Check backend-permissions to join conversations. Fixes #2
parent
f7d9197940
commit
1c6137af6f
2
.env
2
.env
|
@ -1 +1,3 @@
|
||||||
LISTEN=:80
|
LISTEN=:80
|
||||||
|
NATS=nats://localhost:4222
|
||||||
|
PERMISSIONS_HOST=http://permissions
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# backend-webrtc
|
# backend-webrtc
|
||||||
|
|
||||||
Beep backend handling WebRTC Selective Forwarding Units (SFUs).
|
Beep backend handling WebRTC Selective Forwarding Units (SFUs). Pushes bites (chunks of audio) to [NATS](https://nats.io). Checks `backend-permissions` for user's permission to join the conversation.
|
||||||
|
|
||||||
**The security of this service is handled by backend-auth called by traefik.**
|
**The security of this service is handled by backend-auth called by traefik.**
|
||||||
|
|
||||||
|
@ -11,6 +11,8 @@ Supply environment variables by either exporting them or editing `.env`.
|
||||||
| ENV | Description | Default |
|
| ENV | Description | Default |
|
||||||
| --- | ----------- | ------- |
|
| --- | ----------- | ------- |
|
||||||
| LISTEN | Host and port to listen on | :80 |
|
| LISTEN | Host and port to listen on | :80 |
|
||||||
|
| NATS | Host and port of NATs | nats://localhost:4222 |
|
||||||
|
| PERMISSIONS_HOST | URL of `backend-permissions` | http://permissions |
|
||||||
|
|
||||||
## API
|
## API
|
||||||
|
|
||||||
|
@ -114,3 +116,4 @@ Empty body
|
||||||
| Code | Description |
|
| Code | Description |
|
||||||
| ---- | ----------- |
|
| ---- | ----------- |
|
||||||
| 400 | Error parsing `X-User-Claims` header |
|
| 400 | Error parsing `X-User-Claims` header |
|
||||||
|
| 401 | `backend-permissions` denied permission to join conversation |
|
||||||
|
|
12
main.go
12
main.go
|
@ -26,6 +26,7 @@ var peerConnectionConfig webrtc.Configuration
|
||||||
|
|
||||||
var listen string
|
var listen string
|
||||||
var natsHost string
|
var natsHost string
|
||||||
|
var permissionsHost string
|
||||||
|
|
||||||
var upgrader websocket.Upgrader
|
var upgrader websocket.Upgrader
|
||||||
var mediaEngine webrtc.MediaEngine
|
var mediaEngine webrtc.MediaEngine
|
||||||
|
@ -45,6 +46,7 @@ func main() {
|
||||||
}
|
}
|
||||||
listen = os.Getenv("LISTEN")
|
listen = os.Getenv("LISTEN")
|
||||||
natsHost = os.Getenv("NATS")
|
natsHost = os.Getenv("NATS")
|
||||||
|
permissionsHost = os.Getenv("PERMISSIONS_HOST")
|
||||||
|
|
||||||
upgrader = websocket.Upgrader{}
|
upgrader = websocket.Upgrader{}
|
||||||
|
|
||||||
|
@ -251,9 +253,17 @@ func NewConnection(w http.ResponseWriter, r *http.Request, p httprouter.Params)
|
||||||
func JoinConversation(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
func JoinConversation(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
// Get user id
|
// Get user id
|
||||||
user := r.Context().Value("user").(RawClient)
|
user := r.Context().Value("user").(RawClient)
|
||||||
|
// Get conversation id
|
||||||
conversationId := p.ByName("conversationid")
|
conversationId := p.ByName("conversationid")
|
||||||
|
|
||||||
|
// Check permissions from backend-permissions
|
||||||
|
response, err := http.Get(permissionsHost + "/user/" + user.UserId + "/conversation/" + conversationId)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
response.Body.Close()
|
||||||
|
|
||||||
// Remove user from existing conversation
|
// Remove user from existing conversation
|
||||||
if oldConversation, ok := userConversation[user.UserId]; ok {
|
if oldConversation, ok := userConversation[user.UserId]; ok {
|
||||||
if users, ok2 := conversationUsers[oldConversation]; ok2 {
|
if users, ok2 := conversationUsers[oldConversation]; ok2 {
|
||||||
|
|
Loading…
Reference in New Issue