[mirotalksfu] - improve security

app/src/Server.js

@@ -943,10 +943,18 @@ function startServer() {
             callback();
         });
 
-        socket.on('getRoomInfo', (_, cb) => {
+        socket.on('getRoomInfo', async (dataObject, cb) => {
             if (!roomList.has(socket.room_id)) return;
 
-            log.debug('Send Room Info to', getPeerName());
+            const data = checkXSS(dataObject);
+
+            const isPresenter = await isPeerPresenter(socket.room_id, data.peer_name, data.peer_uuid);
+            if (!isPresenter) {
+                log.debug('Get Room Info not allowed', data);
+                return;
+            }
+
+            log.debug('Send Room Info to', data.peer_name);
             cb(roomList.get(socket.room_id).toJson());
         });
 

public/js/RoomClient.js

@@ -2179,7 +2179,13 @@ class RoomClient {
     }
 
     async getRoomInfo() {
-        let room_info = await this.socket.request('getRoomInfo');
+        const data = {
+            room_id: this.room_id,
+            peer_name: this.peer_name,
+            peer_id: this.peer_id,
+            peer_uuid: this.peer_uuid,
+        };
+        let room_info = await this.socket.request('getRoomInfo', data);
         return room_info;
     }