diff --git a/server.conf.in b/server.conf.in index ed2d4c69..8c562913 100644 --- a/server.conf.in +++ b/server.conf.in @@ -78,6 +78,9 @@ encryptionSecret = tne-default-encryption-block-key ; all users will join this room if enabled. If it is disabled then a room join ; form will be shown instead. ;defaultRoomEnabled = true +; Whether a user account is required to join a room. This only has an effect +; if user accounts are enabled. Optional, defaults to false. +;authorizeRoomJoin = false ; Whether a user account is required to create a room. This only has an effect ; if user accounts are enabled. Optional, defaults to false. ;authorizeRoomCreation = false diff --git a/src/app/spreed-webrtc-server/config.go b/src/app/spreed-webrtc-server/config.go index 2ed458be..1831579b 100644 --- a/src/app/spreed-webrtc-server/config.go +++ b/src/app/spreed-webrtc-server/config.go @@ -46,6 +46,7 @@ type Config struct { DefaultRoomEnabled bool // Flag if default room ("") is enabled Plugin string // Plugin to load AuthorizeRoomCreation bool // Whether a user account is required to create rooms + AuthorizeRoomJoin bool // Whether a user account is required to join rooms Modules []string // List of enabled modules globalRoomID string // Id of the global room (not exported to Javascript) contentSecurityPolicy string // HTML content security policy @@ -112,6 +113,7 @@ func NewConfig(container phoenix.Container, tokens bool) *Config { DefaultRoomEnabled: container.GetBoolDefault("app", "defaultRoomEnabled", true), Plugin: container.GetStringDefault("app", "plugin", ""), AuthorizeRoomCreation: container.GetBoolDefault("app", "authorizeRoomCreation", false), + AuthorizeRoomJoin: container.GetBoolDefault("app", "authorizeRoomJoin", false), Modules: modules, globalRoomID: container.GetStringDefault("app", "globalRoom", ""), contentSecurityPolicy: container.GetStringDefault("app", "contentSecurityPolicy", ""), diff --git a/src/app/spreed-webrtc-server/room_manager.go b/src/app/spreed-webrtc-server/room_manager.go index fffacc71..01bd9094 100644 --- a/src/app/spreed-webrtc-server/room_manager.go +++ b/src/app/spreed-webrtc-server/room_manager.go @@ -146,6 +146,10 @@ func (rooms *roomManager) Get(roomID string) (room RoomWorker, ok bool) { } func (rooms *roomManager) GetOrCreate(roomID string, credentials *DataRoomCredentials, sessionAuthenticated bool) (RoomWorker, error) { + if rooms.AuthorizeRoomJoin && rooms.UsersEnabled && !sessionAuthenticated { + return nil, NewDataError("room_join_requires_account", "Room join requires a user account") + } + if room, ok := rooms.Get(roomID); ok { return room, nil } diff --git a/src/app/spreed-webrtc-server/room_manager_test.go b/src/app/spreed-webrtc-server/room_manager_test.go index 94540709..e87c934f 100644 --- a/src/app/spreed-webrtc-server/room_manager_test.go +++ b/src/app/spreed-webrtc-server/room_manager_test.go @@ -51,6 +51,25 @@ func Test_RoomManager_JoinRoom_ReturnsAnErrorForUnauthenticatedSessionsWhenCreat } } +func Test_RoomManager_JoinRoom_ReturnsAnErrorForUnauthenticatedSessionsWhenJoinRequiresAnAccount(t *testing.T) { + roomManager, config := NewTestRoomManager() + config.UsersEnabled = true + config.AuthorizeRoomJoin = true + + unauthenticatedSession := &Session{} + _, err := roomManager.JoinRoom("foo", nil, unauthenticatedSession, false, nil) + assertDataError(t, err, "room_join_requires_account") + + authenticatedSession := &Session{userid: "9870457"} + _, err = roomManager.JoinRoom("foo", nil, authenticatedSession, true, nil) + if err != nil { + t.Fatalf("Unexpected error %v joining room while authenticated", err) + } + + _, err = roomManager.JoinRoom("foo", nil, unauthenticatedSession, false, nil) + assertDataError(t, err, "room_join_requires_account") +} + func Test_RoomManager_UpdateRoom_ReturnsAnErrorIfNoRoomHasBeenJoined(t *testing.T) { roomManager, _ := NewTestRoomManager() _, err := roomManager.UpdateRoom(&Session{}, nil)