backend: update security preferences to allow optional requireAuthentication; enhance validation for room creation and recording preferences

2025-05-16 19:07:03 +02:00 · 2025-05-16 19:07:03 +02:00 · 44fbb25841
commit 44fbb25841
parent 9ea7bac71c
8 changed files with 44 additions and 15 deletions
--- a/backend/src/controllers/global-preferences/security-preferences.controller.ts
+++ b/backend/src/controllers/global-preferences/security-preferences.controller.ts
@ -15,7 +15,13 @@ export const updateSecurityPreferences = async (req: Request, res: Response) =>
 		const globalPreferences = await globalPrefService.getGlobalPreferences();

 		if (securityPreferences.roomCreationPolicy) {
-			globalPreferences.securityPreferences.roomCreationPolicy = securityPreferences.roomCreationPolicy;
+			globalPreferences.securityPreferences.roomCreationPolicy = {
+				allowRoomCreation: securityPreferences.roomCreationPolicy.allowRoomCreation,
+				requireAuthentication:
+					securityPreferences.roomCreationPolicy.requireAuthentication === undefined
+						? globalPreferences.securityPreferences.roomCreationPolicy.requireAuthentication
+						: securityPreferences.roomCreationPolicy.requireAuthentication
+			};
 		}

 		if (securityPreferences.authentication) {
--- a/backend/src/middlewares/recording.middleware.ts
+++ b/backend/src/middlewares/recording.middleware.ts
@ -116,7 +116,7 @@ export const withCanDeleteRecordingsPermission = async (req: Request, res: Respo
 export const configureRecordingMediaAuth = async (req: Request, res: Response, next: NextFunction) => {
 	const storageService = container.get(MeetStorageService);

-	let recordingAccess: MeetRecordingAccess;
+	let recordingAccess: MeetRecordingAccess | undefined;

 	try {
 		const roomId = extractRoomIdFromRequest(req);
--- a/backend/src/middlewares/request-validators/preferences-validator.middleware.ts
+++ b/backend/src/middlewares/request-validators/preferences-validator.middleware.ts
@ -47,10 +47,21 @@ const AuthenticationPreferencesDTOSchema: z.ZodType<AuthenticationPreferencesDTO
 	method: ValidAuthMethodDTOSchema
 });

-const RoomCreationPolicySchema: z.ZodType<RoomCreationPolicy> = z.object({
-	allowRoomCreation: z.boolean(),
-	requireAuthentication: z.boolean()
-});
+const RoomCreationPolicySchema: z.ZodType<RoomCreationPolicy> = z
+	.object({
+		allowRoomCreation: z.boolean(),
+		requireAuthentication: z.boolean().optional()
+	})
+	.refine(
+		(data) => {
+			// If allowRoomCreation is true, requireAuthentication must be provided
+			return !data.allowRoomCreation || data.requireAuthentication !== undefined;
+		},
+		{
+			message: 'requireAuthentication is required when allowRoomCreation is true',
+			path: ['requireAuthentication']
+		}
+	);

 const UpdateSecurityPreferencesDTOSchema: z.ZodType<UpdateSecurityPreferencesDTO> = z
 	.object({
--- a/backend/src/middlewares/request-validators/room-validator.middleware.ts
+++ b/backend/src/middlewares/request-validators/room-validator.middleware.ts
@ -64,10 +64,21 @@ const RecordingAccessSchema: z.ZodType<MeetRecordingAccess> = z.enum([
 	MeetRecordingAccess.PUBLIC
 ]);

-const RecordingPreferencesSchema: z.ZodType<MeetRecordingPreferences> = z.object({
-	enabled: z.boolean(),
-	allowAccessTo: RecordingAccessSchema
-});
+const RecordingPreferencesSchema: z.ZodType<MeetRecordingPreferences> = z
+	.object({
+		enabled: z.boolean(),
+		allowAccessTo: RecordingAccessSchema.optional()
+	})
+	.refine(
+		(data) => {
+			// If recording is enabled, allowAccessTo must be provided
+			return !data.enabled || data.allowAccessTo !== undefined;
+		},
+		{
+			message: 'allowAccessTo is required when recording is enabled',
+			path: ['allowAccessTo']
+		}
+	);

 const ChatPreferencesSchema: z.ZodType<MeetChatPreferences> = z.object({
 	enabled: z.boolean()
--- a/backend/src/middlewares/room.middleware.ts
+++ b/backend/src/middlewares/room.middleware.ts
@ -20,7 +20,7 @@ import { allowAnonymous, apiKeyValidator, tokenAndRoleValidator, withAuth } from
 export const configureCreateRoomAuth = async (req: Request, res: Response, next: NextFunction) => {
 	const globalPrefService = container.get(MeetStorageService);
 	let allowRoomCreation: boolean;
-	let requireAuthentication: boolean;
+	let requireAuthentication: boolean | undefined;

 	try {
 		const { securityPreferences } = await globalPrefService.getGlobalPreferences();
@ -104,7 +104,7 @@ export const configureRecordingTokenAuth = async (req: Request, res: Response, n

 		const recordingAccess = room.preferences!.recordingPreferences.allowAccessTo;

-		if (recordingAccess === MeetRecordingAccess.ADMIN) {
+		if (!recordingAccess || recordingAccess === MeetRecordingAccess.ADMIN) {
 			// Deny request if the room is configured to allow access to recordings only for admins
 			throw errorInsufficientPermissions();
 		}
--- a/frontend/projects/shared-meet-components/src/lib/services/context/context.service.ts
+++ b/frontend/projects/shared-meet-components/src/lib/services/context/context.service.ts
@ -173,7 +173,8 @@ export class ContextService {

 	async isAuthRequiredToCreateRooms(): Promise<boolean> {
 		await this.getSecurityPreferences();
-		return this.context.securityPreferences!.roomCreationPolicy.requireAuthentication;
+		const requireAuthentication = this.context.securityPreferences!.roomCreationPolicy.requireAuthentication;
+		return requireAuthentication !== undefined && requireAuthentication;
 	}

 	async getAuthModeToEnterRoom(): Promise<AuthMode> {
--- a/typings/src/global-preferences.ts
+++ b/typings/src/global-preferences.ts
@ -24,7 +24,7 @@ export interface SecurityPreferences {

 export interface RoomCreationPolicy {
    allowRoomCreation: boolean;
-    requireAuthentication: boolean;
+    requireAuthentication?: boolean;
 }

 // DTOs
--- a/typings/src/room-preferences.ts
+++ b/typings/src/room-preferences.ts
@ -12,7 +12,7 @@ export interface MeetRoomPreferences {
 */
 export interface MeetRecordingPreferences {
    enabled: boolean;
-    allowAccessTo: MeetRecordingAccess;
+    allowAccessTo?: MeetRecordingAccess;
 }

 export const enum MeetRecordingAccess {