neoris/openvidu-meet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

backend: enhance room member token handling for external member IDs and validate secrets

Browse Source
This commit is contained in:
juancarmore 2026-01-28 16:04:59 +01:00
parent 2e7cbeb96a
commit 1188255210
2 changed files with 47 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
meet-ce/backend/src/middlewares/room-member.middleware.ts
View File

@ -132,23 +132,30 @@ export const authorizeRoomMemberTokenGeneration = async (req: Request, res: Resp
// Scenario 1: Secret provided (Anonymous access or Member ID)
if (secret) {
try {
const isExternalMemberId = secret.startsWith('ext-');
if (isExternalMemberId) {
// Check if secret is a memberId
const roomMemberService = container.get(RoomMemberService);
const isMember = await roomMemberService.isRoomMember(roomId, secret);
if (!isMember) {
const error = errorRoomMemberNotFound(roomId, secret);
return rejectRequestFromMeetError(res, error);
}
return next();
}
// Check if secret matches any room access URL secret
const isValidSecret = await roomService.isValidRoomSecret(roomId, secret);
if (isValidSecret) {
return next();
if (!isValidSecret) {
const error = errorInvalidRoomSecret(roomId, secret);
return rejectRequestFromMeetError(res, error);
}
// Check if secret is a memberId
const roomMemberService = container.get(RoomMemberService);
const isMember = await roomMemberService.isRoomMember(roomId, secret);
if (isMember) {
return next();
}
const error = errorInvalidRoomSecret(roomId, secret);
return rejectRequestFromMeetError(res, error);
return next();
} catch (error) {
return handleError(res, error, 'checking room secret');
}

50
meet-ce/backend/src/services/room-member.service.ts
View File

@ -472,26 +472,32 @@ export class RoomMemberService {
if (secret) {
// Case 1: Secret provided (Anonymous access or External Member)
const isValidSecret = await this.roomService.isValidRoomSecret(roomId, secret);
const isExternalMemberId = secret.startsWith('ext-');
if (isExternalMemberId) {
// If secret is a external member ID, fetch the member and assign their role and permissions
const member = await this.getRoomMember(roomId, secret);
if (!member) {
throw errorInvalidRoomSecret(roomId, secret);
}
memberId = member.memberId;
baseRole = member.baseRole;
customPermissions = member.customPermissions;
effectivePermissions = member.effectivePermissions;
} else {
const isValidSecret = await this.roomService.isValidRoomSecret(roomId, secret);
if (!isValidSecret) {
throw errorInvalidRoomSecret(roomId, secret);
}
if (isValidSecret) {
// If secret matches anonymous access URL secret, assign role and permissions based on it
baseRole = await this.getRoomMemberRoleBySecret(roomId, secret);
const room = await this.roomService.getMeetRoom(roomId);
effectivePermissions = room.roles[baseRole].permissions;
} else {
// If secret is a memberId, fetch the member and assign their role and permissions
const member = await this.getRoomMember(roomId, secret);
if (member) {
memberId = member.memberId;
baseRole = member.baseRole;
customPermissions = member.customPermissions;
effectivePermissions = member.effectivePermissions;
} else {
throw errorInvalidRoomSecret(roomId, secret);
}
}
} else {
// Case 2: Authenticated user
@ -512,14 +518,14 @@ export class RoomMemberService {
// If user is a member, fetch their role and permissions
const member = await this.getRoomMember(roomId, user.userId);
if (member) {
memberId = user.userId;
baseRole = member.baseRole;
customPermissions = member.customPermissions;
effectivePermissions = member.effectivePermissions;
} else {
if (!member) {
throw errorUnauthorized();
}
memberId = user.userId;
baseRole = member.baseRole;
customPermissions = member.customPermissions;
effectivePermissions = member.effectivePermissions;
}
}
@ -533,9 +539,9 @@ export class RoomMemberService {
customPermissions,
memberId
);
} else {
return this.generateToken(roomId, baseRole, effectivePermissions, customPermissions, memberId);
}
return this.generateToken(roomId, baseRole, effectivePermissions, customPermissions, memberId);
}
/**