Last active
March 8, 2022 12:36
-
-
Save scheibling/4b2d418bb447f8953249aa3e5522c0fb to your computer and use it in GitHub Desktop.
Jitsi Meet - Solution for moderator re-entry problem with token_moderation and/or token_affiliation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- Author: Lars Scheibling | |
--- Link: https://github.com/scheibling | |
--- Credit to @veratiz for the code we used as the base for this (https://github.com/jitsi/jitsi-meet/issues/7561#issuecomment-972688412) | |
--- This segment fixes an issue with token_moderation and token_affiliation | |
--- where the following scenario occurs: | |
--- 1. Moderator starts room and activates lobby (with or without password) | |
--- 2. One or several users enter the room | |
--- 3. The moderator is briefly disconnected and reconnects | |
--- 4. The room is now void of moderators, and nobody can let them back in. | |
--- Re-entry with the password is possible, but not if this is set automatically and | |
--- never displayed to the moderator | |
--- 5. The room has to be exited by all participants and re-started for the moderator to regain control or be able to enter | |
--- | |
--- The plugin token_owner_party fixes it with kicking all users if no more moderators are in the room | |
--- which is not really feasible in some instances where meetings are held with clients, with no easy | |
--- method of communication to be able to ask them to exit and re-enter the meeting. | |
--- | |
--- This addition checks the "moderator" JWT attribute set by token_moderation and the "affiliation" attribute | |
--- set by "token_affiliation" to see whether someone is valid for re-entry. With moderator = true or | |
--- affiliation = owner/moderator/teacher, the lobby will be bypassed and the participant will be automatically | |
--- re-admitted into the room | |
--- The part below is placed into mod_muc_lobby_rooms.lua, usually in /usr/share/jitsi-meet/prosody-plugins/ | |
--- SECTION: host_module:hook('muc-occupant-pre-join', function (event) | |
--- IMPORTANT: | |
--- This piece of code will NOT identify if the joining moderator is the SAME moderator that was disconnected. | |
--- This is up to the piece of software that issues the JWT to determine. | |
--- Any user with the moderator flag that has permission to the room according to the JWT will skip the lobby. | |
--- Line ~383 | |
local password = join:get_child_text('password', MUC_NS); | |
if password and room:get_password() and password == room:get_password() then | |
whitelistJoin = true; | |
end | |
--- | |
--- INSERT THIS PART --- | |
local basexx = require "basexx"; | |
-- Check if a JWT token is provided | |
if event.origin.auth_token then | |
-- Decode the JWT token | |
local dotFirst = event.origin.auth_token:find("%."); | |
if dotFirst then | |
local dotSecond = event.origin.auth_token:sub(dotFirst + 1):find("%."); | |
if dotSecond then | |
local bodyB64 = event.origin.auth_token:sub(dotFirst + 1, dotFirst + dotSecond - 1); | |
local body = json.decode(basexx.from_url64(bodyB64)); | |
module:log('debug', 'Valid JWT token found, checking indicators'); | |
-- Get the token attributes for affiliation/moderator status | |
local modModeration = body['moderator']; | |
local modAffiliation = body['context']['user']['affiliation']; | |
-- Whitelist the auto-reentry for moderators/owners/teachers | |
if modModeration and modModeration == true then | |
module:log('debug', 'User is moderator according to token_moderation, permitting entry'); | |
whitelistJoin = true; | |
elseif modAffiliation and (modAffiliation == 'owner' or modAffiliation == 'moderator' or modAffiliation == 'teacher') then | |
module:log('debug', 'User is moderator according to token_affiliation, permitting entry'); | |
whitelistJoin = true; | |
else | |
module:log('debug', 'No valid affiliations for direct entry found in JWT'); | |
end | |
end | |
end | |
end | |
--- /INSERT THIS PART | |
--- | |
if whitelistJoin then | |
local affiliation = room:get_affiliation(invitee); | |
if not affiliation or affiliation == 0 then | |
..... | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment