Commit Graph

1548 Commits

Author SHA1 Message Date
Richard Alam
49ed89d82c - add alternative way of running bbb-web in dev environment which doesn't
require to be run with user bigbluebutton.
2021-04-23 17:22:41 +00:00
Gustavo Trott
b6e0a571d5 Implements forceRasterizeSlides (force convert presentation to png before svg) and pngWidthRasterizedSlides (force png width (px)) 2021-04-22 21:57:55 -03:00
Gustavo Trott
a08a0d33e1 Makes presentation svg resolution configurable, and set default to 300 2021-04-19 16:01:48 -03:00
Gustavo Trott
14301b27ea Makes bbb-web return code 403 when uploaded file exceeds limit 2021-04-13 16:54:17 -03:00
Anton Georgiev
ef337acbe6
Merge pull request #11956 from gustavotrott/upload-maxsize-error
Creates a pubSub error message when Upload max size exceeded
2021-04-09 16:41:22 -04:00
Gustavo Trott
28555ed33d Sends error code 413 to Upload request when file is too large 2021-04-09 15:41:19 -03:00
Gustavo Trott
3d1575e635 Send pubSub FileTooLarge Error Msg from bbb-web when file is too large, (and makes Akka send meetingId with presentation token msg) 2021-04-08 14:18:15 -03:00
Anton Georgiev
8122caf85a
Merge pull request #11884 from MarcelWaldvogel/exec-service-process
Services run as starting PID
2021-04-05 12:16:16 -04:00
Marcel Waldvogel
9140613a96 Services run as starting PID
The starting scripts now `exec` the main service instead of starting
it as a subprocess. Also in line with docker-entrypoint recommendations.
2021-04-05 12:24:29 +02:00
Gustavo Trott
4b4588c20d Handle and log timeout errors during conversions 2021-03-31 12:10:02 -03:00
Gustavo Trott
1c6f8a1610 Moves default pdfToSvg conversion timeout to config 2021-03-30 18:29:34 -03:00
Anton Georgiev
db57a56060
Merge pull request #11804 from PhMemmel/turn-server-overlay-config
Config overlay for bbb-web turn server config
2021-03-30 12:29:59 -04:00
Anton Georgiev
75e935d771
Merge pull request #11809 from gustavotrott/develop
Enhancements to presentation OfficeToPDF conversion
2021-03-30 12:27:25 -04:00
Gustavo Trott
58a05acce6 Implements max concurrent office2pdf conversions and set conversion timeout from config 2021-03-30 11:26:03 -03:00
Philipp Memmel
c3ff88cd78 config overlay for bbb-web turn server config 2021-03-30 11:57:37 +02:00
Pedro Beschorner Marin
beb694c74a Improve guest lobby feedback
Included a message and a redirect for the cases where the guest is
not allowed to join or the meeting has expired/ended.
2021-03-29 22:17:59 -03:00
Gustavo Trott
e5a235efa5 Removes jodconverter configs that is not used anymore 2021-03-25 14:34:52 -03:00
Gustavo Trott
a69baba177 Removes jodconverter from project dependencies 2021-03-24 15:00:05 -03:00
Gustavo Trott
e9d5eca664 Replaces the presentation Office to Pdf converter using shellScript instead of jodconverter 2021-03-22 15:32:22 -03:00
Anton Georgiev
6c7da44940 replaced keepEvents with defaultKeepEvents and meetingKeepEvents 2021-03-18 02:31:47 +00:00
Pedro Beschorner Marin
0365018e92 Add guest lobby messages
Moderators are able to send a message to the meeting's guest lobby. This new
event reaches bbb-web and is sent to the guest user with her/his status response
while polling. All guest users that are waiting for acceptance will be able to
read this message.

enableGuestLobbyMessage is disabled by default.
2021-03-09 11:02:25 -03:00
Anton Georgiev
f814d5f8cd
Merge pull request #11470 from schrd/grails-config
add overlay config for bbb-web
2021-03-05 16:53:57 -05:00
Anton Georgiev
228bad03d5 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into march4-merge 2021-03-04 21:25:47 +00:00
Anton Georgiev
eba2d0ab58
Merge pull request #11535 from pedrobmarin/etherpad-patch
Rework padIds and turn bbb-web pad aware
2021-03-02 14:48:34 -05:00
Daniel Schreiber
e6f83df3f6 add overlay config for bbb-web
operators can define their own config for bbb-web which will not be
overwritten by packages.

bbb-conf is changed accordingly to write configuration values to
``/etc/bigbluebutton/bbb-web.properties`
2021-02-25 14:08:05 +01:00
Anton Georgiev
55e8de4357 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into feb18-merge 2021-02-18 20:33:19 +00:00
Anton Georgiev
f43560d535 Support for backend vs frontend nodejs instances bbb-html5 2021-02-16 03:19:31 +00:00
Pedro Beschorner Marin
09b39a8d63 Add extra pad validation
Associate pads with meetings so session validation is restricted to the
meeting's valid session tokens.

