Commit Graph

565 Commits

Author SHA1 Message Date
Anton Georgiev
3135c6bb22 Handle guestWait url for multiple nodejs instanceIds 2021-01-05 15:38:21 +00:00
Anton Georgiev
55fe528e35 Change bigbluebutton.properties client url param 2020-12-16 15:49:20 +00:00
Anton Georgiev
8b65f9e15b Set bbb-html5 loadbalancing to be round robin 2020-12-15 01:55:57 +00:00
Anton Georgiev
0be8773e4c Loadbalance bbb-html5 in bbb-web based on CPU 2020-12-11 21:36:06 +00:00
Anton Georgiev
418fdb1a31 remove obsolete attendeesJoinViaHTML5Client moderatorsJoinViaHTML5Client 2020-12-09 19:11:50 +00:00
Anton Georgiev
3faabd1821 Merge 2.2.29 and 2.2.30 into 2.3.x 2020-11-24 15:13:09 +00:00
Anton Georgiev
23f2df11d5 code changes to allow for meetings' redis events to be processed on different html5 nodejs pids 2020-11-18 20:34:02 +00:00
Anton Georgiev
ecbf575dcf
Merge pull request #10819 from bigbluebutton/join-api-sanitize
Sanitize parameters of API's. Fixes #10818
2020-11-13 10:55:38 -05:00
Tiago Daniel Jacobs
e59bcd0c33 Sanitize all received parameters 2020-11-13 06:54:32 +00:00
Tiago Daniel Jacobs
52e3eea552 Split error message from session token ( making it easier to translate - and more secure/ ) 2020-11-13 06:13:48 +00:00
Tiago Daniel Jacobs
5c911ddeec Sanitize fullName parameter of join API. Fixes #10818 2020-11-13 05:59:31 +00:00
Your Name
b4ecf53c80 Remove unwanted debug logging: This pushed the whole binary of every PDF uploaded into the logs. 2020-11-08 16:56:26 +01:00
Anton Georgiev
0c7ead1916 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into oct16-merge 2020-10-21 14:48:02 +00:00
Pedro Beschorner Marin
2fb26ff0cf Patch of improvements for bbb-web
This patch includes two improvements made for bbb-web. It tries to better isolate
the sessionToken's handling and session's validation, including logs for each one of
these steps; and removes maxParticipats control from registered users (that are no
longer removed from bbb-web collections) binding it to joined users or users that
reached the enter API call. The following adds more details about this last one:

User's regular flow to join a meeting goes around an API join call -> redis register event ->
redirect to client page -> API enter call -> redis join event. When the guest policy is ASK_MODERATOR,
non-moderators are registered and redirected to a guest lobby that polls for her/his guest status and
only enters the meeting after a moderator approval.
Using registered users as control to check how many participants are in a meeting is problematic because
non-approved guests are counted as participants and bbb-web has to find out when to ditch registered users
records to make a seat in a meeting available again. In other words, a meeting with maxParicipants
of 5 can get it's joins locked with a moderator and 4 waiting guests or bbb-web can wrongly drop a registered
user record on a reconnection inducing weird 401 responses from the API.

This change proposes to control maxParticipants both at join and enter API calls monitoring the number
of redis joined users. This also includes an extra buffer to capture users that called the enter API but
still don't have an user joined event.
User left events are now handled different holding the user data before removing from the joined users collection
and only releasing after verifying that the user didn't reconnected.

