utd_audio_room_kit 1.6.0
utd_audio_room_kit: ^1.6.0 copied to clipboard
LiveKit-based live audio room for Flutter: seat management, real-time chat, mic/speaker controls, speak requests, moderation, and minimize/PiP.
Changelog #
1.6.0 #
- Auto-collect device facts for the dashboard's per-participant view.
UTDRoomController.generateTokennow populatesdevice_model/os/os_version/app_versionautomatically (viadevice_info_plus+package_info_plus) when the host app doesn't pass them. Explicit arguments still win, collection is cached per process, and it never throws — on an unsupported platform or a plugin failure each field degrades tonullrather than blocking token issuance. Values are capped to the engine's column limits (device_model 100, os 50, os_version/app_version 20). UTDRoomController.generateToken/UTDTokenApi.generateToken: add an optionalimageUrl, sent asimageonPOST /api/v1/tokenand shown as the participant's profile image in the dashboard.- New direct dependencies:
device_info_plus: ^12.0.0andpackage_info_plus: ^8.0.0(the former was already in the tree transitively vialivekit_client). - Minimum SDK raised to Dart
>=3.7.0/ Flutter>=3.29.0, required bydevice_info_plus ^12.0.0. Hosts on older toolchains should stay on1.5.0.
1.5.0 #
- Type-first token request: the kit now sends
type: 'audio_room'onPOST /api/v1/tokeninstead of the legacyservice: 'rooms'. The engine is type-first — oneappId/appKeyserves every product type enabled on the project, and the type is a per-request field, not a credential. The project must haveaudio_roomin its enabled types. Seat behavior is unchanged —audio_roomkeeps the full seat model (take/leave/switch/lock/unlock/kick/mute/swap, apply-to-speak, seat grid); only the token field changed. UTDRoomController.generateToken/UTDTokenApi.generateToken: the requiredserviceparameter is removed and replaced by an optionaltype(default'audio_room'). Drop-in users of theUTDAudioRoomwidget are unaffected — it no longer passesserviceinternally. Direct callers ofgenerateTokenshould dropservice: 'rooms'; the default already targetsaudio_room.- Non-breaking on the engine side: the deployed engine still accepts the legacy
service+kindfields and derives the canonical type, so older builds of this kit keep working against the same engine while apps migrate to this version at their own pace.
1.4.0 #
- No-backend credentials (recommended): pass
UTDAudioRoom(appKey: ...)/UTDRoomController.initApi(appKey: ...)— the project's publishable app key. The kit mints tokens directly from the engine (X-App-KeyonPOST /api/v1/token), and the engine signs the returned per-useruser_tokenwith the projectserver_secretserver-side, so the secret never ships in the app and no integrator backend is required. The kit applies thatuser_tokenas theAuthorization: Bearerfor all in-room/moderation calls (persisted acrossinitApire-inits, so it survives restore-from-minimize). - Removed
tokenProviderand itsUTDTokenProvider/UTDTokenRequest/UTDTokenBundletypes plus theUTDRoomController.usesTokenProvidergetter (added in 1.3.0). The no-backendappKeyflow replaces it — there is no longer a built-in path for integrators who run their own token backend. - Removed
serverSecretentirely (deprecated in 1.3.0).UTDAudioRoom.serverSecret,UTDRoomController.initApi(serverSecret:)/ itsserverSecretgetter, and theUTDApiClient(appSecret:)param /X-App-Secretheader are all gone.appKeyis now the sole, required credential. Migrate anyserverSecret:callsites toappKey:. - A leaked
app_keycannot forge bearers offline or call the server-to-server API, and rotates independently via the engineregenerate-credentialsadmin endpoint.