Meteor will dispatch new redis events on shared notes and closed captions
pads creation. This event will go through apps and reach web to populate
a new meeting's pad collection that contains all valid pad id's for that
session. Nginx will use this collection to check if the user's session token
belongs to the pad's authorized users.

Besides these modifications, an extra change will be needed at notes.nginx.
Location /pad/p/ needs to change it's auth_request:

from /bigbluebutton/connection/checkAuthorization;
to /bigbluebutton/connection/validatePad;
2021-02-10 13:37:04 -03:00
Ghazi Triki
5f683809cd Make sure checksum validation is done first in join API and display an error without redirection in failure case. 2021-02-09 19:03:54 +01:00
Anton Georgiev
363c801338
Merge pull request #11215 from pedrobmarin/guest-draft
Disable authenticated guests
2021-02-05 16:13:46 -05:00
Jacob Burroughs
f4ecf4c7ed Restore allowRequestsWithoutSession to resources.xml
Otherwise that property is not read from the bigbluebutton.properties file.
It was removed in an overzealous deletion in
418fdb1a31
2021-02-01 09:43:50 -06:00
Pedro Beschorner Marin
e595d31f80 Set default guest configuration
Changes to the current (v2.2) default configuration of the guest feature.

The ideal is to keep the simplified guest feature as default (`authenticatedGuests=false`)
but we also need to be in sync with Greenlight settings to make this happen.

Greenlight will have to re-add the `guest=true` param on user's join API call when ASK_MODERATOR
is set as guest's policy.
2021-01-23 21:58:34 -03:00
Pedro Beschorner Marin
0bbef12ac7 Authenticated guests feature controlled at bbb-web properties 2021-01-23 21:48:02 -03:00
Anton Georgiev
3135c6bb22 Handle guestWait url for multiple nodejs instanceIds 2021-01-05 15:38:21 +00:00
Anton Georgiev
55fe528e35 Change bigbluebutton.properties client url param 2020-12-16 15:49:20 +00:00
Anton Georgiev
8b65f9e15b Set bbb-html5 loadbalancing to be round robin 2020-12-15 01:55:57 +00:00
Anton Georgiev
0be8773e4c Loadbalance bbb-html5 in bbb-web based on CPU 2020-12-11 21:36:06 +00:00
Anton Georgiev
418fdb1a31 remove obsolete attendeesJoinViaHTML5Client moderatorsJoinViaHTML5Client 2020-12-09 19:11:50 +00:00
basisbit
34ad640ea7 Fix voice bridge compare
Cherry-picked https://github.com/bigbluebutton/bigbluebutton/pull/9855

Co-Authored-By: Pedro Beschorner Marin <pedrobmarin@gmail.com>
2020-12-09 14:55:47 +01:00
basisbit
7ba6bd9f7a Fix voiceBridge collision
Cherry-picked the commits from https://github.com/bigbluebutton/bigbluebutton/pull/9251
The added code checks if a meetingID is unique and makes sure no two meetings use the same VoiceBridge. Also see Issue # 9024
2020-12-09 13:58:26 +01:00
Anton Georgiev
3faabd1821 Merge 2.2.29 and 2.2.30 into 2.3.x 2020-11-24 15:13:09 +00:00
Anton Georgiev
23f2df11d5 code changes to allow for meetings' redis events to be processed on different html5 nodejs pids 2020-11-18 20:34:02 +00:00
Anton Georgiev
ecbf575dcf
Merge pull request #10819 from bigbluebutton/join-api-sanitize
Sanitize parameters of API's. Fixes #10818
2020-11-13 10:55:38 -05:00
Tiago Daniel Jacobs
e59bcd0c33 Sanitize all received parameters 2020-11-13 06:54:32 +00:00
Tiago Daniel Jacobs
52e3eea552 Split error message from session token ( making it easier to translate - and more secure/ ) 2020-11-13 06:13:48 +00:00
Tiago Daniel Jacobs
5c911ddeec Sanitize fullName parameter of join API. Fixes #10818 2020-11-13 05:59:31 +00:00
Your Name
b4ecf53c80 Remove unwanted debug logging: This pushed the whole binary of every PDF uploaded into the logs. 2020-11-08 16:56:26 +01:00
Fred Dixon
d0bc77c3db Updating stun: for bbb-web to use Google's stun server 2020-10-23 11:26:41 -03:00
Fred Dixon
f0867bed76 Fix typo 2020-10-21 22:10:44 -05:00
Fred Dixon
3da71359f1 Updating stun: for bbb-web to use Google's stun server 2020-10-21 22:08:59 -05:00
Anton Georgiev
0c7ead1916 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into oct16-merge 2020-10-21 14:48:02 +00:00
Pedro Beschorner Marin
2fb26ff0cf Patch of improvements for bbb-web
This patch includes two improvements made for bbb-web. It tries to better isolate
the sessionToken's handling and session's validation, including logs for each one of
these steps; and removes maxParticipats control from registered users (that are no
longer removed from bbb-web collections) binding it to joined users or users that
reached the enter API call. The following adds more details about this last one:

