dandri/livekit
1
0
Fork 0
mirror of https://github.com/livekit/livekit.git synced 2026-05-22 12:46:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check DestinationRoom of VideoGrant for participant forwarding (#3599)

Browse Source
This commit is contained in:
cnderrauber
2025-04-09 15:13:29 +08:00
committed by GitHub
parent 2e236a193e
commit 5c2d96b9d3
4 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
go.mod
+1 -1
View File
@@ -23,7 +23,7 @@ require (
github.com/jxskiss/base62 v1.1.0
github.com/livekit/mageutil v0.0.0-20230125210925-54e8a70427c1
github.com/livekit/mediatransportutil v0.0.0-20250310153736-45596af895b6
github.com/livekit/protocol v1.36.2-0.20250408183714-0975d348643e
github.com/livekit/protocol v1.36.2-0.20250409063348-18e676b49301
github.com/livekit/psrpc v0.6.1-0.20250205181828-a0beed2e4126
github.com/mackerelio/go-osstat v0.2.5
github.com/magefile/mage v1.15.0
go.sum
+2 -2
View File
@@ -171,8 +171,8 @@ github.com/livekit/mageutil v0.0.0-20230125210925-54e8a70427c1 h1:jm09419p0lqTkD
github.com/livekit/mageutil v0.0.0-20230125210925-54e8a70427c1/go.mod h1:Rs3MhFwutWhGwmY1VQsygw28z5bWcnEYmS1OG9OxjOQ=
github.com/livekit/mediatransportutil v0.0.0-20250310153736-45596af895b6 h1:6ZhtnY9I9knfm3ieIPpznQSEU2rDECO8yliW/ANLQ7U=
github.com/livekit/mediatransportutil v0.0.0-20250310153736-45596af895b6/go.mod h1:36s+wwmU3O40IAhE+MjBWP3W71QRiEE9SfooSBvtBqY=
github.com/livekit/protocol v1.36.2-0.20250408183714-0975d348643e h1:uCdTqLPDVdJeJdXkSx7hlfUlY1MBmfBo8fOk2TF28cU=
github.com/livekit/protocol v1.36.2-0.20250408183714-0975d348643e/go.mod h1:WrT/CYRxtMNOVUjnIPm5OjWtEkmreffTeE1PRZwlRg4=
github.com/livekit/protocol v1.36.2-0.20250409063348-18e676b49301 h1:XiI1VuokjisdmPhU2z7GJa4Q+cv6Z4fqNBl363L4bwA=
github.com/livekit/protocol v1.36.2-0.20250409063348-18e676b49301/go.mod h1:WrT/CYRxtMNOVUjnIPm5OjWtEkmreffTeE1PRZwlRg4=
github.com/livekit/psrpc v0.6.1-0.20250205181828-a0beed2e4126 h1:fzuYpAQbCid7ySPpQWWePfQOWUrs8x6dJ0T3Wl07n+Y=
github.com/livekit/psrpc v0.6.1-0.20250205181828-a0beed2e4126/go.mod h1:X5WtEZ7OnEs72Fi5/J+i0on3964F1aynQpCalcgMqRo=
github.com/mackerelio/go-osstat v0.2.5 h1:+MqTbZUhoIt4m8qzkVoXUJg1EuifwlAJSk4Yl2GXh+o=
pkg/service/auth.go
+13
View File
@@ -219,6 +219,19 @@ func EnsureSIPCallPermission(ctx context.Context) error {
return nil
}
func EnsureForwardPermission(ctx context.Context, source livekit.RoomName, destination livekit.RoomName) error {
claims := GetGrants(ctx)
if claims == nil || claims.Video == nil {
return ErrPermissionDenied
}
if !claims.Video.RoomAdmin || source != livekit.RoomName(claims.Video.Room) || destination != livekit.RoomName(claims.Video.DestinationRoom) {
return ErrPermissionDenied
}
return nil
}
// wraps authentication errors around Twirp
func twirpAuthError(err error) error {
return twirp.NewError(twirp.Unauthenticated, err.Error())
pkg/service/roomservice.go
+1 -1
View File
@@ -321,7 +321,7 @@ func (s *RoomService) ForwardParticipant(ctx context.Context, req *livekit.Forwa
roomName := livekit.RoomName(req.Room)
AppendLogFields(ctx, "room", roomName, "participant", req.Identity)
if err := EnsureAdminPermission(ctx, roomName); err != nil {
if err := EnsureForwardPermission(ctx, roomName, livekit.RoomName(req.DestinationRoom)); err != nil {
return nil, twirpAuthError(err)
}