fix(recording): Stop broken recording backend

Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
nextcloud · May 22, 2024 · abaef29 · abaef29
1 parent 33ed43f
commit abaef29
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
@@ -298,6 +298,7 @@ protected function pageHandler(string $token = '', string $callUser = '', string
 	#[NoCSRFRequired]
 	#[PublicPage]
 	#[BruteForceProtection(action: 'talkRoomToken')]
+	#[BruteForceProtection(action: 'talkRecordingStatus')]
 	public function recording(string $token): Response {
 		try {
 			$room = $this->manager->getRoomByToken($token);
@@ -309,6 +310,13 @@ public function recording(string $token): Response {
 			return $response;
 		}
 
+		if ($room->getCallRecording() !== Room::RECORDING_VIDEO_STARTING && $room->getCallRecording() !== Room::RECORDING_AUDIO_STARTING) {
+			$response = new NotFoundResponse();
+			$this->logger->debug('Recording "' . ($this->userId ?? 'ANONYMOUS') . '" throttled for accessing "' . $token . '"', ['app' => 'spreed-bfp']);
+			$response->throttle(['token' => $token, 'action' => 'talkRecordingStatus']);
+			return $response;
+		}
+
 		if (class_exists(LoadViewer::class)) {
 			$this->eventDispatcher->dispatchTyped(new LoadViewer());
 		}

diff --git a/lib/Controller/RecordingController.php b/lib/Controller/RecordingController.php
@@ -179,6 +179,7 @@ protected function getInputStream(): string {
 	#[OpenAPI(scope: 'backend-recording')]
 	#[PublicPage]
 	#[BruteForceProtection(action: 'talkRecordingSecret')]
+	#[BruteForceProtection(action: 'talkRecordingStatus')]
 	public function backend(): DataResponse {
 		$json = $this->getInputStream();
 		if (!$this->validateBackendRequest($json)) {
@@ -236,6 +237,22 @@ private function backendStarted(array $started): DataResponse {
 			], Http::STATUS_NOT_FOUND);
 		}
 
+		if ($room->getCallRecording() !== Room::RECORDING_VIDEO_STARTING && $room->getCallRecording() !== Room::RECORDING_AUDIO_STARTING) {
+			$this->logger->error('Recording backend tried to start recording in room {token}, but it was not requested by a moderator.', [
+				'token' => $token,
+				'app' => 'spreed-recording',
+			]);
+			$response = new DataResponse([
+				'type' => 'error',
+				'error' => [
+					'code' => 'no_such_room',
+					'message' => 'Room not found.',
+				],
+			], Http::STATUS_NOT_FOUND);
+			$response->throttle(['action' => 'talkRecordingStatus']);
+			return $response;
+		}
+
 		try {
 			$participant = $this->participantService->getParticipantByActor($room, $actor['type'], $actor['id']);
 		} catch (ParticipantNotFoundException $e) {