User's regular flow to join a meeting goes around an API join call -> redis register event ->
redirect to client page -> API enter call -> redis join event. When the guest policy is ASK_MODERATOR,
non-moderators are registered and redirected to a guest lobby that polls for her/his guest status and
only enters the meeting after a moderator approval.
Using registered users as control to check how many participants are in a meeting is problematic because
non-approved guests are counted as participants and bbb-web has to find out when to ditch registered users
records to make a seat in a meeting available again. In other words, a meeting with maxParicipants
of 5 can get it's joins locked with a moderator and 4 waiting guests or bbb-web can wrongly drop a registered
user record on a reconnection inducing weird 401 responses from the API.

This change proposes to control maxParticipants both at join and enter API calls monitoring the number
of redis joined users. This also includes an extra buffer to capture users that called the enter API but
still don't have an user joined event.
User left events are now handled different holding the user data before removing from the joined users collection
and only releasing after verifying that the user didn't reconnected.

Both user left timeout `usersTimeout` and entered user timeout `enteredUsersTimeout` can be configured at properties.
2020-09-28 09:59:52 -03:00
Pedro Beschorner Marin
a98c4b68b5 Add secure tag to bbb-web JSESSIONID cookie
Revert this to make whatever you want when running bbb-web without https
2020-09-22 16:11:53 -03:00
Anton Georgiev
124b2d9b51
Merge branch 'develop' into move-guest-wait 2020-09-21 16:28:59 -04:00
Anton Georgiev
918f58b343 Moved the default avatar.png to be part of bigbluebutton-html5/ 2020-09-21 12:24:12 +00:00
Anton Georgiev
d5450af5df
Merge pull request #10458 from pedrobmarin/avatar-image
Support for avatar images
2020-09-21 08:22:04 -04:00
Anton Georgiev
377dc27a8d Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into 09-16-merge 2020-09-17 14:37:28 +00:00
Pedro Beschorner Marin
e2adf24546 Support for avatar images
Use the former Flash client avatarURL join param to replace the name
initials avatar from the user list, chat, waiting guests and connection
status list.

