Develop --> Main

[martian56]

This pull request updates the WebRTC configuration to dynamically fetch TURN server credentials from the Metered API, improving security and flexibility. It removes hardcoded credentials from the codebase and updates environment configuration and workflow files to support the new approach.

WebRTC Configuration & TURN Server Credentials

• Replaced hardcoded Metered TURN server credentials in RTC_CONFIG with logic to fetch credentials dynamically from the Metered API using the VITE_METERED_API_KEY environment variable in config.ts. This also introduces a fallback to Google's public STUN server if fetching fails.
• Refactored the useWebRTC hook to use the new fetchIceServers function for initializing peer connections, ensuring credentials are fetched once and cached for reuse. All peer connection creation logic now awaits the dynamic fetching of ICE servers. [1] [2] [3] [4] [5]

Environment & Deployment Configuration

• Added VITE_METERED_API_KEY to the .env.example file with instructions for obtaining the key, and clarified usage for local and production API URLs.
• Updated the GitHub Actions deployment workflow to inject the Metered API key from repository secrets for production deployments.

[Copilot]

Pull Request Overview

This PR updates the WebRTC configuration to dynamically fetch TURN server credentials from the Metered API instead of using hardcoded credentials. The main changes include:

• Dynamic fetching of ICE servers with caching
• Environment variable configuration for the Metered API key
• Async handling in peer connection creation

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File	Description
frontend/src/config.ts	Added fetchIceServers function to dynamically fetch TURN credentials from Metered API with fallback to STUN servers
frontend/src/hooks/useWebRTC.ts	Updated createPeerConnection to be async, fetch ICE servers on demand with caching, and updated all call sites
frontend/.env.example	Added environment variable documentation for VITE_METERED_API_KEY
.github/workflows/deploy_front.yml	Added secret injection for the Metered API key in deployment workflow

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The API key is exposed in the URL query string. While this appears to be client-side code where the key must be public, consider if there are API rate limits or abuse concerns. The Metered API documentation should be checked to ensure this is the intended usage pattern. If the API supports it, consider using request headers for authentication instead.

Suggested change

	export const METERED_API_URL = `https://linkup-ufazien.metered.live/api/v1/turn/credentials?apiKey=${METERED_API_KEY}`;
	// Function to fetch TURN server credentials
	export const fetchIceServers = async (): Promise<RTCIceServer[]> => {
	try {
	const response = await fetch(METERED_API_URL);
	export const METERED_API_URL = 'https://linkup-ufazien.metered.live/api/v1/turn/credentials';
	// Function to fetch TURN server credentials
	export const fetchIceServers = async (): Promise<RTCIceServer[]> => {
	try {
	const response = await fetch(METERED_API_URL, {
	headers: {
	'Authorization': `Bearer ${METERED_API_KEY}`
	}
	});

[Copilot]

Race condition: If createPeerConnection is called simultaneously for multiple peers before the first fetch completes, multiple concurrent fetchIceServers() calls will be made. Consider implementing a promise-based lock pattern or storing the promise itself to ensure only one fetch occurs. Example: if (!iceServersPromise) { iceServersPromise = fetchIceServers(); } iceServersRef.current = await iceServersPromise;

[Copilot]

The RTC_CONFIG export is no longer used after switching to dynamic ICE server fetching. Consider removing this unused export to avoid confusion and maintain cleaner code.

[Copilot]

The error message could be more descriptive by including the HTTP status code or response details. Consider: throw new Error(\Failed to fetch TURN credentials: ${response.status} ${response.statusText}`);`

Suggested change

	throw new Error('Failed to fetch TURN credentials');
	throw new Error(`Failed to fetch TURN credentials: ${response.status} ${response.statusText}`);

[Copilot]

Extra whitespace between colon and value. Should be single space for consistency with other environment variables.

Suggested change

	VITE_METERED_API_KEY: ${{ secrets.VITE_METERED_API_KEY }}
	VITE_METERED_API_KEY: ${{ secrets.VITE_METERED_API_KEY }}