Problem
The join-room function generates LiveKit access tokens without verifying the room exists in Appwrite. Users can receive valid tokens for non-existent or deleted rooms, causing poor UX, wasted resources, and potential security issues.
Affected Code
functions/join-room/src/main.js
The function accepts roomName and uid, generates a token immediately, and returns success without checking room existence.
Proposed Fix
Add room existence validation by querying ROOMS_COLLECTION_ID before token generation. Return 404 if room doesn't exist.
Acceptance Criteria
- Room existence verified before token generation
- Returns 404 with clear error message if room not found
- Existing functionality unchanged for valid rooms
- Error handling follows existing patterns
Problem
The join-room function generates LiveKit access tokens without verifying the room exists in Appwrite. Users can receive valid tokens for non-existent or deleted rooms, causing poor UX, wasted resources, and potential security issues.
Affected Code
functions/join-room/src/main.js
The function accepts roomName and uid, generates a token immediately, and returns success without checking room existence.
Proposed Fix
Add room existence validation by querying ROOMS_COLLECTION_ID before token generation. Return 404 if room doesn't exist.
Acceptance Criteria