diff --git a/react/features/base/jwt/middleware.js b/react/features/base/jwt/middleware.js index bcfb0c63f..75c013d71 100644 --- a/react/features/base/jwt/middleware.js +++ b/react/features/base/jwt/middleware.js @@ -141,7 +141,7 @@ function _setJWT(store, next, action) { action.jwt = jwt; action.issuer = iss; if (context) { - const user = _user2participant(context.user); + const user = _user2participant(context.user || {}); action.callee = context.callee; action.group = context.group; diff --git a/resources/prosody-plugins/mod_muc_allowners.lua b/resources/prosody-plugins/mod_muc_allowners.lua index 603ef0c1c..8aa9365d8 100644 --- a/resources/prosody-plugins/mod_muc_allowners.lua +++ b/resources/prosody-plugins/mod_muc_allowners.lua @@ -1,12 +1,71 @@ +local jid = require "util.jid"; +local um_is_admin = require "core.usermanager".is_admin; local is_healthcheck_room = module:require "util".is_healthcheck_room; +local moderated_subdomains; +local moderated_rooms; + +local function load_config() + moderated_subdomains = module:get_option_set("allowners_moderated_subdomains", {}) + moderated_rooms = module:get_option_set("allowners_moderated_rooms", {}) +end +load_config(); + +local function is_admin(jid) + return um_is_admin(jid, module.host); +end + +-- Checks whether the jid is moderated, the room name is in moderated_rooms +-- or if the subdomain is in the moderated_subdomains +-- @return returns on of the: +-- -> false +-- -> true, room_name, subdomain +-- -> true, room_name, nil (if no subdomain is used for the room) +local function is_moderated(room_jid) + local room_node = jid.node(room_jid); + -- parses bare room address, for multidomain expected format is: + -- [subdomain]roomName@conference.domain + local target_subdomain, target_room_name = room_node:match("^%[([^%]]+)%](.+)$"); + + if target_subdomain then + if moderated_subdomains:contains(target_subdomain) then + return true, target_room_name, target_subdomain; + end + elseif moderated_rooms:contains(room_node) then + return true, room_node, nil; + end + + return false; +end + module:hook("muc-occupant-joined", function (event) local room, occupant = event.room, event.occupant; - if is_healthcheck_room(room.jid) then + if is_healthcheck_room(room.jid) or is_admin(occupant.jid) then return; end + local moderated, room_name, subdomain = is_moderated(room.jid); + if moderated then + local session = event.origin; + local token = session.auth_token; + + if not token then + module:log('debug', 'skip allowners for non-auth user subdomain:%s room_name:%s', subdomain, room_name); + return; + end + + if not (room_name == session.jitsi_meet_room) then + module:log('debug', 'skip allowners for auth user and non matching room name: %s, jwt room name: %s', room_name, session.jitsi_meet_room); + return; + end + + if not (subdomain == session.jitsi_meet_context_group) then + module:log('debug', 'skip allowners for auth user and non matching room subdomain: %s, jwt subdomain: %s', subdomain, session.jitsi_meet_context_group); + return; + end + end + room:set_affiliation(true, occupant.bare_jid, "owner"); end, 2); @@ -19,3 +78,5 @@ module:hook("muc-occupant-left", function (event) room:set_affiliation(true, occupant.bare_jid, nil); end, 2); + +module:hook_global('config-reloaded', load_config);