From b25d80fd7d575db99363c19220b40d96974ecfa1 Mon Sep 17 00:00:00 2001 From: Miroslav Pejic Date: Sat, 19 Oct 2024 21:15:27 +0200 Subject: [PATCH] [mirotalksfu] - add missing --- app/src/Server.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/app/src/Server.js b/app/src/Server.js index 760ffcc6..3f30e0cb 100644 --- a/app/src/Server.js +++ b/app/src/Server.js @@ -139,6 +139,7 @@ const jwtCfg = { const hostCfg = { protected: config.host.protected, user_auth: config.host.user_auth, + users: config.host.users, users_from_db: config.host.users_from_db, users_api_room_allowed: config.host.users_api_room_allowed, users_api_rooms_allowed: config.host.users_api_rooms_allowed, @@ -569,11 +570,18 @@ function startServer() { const allowRoomAccess = isAllowedRoomAccess('/join/:roomId', req, hostCfg, roomList, roomId); if (allowRoomAccess) { - // Protect unauthorized room access... + // Protect unauthorized room access check from db... if (!OIDC.enabled && hostCfg.protected && hostCfg.users_from_db) { const roomExists = await roomExistsForUser(roomId); + log.debug('/join/:roomId exists from api endpoint', roomExists); return roomExists ? res.sendFile(views.room) : res.redirect('/login'); } + // Protect unauthorized room access check from config file... + if (!OIDC.enabled && hostCfg.protected && !hostCfg.users_from_db) { + const roomExists = hostCfg.users.some((user) => user.allowed_rooms.includes(roomId)); + log.debug('/join/:roomId exists from config allowed rooms', roomExists); + return roomExists ? res.sendFile(views.room) : res.redirect('/whoAreYou/' + roomId); + } res.sendFile(views.room); } else { // Who are you?