Add option to allow subscribing of any streams (disabled by default).

Joachim Bauch 1 year ago
parent b398591447
commit a663dd43f9
No known key found for this signature in database
GPG Key ID: 77C1D22D53E15F02
  1. 11
  2. 5

@ -135,6 +135,8 @@ type Hub struct {
mcuTimeout time.Duration
internalClientsSecret []byte
allowSubscribeAnyStream bool
expiredSessions map[Session]bool
expectHelloClients map[*Client]time.Time
anonymousClients map[*Client]time.Time
@ -197,6 +199,11 @@ func NewHub(config *goconf.ConfigFile, nats NatsClient, r *mux.Router, version s
mcuTimeout := time.Duration(mcuTimeoutSeconds) * time.Second
allowSubscribeAnyStream, _ := config.GetBool("app", "allowsubscribeany")
if allowSubscribeAnyStream {
log.Printf("WARNING: Allow subscribing any streams, this is insecure and should only be enabled for testing")
decodeCaches := make([]*LruCache, 0, numDecodeCaches)
for i := 0; i < numDecodeCaches; i++ {
decodeCaches = append(decodeCaches, NewLruCache(decodeCacheSize))
@ -313,6 +320,8 @@ func NewHub(config *goconf.ConfigFile, nats NatsClient, r *mux.Router, version s
mcuTimeout: mcuTimeout,
internalClientsSecret: []byte(internalClientsSecret),
allowSubscribeAnyStream: allowSubscribeAnyStream,
expiredSessions: make(map[Session]bool),
anonymousClients: make(map[*Client]time.Time),
expectHelloClients: make(map[*Client]time.Time),
@ -1705,7 +1714,7 @@ func (h *Hub) processMcuMessage(senderSession *ClientSession, session *ClientSes
// A user is only allowed to subscribe a stream if she is in the same room
// as the other user and both have their "inCall" flag set.
if !h.isInSameCall(senderSession, message.Recipient.SessionId) {
if !h.allowSubscribeAnyStream && !h.isInSameCall(senderSession, message.Recipient.SessionId) {
log.Printf("Session %s is not in the same call as session %s, not requesting offer", session.PublicId(), message.Recipient.SessionId)
sendNotAllowed(senderSession, client_message, "Not allowed to request offer.")

@ -29,6 +29,11 @@ key = /etc/nginx/ssl/server.key
# See "" for further information.
debug = false
# Set to "true" to allow subscribing any streams. This is insecure and should
# only be enabled for testing. By default only streams of users in the same
# room and call can be subscribed.
#allowsubscribeany = false
# Secret value used to generate checksums of sessions. This should be a random
# string of 32 or 64 bytes.