It is possible to define a defaultAvatarURL at bbb-web and enable/disable it
2020-09-15 16:50:10 -03:00
Richard Alam
9e6a40280e - set html5 as default client
- add meetingEndedURL and endWhenNoModerator create param
 - meetingEndedURL is complete
 - endWhenNoModerator is partially implemented. Will be continued in another PR.
2020-09-05 08:43:12 -07:00
Anton Georgiev
14f464087f
Merge pull request #8417 from pedrobmarin/backend-cleanup
Backend cleanup
2020-08-28 15:37:00 -04:00
Anton Georgiev
5be5aed1d9 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into merge-2020-08-12 2020-08-12 17:12:58 +00:00
Anton Georgiev
614e4dd68f
Remove event: from welcomeMessage link
Obsolete in html5 and also was breaking the message sanitizer
2020-07-29 17:24:08 -04:00
Anton Georgiev
0d6faa0b57 only allow for https uri in welcome and modOnly messages 2020-07-29 16:08:47 -04:00
Anton Georgiev
c6669d1d7a
Merge branch 'develop' into move-guest-wait 2020-07-28 13:50:04 -04:00
Tiago Jacobs
153c59307d Improvements on bbb-libreoffice 2020-07-24 02:42:51 -03:00
Jesus Federico
56403c31a0
enable post_events by default by setting keepEvents=true (#10097) 2020-07-20 08:11:02 -04:00
Tainan Felipe
1c8677d7d8 Move guest wait from bbb-client to bbb-html 2020-07-02 17:14:49 -03:00
Joao Siebel
9981b021ef Merge remote-tracking branch 'upstream/develop' into merge-2.2 2020-06-22 09:00:43 -03:00
Pedro Beschorner Marin
de40885768 Define API's voice bridge error 2020-06-16 17:01:57 -03:00
Joao Siebel
3e95ed0e4b Merge remote-tracking branch 'upstream/v2.2.x-release' into merge-2.2 2020-06-16 16:40:56 -03:00
Fred Dixon
0475d4c3b3
Merge pull request #9595 from miztaka/catalyst-fix-xml-injection
Fix XML(Formula) Injection
2020-06-02 10:24:00 -04:00
Anton Georgiev
3a9173297b
Merge pull request #8502 from Fenn-CS/secure-gradle-source
http => https to prevent 403 access denied during gradle download
2020-05-28 16:46:43 -04:00
Anton Georgiev
56e16d79a3
Merge pull request #9251 from elor/fix-voicebridge-collision
Fix voiceBridge collision (Issue #9024)
2020-05-28 16:17:59 -04:00
Anton Georgiev
c9e996de21 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into merge-2.2-into-develop 2020-05-25 17:32:24 +00:00
Anton Georgiev
201fa2902e Only provide modOnlyMessage to moderators. Promoted mod requires refresh to see it 2020-05-20 15:56:44 -04:00
Mitsutaka Sato
e5349d9b27 Fix XML(Formula) Injection 2020-05-19 08:56:00 +12:00
Anton Georgiev
cc79c4b6ae merge 2.2.10 into 2.3 2020-05-05 19:52:44 +00:00
Richard Alam
f876ce01c2 Rework presentation download and upload
- verify presentation and meeting id formats
 - construct presentation file path making sure that they are valid
 - add "downloadable" flag to check if presentation can be downloaded or not
 - collect presentation upload errors so we can send to the client in the future
2020-05-01 14:16:42 -07:00
Ghazi Triki
84ba925014 Improve the file download in the browser. 2020-04-30 15:41:06 +01:00
Anton Georgiev
4f786f7f03
Merge pull request #9257 from lkiesow/https-links
Switch To HTTPS Links
2020-04-27 13:58:25 -04:00
Ghazi Triki
b21ca8355a Return 404 error when the file download is not allowed. 2020-04-25 19:51:17 +03:00
Lars Kiesow
6e6f9cbb51
Switch To HTTPS Links
This patch switches to HTTPS for the links configured for and displayed
in the client.
2020-04-25 18:28:53 +02:00
Erik E. Lorenz
868374516e Check for existing voicebridge in ApiController 2020-04-25 09:35:29 +02:00
Erik E. Lorenz
bccf3664db Guarantee unique meeting TelVoice (API create) 2020-04-25 08:51:37 +02:00
Richard Alam
e805e7a3d2 Bind to localhost
Made a mistake of defining param twice
2020-04-24 15:05:17 -07:00
Richard Alam
b30a8093d1 Bind to localhost
Make bbb-web bind to localhost
2020-04-24 14:29:36 -07:00
Mitsutaka Sato
79361bd485 Set content-type for presentation download, to prevent vulnerable files from being executed 2020-04-16 11:39:49 +12:00
Ghazi Triki
5ebdf5ca77 Improve nginx matching on incoming URLs 2020-04-09 21:40:33 +03:00
Ghazi Triki
78c649650e Strip HTML tags from name and fullName API params. 2020-04-03 20:00:33 +03:00
Anton Georgiev
8129468300 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into merging 2020-03-04 23:36:21 +00:00
Richard Alam
251b3c20dd - move location of presentation page blank files 2020-03-04 10:05:36 -08:00
Richard Alam
6c841ce772 - cleanup 2020-03-02 09:42:43 -08:00
Richard Alam
4f453c4026 - add option to skip office pre-check 2020-03-02 09:40:01 -08:00
Richard Alam
673cbb9cac - downscale pdf page larger than 2MB 2020-03-01 08:24:20 -08:00
Richard Alam
f8437fb19d Merge branch 'v2.2.x-release' of https://github.com/bigbluebutton/bigbluebutton into pres-url-on-page-convert 2020-03-01 05:38:04 -08:00
Anton Georgiev
3754d0ab6f Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into merge-2.2-into-master-feb-28-2020 2020-02-28 17:47:06 -05:00
Richard Alam
c0372e3a97 Merge branch 'blank-presentation' of https://github.com/riadvice/bigbluebutton into riadvice-blank-presentation 2020-02-28 13:32:02 -08:00
Ghazi Triki
64d08d69c7 Updated java projects dependencies versions. 2020-02-28 10:44:28 +01:00
Richard Alam
e2a4bf3bb2
Turn off png generation
Turn off png generation as we don't use it.
2020-02-27 16:57:13 -05:00
Richard Alam
859c6a2220 - clean up
- addjust timeouts
2020-02-27 13:37:42 -08:00