bigbluebutton-Github/bbb-webhooks/utils.js

69 lines
2.4 KiB
JavaScript

const sha1 = require("sha1");
const url = require("url");
const config = require("./config");
const Utils = exports;
// Calculates the checksum given a url `fullUrl` and a `salt`, as calculate by bbb-web.
Utils.checksumAPI = function(fullUrl, salt) {
const query = Utils.queryFromUrl(fullUrl);
const method = Utils.methodFromUrl(fullUrl);
return Utils.checksum(method + query + salt);
};
// Calculates the checksum for a string.
// Just a wrapper for the method that actually does it.
Utils.checksum = string => sha1(string);
// Get the query of an API call from the url object (from url.parse())
// Example:
//
// * `fullUrl` = `http://bigbluebutton.org/bigbluebutton/api/create?name=Demo+Meeting&meetingID=Demo`
// * returns: `name=Demo+Meeting&meetingID=Demo`
Utils.queryFromUrl = function(fullUrl) {
// Returns the query without the checksum.
// We can't use url.parse() because it would change the encoding
// and the checksum wouldn't match. We need the url exactly as
// the client sent us.
let query = fullUrl.replace(/&checksum=[^&]*/, '');
query = query.replace(/checksum=[^&]*&/, '');
query = query.replace(/checksum=[^&]*$/, '');
const matched = query.match(/\?(.*)/);
if (matched != null) {
return matched[1];
} else {
return '';
}
};
// Get the method name of an API call from the url object (from url.parse())
// Example:
//
// * `fullUrl` = `http://mconf.org/bigbluebutton/api/create?name=Demo+Meeting&meetingID=Demo`
// * returns: `create`
Utils.methodFromUrl = function(fullUrl) {
const urlObj = url.parse(fullUrl, true);
return urlObj.pathname.substr((config.bbb.apiPath + "/").length);
};
// Returns the IP address of the client that made a request `req`.
// If can not determine the IP, returns `127.0.0.1`.
Utils.ipFromRequest = function(req) {
// the first ip in the list if the ip of the client
// the others are proxys between him and us
let ipAddress;
if ((req.headers != null ? req.headers["x-forwarded-for"] : undefined) != null) {
let ips = req.headers["x-forwarded-for"].split(",");
ipAddress = ips[0] != null ? ips[0].trim() : undefined;
}
// fallbacks
if (!ipAddress) { ipAddress = req.headers != null ? req.headers["x-real-ip"] : undefined; } // when behind nginx
if (!ipAddress) { ipAddress = req.connection != null ? req.connection.remoteAddress : undefined; }
if (!ipAddress) { ipAddress = "127.0.0.1"; }
return ipAddress;
};