bigbluebutton-Github/bigbluebutton-html5/imports/api/users/server/handlers/validateAuthToken.js

import { check } from 'meteor/check';
import Logger from '/imports/startup/server/logger';
import Users from '/imports/api/users';
import userJoin from './userJoin';

const clearOtherSessions = (sessionUserId, current = false) => {
  const serverSessions = Meteor.server.sessions;
  Object.keys(serverSessions)
    .filter(i => serverSessions[i].userId === sessionUserId)
    .filter(i => i !== current)
    .forEach(i => serverSessions[i].close());
};

export default function handleValidateAuthToken({ body }, meetingId) {
  const { userId, valid, waitForApproval } = body;

  check(userId, String);
  check(valid, Boolean);
  check(waitForApproval, Boolean);

  const selector = {
    meetingId,
    userId,
    clientType: 'HTML5',
  };

  const User = Users.findOne(selector);

  // If we dont find the user on our collection is a flash user and we can skip
  if (!User) return;

  // Publish user join message
  if (valid && !waitForApproval && !!User.connectionId) {
    Logger.info('User=', User);
    userJoin(meetingId, userId, User.authToken);
  }

  const modifier = {
    $set: {
      validated: valid,
      approved: !waitForApproval,
      loginTime: Date.now(),
      inactivityCheck: false,
    },
  };

  const cb = (err, numChanged) => {
    if (err) {
      return Logger.error(`Validating auth token: ${err}`);
    }

    if (numChanged) {
      if (valid) {
        const sessionUserId = `${meetingId}-${userId}`;
        const currentConnectionId = User.connectionId ? User.connectionId : false;
        clearOtherSessions(sessionUserId, currentConnectionId);
      }

      return Logger.info(`Validated auth token as ${valid} user=${userId} meeting=${meetingId}`);
    }

    return Logger.info('No auth to validate');
  };

  Users.update(selector, modifier, cb);
}
Refactor of validate_auth_token and clearUsers 2017-02-24 02:15:13 +08:00			`import { check } from 'meteor/check';`
			`import Logger from '/imports/startup/server/logger';`
Changed imports and removed 'initializeCursor.js' since it's not needed 2017-10-12 10:00:28 +08:00			`import Users from '/imports/api/users';`
utilize Meteor connection id instead of trusting client side meetingId, userId 2020-02-07 04:47:28 +08:00			`import userJoin from './userJoin';`
Merged 2.0 and 1.1 users api 2017-10-12 09:02:23 +08:00
Impl user-session based connections on server. Fix #5150 Implement a connectionId for each user, each time a user try to validate we change their connectionId and end all other connections of that user. 2018-02-20 22:21:51 +08:00			`const clearOtherSessions = (sessionUserId, current = false) => {`
			`const serverSessions = Meteor.server.sessions;`
			`Object.keys(serverSessions)`
			`.filter(i => serverSessions[i].userId === sessionUserId)`
			`.filter(i => i !== current)`
			`.forEach(i => serverSessions[i].close());`
			`};`

Merged 2.0 and 1.1 users api 2017-10-12 09:02:23 +08:00			`export default function handleValidateAuthToken({ body }, meetingId) {`
			`const { userId, valid, waitForApproval } = body;`
Refactor of validate_auth_token and clearUsers 2017-02-24 02:15:13 +08:00
			`check(userId, String);`
Merged 2.0 and 1.1 users api 2017-10-12 09:02:23 +08:00			`check(valid, Boolean);`
			`check(waitForApproval, Boolean);`
Refactor of validate_auth_token and clearUsers 2017-02-24 02:15:13 +08:00
			`const selector = {`
			`meetingId,`
			`userId,`
Do not auth validate Flash users (#5695) by @oswaldoacauan 2018-06-15 04:24:55 +08:00			`clientType: 'HTML5',`
Refactor of validate_auth_token and clearUsers 2017-02-24 02:15:13 +08:00			`};`

Skip updating user validated flag if its already valid 2017-03-08 01:18:02 +08:00			`const User = Users.findOne(selector);`

Refactor Authentication flow 2017-03-11 02:33:46 +08:00			`// If we dont find the user on our collection is a flash user and we can skip`
			`if (!User) return;`
Skip updating user validated flag if its already valid 2017-03-08 01:18:02 +08:00
Merged 2.0 and 1.1 users api 2017-10-12 09:02:23 +08:00			`// Publish user join message`
only join a user if the connection is still active 2020-03-12 04:40:50 +08:00			`if (valid && !waitForApproval && !!User.connectionId) {`
update npm packages versions 2019-02-14 03:44:21 +08:00			`Logger.info('User=', User);`
Merged 2.0 and 1.1 users api 2017-10-12 09:02:23 +08:00			`userJoin(meetingId, userId, User.authToken);`
			`}`

Refactor of validate_auth_token and clearUsers 2017-02-24 02:15:13 +08:00			`const modifier = {`
			`$set: {`
Merged 2.0 and 1.1 users api 2017-10-12 09:02:23 +08:00			`validated: valid,`
			`approved: !waitForApproval,`
Fix chat alert (push and audio) #6430 2019-01-14 21:23:35 +08:00			`loginTime: Date.now(),`
Add activity check modal 2019-02-27 01:40:01 +08:00			`inactivityCheck: false,`
Refactor of validate_auth_token and clearUsers 2017-02-24 02:15:13 +08:00			`},`
			`};`

			`const cb = (err, numChanged) => {`
			`if (err) {`
			return Logger.error(`Validating auth token: ${err}`);
			`}`

			`if (numChanged) {`
Merged 2.0 and 1.1 users api 2017-10-12 09:02:23 +08:00			`if (valid) {`
Impl user-session based connections on server. Fix #5150 Implement a connectionId for each user, each time a user try to validate we change their connectionId and end all other connections of that user. 2018-02-20 22:21:51 +08:00			const sessionUserId = `${meetingId}-${userId}`;
			`const currentConnectionId = User.connectionId ? User.connectionId : false;`
			`clearOtherSessions(sessionUserId, currentConnectionId);`
Fix a bunch of bugs introduced after the refactor 2017-02-24 04:16:10 +08:00			`}`

Fix bug when users re-validate after refresh 2017-12-19 20:19:47 +08:00			return Logger.info(`Validated auth token as ${valid} user=${userId} meeting=${meetingId}`);
Refactor of validate_auth_token and clearUsers 2017-02-24 02:15:13 +08:00			`}`
Fix a bunch of bugs introduced after the refactor 2017-02-24 04:16:10 +08:00
Merged 2.0 and 1.1 users api 2017-10-12 09:02:23 +08:00			`return Logger.info('No auth to validate');`
Fix a bunch of bugs introduced after the refactor 2017-02-24 04:16:10 +08:00			`};`

Merged 2.0 and 1.1 users api 2017-10-12 09:02:23 +08:00			`Users.update(selector, modifier, cb);`
			`}`