Merge remote-tracking branch 'bigbluebutton/v2.2.x-release' into bigb…

…luebutton/develop

bigbluebutton-config/bin/bbb-conf

@@ -1,4 +1,4 @@
-#!/bin/bash 
+#!/bin/bash
 #
 # BlueButton open source conferencing system - http://www.bigbluebutton.org/
 #
@@ -65,6 +65,7 @@
 #   2019-10-31 GTR  Set IP and shared secret for bbb-webhooks
 #   2019-11-09 GTR  Keep HTML5 client logs permissions when cleaning logs
 #   2020-05-20 NJH  Add port 443 to --Network and clean up tmp file.
+#   2020-06-23 JFS  Remove defaultGuestPolicy warning for HTML5 client
 
 #set -x
 #set -e
@@ -446,7 +447,7 @@ start_bigbluebutton () {
 
 display_bigbluebutton_status () {
     units="nginx freeswitch $REDIS_SERVICE bbb-apps-akka bbb-transcode-akka bbb-fsesl-akka"
- 
+
     if [ -f /usr/share/red5/red5-server.jar ]; then
       units="$units red5"
     fi
@@ -877,24 +878,10 @@ check_configuration() {
             echo "# Warning: Detected the value for jnlpUrl is not configured for HTTPS"
             echo "#    /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties"
             echo "#"
-        fi  
+        fi
       fi
     fi
 
-    GUEST_POLICY=$(cat $BBB_WEB_CONFIG | grep -v '#' | sed -n '/^defaultGuestPolicy/{s/.*=//;p}')
-    if [ "$GUEST_POLICY" == "ASK_MODERATOR" ]; then
-        echo
-        echo "# Warning: defaultGuestPolicy is set to ASK_MODERATOR in"
-        echo "#    $BBB_WEB_CONFIG"
-        echo "# This is not yet supported yet the HTML5 client."
-        echo "#"
-        echo "# To revert it to ALWAYS_ALLOW, see"
-        echo "#"
-        echo "#   $SUDO sed -i s/^defaultGuestPolicy=.*$/defaultGuestPolicy=ALWAYS_ALLOW/g $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties"
-        echo "#"
-        echo
-    fi
-
     if [ -f $HTML5_CONFIG ]; then
         SVG_IMAGES_REQUIRED=$(cat $BBB_WEB_CONFIG | grep -v '#' | sed -n '/^svgImagesRequired/{s/.*=//;p}')
         if [ "$SVG_IMAGES_REQUIRED" != "true" ]; then
@@ -910,12 +897,12 @@ check_configuration() {
         fi
     fi
 
-    if [ -f /usr/share/red5/red5-server.jar ]; then 
-      if find /usr/share /var/lib/red5 -name "*bbb-common-message*" | sed 's/\([^_]*_\).*/\1/g' | sort | uniq -c | grep -v 1 > /dev/null; then echo 
+    if [ -f /usr/share/red5/red5-server.jar ]; then
+      if find /usr/share /var/lib/red5 -name "*bbb-common-message*" | sed 's/\([^_]*_\).*/\1/g' | sort | uniq -c | grep -v 1 > /dev/null; then echo
         echo
         echo "# Warning: detected multiple bbb-common-message in the same directory"
-        find /usr/share /var/lib/red5 -name "*bbb-common-message*" | sed 's/\([^_]*_\).*/\1/g' | sort | uniq -c | grep -v 1 
-        echo 
+        find /usr/share /var/lib/red5 -name "*bbb-common-message*" | sed 's/\([^_]*_\).*/\1/g' | sort | uniq -c | grep -v 1
+        echo
       fi
     fi
 }
@@ -1235,7 +1222,7 @@ check_state() {
     # Check if the local server can access the API.  This is a common problem when setting up BigBlueButton behind
     # a firewall
     #
-    BBB_WEB=$(cat ${SERVLET_DIR}/WEB-INF/classes/bigbluebutton.properties | grep -v '#' | sed -n '/^bigbluebutton.web.serverURL/{s/.*\///;p}')
+    BBB_WEB=$(cat ${SERVLET_DIR}/WEB-INF/classes/bigbluebutton.properties | grep -v '#' | sed -n '/^bigbluebutton.web.serverURL/{s/.*\/\///;p}')
     check_no_value server_name /etc/nginx/sites-available/bigbluebutton $BBB_WEB
 
