[mirotalksfu] - improve security & minor fix
هذا الالتزام موجود في:
Miroslav Pejic
@@ -4,6 +4,8 @@ const util = require('util');
|
||||
|
||||
const colors = require('colors');
|
||||
|
||||
const config = require('./config');
|
||||
|
||||
colors.enable(); //colors.disable();
|
||||
|
||||
const options = {
|
||||
@@ -11,9 +13,9 @@ const options = {
|
||||
colors: true,
|
||||
};
|
||||
module.exports = class Logger {
|
||||
constructor(appName = 'miroTalkSfu', debugOn = true) {
|
||||
constructor(appName = 'miroTalkSfu') {
|
||||
this.appName = colors.yellow(appName);
|
||||
this.debugOn = debugOn;
|
||||
this.debugOn = config.console.debug;
|
||||
this.timeStart = Date.now();
|
||||
this.timeEnd = null;
|
||||
this.timeElapsedMs = null;
|
||||
|
||||
@@ -563,14 +563,17 @@ function startServer() {
|
||||
roomList.get(socket.room_id).broadCast(socket.id, 'cmd', data);
|
||||
});
|
||||
|
||||
socket.on('roomAction', (dataObject) => {
|
||||
socket.on('roomAction', async (dataObject) => {
|
||||
if (!roomList.has(socket.room_id)) return;
|
||||
|
||||
const data = checkXSS(dataObject);
|
||||
|
||||
const isPresenter = await isPeerPresenter(socket.room_id, data.peer_name, data.peer_uuid);
|
||||
|
||||
log.debug('Room action:', data);
|
||||
switch (data.action) {
|
||||
case 'lock':
|
||||
if (!isPresenter) return;
|
||||
if (!roomList.get(socket.room_id).isLocked()) {
|
||||
roomList.get(socket.room_id).setLocked(true, data.password);
|
||||
roomList.get(socket.room_id).broadCast(socket.id, 'roomAction', data.action);
|
||||
@@ -588,14 +591,17 @@ function startServer() {
|
||||
roomList.get(socket.room_id).sendTo(socket.id, 'roomPassword', roomData);
|
||||
break;
|
||||
case 'unlock':
|
||||
if (!isPresenter) return;
|
||||
roomList.get(socket.room_id).setLocked(false);
|
||||
roomList.get(socket.room_id).broadCast(socket.id, 'roomAction', data.action);
|
||||
break;
|
||||
case 'lobbyOn':
|
||||
if (!isPresenter) return;
|
||||
roomList.get(socket.room_id).setLobbyEnabled(true);
|
||||
roomList.get(socket.room_id).broadCast(socket.id, 'roomAction', data.action);
|
||||
break;
|
||||
case 'lobbyOff':
|
||||
if (!isPresenter) return;
|
||||
roomList.get(socket.room_id).setLobbyEnabled(false);
|
||||
roomList.get(socket.room_id).broadCast(socket.id, 'roomAction', data.action);
|
||||
break;
|
||||
@@ -630,13 +636,19 @@ function startServer() {
|
||||
}
|
||||
});
|
||||
|
||||
socket.on('peerAction', (dataObject) => {
|
||||
socket.on('peerAction', async (dataObject) => {
|
||||
if (!roomList.has(socket.room_id)) return;
|
||||
|
||||
const data = checkXSS(dataObject);
|
||||
|
||||
log.debug('Peer action', data);
|
||||
|
||||
const presenterActions = ['mute', 'hide', 'eject'];
|
||||
if (presenterActions.some((v) => data.action === v)) {
|
||||
const isPresenter = await isPeerPresenter(socket.room_id, data.from_peer_name, data.from_peer_uuid);
|
||||
if (!isPresenter) return;
|
||||
}
|
||||
|
||||
if (data.broadcast) {
|
||||
roomList.get(socket.room_id).broadCast(data.peer_id, 'peerAction', data);
|
||||
} else {
|
||||
@@ -1067,11 +1079,23 @@ function startServer() {
|
||||
});
|
||||
|
||||
async function isPeerPresenter(room_id, peer_name, peer_uuid) {
|
||||
const isPresenter =
|
||||
Object.keys(presenters[room_id]).length > 1 &&
|
||||
presenters[room_id]['peer_name'] === peer_name &&
|
||||
presenters[room_id]['peer_uuid'] === peer_uuid;
|
||||
log.debug(peer_name, { isPresenter: isPresenter });
|
||||
let isPresenter = false;
|
||||
try {
|
||||
isPresenter =
|
||||
typeof presenters === 'object' &&
|
||||
Object.keys(presenters[room_id]).length > 1 &&
|
||||
presenters[room_id]['peer_name'] === peer_name &&
|
||||
presenters[room_id]['peer_uuid'] === peer_uuid;
|
||||
} catch (err) {
|
||||
log.error('isPeerPresenter', err);
|
||||
return false;
|
||||
}
|
||||
log.debug('isPeerPresenter', {
|
||||
room_id: room_id,
|
||||
peer_name: peer_name,
|
||||
peer_uuid: peer_uuid,
|
||||
isPresenter: isPresenter,
|
||||
});
|
||||
return isPresenter;
|
||||
}
|
||||
|
||||
|
||||
