neoris/openvidu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

backend: Refactor recording middleware to improve permission checks and error handling

Browse Source
This commit is contained in:
juancarmore 2025-03-21 01:33:37 +01:00
parent e383d10fd6
commit 1dba73178d
1 changed files with 34 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
backend/src/middlewares/recording.middleware.ts
View File

@ -7,37 +7,44 @@ import { RoomService } from '../services/room.service.js';
export const withRecordingEnabledAndCorrectPermissions = async (req: Request, res: Response, next: NextFunction) => { export const withRecordingEnabledAndCorrectPermissions = async (req: Request, res: Response, next: NextFunction) => {
const logger = container.get(LoggerService); const logger = container.get(LoggerService);
// TODO: Think how to get the roomName from the request
const roomName = req.body.roomName;
const payload = req.session?.tokenClaims;
if (!payload) {
return res.status(403).json({ message: 'Insufficient permissions to access this resource' });
}
let room: OpenViduMeetRoom;
try { try {
// TODO: Think how to get the roomName from the request
const roomName = req.body.roomName;
const payload = req.body.payload;
const roomService = container.get(RoomService); const roomService = container.get(RoomService);
const room: OpenViduMeetRoom = await roomService.getOpenViduRoom(roomName); room = await roomService.getOpenViduRoom(roomName);
console.log('room', room);
if (!room.preferences) {
logger.error('No room preferences found checking recording preferences. Refusing access');
return res.status(403).json({ message: 'Recording is disabled in this room' });
}
const { recordingPreferences } = room.preferences;
const { enabled: recordingEnabled } = recordingPreferences;
if (!recordingEnabled) {
return res.status(403).json({ message: 'Recording is disabled in this room' });
}
const sameRoom = payload.video.room === roomName;
const permissions = payload.metadata?.permissions as OpenViduMeetPermissions;
const canRecord = permissions?.canRecord === true;
if (!sameRoom || !canRecord) {
return res.status(403).json({ message: 'Insufficient permissions to record in this room' });
}
return next();
} catch (error) { } catch (error) {
logger.error('Error checking recording preferences:' + error); logger.error('Error checking recording preferences:' + error);
return res.status(403).json({ message: 'Recording is disabled in this room' }); return res.status(403).json({ message: 'Recording is disabled in this room' });
} }
if (!room.preferences) {
logger.error('No room preferences found checking recording preferences. Refusing access');
return res.status(403).json({ message: 'Recording is disabled in this room' });
}
const { recordingPreferences } = room.preferences;
const { enabled: recordingEnabled } = recordingPreferences;
if (!recordingEnabled) {
return res.status(403).json({ message: 'Recording is disabled in this room' });
}
const sameRoom = payload.video?.room === roomName;
const metadata = JSON.parse(payload.metadata || '{}');
const permissions = metadata.permissions as OpenViduMeetPermissions | undefined;
const canRecord = permissions?.canRecord === true;
if (!sameRoom || !canRecord) {
return res.status(403).json({ message: 'Insufficient permissions to access this resource' });
}
return next();
}; };