bigbluebutton-Github/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/UrlMappings.groovy
Pedro Beschorner Marin 09b39a8d63 Add extra pad validation
Associate pads with meetings so session validation is restricted to the
meeting's valid session tokens.

Meteor will dispatch new redis events on shared notes and closed captions
pads creation. This event will go through apps and reach web to populate
a new meeting's pad collection that contains all valid pad id's for that
session. Nginx will use this collection to check if the user's session token
belongs to the pad's authorized users.

Besides these modifications, an extra change will be needed at notes.nginx.
Location /pad/p/ needs to change it's auth_request:

from /bigbluebutton/connection/checkAuthorization;
to /bigbluebutton/connection/validatePad;
2021-02-10 13:37:04 -03:00

111 lines
3.5 KiB
Groovy
Executable File

package org.bigbluebutton.web
class UrlMappings {
static mappings = {
"/bigbluebutton/presentation/$authzToken/upload"(controller: "presentation") {
action = [POST: 'upload']
}
"/bigbluebutton/presentation/checkPresentation"(controller: "presentation") {
action = [GET: 'checkPresentationBeforeUploading']
}
"/bigbluebutton/presentation/test-convert"(controller: "presentation") {
action = [GET: 'testConversion']
}
"/bigbluebutton/presentation/$conference/$room/$presentation_name/slides"(controller: "presentation") {
action = [GET: 'numberOfSlides']
}
"/bigbluebutton/presentation/$conference/$room/$presentation_name/slide/$id"(controller: "presentation") {
action = [GET: 'showSlide']
}
"/bigbluebutton/presentation/$conference/$room/$presentation_name/thumbnails"(controller: "presentation") {
action = [GET: 'numberOfThumbnails']
}
"/bigbluebutton/presentation/$conference/$room/$presentation_name/thumbnail/$id"(controller: "presentation") {
action = [GET: 'showThumbnail']
}
"/bigbluebutton/presentation/$conference/$room/$presentation_name/png/$id"(controller: "presentation") {
action = [GET: 'showPng']
}
"/bigbluebutton/presentation/$conference/$room/$presentation_name/svgs"(controller: "presentation") {
action = [GET: 'numberOfSvgs']
}
"/bigbluebutton/presentation/$conference/$room/$presentation_name/svg/$id"(controller: "presentation") {
action = [GET: 'showSvgImage']
}
"/bigbluebutton/presentation/$conference/$room/$presentation_name/textfiles"(controller: "presentation") {
action = [GET: 'numberOfTextfiles']
}
"/bigbluebutton/presentation/$conference/$room/$presentation_name/textfiles/$id"(controller: "presentation") {
action = [GET: 'showTextfile']
}
"/bigbluebutton/presentation/download/$meetingId/$presId"(controller: "presentation") {
action = [GET: 'downloadFile']
}
"/bigbluebutton/api/setConfigXML"(controller: "api") {
action = [POST: 'setConfigXML']
}
"/bigbluebutton/api/setPollXML"(controller: "api") {
action = [POST: 'setPollXML']
}
"/bigbluebutton/api/getMeetings"(controller: "api") {
action = [GET: 'getMeetingsHandler', POST: 'getMeetingsHandler']
}
"/bigbluebutton/api/getSessions"(controller: "api") {
action = [GET: 'getSessionsHandler', POST: 'getSessionsHandler']
}
"/bigbluebutton/api/getRecordings"(controller: "api") {
action = [GET: 'getRecordingsHandler', POST: 'getRecordingsHandler']
}
"/bigbluebutton/api/updateRecordings"(controller: "api") {
action = [GET: 'updateRecordingsHandler', POST: 'updateRecordingsHandler']
}
"/bigbluebutton/api/guestWait"(controller: "api") {
action = [GET: 'guestWaitHandler']
}
"/bigbluebutton/textTrack/validateAuthToken"(controller: "recording") {
action = [GET: 'checkTextTrackAuthToken']
}
"/bigbluebutton/api/getRecordingTextTracks"(controller: "recording") {
action = [GET: 'getRecordingTextTracksHandler', POST: 'getRecordingTextTracksHandler']
}
"/bigbluebutton/api/putRecordingTextTrack"(controller: "recording") {
action = [POST: 'putRecordingTextTrack']
}
"/bigbluebutton/$controller/$action?/$id?(.${format})?" {
constraints {
// apply constraints here
}
}
"/bigbluebutton/"(controller: "api") {
action = [GET: 'index']
}
"500"(view: '/error')
}
}