Audio's callerId depends on the user name and there isn't
an "on-demand" way of fetching that field internally, making callerId
assembly with trusted attributes (server-side generated) impossible in
bbb-webrtc-sfu.
The new extra header (User-Name, mapped to user_name in the proxied
connection) allows fetching the user name field in a cheap way and
consequently provides a cheap+safe way of assembling the callerId.
Alternatives I've considered but discarded:
- a new akka-apps req-resp pair for fetching the user name (+overhead)
- a new akka-apps req-resp pair for generating the callerId (+overhead)
- piggybacking on GetMicrophonePermissionReq/Resp to generate the
callerId (same overhead, but mixing responsabilities)
Etherpad uses the sessionID cookie for authorization. In cluster setups the
host part of the URI which serves the html5 frontend is different from
the hostname part of the URI which serves etherpad. Therefore the
bbb-html5 client can't set a cookie for etherpad which contains the
etherpad sessionID.
This patch uses the `ep_auth_session` etherpad plugin which takes the
`sessionID` as query parameter, sets the cookie in the browser and
redirects the iframe to the pad URI.
yq package is now provided in the BigBlueButton support PPA for BBB 2.5,
so we can depend on the package now. Ensure the dependency is specific
to avoid an incompatible yq version 4 from being installed.
Since gems are no longer being built during package install, dev
packages are no longer needed. Install the runtime libraries instead.
Drop the libxslt & libxml dependencies, since current nokogiri versions
used bundled copies of those libraries.
Now uses Ubuntu's bundler version to install all dependencies at build time
rather than install time. Gems are also now vendored, and no longer pollute the
operating system.
Since bbb-pads user's name is set internally by akka-apps and bbb-pads internal
credentials exchange. Yet, Etherpad's embedded URL params still work and the user
could use it to ovewrite.
Use nginx rules to block an access attempt that contains the userName argument.
