jfinn
/
jitsi_corner8
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Pārlūkot izejas kodu

fix(jwt-validation): validate `kid` value only for JaaS 

- add some missing meet features
j8
hmuresan 4 gadus atpakaļ
vecāks
79939f108c
revīzija
a582f1c191
2 mainītis faili ar 31 papildinājumiem un 19 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 2
    0
      react/features/base/jwt/constants.js
  2. 29
    19
      react/features/base/jwt/functions.js

+ 2
- 0
react/features/base/jwt/constants.js Parādīt failu 

@@ -11,5 +11,7 @@ export const MEET_FEATURES = [
11 11 
     'outbound-call',
12 12 
     'recording',
13 13 
     'room',
14 
+    'screen-sharing',
15 
+    'sip-outbound-call',
14 16 
     'transcription'
15 17 
 ];

+ 29
- 19
react/features/base/jwt/functions.js Parādīt failu 

@@ -67,49 +67,59 @@ export function validateJwt(jwt: string) {
67 67 
             return errors;
68 68 
         }
69 69
70 
-        const { kid } = header;
70 
+        const {
71 
+            aud,
72 
+            context,
73 
+            exp,
74 
+            iss,
75 
+            nbf,
76 
+            sub
77 
+        } = payload;
71 78
72 
-        // if Key ID is missing, we return the error immediately without further validations.
73 
-        if (!kid) {
74 
-            errors.push('- Key ID(kid) missing');
79 
+        // JaaS only
80 
+        if (sub && sub.startsWith('vpaas-magic-cookie')) {
81 
+            const { kid } = header;
75 82
76 
-            return errors;
77 
-        }
83 
+            // if Key ID is missing, we return the error immediately without further validations.
84 
+            if (!kid) {
85 
+                errors.push('- Key ID(kid) missing');
78 86
79 
-        // JaaS only
80 
-        if (kid.startsWith('vpaas-magic-cookie')) {
81 
-            if (kid.substring(0, header.kid.indexOf('/')) !== payload.sub) {
87 
+                return errors;
88 
+            }
89 
+
90 
+            if (kid.substring(0, kid.indexOf('/')) !== sub) {
82 91 
                 errors.push('- Key ID(kid) does not match sub');
83 92 
             }
84 
-            if (payload.aud !== 'jitsi') {
93 
+
94 
+            if (aud !== 'jitsi') {
85 95 
                 errors.push('- invalid `aud` value. It should be `jitsi`');
86 96 
             }
87 97
88 
-            if (payload.iss !== 'chat') {
98 
+            if (iss !== 'chat') {
89 99 
                 errors.push('- invalid `iss` value. It should be `chat`');
90 100 
             }
91 101
92 
-            if (!payload.context?.features) {
102 
+            if (!context?.features) {
93 103 
                 errors.push('- `features` object is missing from the payload');
94 104 
             }
95 105 
         }
96 106
97 
-        if (!isValidUnixTimestamp(payload.nbf)) {
107 
+        if (!isValidUnixTimestamp(nbf)) {
98 108 
             errors.push('- invalid `nbf` value');
99 
-        } else if (currentTimestamp < payload.nbf * 1000) {
109 
+        } else if (currentTimestamp < nbf * 1000) {
100 110 
             errors.push('- `nbf` value is in the future');
101 111 
         }
102 112
103 
-        if (!isValidUnixTimestamp(payload.exp)) {
113 
+        if (!isValidUnixTimestamp(exp)) {
104 114 
             errors.push('- invalid `exp` value');
105 
-        } else if (currentTimestamp > payload.exp * 1000) {
115 
+        } else if (currentTimestamp > exp * 1000) {
106 116 
             errors.push('- token is expired');
107 117 
         }
108 118
109 
-        if (!payload.context) {
119 
+        if (!context) {
110 120 
             errors.push('- `context` object is missing from the payload');
111 
-        } else if (payload.context.features) {
112 
-            const { features } = payload.context;
121 
+        } else if (context.features) {
122 
+            const { features } = context;
113 123
114 124 
             Object.keys(features).forEach(feature => {
115 125 
                 if (MEET_FEATURES.includes(feature)) {

Rakstīt Priekšskatītījums
Notiek ielāde…
Atcelt
Saglabāt