function Util:process_and_verify

function Util:process_and_verify_token()

in resources/prosody-plugins/token/util.lib.lua [245:322]
66 lines of code
19 McCabe index (conditional complexity)

function Util:process_and_verify_token(session, acceptedIssuers)
    if not acceptedIssuers then
        acceptedIssuers = self.acceptedIssuers;
    end

    if session.auth_token == nil then
        if self.allowEmptyToken then
            return true;
        else
            return false, "not-allowed", "token required";
        end
    end

    local pubKey;
    if session.public_key then
        module:log("debug","Public key was found on the session");
        pubKey = session.public_key;
    elseif self.asapKeyServer and session.auth_token ~= nil then
        local dotFirst = session.auth_token:find("%.");
        if not dotFirst then return nil, "Invalid token" end
        local header, err = json_safe.decode(basexx.from_url64(session.auth_token:sub(1,dotFirst-1)));
        if err then
            return false, "not-allowed", "bad token format";
        end
        local kid = header["kid"];
        if kid == nil then
            return false, "not-allowed", "'kid' claim is missing";
        end
        local alg = header["alg"];
        if alg == nil then
            return false, "not-allowed", "'alg' claim is missing";
        end
        if alg.sub(alg,1,2) ~= "RS" then 
            return false, "not-allowed", "'kid' claim only support with RS family";
        end
        pubKey = self:get_public_key(kid);
        if pubKey == nil then
            return false, "not-allowed", "could not obtain public key";
        end
    end

    
    local claims, msg;
    if self.asapKeyServer then
        claims, msg = self:verify_token(session.auth_token, pubKey, acceptedIssuers);
    else
        claims, msg = self:verify_token(session.auth_token, self.appSecret, acceptedIssuers);
    end
    if claims ~= nil then
        
        session.jitsi_meet_room = claims["room"];
        
        session.jitsi_meet_domain = claims["sub"];

        
        if claims["context"] ~= nil then
          if claims["context"]["user"] ~= nil then
            session.jitsi_meet_context_user = claims["context"]["user"];
          end

          if claims["context"]["group"] ~= nil then
            
            session.jitsi_meet_context_group = claims["context"]["group"];
          end

          if claims["context"]["features"] ~= nil then
            
            session.jitsi_meet_context_features = claims["context"]["features"];
          end
          if claims["context"]["room"] ~= nil then
            session.jitsi_meet_context_room = claims["context"]["room"]
          end
        end
        return true;
    else
        return false, "not-allowed", msg;
    end
end