09b39a8d63
Associate pads with meetings so session validation is restricted to the meeting's valid session tokens. Meteor will dispatch new redis events on shared notes and closed captions pads creation. This event will go through apps and reach web to populate a new meeting's pad collection that contains all valid pad id's for that session. Nginx will use this collection to check if the user's session token belongs to the pad's authorized users. Besides these modifications, an extra change will be needed at notes.nginx. Location /pad/p/ needs to change it's auth_request: from /bigbluebutton/connection/checkAuthorization; to /bigbluebutton/connection/validatePad;
36 lines
926 B
JavaScript
36 lines
926 B
JavaScript
import { check } from 'meteor/check';
|
|
import Note from '/imports/api/note';
|
|
import Logger from '/imports/startup/server/logger';
|
|
import addPad from '/imports/api/note/server/methods/addPad';
|
|
|
|
export default function addNote(meetingId, noteId, readOnlyNoteId) {
|
|
check(meetingId, String);
|
|
check(noteId, String);
|
|
check(readOnlyNoteId, String);
|
|
|
|
const selector = {
|
|
meetingId,
|
|
noteId,
|
|
};
|
|
|
|
const modifier = {
|
|
meetingId,
|
|
noteId,
|
|
readOnlyNoteId,
|
|
revs: 0,
|
|
};
|
|
|
|
try {
|
|
const { insertedId } = Note.upsert(selector, modifier);
|
|
|
|
if (insertedId) {
|
|
addPad(meetingId, noteId, readOnlyNoteId);
|
|
Logger.info(`Added note id=${noteId} readOnlyId=${readOnlyNoteId} meeting=${meetingId}`);
|
|
} else {
|
|
Logger.info(`Upserted note id=${noteId} readOnlyId=${readOnlyNoteId} meeting=${meetingId}`);
|
|
}
|
|
} catch (err) {
|
|
Logger.error(`Adding note to the collection: ${err}`);
|
|
}
|
|
}
|