@@ -44,6 +44,9 @@ module.exports = {
|
||||
username: 'username',
|
||||
password: 'password',
|
||||
},
|
||||
console: {
|
||||
debug: true,
|
||||
},
|
||||
ngrok: {
|
||||
/*
|
||||
Ngrok
|
||||
|
||||
@@ -59,4 +59,12 @@ class LocalStorage {
|
||||
getLocalStorageDevices() {
|
||||
return JSON.parse(localStorage.getItem('LOCAL_STORAGE_DEVICES'));
|
||||
}
|
||||
|
||||
setItemLocalStorage(key, value) {
|
||||
localStorage.setItem(key, value);
|
||||
}
|
||||
|
||||
getItemLocalStorage(key) {
|
||||
localStorage.getItem(key);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -71,6 +71,7 @@ let chatMessagesId = 0;
|
||||
let room_id = getRoomId();
|
||||
let room_password = getRoomPassword();
|
||||
let peer_name = getPeerName();
|
||||
let peer_uuid = getPeerUUID();
|
||||
let isScreenAllowed = getScreen();
|
||||
let notify = getNotify();
|
||||
|
||||
@@ -415,6 +416,15 @@ function getPeerName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
function getPeerUUID() {
|
||||
if (lS.getItemLocalStorage('peer_uuid')) {
|
||||
return lS.getItemLocalStorage('peer_uuid');
|
||||
}
|
||||
const peer_uuid = getUUID();
|
||||
lS.setItemLocalStorage('peer_uuid', peer_uuid);
|
||||
return peer_uuid;
|
||||
}
|
||||
|
||||
function getRoomPassword() {
|
||||
let qs = new URLSearchParams(window.location.search);
|
||||
let roomPassword = filterXSS(qs.get('password'));
|
||||
@@ -435,7 +445,7 @@ function getRoomPassword() {
|
||||
function getPeerInfo() {
|
||||
peer_info = {
|
||||
join_data_time: getDataTimeString(),
|
||||
peer_uuid: getUUID(),
|
||||
peer_uuid: peer_uuid,
|
||||
peer_id: socket.id,
|
||||
peer_name: peer_name,
|
||||
peer_presenter: isPresenter,
|
||||
@@ -707,6 +717,7 @@ function joinRoom(peer_name, room_id) {
|
||||
socket,
|
||||
room_id,
|
||||
peer_name,
|
||||
peer_uuid,
|
||||
peer_info,
|
||||
isAudioAllowed,
|
||||
isVideoAllowed,
|
||||
|
||||
@@ -116,6 +116,7 @@ class RoomClient {
|
||||
socket,
|
||||
room_id,
|
||||
peer_name,
|
||||
peer_uuid,
|
||||
peer_info,
|
||||
isAudioAllowed,
|
||||
isVideoAllowed,
|
||||
@@ -133,6 +134,7 @@ class RoomClient {
|
||||
this.room_id = room_id;
|
||||
this.peer_id = socket.id;
|
||||
this.peer_name = peer_name;
|
||||
this.peer_uuid = peer_uuid;
|
||||
this.peer_info = peer_info;
|
||||
|
||||
this.isAudioAllowed = isAudioAllowed;
|
||||
@@ -3810,6 +3812,10 @@ class RoomClient {
|
||||
|
||||
roomAction(action, emit = true) {
|
||||
let data = {
|
||||
room_id: this.room_id,
|
||||
peer_id: this.peer_id,
|
||||
peer_name: this.peer_name,
|
||||
peer_uuid: this.peer_uuid,
|
||||
action: action,
|
||||
password: null,
|
||||
};
|
||||
@@ -3943,7 +3949,7 @@ class RoomClient {
|
||||
let lobbyTr = '';
|
||||
let peer_id = data.peer_id;
|
||||
let peer_name = data.peer_name;
|
||||
let avatarImg = getParticipantAvatar(peer_name);
|
||||
let avatarImg = this.genAvatarSvg(peer_name, 32);
|
||||
let lobbyTb = this.getId('lobbyTb');
|
||||
let lobbyAccept = _PEER.acceptPeer;
|
||||
let lobbyReject = _PEER.ejectPeer;
|
||||
@@ -3952,7 +3958,7 @@ class RoomClient {
|
||||
|
||||
lobbyTr += `
|
||||
<tr id='${peer_id}'>
|
||||
<td><img src='${avatarImg}'></td>
|
||||
<td><img src="${avatarImg}" /></td>
|
||||
<td>${peer_name}</td>
|
||||
<td><button id=${lobbyAcceptId} onclick="rc.lobbyAction(this.id, 'accept')">${lobbyAccept}</button></td>
|
||||
<td><button id=${lobbyRejectId} onclick="rc.lobbyAction(this.id, 'reject')">${lobbyReject}</button></td>
|
||||
@@ -4333,6 +4339,8 @@ class RoomClient {
|
||||
if (emit) {
|
||||
let data = {
|
||||
from_peer_name: this.peer_name,
|
||||
from_peer_id: this.peer_id,
|
||||
from_peer_uuid: this.peer_uuid,
|
||||
peer_id: peer_id,
|
||||
action: action,
|
||||
broadcast: broadcast,
|
||||
@@ -4346,6 +4354,7 @@ class RoomClient {
|
||||
switch (action) {
|
||||
case 'eject':
|
||||
if (peer_id === this.peer_id || broadcast) {
|
||||
this.exit(true);
|
||||
this.sound(action);
|
||||
this.peerActionProgress(from_peer_name, 'Will eject you from the room', 5000, action);
|
||||
}
|
||||
|
||||
المرجع في مشكلة جديدة
حظر مستخدم