Changeset View
Changeset View
Standalone View
Standalone View
src/app/Http/Controllers/API/V4/OpenViduController.php
<?php | <?php | ||||
namespace App\Http\Controllers\API\V4; | namespace App\Http\Controllers\API\V4; | ||||
use App\Http\Controllers\Controller; | use App\Http\Controllers\Controller; | ||||
use App\OpenVidu\Connection; | use App\OpenVidu\Connection; | ||||
use App\OpenVidu\Room; | use App\OpenVidu\Room; | ||||
use Illuminate\Http\Request; | use Illuminate\Http\Request; | ||||
use Illuminate\Support\Facades\Auth; | use Illuminate\Support\Facades\Auth; | ||||
use Illuminate\Support\Facades\Validator; | use Illuminate\Support\Facades\Validator; | ||||
class OpenViduController extends Controller | class OpenViduController extends Controller | ||||
{ | { | ||||
public const AUTH_HEADER = 'X-Meet-Auth-Token'; | |||||
/** | /** | ||||
* Accept the room join request. | * Accept the room join request. | ||||
* | * | ||||
* @param string $id Room identifier (name) | * @param string $id Room identifier (name) | ||||
* @param string $reqid Request identifier | * @param string $reqid Request identifier | ||||
* | * | ||||
* @return \Illuminate\Http\JsonResponse | * @return \Illuminate\Http\JsonResponse | ||||
*/ | */ | ||||
▲ Show 20 Lines • Show All 367 Lines • ▼ Show 20 Lines | public function updateConnection($id, $conn) | ||||
// Only the moderator can do it | // Only the moderator can do it | ||||
if (!$this->isModerator($connection->room)) { | if (!$this->isModerator($connection->room)) { | ||||
return $this->errorResponse(403); | return $this->errorResponse(403); | ||||
} | } | ||||
foreach (request()->input() as $key => $value) { | foreach (request()->input() as $key => $value) { | ||||
switch ($key) { | switch ($key) { | ||||
case 'role': | case 'role': | ||||
// The 'owner' role is not assignable | |||||
if ($value & Room::ROLE_OWNER && !($connection->role & Room::ROLE_OWNER)) { | |||||
return $this->errorResponse(403); | |||||
} elseif (!($value & Room::ROLE_OWNER) && ($connection->role & Room::ROLE_OWNER)) { | |||||
return $this->errorResponse(403); | |||||
} | |||||
// The room owner has always a 'moderator' role | |||||
if (!($value & Room::ROLE_MODERATOR) && $connection->role & Room::ROLE_OWNER) { | |||||
$value |= Room::ROLE_MODERATOR; | |||||
} | |||||
$connection->{$key} = $value; | $connection->{$key} = $value; | ||||
break; | break; | ||||
} | } | ||||
} | } | ||||
// The connection observer will send a signal to everyone when needed | // The connection observer will send a signal to everyone when needed | ||||
$connection->save(); | $connection->save(); | ||||
▲ Show 20 Lines • Show All 46 Lines • ▼ Show 20 Lines | class OpenViduController extends Controller | ||||
{ | { | ||||
$user = Auth::guard()->user(); | $user = Auth::guard()->user(); | ||||
// The room owner is a moderator | // The room owner is a moderator | ||||
if ($user && $user->id == $room->user_id) { | if ($user && $user->id == $room->user_id) { | ||||
return true; | return true; | ||||
} | } | ||||
// TODO: Moderators authentication | // Moderator's authentication via the extra request header | ||||
if ($token = request()->header(self::AUTH_HEADER)) { | |||||
list($connId, ) = explode(':', base64_decode($token), 2); | |||||
if ( | |||||
($connection = Connection::find($connId)) | |||||
&& $connection->session_id === $room->session_id | |||||
&& $connection->metadata['authToken'] === $token | |||||
&& $connection->role & Room::ROLE_MODERATOR | |||||
) { | |||||
return true; | |||||
} | |||||
} | |||||
return false; | return false; | ||||
} | } | ||||
} | } |