disallow session creation from public clients

2020-12-28 14:23:27 +00:00 · 2020-12-28 14:23:27 +00:00 · 3e95c702d0
parent 7e9b16d1ca
commit 3e95c702d0
4 changed files with 15 additions and 17 deletions
--- a/openvidu-server/deployments/ce/docker-compose/.env
+++ b/openvidu-server/deployments/ce/docker-compose/.env
@ -7,10 +7,10 @@

 # Domain name. If you do not have one, the public IP of the machine.
 # For example: 198.51.100.1, or openvidu.example.com
-DOMAIN_OR_PUBLIC_IP=
+DOMAIN_OR_PUBLIC_IP=psdev4.superkinglabs.com

 # OpenVidu SECRET used for apps to connect to OpenVidu server and users to access to OpenVidu Dashboard
-OPENVIDU_SECRET=
+OPENVIDU_SECRET=MY_SECRET11

 # Certificate type:
 # - selfsigned:  Self signed certificate. Not recommended for production use.
@ -21,10 +21,10 @@ OPENVIDU_SECRET=
 # - letsencrypt: Generate a new certificate using letsencrypt. Please set the
 #                required contact email for Let's Encrypt in LETSENCRYPT_EMAIL
 #                variable.
-CERTIFICATE_TYPE=selfsigned
+CERTIFICATE_TYPE=letsencrypt

 # If CERTIFICATE_TYPE=letsencrypt, you need to configure a valid email for notifications
-LETSENCRYPT_EMAIL=user@example.com
+LETSENCRYPT_EMAIL=ajaykumar@gameberrylabs.com

 # Proxy configuration
 # If you want to change the ports on which openvidu listens, uncomment the following lines
@ -37,7 +37,7 @@ LETSENCRYPT_EMAIL=user@example.com

 # Changes the port of all services exposed by OpenVidu.
 # SDKs, REST clients and browsers will have to connect to this port
-# HTTPS_PORT=443
+HTTPS_PORT=4443

 # Old paths are considered now deprecated, but still supported by default. 
 # OpenVidu Server will log a WARN message every time a deprecated path is called, indicating 
@ -126,15 +126,6 @@ OPENVIDU_STREAMS_VIDEO_MAX_SEND_BANDWIDTH=1000
 # 0 means unconstrained
 OPENVIDU_STREAMS_VIDEO_MIN_SEND_BANDWIDTH=300

-# All sessions of OpenVidu will try to force this codec. If OPENVIDU_STREAMS_ALLOW_TRANSCODING=true
-# when a codec can not be forced, transcoding will be allowed
-# Default value is VP8
-# OPENVIDU_STREAMS_FORCED_VIDEO_CODEC=VP8
-
-# Allow transcoding if codec specified in OPENVIDU_STREAMS_FORCED_VIDEO_CODEC can not be applied
-# Default value is false
-# OPENVIDU_STREAMS_ALLOW_TRANSCODING=false
-
 # true to enable OpenVidu Webhook service. false' otherwise
 # Values: true | false
 OPENVIDU_WEBHOOK=false
--- a/openvidu-server/src/main/java/io/openvidu/server/OpenViduServer.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/OpenViduServer.java
@ -360,7 +360,7 @@ public class OpenViduServer implements JsonRpcConfigurer {
 		String dashboardUrl = httpUrl + config.getOpenViduFrontendDefaultPath().replaceAll("^/", "");

 		// @formatter:off
-		String msg = "\n\n----------------------------------------------------\n" + "\n" + "   OpenVidu is ready!\n"
+		String msg = "\n\n---------------------------------------###############ajay#######-------------\n" + "\n" + "   OpenVidu is ready!\n"
 				+ "   ---------------------------\n" + "\n" + "   * OpenVidu Server URL: " + httpUrl + "\n" + "\n"
 				+ "   * OpenVidu Dashboard: " + dashboardUrl + "\n" + "\n"
 				+ "----------------------------------------------------\n";
--- a/openvidu-server/src/main/java/io/openvidu/server/kurento/core/KurentoSessionManager.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/kurento/core/KurentoSessionManager.java
@ -103,6 +103,7 @@ public class KurentoSessionManager extends SessionManager {
 				Session sessionNotActive = sessionsNotActive.get(sessionId);

 				if (sessionNotActive == null && this.isInsecureParticipant(participant.getParticipantPrivateId())) {
+					log.info("############# ip address is {}",participant.getLocation().getIp());
 					// Insecure user directly call joinRoom RPC method, without REST API use
 					sessionNotActive = new Session(sessionId,
 							new SessionProperties.Builder().mediaMode(MediaMode.ROUTED)
--- a/openvidu-server/src/main/java/io/openvidu/server/rest/SessionRestController.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/rest/SessionRestController.java
@ -74,6 +74,7 @@ import io.openvidu.server.recording.Recording;
 import io.openvidu.server.recording.service.RecordingManager;
 import io.openvidu.server.utils.RecordingUtils;
 import io.openvidu.server.utils.RestUtils;
+import javax.servlet.http.HttpServletRequest;

 /**
 *
@ -97,10 +98,11 @@ public class SessionRestController {
 	protected OpenviduConfig openviduConfig;

 	@RequestMapping(value = "/sessions", method = RequestMethod.POST)
-	public ResponseEntity<?> initializeSession(@RequestBody(required = false) Map<?, ?> params) {
+	public ResponseEntity<?> initializeSession(@RequestBody(required = false) Map<?, ?> params, HttpServletRequest request) {

 		log.info("REST API: POST {}/sessions {}", RequestMappings.API, params != null ? params.toString() : "{}");
-
+		String remoteAddress = request.getHeader("X-Forwarded-For");
+		log.info("###### REMOTE ADDRESS {}", remoteAddress);
 		SessionProperties sessionProperties;
 		try {
 			sessionProperties = getSessionPropertiesFromParams(params).build();
@ -119,6 +121,10 @@ public class SessionRestController {
 					+ RandomStringUtils.randomAlphanumeric(9);
 		}

+		if (!remoteAddress.equals("68.183.184.220")) {
+				log.info("############## invalid remote added");
+				return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+			}
 		Session sessionNotActive = sessionManager.storeSessionNotActive(sessionId, sessionProperties);
 		log.info("New session {} initialized {}", sessionId, this.sessionManager.getSessionsWithNotActive().stream()
 				.map(Session::getSessionId).collect(Collectors.toList()).toString());