Add option to allow subscribing of any streams (disabled by default).
This commit is contained in:
parent
b398591447
commit
a663dd43f9
11
hub.go
11
hub.go
|
@ -135,6 +135,8 @@ type Hub struct {
|
|||
mcuTimeout time.Duration
|
||||
internalClientsSecret []byte
|
||||
|
||||
allowSubscribeAnyStream bool
|
||||
|
||||
expiredSessions map[Session]bool
|
||||
expectHelloClients map[*Client]time.Time
|
||||
anonymousClients map[*Client]time.Time
|
||||
|
@ -197,6 +199,11 @@ func NewHub(config *goconf.ConfigFile, nats NatsClient, r *mux.Router, version s
|
|||
}
|
||||
mcuTimeout := time.Duration(mcuTimeoutSeconds) * time.Second
|
||||
|
||||
allowSubscribeAnyStream, _ := config.GetBool("app", "allowsubscribeany")
|
||||
if allowSubscribeAnyStream {
|
||||
log.Printf("WARNING: Allow subscribing any streams, this is insecure and should only be enabled for testing")
|
||||
}
|
||||
|
||||
decodeCaches := make([]*LruCache, 0, numDecodeCaches)
|
||||
for i := 0; i < numDecodeCaches; i++ {
|
||||
decodeCaches = append(decodeCaches, NewLruCache(decodeCacheSize))
|
||||
|
@ -313,6 +320,8 @@ func NewHub(config *goconf.ConfigFile, nats NatsClient, r *mux.Router, version s
|
|||
mcuTimeout: mcuTimeout,
|
||||
internalClientsSecret: []byte(internalClientsSecret),
|
||||
|
||||
allowSubscribeAnyStream: allowSubscribeAnyStream,
|
||||
|
||||
expiredSessions: make(map[Session]bool),
|
||||
anonymousClients: make(map[*Client]time.Time),
|
||||
expectHelloClients: make(map[*Client]time.Time),
|
||||
|
@ -1705,7 +1714,7 @@ func (h *Hub) processMcuMessage(senderSession *ClientSession, session *ClientSes
|
|||
|
||||
// A user is only allowed to subscribe a stream if she is in the same room
|
||||
// as the other user and both have their "inCall" flag set.
|
||||
if !h.isInSameCall(senderSession, message.Recipient.SessionId) {
|
||||
if !h.allowSubscribeAnyStream && !h.isInSameCall(senderSession, message.Recipient.SessionId) {
|
||||
log.Printf("Session %s is not in the same call as session %s, not requesting offer", session.PublicId(), message.Recipient.SessionId)
|
||||
sendNotAllowed(senderSession, client_message, "Not allowed to request offer.")
|
||||
return
|
||||
|
|
|
@ -29,6 +29,11 @@ key = /etc/nginx/ssl/server.key
|
|||
# See "https://golang.org/pkg/net/http/pprof/" for further information.
|
||||
debug = false
|
||||
|
||||
# Set to "true" to allow subscribing any streams. This is insecure and should
|
||||
# only be enabled for testing. By default only streams of users in the same
|
||||
# room and call can be subscribed.
|
||||
#allowsubscribeany = false
|
||||
|
||||
[sessions]
|
||||
# Secret value used to generate checksums of sessions. This should be a random
|
||||
# string of 32 or 64 bytes.
|
||||
|
|
Loading…
Reference in New Issue