     COUNT=0
@@ -1496,7 +1483,7 @@ check_state() {
 
     CHECK=$(cat ${SERVLET_DIR}/WEB-INF/classes/bigbluebutton.properties | grep -v '#' | grep securitySalt | cut -d= -f2 | sha1sum | cut -d' ' -f1)
     if [ "$CHECK" == "55b727b294158a877212570c3c0524c2b902a62c" ]; then
-      echo 
+      echo
       echo "#"
       echo "# Warning: Detected you have the default shared secret.  You MUST change your shared"
       echo "# secret NOW for BigBlueButton to finish starting up. Do either"
@@ -1514,7 +1501,7 @@ check_state() {
     fi
 
     if ! systemctl show-environment | grep LANG= | grep -q UTF-8; then
-      echo 
+      echo
       echo "#"
       echo "# Warning: Detected that systemctl does not define a UTF-8 language."
       echo "#"
@@ -1527,7 +1514,7 @@ check_state() {
     fi
 
     if [ "$(stat -c "%U %G" /var/bigbluebutton)" != "bigbluebutton bigbluebutton" ]; then
-      echo 
+      echo
       echo "#"
       echo "# Warning: The directory"
       echo "#"
@@ -1867,7 +1854,7 @@ if [ -n "$HOST" ]; then
 
       echo "Assigning $HOST for servername in /etc/nginx/sites-available/bigbluebutton"
       $SUDO sed -i "s/server_name  .*/server_name  $HOST;/g" /etc/nginx/sites-available/bigbluebutton
-  
+
       #
       # Update configuration for BigBlueButton client (and preserve hostname for chromeExtensionLink if exists)
       #
@@ -1886,7 +1873,7 @@ if [ -n "$HOST" ]; then
 
       echo "Assigning $HOST for publishURI in /var/www/bigbluebutton/client/conf/config.xml"
       $SUDO sed -i "s/publishURI=\"[^\"]*\"/publishURI=\"$HOST\"/" /var/www/bigbluebutton/client/conf/config.xml
-    fi 
+    fi
 
     #
     # Update configuration for BigBlueButton web app
@@ -2010,14 +1997,15 @@ if [ -n "$HOST" ]; then
 
     ESL_PASSWORD=$(xmlstarlet sel -t -m 'configuration/settings/param[@name="password"]' -v @value /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml)
     if [ "$ESL_PASSWORD" == "ClueCon" ]; then
-        NEW_ESL_PASSWORD=$(openssl rand -hex 8)
+        ESL_PASSWORD=$(openssl rand -hex 8)
         echo "Changing default password for FreeSWITCH Event Socket Layer (see /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml)"
-        # Update to a new password
-
-       sudo sed -i "s/ClueCon/$NEW_ESL_PASSWORD/g" /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
-       sudo sed -i "s/ClueCon/$NEW_ESL_PASSWORD/g" /usr/share/bbb-fsesl-akka/conf/application.conf
-       sudo yq w -i /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml freeswitch.esl_password "$NEW_ESL_PASSWORD"
     fi
+    # Update all references to ESL password
+
+    sudo sed -i "s/ClueCon/$ESL_PASSWORD/g" /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
+    sudo sed -i "s/ClueCon/$ESL_PASSWORD/g" /usr/share/bbb-fsesl-akka/conf/application.conf
+    sudo yq w -i /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml freeswitch.esl_password "$ESL_PASSWORD"
+
 
     echo "Restarting the BigBlueButton $BIGBLUEBUTTON_RELEASE ..."
     stop_bigbluebutton

bigbluebutton-html5/imports/api/meetings/server/modifiers/addMeeting.js

@@ -9,6 +9,7 @@ import createNote from '/imports/api/note/server/methods/createNote';
 import createCaptions from '/imports/api/captions/server/methods/createCaptions';
 import { addAnnotationsStreamer } from '/imports/api/annotations/server/streamer';
 import { addCursorStreamer } from '/imports/api/cursor/server/streamer';
+import BannedUsers from '/imports/api/users/server/store/bannedUsers';
 