Both user left timeout `usersTimeout` and entered user timeout `enteredUsersTimeout` can be configured at properties.
2020-09-28 09:59:52 -03:00
Tiago Jacobs
153c59307d Improvements on bbb-libreoffice 2020-07-24 02:42:51 -03:00
Pedro Beschorner Marin
de40885768 Define API's voice bridge error 2020-06-16 17:01:57 -03:00
Anton Georgiev
56e16d79a3
Merge pull request #9251 from elor/fix-voicebridge-collision
Fix voiceBridge collision (Issue #9024)
2020-05-28 16:17:59 -04:00
Anton Georgiev
c9e996de21 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into merge-2.2-into-develop 2020-05-25 17:32:24 +00:00
Anton Georgiev
201fa2902e Only provide modOnlyMessage to moderators. Promoted mod requires refresh to see it 2020-05-20 15:56:44 -04:00
Anton Georgiev
cc79c4b6ae merge 2.2.10 into 2.3 2020-05-05 19:52:44 +00:00
Richard Alam
f876ce01c2 Rework presentation download and upload
- verify presentation and meeting id formats
 - construct presentation file path making sure that they are valid
 - add "downloadable" flag to check if presentation can be downloaded or not
 - collect presentation upload errors so we can send to the client in the future
2020-05-01 14:16:42 -07:00
Ghazi Triki
84ba925014 Improve the file download in the browser. 2020-04-30 15:41:06 +01:00
Ghazi Triki
b21ca8355a Return 404 error when the file download is not allowed. 2020-04-25 19:51:17 +03:00
Erik E. Lorenz
868374516e Check for existing voicebridge in ApiController 2020-04-25 09:35:29 +02:00
Erik E. Lorenz
bccf3664db Guarantee unique meeting TelVoice (API create) 2020-04-25 08:51:37 +02:00
Mitsutaka Sato
79361bd485 Set content-type for presentation download, to prevent vulnerable files from being executed 2020-04-16 11:39:49 +12:00
Ghazi Triki
78c649650e Strip HTML tags from name and fullName API params. 2020-04-03 20:00:33 +03:00
Anton Georgiev
8129468300 Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into merging 2020-03-04 23:36:21 +00:00
Richard Alam
db4dc4aff0 - add urls on presentation page conversion message 2020-02-18 14:03:08 -08:00
Anton Georgiev
60e3e7986c
Merge pull request #8499 from pedrobmarin/waiting-guests-clean
Removes waiting guests that stop polling for their status
2020-01-29 17:40:19 -05:00
Pedro Beschorner Marin
397041efcc Removes waiting guests that stop polling for their status 2020-01-15 12:03:52 -03:00
Pedro Beschorner Marin
ec7785ff22 Check for maxParticipants before registering an user 2019-12-18 16:12:30 -03:00
Pedro Beschorner Marin
517e252901 Fix on getting caption file content type 2019-07-17 18:47:31 +00:00
Richard Alam
67ca66c842
Merge pull request #7565 from pedrobmarin/401-guest-false
Avoid checking for authentication
2019-06-14 11:03:53 -04:00
Richard Alam
6e7ece7a9f - minor cleanup 2019-06-06 15:16:43 -07:00
Richard Alam
5d9f72ae21 - add single use token to request for the text track 2019-06-06 14:54:31 -07:00
Richard Alam
7577bf5310 - check if lang param is valid 2019-06-06 07:21:54 -07:00
Richard Alam
c92bfbb591 - deploy recording scripts in proper location
- log upload captions params
2019-06-04 14:07:10 -04:00
Pedro Beschorner Marin
a32037baa3 Avoid checking for authentication 2019-06-03 18:06:11 -03:00
Richard Alam
8db3903942 - add checksum check on put recordings text track api 2019-06-03 12:59:37 -07:00
Richard Alam
08f0c2b4e7 - make changes to align closer to spec document 2019-06-03 11:59:20 -07:00
Richard Alam
9d416ee473 Merge branch 'text-tracks' of https://github.com/riadvice/bigbluebutton into riadvice-text-tracks 2019-05-30 12:30:07 -07:00
Ghazi Triki
ddb02f57e7 Validate recordID in putRecordingTextTrack. 2019-05-22 16:18:57 +03:00
Ghazi Triki
05cc75eabf Validate kind in putRecordingTextTrack. 2019-05-21 17:58:31 +03:00
Ghazi Triki
6667360cfe Validate locale in putRecordingTextTrack. 2019-05-21 17:41:09 +03:00
Richard Alam
2e3350cc5c
Revert "Create API returns now returns error when no passwords provided for meeting" 2019-05-20 16:39:45 -04:00
Ghazi Triki
7c5727750f Merge remote-tracking branch 'bigbluebutton/master' into text-tracks 2019-05-13 14:46:20 +01:00
Ghazi Triki
dbd86eb096 Code improve. 2019-05-10 15:51:05 +01:00
Ghazi Triki
1974f903ea Fix downloaded file encoding. 2019-05-09 17:35:10 +01:00
Ghazi Triki
b469f8c642 Update error format for Create API returns if none of the passwords parameters are provided. 2019-05-09 07:26:20 +01:00