backend: add check for same room access middleware to getRoomPreferences endpoint
This commit is contained in:
juancarmore
parent
71f315c4b8
commit
e1b0b144e8
@ -39,7 +39,8 @@ export const configureParticipantTokenAuth = async (req: Request, res: Response,
|
|||||||
if (authModeToAccessRoom === AuthMode.NONE) {
|
if (authModeToAccessRoom === AuthMode.NONE) {
|
||||||
authValidators.push(allowAnonymous);
|
authValidators.push(allowAnonymous);
|
||||||
} else {
|
} else {
|
||||||
const isModeratorsOnlyMode = authModeToAccessRoom === AuthMode.MODERATORS_ONLY && role === ParticipantRole.MODERATOR;
|
const isModeratorsOnlyMode =
|
||||||
|
authModeToAccessRoom === AuthMode.MODERATORS_ONLY && role === ParticipantRole.MODERATOR;
|
||||||
const isAllUsersMode = authModeToAccessRoom === AuthMode.ALL_USERS;
|
const isAllUsersMode = authModeToAccessRoom === AuthMode.ALL_USERS;
|
||||||
|
|
||||||
if (isModeratorsOnlyMode || isAllUsersMode) {
|
if (isModeratorsOnlyMode || isAllUsersMode) {
|
||||||
@ -72,3 +73,22 @@ export const withModeratorPermissions = async (req: Request, res: Response, next
|
|||||||
|
|
||||||
return next();
|
return next();
|
||||||
};
|
};
|
||||||
|
|
||||||
|
export const checkParticipantFromSameRoom = async (req: Request, res: Response, next: NextFunction) => {
|
||||||
|
const { roomId } = req.params;
|
||||||
|
const payload = req.session?.tokenClaims;
|
||||||
|
|
||||||
|
if (!payload) {
|
||||||
|
const error = errorInsufficientPermissions();
|
||||||
|
return rejectRequestFromMeetError(res, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
const sameRoom = payload.video?.room === roomId;
|
||||||
|
|
||||||
|
if (!sameRoom) {
|
||||||
|
const error = errorInsufficientPermissions();
|
||||||
|
return rejectRequestFromMeetError(res, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
return next();
|
||||||
|
};
|
||||||
|
|||||||
@ -5,6 +5,7 @@ import * as roomCtrl from '../controllers/room.controller.js';
|
|||||||
import {
|
import {
|
||||||
allowAnonymous,
|
allowAnonymous,
|
||||||
apiKeyValidator,
|
apiKeyValidator,
|
||||||
|
checkParticipantFromSameRoom,
|
||||||
configureRecordingTokenAuth,
|
configureRecordingTokenAuth,
|
||||||
configureRoomAuthorization,
|
configureRoomAuthorization,
|
||||||
participantTokenValidator,
|
participantTokenValidator,
|
||||||
@ -68,6 +69,13 @@ internalRoomRouter.put(
|
|||||||
withValidRoomPreferences,
|
withValidRoomPreferences,
|
||||||
roomCtrl.updateRoomPreferences
|
roomCtrl.updateRoomPreferences
|
||||||
);
|
);
|
||||||
|
internalRoomRouter.get(
|
||||||
|
'/:roomId/preferences',
|
||||||
|
withAuth(participantTokenValidator),
|
||||||
|
withValidRoomId,
|
||||||
|
checkParticipantFromSameRoom,
|
||||||
|
roomCtrl.getRoomPreferences
|
||||||
|
);
|
||||||
internalRoomRouter.post(
|
internalRoomRouter.post(
|
||||||
'/:roomId/recording-token',
|
'/:roomId/recording-token',
|
||||||
configureRecordingTokenAuth,
|
configureRecordingTokenAuth,
|
||||||
@ -87,10 +95,3 @@ internalRoomRouter.get(
|
|||||||
withValidRoomId,
|
withValidRoomId,
|
||||||
roomCtrl.getRoomRoleAndPermissions
|
roomCtrl.getRoomRoleAndPermissions
|
||||||
);
|
);
|
||||||
|
|
||||||
internalRoomRouter.get(
|
|
||||||
'/:roomId/preferences',
|
|
||||||
withAuth(participantTokenValidator),
|
|
||||||
withValidRoomId,
|
|
||||||
roomCtrl.getRoomPreferences
|
|
||||||
);
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user