diff --git a/hub.go b/hub.go index cba65b1..8b70897 100644 --- a/hub.go +++ b/hub.go @@ -135,6 +135,8 @@ type Hub struct { mcuTimeout time.Duration internalClientsSecret []byte + allowSubscribeAnyStream bool + expiredSessions map[Session]bool expectHelloClients map[*Client]time.Time anonymousClients map[*Client]time.Time @@ -197,6 +199,11 @@ func NewHub(config *goconf.ConfigFile, nats NatsClient, r *mux.Router, version s } mcuTimeout := time.Duration(mcuTimeoutSeconds) * time.Second + allowSubscribeAnyStream, _ := config.GetBool("app", "allowsubscribeany") + if allowSubscribeAnyStream { + log.Printf("WARNING: Allow subscribing any streams, this is insecure and should only be enabled for testing") + } + decodeCaches := make([]*LruCache, 0, numDecodeCaches) for i := 0; i < numDecodeCaches; i++ { decodeCaches = append(decodeCaches, NewLruCache(decodeCacheSize)) @@ -313,6 +320,8 @@ func NewHub(config *goconf.ConfigFile, nats NatsClient, r *mux.Router, version s mcuTimeout: mcuTimeout, internalClientsSecret: []byte(internalClientsSecret), + allowSubscribeAnyStream: allowSubscribeAnyStream, + expiredSessions: make(map[Session]bool), anonymousClients: make(map[*Client]time.Time), expectHelloClients: make(map[*Client]time.Time), @@ -1705,7 +1714,7 @@ func (h *Hub) processMcuMessage(senderSession *ClientSession, session *ClientSes // A user is only allowed to subscribe a stream if she is in the same room // as the other user and both have their "inCall" flag set. - if !h.isInSameCall(senderSession, message.Recipient.SessionId) { + if !h.allowSubscribeAnyStream && !h.isInSameCall(senderSession, message.Recipient.SessionId) { log.Printf("Session %s is not in the same call as session %s, not requesting offer", session.PublicId(), message.Recipient.SessionId) sendNotAllowed(senderSession, client_message, "Not allowed to request offer.") return diff --git a/server.conf.in b/server.conf.in index ab6f889..bd2d50d 100644 --- a/server.conf.in +++ b/server.conf.in @@ -29,6 +29,11 @@ key = /etc/nginx/ssl/server.key # See "https://golang.org/pkg/net/http/pprof/" for further information. debug = false +# Set to "true" to allow subscribing any streams. This is insecure and should +# only be enabled for testing. By default only streams of users in the same +# room and call can be subscribed. +#allowsubscribeany = false + [sessions] # Secret value used to generate checksums of sessions. This should be a random # string of 32 or 64 bytes.