neoris/openvidu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

backend: Refactor recording middleware to include permission checks and update route handlers

Browse Source
This commit is contained in:
juancarmore 2025-03-14 01:39:20 +01:00
parent fe01ddb17e
commit c2b82cdeb7
2 changed files with 40 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
backend/src/middlewares/recording.middleware.ts
View File

@ -1,35 +1,43 @@
import { container } from '../config/dependency-injector.config.js'; import { container } from '../config/dependency-injector.config.js';
import { Request, Response, NextFunction } from 'express'; import { Request, Response, NextFunction } from 'express';
import { GlobalPreferencesService } from '../services/preferences/index.js'; import { OpenViduMeetPermissions, OpenViduMeetRoom } from '@typings-ce';
import { RoomPreferences } from '@typings-ce';
import { LoggerService } from '../services/logger.service.js'; import { LoggerService } from '../services/logger.service.js';
import { RoomService } from '../services/room.service.js';
export const withRecordingEnabled = async (req: Request, res: Response, next: NextFunction) => { export const withRecordingEnabledAndCorrectPermissions = async (req: Request, res: Response, next: NextFunction) => {
const logger = container.get(LoggerService); const logger = container.get(LoggerService);
try { try {
// TODO: Think how to get the roomName from the request
const roomName = req.body.roomName;
const payload = req.body.payload;
const roomService = container.get(RoomService);
const room: OpenViduMeetRoom = await roomService.getOpenViduRoom(roomName);
console.log('room', room);
if (!room.preferences) {
logger.error('No room preferences found checking recording preferences. Refusing access');
return res.status(403).json({ message: 'Recording is disabled in this room' });
}
const { recordingPreferences } = room.preferences;
const { enabled: recordingEnabled } = recordingPreferences;
if (!recordingEnabled) {
return res.status(403).json({ message: 'Recording is disabled in this room' });
}
const sameRoom = payload.video.room === roomName;
const permissions = payload.metadata?.permissions as OpenViduMeetPermissions;
const canRecord = permissions?.canRecord === true;
if (!sameRoom || !canRecord) {
return res.status(403).json({ message: 'Insufficient permissions to record in this room' });
}
return next(); return next();
// TODO: Think how get the roomName from the request
// const roomName = req.body.roomName;
// const preferenceService = container.get(GlobalPreferencesService);
// const preferences: RoomPreferences | null = await preferenceService.getOpenViduRoomPreferences(roomName);
// if (preferences) {
// const { recordingPreferences } = preferences;
// if (!recordingPreferences.enabled) {
// return res.status(403).json({ message: 'Recording is disabled in this room.' });
// }
// return next();
// }
// logger.error('No room preferences found checking recording preferences. Refusing access.');
// return res.status(403).json({ message: 'Recording is disabled in this room.' });
} catch (error) { } catch (error) {
logger.error('Error checking recording preferences:' + error); logger.error('Error checking recording preferences:' + error);
return res.status(403).json({ message: 'Recording is disabled in this room.' }); return res.status(403).json({ message: 'Recording is disabled in this room' });
} }
}; };

13
backend/src/routes/recording.routes.ts
View File

@ -1,8 +1,8 @@
import { Router } from 'express'; import { Router } from 'express';
import bodyParser from 'body-parser'; import bodyParser from 'body-parser';
import * as recordingCtrl from '../controllers/recording.controller.js'; import * as recordingCtrl from '../controllers/recording.controller.js';
import { withUserBasicAuth } from '../middlewares/auth.middleware.js'; import { withParticipantValidToken, withUserBasicAuth } from '../middlewares/auth.middleware.js';
import { withRecordingEnabled } from '../middlewares/recording.middleware.js'; import { withRecordingEnabledAndCorrectPermissions } from '../middlewares/recording.middleware.js';
export const recordingRouter = Router(); export const recordingRouter = Router();
@ -10,8 +10,13 @@ recordingRouter.use(bodyParser.urlencoded({ extended: true }));
recordingRouter.use(bodyParser.json()); recordingRouter.use(bodyParser.json());
// Recording Routes // Recording Routes
recordingRouter.post('/', withUserBasicAuth, /*withRecordingEnabled,*/ recordingCtrl.startRecording); recordingRouter.post(
recordingRouter.put('/:recordingId', withUserBasicAuth,/* withRecordingEnabled,*/ recordingCtrl.stopRecording); '/',
withParticipantValidToken,
withRecordingEnabledAndCorrectPermissions,
recordingCtrl.startRecording
);
recordingRouter.put('/:recordingId', withUserBasicAuth, /* withRecordingEnabled,*/ recordingCtrl.stopRecording);
recordingRouter.get('/:recordingId/stream', /*withRecordingEnabled,*/ recordingCtrl.streamRecording); recordingRouter.get('/:recordingId/stream', /*withRecordingEnabled,*/ recordingCtrl.streamRecording);
recordingRouter.delete( recordingRouter.delete(
'/:recordingId', '/:recordingId',