1.3.0 #
- Secure credentials via
tokenProvider(recommended): a newUTDAudioRoom(tokenProvider: ...)/UTDRoomController.initApi(tokenProvider: ...)callback lets the integrator mint tokens from their own backend, so the projectserverSecretnever ships in the app. The kit calls the provider with aUTDTokenRequest(identity, room, service, room owner, device id) and consumes the returnedUTDTokenBundle(UTDTokenBundle.fromEngineJsonparses the enginePOST /api/v1/tokenresponse verbatim). The per-useruser_tokenfrom the bundle is applied as theAuthorization: Bearerfor all in-room/moderation REST calls, so actions are authenticated as the server-verified user. New exported API:UTDTokenProvider,UTDTokenRequest,UTDTokenBundle, plusUTDRoomController.usesTokenProvider. The role is intentionally not sent from the client in this mode — the integrator backend is the authority on the user's role. serverSecretis now deprecated and optional.UTDAudioRoom.serverSecret/initApi(serverSecret:)still work in legacy/dual mode (the kit keeps sendingX-App-Secret), but embedding the secret in a shipped app lets anyone extract it and mint tokens for any identity/room — migrate totokenProvider.UTDAudioRoomnow asserts that exactly one oftokenProvider(recommended) orserverSecret(legacy) is provided.UTDTokenResponsegains auserTokenfield (engineuser_token; empty on legacy responses) so the per-user bearer is surfaced through the normal token flow as well.- README rewritten around the secure
tokenProviderflow, with a backend-proxy example and an explicit "do not ship the secret" warning; the params table marksappIdas a safe public identifier andserverSecretas deprecated/legacy.
1.2.0 #
- Comment lock: host/admin can now lock room chat so only host/admin may post.
New
UTDCommentApi(exported) wrapping the engine endpointsPOST /api/v1/rooms/{room}/comments/{lock,unlock}, plusUTDRoomController.lockComments()/unlockComments()/setCommentsLocked(), thecommentsLockednotifier and thecanICommentgetter. The lock is driven by the server (the_chat_lockbroadcast + thechat_lockedroom-metadata field), never set optimistically, so it stays consistent across devices and is restored for late joiners on reconnect. Enforcement lives in both the send path (a hidden composer can't be bypassed) and the receive path (chat from non-privileged senders is dropped while locked, as a backstop against a tampered client). The default controls bar gains a host/admin lock toggle and swaps the audience chat button for a lock indicator while locked. - Admin role announcements: a centered, dimmed room-chat system line is posted
when a user gains or loses the
adminrole (" UTDRoomController.stringslets the host app's localizedUTDRoomStringsback controller-emitted system lines; wired automatically fromUTDAudioRoomConfig. New strings (English + Arabic defaults) for the comment-lock UI and the admin/lock announcements; existing directUTDRoomStringscallers are unaffected (the new fields default to English).
1.1.0 #
- Split the API base URL by operation: token generation now uses the edge host
https://udt-stream.comwhile all in-room operations (seats, speakers, bans, roles) use the grey-cloud engine hosthttps://engine.udt-stream.com.UTDApiClient.defaultBaseUrlis now the engine host; the newUTDApiClient.defaultTokenBaseUrlis the token host.initApigained atokenBaseUrlparameter (defaulted) — existing callers need no change. - Security (M2): the client no longer self-writes cosmetic fields (avatar, frame,
color name) into LiveKit participant metadata. Cosmetics are published only
as participant attributes; the server remains the sole owner of metadata
(
role,_device, …). This removes a client-trust surface where a peer could spoofrole/VIP in broadcast metadata. No public API change — cosmetics still flow throughuserAttributes/setAttributes. Part of a coordinated rollout: the backend may then gatecanUpdateOwnMetadatato privileged roles only.
1.0.1 #
- Update the default API base URL to
https://api.udt-stream.com.
1.0.0 #
- Initial standalone release. Extracted from the Tempo-Live monorepo into its own package repository.
- LiveKit-based audio room: a drop-in replacement for
zego_uikit_prebuilt_live_audio_room. - Seat management (take, leave, switch, lock, unlock, kick, mute, swap), built-in seat actions and moderation sheet, apply-to-speak request queue, member list with host actions, mic/speaker controls (Bluetooth-preferring routing).
- Real-time chat over the data channel (batching + dedup), tiered reconnection, minimize / Android OS Picture-in-Picture, 8 layout modes.