 export default function addMeeting(meeting) {
   const meetingId = meeting.meetingProp.intId;
@@ -145,6 +146,7 @@ export default function addMeeting(meeting) {
       // better place we can run this post-creation routine?
       createNote(meetingId);
       createCaptions(meetingId);
+      BannedUsers.init(meetingId);
     }
 
     if (numChanged) {

bigbluebutton-html5/imports/api/meetings/server/modifiers/meetingHasEnded.js

@@ -21,6 +21,7 @@ import clearNetworkInformation from '/imports/api/network-information/server/mod
 import clearLocalSettings from '/imports/api/local-settings/server/modifiers/clearLocalSettings';
 import clearRecordMeeting from './clearRecordMeeting';
 import clearVoiceCallStates from '/imports/api/voice-call-states/server/modifiers/clearVoiceCallStates';
+import clearVideoStreams from '/imports/api/video-streams/server/modifiers/clearVideoStreams';
 
 export default function meetingHasEnded(meetingId) {
   removeAnnotationsStreamer(meetingId);
@@ -44,6 +45,7 @@ export default function meetingHasEnded(meetingId) {
     clearLocalSettings(meetingId);
     clearRecordMeeting(meetingId);
     clearVoiceCallStates(meetingId);
+    clearVideoStreams(meetingId);
 
     return Logger.info(`Cleared Meetings with id ${meetingId}`);
   });

bigbluebutton-html5/imports/api/users-settings/server/methods/addUserSettings.js

@@ -46,6 +46,7 @@ const currentParameters = [
   'bbb_enable_screen_sharing',
   'bbb_enable_video',
   'bbb_skip_video_preview',
+  'bbb_mirror_own_webcam',
   // PRESENTATION
   'bbb_force_restore_presentation_on_new_events',
   // WHITEBOARD

bigbluebutton-html5/imports/api/users/server/handlers/validateAuthToken.js

@@ -16,7 +16,10 @@ const clearOtherSessions = (sessionUserId, current = false) => {
 
 export default function handleValidateAuthToken({ body }, meetingId) {
   const {
-    userId, valid, authToken, waitForApproval,
+    userId,
+    valid,
+    authToken,
+    waitForApproval,
   } = body;
 
   check(userId, String);

bigbluebutton-html5/imports/api/users/server/methods/removeUser.js

@@ -2,6 +2,8 @@ import { Meteor } from 'meteor/meteor';
 import { check } from 'meteor/check';
 import RedisPubSub from '/imports/startup/server/redis';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import Users from '/imports/api/users';
+import BannedUsers from '/imports/api/users/server/store/bannedUsers';
 
 export default function removeUser(userId, banUser) {
   const REDIS_CONFIG = Meteor.settings.private.redis;
@@ -18,5 +20,9 @@ export default function removeUser(userId, banUser) {
     banUser,
   };
 
+  const removedUser = Users.findOne({ meetingId, userId }, { extId: 1 });
+
+  if (banUser && removedUser) BannedUsers.add(meetingId, removedUser.extId);
+
   return RedisPubSub.publishUserMessage(CHANNEL, EVENT_NAME, meetingId, ejectedBy, payload);
 }

bigbluebutton-html5/imports/api/users/server/methods/validateAuthToken.js

@@ -2,12 +2,21 @@ import { Meteor } from 'meteor/meteor';
 import RedisPubSub from '/imports/startup/server/redis';
 import Logger from '/imports/startup/server/logger';
 import pendingAuthenticationsStore from '../store/pendingAuthentications';
+import BannedUsers from '../store/bannedUsers';
 
-export default function validateAuthToken(meetingId, requesterUserId, requesterToken) {
+export default function validateAuthToken(meetingId, requesterUserId, requesterToken, externalId) {
   const REDIS_CONFIG = Meteor.settings.private.redis;
   const CHANNEL = REDIS_CONFIG.channels.toAkkaApps;
   const EVENT_NAME = 'ValidateAuthTokenReqMsg';
 
