From c4ecad646ddc1ef003c65cb181d731ad0806320a Mon Sep 17 00:00:00 2001
From: Miroslav Pejic <miroslav.pejic.85@gmail.com>
Date: Thu, 25 Apr 2024 22:06:42 +0200
Subject: [PATCH] [mirotalksfu] - check if valid token, update dep

---
 app/src/Peer.js         |  4 ++--
 app/src/Server.js       | 33 +++++++++++++++++++++++++++++++--
 package.json            |  4 ++--
 public/js/Room.js       |  2 +-
 public/js/RoomClient.js |  2 +-
 5 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/app/src/Peer.js b/app/src/Peer.js
index a4e9b4e0..e7eb4456 100644
--- a/app/src/Peer.js
+++ b/app/src/Peer.js
@@ -246,6 +246,8 @@ module.exports = class Peer {
 
             const { id, type, kind, rtpParameters, producerPaused } = consumer;
 
+            this.consumers.set(id, consumer);
+
             if (['simulcast', 'svc'].includes(type)) {
                 // simulcast - L1T3/L2T3/L3T3 | svc - L3T3
                 const { scalabilityMode } = rtpParameters.encodings[0];
@@ -268,8 +270,6 @@ module.exports = class Peer {
                 log.debug('Consumer ----->', { type: type, kind: kind });
             }
 
-            this.consumers.set(id, consumer);
-
             consumer.on('transportclose', () => {
                 log.debug('Consumer "transportclose" event');
                 this.removeConsumer(id);
diff --git a/app/src/Server.js b/app/src/Server.js
index ce4a670b..b45fc8b7 100644
--- a/app/src/Server.js
+++ b/app/src/Server.js
@@ -41,7 +41,7 @@ dependencies: {
  * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.4.22
+ * @version 1.4.23
  *
  */
 
@@ -364,6 +364,12 @@ function startServer() {
 
             if (token) {
                 try {
+                    const validToken = await isValidToken(token);
+
+                    if (!validToken) {
+                        return res.status(401).json({ message: 'Invalid Token' });
+                    }
+
                     const { username, password, presenter } = checkXSS(decodeToken(token));
                     peerUsername = username;
                     peerPassword = password;
@@ -915,6 +921,12 @@ function startServer() {
                 // Check JWT
                 if (peer_token) {
                     try {
+                        const validToken = await isValidToken(peer_token);
+
+                        if (!validToken) {
+                            return cb('unauthorized');
+                        }
+
                         const { username, password, presenter } = checkXSS(decodeToken(peer_token));
 
                         const isPeerValid = await isAuthPeer(username, password);
@@ -937,7 +949,10 @@ function startServer() {
                             peer_presenter: is_presenter,
                         });
                     } catch (err) {
-                        log.error('[Join] - JWT error', { error: err.message, token: peer_token });
+                        log.error('[Join] - JWT error', {
+                            error: err.message,
+                            token: peer_token,
+                        });
                         return cb('unauthorized');
                     }
                 } else {
@@ -1965,6 +1980,20 @@ function startServer() {
         }
     }
 
+    async function isValidToken(token) {
+        return new Promise((resolve, reject) => {
+            jwt.verify(token, jwtCfg.JWT_KEY, (err, decoded) => {
+                if (err) {
+                    // Token is invalid
+                    resolve(false);
+                } else {
+                    // Token is valid
+                    resolve(true);
+                }
+            });
+        });
+    }
+
     function encodeToken(token) {
         if (!token) return '';
 
diff --git a/package.json b/package.json
index 2e8aca02..94dce6cb 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "mirotalksfu",
-    "version": "1.4.22",
+    "version": "1.4.23",
     "description": "WebRTC SFU browser-based video calls",
     "main": "Server.js",
     "scripts": {
@@ -56,7 +56,7 @@
         "mediasoup-client": "3.7.7",
         "ngrok": "^5.0.0-beta.2",
         "nodemailer": "^6.9.13",
-        "openai": "^4.38.3",
+        "openai": "^4.38.5",
         "qs": "6.12.1",
         "socket.io": "4.7.5",
         "swagger-ui-express": "5.0.0",
diff --git a/public/js/Room.js b/public/js/Room.js
index 24b4d47d..8155db93 100644
--- a/public/js/Room.js
+++ b/public/js/Room.js
@@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h
  * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.4.22
+ * @version 1.4.23
  *
  */
 
diff --git a/public/js/RoomClient.js b/public/js/RoomClient.js
index 6f296f82..43a1f264 100644
--- a/public/js/RoomClient.js
+++ b/public/js/RoomClient.js
@@ -9,7 +9,7 @@
  * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.4.22
+ * @version 1.4.23
  *
  */