neoris/openvidu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

backend: add check for same room access middleware to getRoomPreferences endpoint

Browse Source
This commit is contained in:
juancarmore 2025-06-10 12:47:29 +02:00
parent 71f315c4b8
commit e1b0b144e8
2 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
backend/src/middlewares/participant.middleware.ts
View File

@ -39,7 +39,8 @@ export const configureParticipantTokenAuth = async (req: Request, res: Response,
if (authModeToAccessRoom === AuthMode.NONE) {
authValidators.push(allowAnonymous);
} else {
const isModeratorsOnlyMode = authModeToAccessRoom === AuthMode.MODERATORS_ONLY && role === ParticipantRole.MODERATOR;
const isModeratorsOnlyMode =
authModeToAccessRoom === AuthMode.MODERATORS_ONLY && role === ParticipantRole.MODERATOR;
const isAllUsersMode = authModeToAccessRoom === AuthMode.ALL_USERS;
if (isModeratorsOnlyMode || isAllUsersMode) {
@ -72,3 +73,22 @@ export const withModeratorPermissions = async (req: Request, res: Response, next
return next();
};
export const checkParticipantFromSameRoom = async (req: Request, res: Response, next: NextFunction) => {
const { roomId } = req.params;
const payload = req.session?.tokenClaims;
if (!payload) {
const error = errorInsufficientPermissions();
return rejectRequestFromMeetError(res, error);
}
const sameRoom = payload.video?.room === roomId;
if (!sameRoom) {
const error = errorInsufficientPermissions();
return rejectRequestFromMeetError(res, error);
}
return next();
};

15
backend/src/routes/room.routes.ts
View File

@ -5,6 +5,7 @@ import * as roomCtrl from '../controllers/room.controller.js';
import {
allowAnonymous,
apiKeyValidator,
checkParticipantFromSameRoom,
configureRecordingTokenAuth,
configureRoomAuthorization,
participantTokenValidator,
@ -68,6 +69,13 @@ internalRoomRouter.put(
withValidRoomPreferences,
roomCtrl.updateRoomPreferences
);
internalRoomRouter.get(
'/:roomId/preferences',
withAuth(participantTokenValidator),
withValidRoomId,
checkParticipantFromSameRoom,
roomCtrl.getRoomPreferences
);
internalRoomRouter.post(
'/:roomId/recording-token',
configureRecordingTokenAuth,
@ -87,10 +95,3 @@ internalRoomRouter.get(
withValidRoomId,
roomCtrl.getRoomRoleAndPermissions
);
internalRoomRouter.get(
'/:roomId/preferences',
withAuth(participantTokenValidator),
withValidRoomId,
roomCtrl.getRoomPreferences
);