mirror of
https://github.com/livekit/livekit.git
synced 2026-05-24 14:35:34 +00:00
Check size limits on metadata and name set from client. (#2850)
* Send error response when update metadata fails. Keeping it simple for the first implementation. - Send error response only if request_id != 0 - Two kinds of errors notified o does not have permissions - NOT_ALLOWED o attributes exceeds size limits - INVALID_ARGUMENT * Check size limits on metadata and name set from client. Added a name length limit also. * check name length in service update participant path also * limit check in limit config * update protocol * longer keys
This commit is contained in:
Raja Subramanian
@@ -29,7 +29,7 @@ import (
|
||||
|
||||
func TestAuthMiddleware(t *testing.T) {
|
||||
api := "APIabcdefg"
|
||||
secret := "somesecretencodedinbase62"
|
||||
secret := "somesecretencodedinbase62extendto32bytes"
|
||||
provider := &authfakes.FakeKeyProvider{}
|
||||
provider.GetSecretReturns(secret)
|
||||
|
||||
|
||||
@@ -25,6 +25,7 @@ var (
|
||||
ErrIngressNotConnected = psrpc.NewErrorf(psrpc.Internal, "ingress not connected (redis required)")
|
||||
ErrIngressNotFound = psrpc.NewErrorf(psrpc.NotFound, "ingress does not exist")
|
||||
ErrIngressNonReusable = psrpc.NewErrorf(psrpc.InvalidArgument, "ingress is not reusable and cannot be modified")
|
||||
ErrNameExceedsLimits = psrpc.NewErrorf(psrpc.InvalidArgument, "name length exceeds limits")
|
||||
ErrMetadataExceedsLimits = psrpc.NewErrorf(psrpc.InvalidArgument, "metadata size exceeds limits")
|
||||
ErrAttributeExceedsLimits = psrpc.NewErrorf(psrpc.InvalidArgument, "attribute size exceeds limits")
|
||||
ErrRoomNameExceedsLimits = psrpc.NewErrorf(psrpc.InvalidArgument, "room name length exceeds limits")
|
||||
|
||||
@@ -417,6 +417,7 @@ func (r *RoomManager) StartSession(
|
||||
Sink: responseSink,
|
||||
AudioConfig: r.config.Audio,
|
||||
VideoConfig: r.config.Video,
|
||||
LimitConfig: r.config.Limit,
|
||||
ProtocolVersion: pv,
|
||||
SessionStartTime: sessionStartTime,
|
||||
Telemetry: r.telemetry,
|
||||
@@ -433,7 +434,6 @@ func (r *RoomManager) StartSession(
|
||||
AdaptiveStream: pi.AdaptiveStream,
|
||||
AllowTCPFallback: allowFallback,
|
||||
TURNSEnabled: r.config.IsTURNSEnabled(),
|
||||
MaxAttributesSize: r.config.Limit.MaxAttributesSize,
|
||||
GetParticipantInfo: func(pID livekit.ParticipantID) *livekit.ParticipantInfo {
|
||||
if p := room.GetParticipantByID(pID); p != nil {
|
||||
return p.ToProto()
|
||||
@@ -703,7 +703,7 @@ func (r *RoomManager) MutePublishedTrack(ctx context.Context, req *livekit.MuteR
|
||||
}
|
||||
|
||||
func (r *RoomManager) UpdateParticipant(ctx context.Context, req *livekit.UpdateParticipantRequest) (*livekit.ParticipantInfo, error) {
|
||||
room, participant, err := r.roomAndParticipantForReq(ctx, req)
|
||||
_, participant, err := r.roomAndParticipantForReq(ctx, req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -713,10 +713,20 @@ func (r *RoomManager) UpdateParticipant(ctx context.Context, req *livekit.Update
|
||||
"permission", req.Permission,
|
||||
"attributes", req.Attributes,
|
||||
)
|
||||
err = room.UpdateParticipantMetadata(participant, req.Name, req.Metadata, req.Attributes)
|
||||
if err != nil {
|
||||
if err = participant.CheckMetadataLimits(req.Name, req.Metadata, req.Attributes); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if req.Name != "" {
|
||||
participant.SetName(req.Name)
|
||||
}
|
||||
if req.Metadata != "" {
|
||||
participant.SetMetadata(req.Metadata)
|
||||
}
|
||||
if req.Attributes != nil {
|
||||
participant.SetAttributes(req.Attributes)
|
||||
}
|
||||
|
||||
if req.Permission != nil {
|
||||
participant.SetPermission(req.Permission)
|
||||
}
|
||||
|
||||
+12
-14
@@ -86,8 +86,8 @@ func (s *RoomService) CreateRoom(ctx context.Context, req *livekit.CreateRoomReq
|
||||
return nil, ErrEgressNotConnected
|
||||
}
|
||||
|
||||
if limit := s.limitConf.MaxRoomNameLength; limit > 0 && len(req.Name) > limit {
|
||||
return nil, fmt.Errorf("%w: max length %d", ErrRoomNameExceedsLimits, limit)
|
||||
if !s.limitConf.CheckRoomNameLength(req.Name) {
|
||||
return nil, fmt.Errorf("%w: max length %d", ErrRoomNameExceedsLimits, s.limitConf.MaxRoomNameLength)
|
||||
}
|
||||
|
||||
rm, created, err := s.roomAllocator.CreateRoom(ctx, req)
|
||||
@@ -248,19 +248,17 @@ func (s *RoomService) MutePublishedTrack(ctx context.Context, req *livekit.MuteR
|
||||
|
||||
func (s *RoomService) UpdateParticipant(ctx context.Context, req *livekit.UpdateParticipantRequest) (*livekit.ParticipantInfo, error) {
|
||||
AppendLogFields(ctx, "room", req.Room, "participant", req.Identity)
|
||||
maxMetadataSize := int(s.limitConf.MaxMetadataSize)
|
||||
if maxMetadataSize > 0 && len(req.Metadata) > maxMetadataSize {
|
||||
return nil, twirp.InvalidArgumentError(ErrMetadataExceedsLimits.Error(), strconv.Itoa(maxMetadataSize))
|
||||
|
||||
if !s.limitConf.CheckParticipantNameLength(req.Name) {
|
||||
return nil, twirp.InvalidArgumentError(ErrNameExceedsLimits.Error(), strconv.Itoa(s.limitConf.MaxParticipantNameLength))
|
||||
}
|
||||
maxAttributeSize := int(s.limitConf.MaxAttributesSize)
|
||||
if maxAttributeSize > 0 {
|
||||
total := 0
|
||||
for key, val := range req.Attributes {
|
||||
total += len(key) + len(val)
|
||||
}
|
||||
if total > maxAttributeSize {
|
||||
return nil, twirp.InvalidArgumentError(ErrAttributeExceedsLimits.Error(), strconv.Itoa(maxAttributeSize))
|
||||
}
|
||||
|
||||
if !s.limitConf.CheckMetadataSize(req.Metadata) {
|
||||
return nil, twirp.InvalidArgumentError(ErrMetadataExceedsLimits.Error(), strconv.Itoa(int(s.limitConf.MaxMetadataSize)))
|
||||
}
|
||||
|
||||
if !s.limitConf.CheckAttributesSize(req.Attributes) {
|
||||
return nil, twirp.InvalidArgumentError(ErrAttributeExceedsLimits.Error(), strconv.Itoa(int(s.limitConf.MaxAttributesSize)))
|
||||
}
|
||||
|
||||
if err := EnsureAdminPermission(ctx, livekit.RoomName(req.Room)); err != nil {
|
||||
|
||||
Reference in New Issue
Block a user