto::signal_response::Message>>,
     )> {
         {
-            // Don't log the access token
-            let mut durl = url.clone();
-            durl.query_pairs_mut().clear();
-            log::info!("connecting to {}", durl);
+            // Don't log sensitive info
+            let mut url = url.clone();
+            let filtered_pairs: Vec<_> = url
+                .query_pairs()
+                .filter(|(key, _)| key != "access_token")
+                .map(|(k, v)| (k.into_owned(), v.into_owned()))
+                .collect();
+
+            {
+                let mut query_pairs = url.query_pairs_mut();
+                query_pairs.clear();
+                for (key, value) in filtered_pairs {
+                    query_pairs.append_pair(&key, &value);
+                }
+
+                query_pairs.append_pair("access_token", "...");
+            }
+
+            log::info!("connecting to {}", url);
         }
 
         // Automatically switch to websocket scheme when using http