+  // Check if externalId is banned from the meeting
+  if (externalId) {
+    if (BannedUsers.has(meetingId, externalId)) {
+      Logger.warn(`A banned user with extId ${externalId} tried to enter in meeting ${meetingId}`);
+      return;
+    }
+  }
+
   // Store reference of methodInvocationObject ( to postpone the connection userId definition )
   pendingAuthenticationsStore.add(meetingId, requesterUserId, requesterToken, this);
 

bigbluebutton-html5/imports/api/users/server/store/bannedUsers.js

@@ -0,0 +1,35 @@
+import Logger from '/imports/startup/server/logger';
+
+class BannedUsers {
+  constructor() {
+    Logger.debug('BannedUsers :: Initializing');
+    this.store = {};
+  }
+
+  init(meetingId) {
+    Logger.debug('BannedUsers :: init', meetingId);
+
+    if (!this.store[meetingId]) this.store[meetingId] = new Set();
+  }
+
+  add(meetingId, externalId) {
+    Logger.debug('BannedUsers :: add', { meetingId, externalId });
+    if (!this.store[meetingId]) this.store[meetingId] = new Set();
+
+    this.store[meetingId].add(externalId);
+  }
+
+  delete(meetingId) {
+    Logger.debug('BannedUsers :: delete', meetingId);
+    delete this.store[meetingId];
+  }
+
+  has(meetingId, externalId) {
+    Logger.debug('BannedUsers :: has', { meetingId, externalId });
+    if (!this.store[meetingId]) this.store[meetingId] = new Set();
+
+    return this.store[meetingId].has(externalId);
+  }
+}
+
+export default new BannedUsers();

bigbluebutton-html5/imports/api/video-streams/server/modifiers/clearVideoStreams.js

@@ -0,0 +1,14 @@
+import Logger from '/imports/startup/server/logger';
+import VideoStreams from '/imports/api/video-streams';
+
+export default function clearVideoStreams(meetingId) {
+  if (meetingId) {
+    return VideoStreams.remove({ meetingId }, () => {
+      Logger.info(`Cleared VideoStreams in (${meetingId})`);
+    });
+  }
+
+  return VideoStreams.remove({}, () => {
+    Logger.info('Cleared VideoStreams in all meetings');
+  });
+}

bigbluebutton-html5/imports/api/voice-users/server/methods/muteToggle.js

@@ -3,6 +3,8 @@ import { extractCredentials } from '/imports/api/common/server/helpers';
 import RedisPubSub from '/imports/startup/server/redis';
 import Users from '/imports/api/users';
 import VoiceUsers from '/imports/api/voice-users';
+import Meetings from '/imports/api/meetings';
+import Logger from '/imports/startup/server/logger';
 
 export default function muteToggle(uId) {
   const REDIS_CONFIG = Meteor.settings.private.redis;
@@ -27,6 +29,16 @@ export default function muteToggle(uId) {
   const { listenOnly, muted } = voiceUser;
   if (listenOnly) return;
 
+  // if allowModsToUnmuteUsers is false, users will be kicked out for attempting to unmute others
+  if (requesterUserId !== userToMute && muted) {
+    const meeting = Meetings.findOne({ meetingId },
+      { fields: { 'usersProp.allowModsToUnmuteUsers': 1 } });
+    if (meeting.usersProp && !meeting.usersProp.allowModsToUnmuteUsers) {
+      Logger.warn(`Attempted unmuting by another user meetingId:${meetingId} requester: ${requesterUserId} userId: ${userToMute}`);
+      return;
+    }
+  }
+
   const payload = {
     userId: userToMute,
     mutedBy: requesterUserId,

bigbluebutton-html5/imports/api/voice-users/server/publishers.js

@@ -2,15 +2,31 @@ import VoiceUsers from '/imports/api/voice-users';
 import { Meteor } from 'meteor/meteor';
 import Logger from '/imports/startup/server/logger';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import ejectUserFromVoice from './methods/ejectUserFromVoice';
 
 function voiceUser() {
   if (!this.userId) {
     return VoiceUsers.find({ meetingId: '' });
   }
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+  const onCloseConnection = Meteor.bindEnvironment(() => {
+    try {
+      // I used user because voiceUser is the function's name
+      const User = VoiceUsers.findOne({ meetingId, requesterUserId });
+      if (User) {
+        ejectUserFromVoice(requesterUserId);
+      }
+    } catch (e) {
+      Logger.error(`Exception while executing ejectUserFromVoice for ${requesterUserId}: ${e}`);
+    }
+  });
+
   Logger.debug(`Publishing Voice User for ${meetingId} ${requesterUserId}`);
 
+  this._session.socket.on('close', _.debounce(onCloseConnection, 100));
   return VoiceUsers.find({ meetingId });
 }