diff --git a/app/src/Server.js b/app/src/Server.js index b86b73f7..b9247c1a 100644 --- a/app/src/Server.js +++ b/app/src/Server.js @@ -42,7 +42,7 @@ dependencies: { * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970 * @author Miroslav Pejic - miroslav.pejic.85@gmail.com - * @version 1.4.33 + * @version 1.4.34 * */ @@ -439,13 +439,11 @@ function startServer() { req.query, ); - const OIDCUserAuthenticated = OIDC.enabled && req.oidc.isAuthenticated(); + const allowRoomAccess = isAllowedRoomAccess('/join/params', req, hostCfg, authHost, roomList, room); - log.debug('Direct Join', { - OIDCUserAuthenticated: OIDCUserAuthenticated, - authenticated: hostCfg.authenticated, - hostProtected: hostCfg.protected, - }); + if (!allowRoomAccess) { + return res.status(401).json({ message: 'Direct Room Join Unauthorized' }); + } let peerUsername, peerPassword = ''; @@ -473,6 +471,8 @@ function startServer() { } } + const OIDCUserAuthenticated = OIDC.enabled && req.oidc.isAuthenticated(); + if ( (hostCfg.protected && isPeerValid && isPeerPresenter && !hostCfg.authenticated) || OIDCUserAuthenticated @@ -497,31 +497,17 @@ function startServer() { // join room by id app.get('/join/:roomId', (req, res) => { - //log.debug('/join/room - hostCfg ----->', hostCfg); - - const OIDCUserAuthenticated = OIDC.enabled && req.oidc.isAuthenticated(); - - const roomId = req.params.roomId; - - const roomActive = authHost.isRoomActive(); - - const roomExist = roomList.has(roomId); - - const roomCount = roomList.size; - - log.debug('/join/:roomId', { - OIDCUserAuthenticated: OIDCUserAuthenticated, - hostProtected: hostCfg.protected, - hostAuthenticated: hostCfg.authenticated, - roomActive: roomActive, - roomExist: roomExist, - roomCount: roomCount, - roomId: roomId, - }); - - if (OIDCUserAuthenticated || hostCfg.authenticated || roomActive) { - //... + // + const allowRoomAccess = isAllowedRoomAccess( + '/join/:roomId', + req, + hostCfg, + authHost, + roomList, + req.params.roomId, + ); + if (allowRoomAccess) { if (hostCfg.protected) authHost.setRoomActive(); res.sendFile(views.room); @@ -2171,6 +2157,35 @@ function startServer() { return roomPeersArray; } + function isAllowedRoomAccess(logMessage, req, hostCfg, authHost, roomList, roomId) { + const OIDCUserAuthenticated = OIDC.enabled && req.oidc.isAuthenticated(); + const hostUserAuthenticated = hostCfg.protected && hostCfg.authenticated; + const roomActive = authHost.isRoomActive(); + const roomExist = roomList.has(roomId); + const roomCount = roomList.size; + + log.debug(logMessage, { + OIDCUserEnabled: OIDC.enabled, + OIDCUserAuthenticated: OIDCUserAuthenticated, + hostUserAuthenticated: hostUserAuthenticated, + hostProtected: hostCfg.protected, + hostAuthenticated: hostCfg.authenticated, + roomActive: roomActive, + roomExist: roomExist, + roomCount: roomCount, + roomId: roomId, + }); + + const allowRoomAccess = + (!hostCfg.protected && !OIDC.enabled) || // No host protection and OIDC mode enabled (default) + OIDCUserAuthenticated || // User authenticated via OIDC + hostUserAuthenticated || // User authenticated via Login + ((OIDCUserAuthenticated || hostUserAuthenticated) && roomCount === 0) || // User authenticated joins the first room + roomExist; // User Or Guest join an existing Room + + return allowRoomAccess; + } + async function getPeerGeoLocation(ip) { const endpoint = config.IPLookup.getEndpoint(ip); log.debug('Get peer geo', { ip: ip, endpoint: endpoint }); diff --git a/package.json b/package.json index cafd8f53..e4776779 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "mirotalksfu", - "version": "1.4.33", + "version": "1.4.34", "description": "WebRTC SFU browser-based video calls", "main": "Server.js", "scripts": { @@ -57,7 +57,7 @@ "mediasoup-client": "3.7.8", "ngrok": "^5.0.0-beta.2", "nodemailer": "^6.9.13", - "openai": "^4.43.0", + "openai": "^4.44.0", "qs": "6.12.1", "socket.io": "4.7.5", "swagger-ui-express": "5.0.0", diff --git a/public/js/Room.js b/public/js/Room.js index 93b0291c..3e0b4f84 100644 --- a/public/js/Room.js +++ b/public/js/Room.js @@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970 * @author Miroslav Pejic - miroslav.pejic.85@gmail.com - * @version 1.4.33 + * @version 1.4.34 * */ diff --git a/public/js/RoomClient.js b/public/js/RoomClient.js index e9e8f59c..7a5d1eda 100644 --- a/public/js/RoomClient.js +++ b/public/js/RoomClient.js @@ -9,7 +9,7 @@ * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970 * @author Miroslav Pejic - miroslav.pejic.85@gmail.com - * @version 1.4.33 + * @version 1.4.34 * */