Skip to content

Commit

Permalink
Merge pull request #12365 from nextcloud/bugfix/noid/harden-against-b…
Browse files Browse the repository at this point in the history
…roken-recording-backend

fix(recording): Stop broken recording backend
  • Loading branch information
danxuliu authored May 22, 2024
2 parents 264f9c7 + 623575d commit 47f0449
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 0 deletions.
8 changes: 8 additions & 0 deletions lib/Controller/PageController.php
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,7 @@ protected function pageHandler(string $token = '', string $callUser = '', string
#[NoCSRFRequired]
#[PublicPage]
#[BruteForceProtection(action: 'talkRoomToken')]
#[BruteForceProtection(action: 'talkRecordingStatus')]
public function recording(string $token): Response {
try {
$room = $this->manager->getRoomByToken($token);
Expand All @@ -291,6 +292,13 @@ public function recording(string $token): Response {
return $response;
}

if ($room->getCallRecording() !== Room::RECORDING_VIDEO_STARTING && $room->getCallRecording() !== Room::RECORDING_AUDIO_STARTING) {
$response = new NotFoundResponse();
$this->logger->debug('Recording "' . ($this->userId ?? 'ANONYMOUS') . '" throttled for accessing "' . $token . '"', ['app' => 'spreed-bfp']);
$response->throttle(['token' => $token, 'action' => 'talkRecordingStatus']);
return $response;
}

if (class_exists(LoadViewer::class)) {
$this->eventDispatcher->dispatchTyped(new LoadViewer());
}
Expand Down
17 changes: 17 additions & 0 deletions lib/Controller/RecordingController.php
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,7 @@ protected function getInputStream(): string {
#[OpenAPI(scope: 'backend-recording')]
#[PublicPage]
#[BruteForceProtection(action: 'talkRecordingSecret')]
#[BruteForceProtection(action: 'talkRecordingStatus')]
public function backend(): DataResponse {
$json = $this->getInputStream();
if (!$this->validateBackendRequest($json)) {
Expand Down Expand Up @@ -218,6 +219,22 @@ private function backendStarted(array $started): DataResponse {
], Http::STATUS_NOT_FOUND);
}

if ($room->getCallRecording() !== Room::RECORDING_VIDEO_STARTING && $room->getCallRecording() !== Room::RECORDING_AUDIO_STARTING) {
$this->logger->error('Recording backend tried to start recording in room {token}, but it was not requested by a moderator.', [
'token' => $token,
'app' => 'spreed-recording',
]);
$response = new DataResponse([
'type' => 'error',
'error' => [
'code' => 'no_such_room',
'message' => 'Room not found.',
],
], Http::STATUS_NOT_FOUND);
$response->throttle(['action' => 'talkRecordingStatus']);
return $response;
}

try {
$participant = $this->participantService->getParticipantByActor($room, $actor['type'], $actor['id']);
} catch (ParticipantNotFoundException $e) {
Expand Down

0 comments on commit 47f0449

Please sign in to comment.