deblan-mirror/nextcloud-spreed-signaling
deblan-mirror/nextcloud-spreed-signaling
1
0
Fork 0
mirror of https://github.com/strukturag/nextcloud-spreed-signaling synced 2024-04-26 03:10:29 +02:00
Code Issues Releases Wiki Activity

Add option to allow subscribing of any streams (disabled by default).

Browse source
This commit is contained in:
Joachim Bauch 2021-07-07 11:24:53 +02:00
parent b398591447
commit a663dd43f9
No known key found for this signature in database
GPG key ID: 77C1D22D53E15F02
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
hub.go
View file

@ -135,6 +135,8 @@ type Hub struct {
mcuTimeout time.Duration mcuTimeout time.Duration
internalClientsSecret []byte internalClientsSecret []byte
allowSubscribeAnyStream bool
expiredSessions map[Session]bool expiredSessions map[Session]bool
expectHelloClients map[*Client]time.Time expectHelloClients map[*Client]time.Time
anonymousClients map[*Client]time.Time anonymousClients map[*Client]time.Time
@ -197,6 +199,11 @@ func NewHub(config *goconf.ConfigFile, nats NatsClient, r *mux.Router, version s
} }
mcuTimeout := time.Duration(mcuTimeoutSeconds) * time.Second mcuTimeout := time.Duration(mcuTimeoutSeconds) * time.Second
allowSubscribeAnyStream, _ := config.GetBool("app", "allowsubscribeany")
if allowSubscribeAnyStream {
log.Printf("WARNING: Allow subscribing any streams, this is insecure and should only be enabled for testing")
}
decodeCaches := make([]*LruCache, 0, numDecodeCaches) decodeCaches := make([]*LruCache, 0, numDecodeCaches)
for i := 0; i < numDecodeCaches; i++ { for i := 0; i < numDecodeCaches; i++ {
decodeCaches = append(decodeCaches, NewLruCache(decodeCacheSize)) decodeCaches = append(decodeCaches, NewLruCache(decodeCacheSize))
@ -313,6 +320,8 @@ func NewHub(config *goconf.ConfigFile, nats NatsClient, r *mux.Router, version s
mcuTimeout: mcuTimeout, mcuTimeout: mcuTimeout,
internalClientsSecret: []byte(internalClientsSecret), internalClientsSecret: []byte(internalClientsSecret),
allowSubscribeAnyStream: allowSubscribeAnyStream,
expiredSessions: make(map[Session]bool), expiredSessions: make(map[Session]bool),
anonymousClients: make(map[*Client]time.Time), anonymousClients: make(map[*Client]time.Time),
expectHelloClients: make(map[*Client]time.Time), expectHelloClients: make(map[*Client]time.Time),
@ -1705,7 +1714,7 @@ func (h *Hub) processMcuMessage(senderSession *ClientSession, session *ClientSes
// A user is only allowed to subscribe a stream if she is in the same room // A user is only allowed to subscribe a stream if she is in the same room
// as the other user and both have their "inCall" flag set. // as the other user and both have their "inCall" flag set.
if !h.isInSameCall(senderSession, message.Recipient.SessionId) { if !h.allowSubscribeAnyStream && !h.isInSameCall(senderSession, message.Recipient.SessionId) {
log.Printf("Session %s is not in the same call as session %s, not requesting offer", session.PublicId(), message.Recipient.SessionId) log.Printf("Session %s is not in the same call as session %s, not requesting offer", session.PublicId(), message.Recipient.SessionId)
sendNotAllowed(senderSession, client_message, "Not allowed to request offer.") sendNotAllowed(senderSession, client_message, "Not allowed to request offer.")
return return

5
server.conf.in
View file

@ -29,6 +29,11 @@ key = /etc/nginx/ssl/server.key
# See "https://golang.org/pkg/net/http/pprof/" for further information. # See "https://golang.org/pkg/net/http/pprof/" for further information.
debug = false debug = false
# Set to "true" to allow subscribing any streams. This is insecure and should
# only be enabled for testing. By default only streams of users in the same
# room and call can be subscribed.
#allowsubscribeany = false
[sessions] [sessions]
# Secret value used to generate checksums of sessions. This should be a random # Secret value used to generate checksums of sessions. This should be a random
# string of 32 or 64 bytes. # string of 32 or 64 bytes.