Check backend-permissions to join conversations. Fixes #2

2019-07-03 09:04:15 +08:00 · 2019-07-03 09:04:15 +08:00 · 1c6137af6f
parent f7d9197940
commit 1c6137af6f
3 changed files with 17 additions and 2 deletions
--- a/.env
+++ b/.env
@ -1 +1,3 @@
 LISTEN=:80
+NATS=nats://localhost:4222
+PERMISSIONS_HOST=http://permissions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # backend-webrtc

-Beep backend handling WebRTC Selective Forwarding Units (SFUs). 
+Beep backend handling WebRTC Selective Forwarding Units (SFUs). Pushes bites (chunks of audio) to [NATS](https://nats.io). Checks `backend-permissions` for user's permission to join the conversation.

 **The security of this service is handled by backend-auth called by traefik.**

@ -11,6 +11,8 @@ Supply environment variables by either exporting them or editing `.env`.
 | ENV | Description | Default |
 | --- | ----------- | ------- |
 | LISTEN | Host and port to listen on | :80 |
+| NATS | Host and port of NATs | nats://localhost:4222 |
+| PERMISSIONS_HOST | URL of `backend-permissions` | http://permissions |

 ## API

@ -114,3 +116,4 @@ Empty body
 | Code | Description |
 | ---- | ----------- |
 | 400 | Error parsing `X-User-Claims` header |
+| 401 | `backend-permissions` denied permission to join conversation |
--- a/main.go
+++ b/main.go
@ -26,6 +26,7 @@ var peerConnectionConfig webrtc.Configuration

 var listen string
 var natsHost string
+var permissionsHost string

 var upgrader websocket.Upgrader
 var mediaEngine webrtc.MediaEngine
@ -45,6 +46,7 @@ func main() {
  }
  listen = os.Getenv("LISTEN")
  natsHost = os.Getenv("NATS")
+  permissionsHost = os.Getenv("PERMISSIONS_HOST")

  upgrader = websocket.Upgrader{}

@ -251,9 +253,17 @@ func NewConnection(w http.ResponseWriter, r *http.Request, p httprouter.Params)
 func JoinConversation(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
  // Get user id
  user := r.Context().Value("user").(RawClient)
-
+  // Get conversation id
  conversationId := p.ByName("conversationid")

+  // Check permissions from backend-permissions
+  response, err := http.Get(permissionsHost + "/user/" + user.UserId + "/conversation/" + conversationId)
+  if err != nil {
+    http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+    return
+  }
+  response.Body.Close()
+
  // Remove user from existing conversation
  if oldConversation, ok := userConversation[user.UserId]; ok {
    if users, ok2 := conversationUsers[oldConversation]; ok2 {