From 1c6137af6f7e32c8f6d8c947b514837dd76b25ca Mon Sep 17 00:00:00 2001
From: orcas <daniel@makerforce.io>
Date: Wed, 3 Jul 2019 09:04:15 +0800
Subject: [PATCH] Check backend-permissions to join conversations. Fixes #2

---
 .env      |  2 ++
 README.md |  5 ++++-
 main.go   | 12 +++++++++++-
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/.env b/.env
index 70c984c..dde09a3 100644
--- a/.env
+++ b/.env
@@ -1 +1,3 @@
 LISTEN=:80
+NATS=nats://localhost:4222
+PERMISSIONS_HOST=http://permissions
diff --git a/README.md b/README.md
index a52e299..82e1ff9 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # backend-webrtc
 
-Beep backend handling WebRTC Selective Forwarding Units (SFUs). 
+Beep backend handling WebRTC Selective Forwarding Units (SFUs). Pushes bites (chunks of audio) to [NATS](https://nats.io). Checks `backend-permissions` for user's permission to join the conversation.
 
 **The security of this service is handled by backend-auth called by traefik.**
 
@@ -11,6 +11,8 @@ Supply environment variables by either exporting them or editing `.env`.
 | ENV | Description | Default |
 | --- | ----------- | ------- |
 | LISTEN | Host and port to listen on | :80 |
+| NATS | Host and port of NATs | nats://localhost:4222 |
+| PERMISSIONS_HOST | URL of `backend-permissions` | http://permissions |
 
 ## API
 
@@ -114,3 +116,4 @@ Empty body
 | Code | Description |
 | ---- | ----------- |
 | 400 | Error parsing `X-User-Claims` header |
+| 401 | `backend-permissions` denied permission to join conversation |
diff --git a/main.go b/main.go
index b1d0326..d416d7a 100644
--- a/main.go
+++ b/main.go
@@ -26,6 +26,7 @@ var peerConnectionConfig webrtc.Configuration
 
 var listen string
 var natsHost string
+var permissionsHost string
 
 var upgrader websocket.Upgrader
 var mediaEngine webrtc.MediaEngine
@@ -45,6 +46,7 @@ func main() {
   }
   listen = os.Getenv("LISTEN")
   natsHost = os.Getenv("NATS")
+  permissionsHost = os.Getenv("PERMISSIONS_HOST")
 
   upgrader = websocket.Upgrader{}
 
@@ -251,9 +253,17 @@ func NewConnection(w http.ResponseWriter, r *http.Request, p httprouter.Params)
 func JoinConversation(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
   // Get user id
   user := r.Context().Value("user").(RawClient)
-
+  // Get conversation id
   conversationId := p.ByName("conversationid")
 
+  // Check permissions from backend-permissions
+  response, err := http.Get(permissionsHost + "/user/" + user.UserId + "/conversation/" + conversationId)
+  if err != nil {
+    http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+    return
+  }
+  response.Body.Close()
+
   // Remove user from existing conversation
   if oldConversation, ok := userConversation[user.UserId]; ok {
     if users, ok2 := conversationUsers[oldConversation]; ok2 {