ZF/jitsi-meet
1
0
Fork 0
mirror of https://gitcode.com/GitHub_Trending/ji/jitsi-meet.git synced 2025-12-30 03:12:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Adds room info http endpoint jwt protected. (#11738)

Browse Source 
* feat: Adds room info http endpoint jwt protected.

Used from dialplan from jigasi for handling passwords in IVR.

* squash: Fixes comments.

* squash: nginx api/rom-info

* fix: Skips tenant checks when enableDomainVerification is false.

* squash: Drops duplicate code and supports multi-shards.

By adding room= parameter in query and tenant prefix for the api we add support for multi-shards setup.

* feat: Enable domain verification by default.

This is used when verifying room access with token_verification module.

* squash: Update docs.
This commit is contained in:
Дамян Минков
2022-07-12 09:51:13 +03:00
committed by GitHub
parent 058c82a704
commit 4d51aedde0
5 changed files with 218 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
resources/prosody-plugins/token/util.lib.lua
View File

@@ -10,6 +10,7 @@ local json_safe = require "cjson.safe";
local path = require "util.paths";
local sha256 = require "util.hashes".sha256;
local main_util = module:require "util";
local ends_with = main_util.ends_with;
local http_get_with_retry = main_util.http_get_with_retry;
local extract_subdomain = main_util.extract_subdomain;
@@ -68,9 +69,9 @@ function Util.new(module)
"muc_mapper_domain",
self.muc_domain_prefix.."."..self.muc_domain_base);
end
-- whether domain name verification is enabled, by default it is disabled
self.enableDomainVerification = module:get_option_boolean(
"enable_domain_verification", false);
-- whether domain name verification is enabled, by default it is enabled
-- when disabled checking domain name and tenant if available will be skipped, we will check only room name.
self.enableDomainVerification = module:get_option_boolean('enable_domain_verification', true);
if self.allowEmptyToken == true then
module:log("warn", "WARNING - empty tokens allowed");
@@ -293,7 +294,7 @@ function Util:verify_room(session, room_address)
if not self.enableDomainVerification then
-- if auth_room is missing, this means user is anonymous (no token for
-- its domain) we let it through, jicofo is verifying creation domain
if auth_room and room ~= auth_room and auth_room ~= '*' then
if auth_room and (room ~= auth_room and not ends_with(room, ']'..auth_room)) and auth_room ~= '*' then
return false;
end