From eef3cf0f010a14baafdfc25c2314eed694f56f23 Mon Sep 17 00:00:00 2001 From: Benjamin Pracht Date: Fri, 10 May 2024 10:05:53 -0700 Subject: [PATCH] Redact egress object in CreateRoom request (#2710) --- go.mod | 2 +- go.sum | 4 ++-- pkg/service/roomservice.go | 27 ++++++++++++++++++++++++++- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 26bf23943..75b6c9839 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/jxskiss/base62 v1.1.0 github.com/livekit/mageutil v0.0.0-20230125210925-54e8a70427c1 github.com/livekit/mediatransportutil v0.0.0-20240416023643-881d3dc5423e - github.com/livekit/protocol v1.14.1-0.20240426104403-e7962f444464 + github.com/livekit/protocol v1.15.1-0.20240510165606-93a26f478d00 github.com/livekit/psrpc v0.5.3-0.20240426045048-8ba067a45715 github.com/mackerelio/go-osstat v0.2.4 github.com/magefile/mage v1.15.0 diff --git a/go.sum b/go.sum index 08f1961f4..d0e7da290 100644 --- a/go.sum +++ b/go.sum @@ -120,8 +120,8 @@ github.com/livekit/mageutil v0.0.0-20230125210925-54e8a70427c1 h1:jm09419p0lqTkD github.com/livekit/mageutil v0.0.0-20230125210925-54e8a70427c1/go.mod h1:Rs3MhFwutWhGwmY1VQsygw28z5bWcnEYmS1OG9OxjOQ= github.com/livekit/mediatransportutil v0.0.0-20240416023643-881d3dc5423e h1:ss4VwrouYiDpuNJ9BUTH+WsW+GDdJS70iZp8ii3/0Lc= github.com/livekit/mediatransportutil v0.0.0-20240416023643-881d3dc5423e/go.mod h1:jwKUCmObuiEDH0iiuJHaGMXwRs3RjrB4G6qqgkr/5oE= -github.com/livekit/protocol v1.14.1-0.20240426104403-e7962f444464 h1:5IxCPDkibpvnAYN6+djltH6Gj4dMOL0hNecHn5jZKmk= -github.com/livekit/protocol v1.14.1-0.20240426104403-e7962f444464/go.mod h1:pnn0Dv+/0K0OFqKHX6J6SreYO1dZxl6tDuAZ1ns8L/w= +github.com/livekit/protocol v1.15.1-0.20240510165606-93a26f478d00 h1:c5VOR2XrAgxjwvWpQIA0lDUX+YcpxGzxXtaRfhu510E= +github.com/livekit/protocol v1.15.1-0.20240510165606-93a26f478d00/go.mod h1:pnn0Dv+/0K0OFqKHX6J6SreYO1dZxl6tDuAZ1ns8L/w= github.com/livekit/psrpc v0.5.3-0.20240426045048-8ba067a45715 h1:vhDMOe8fxEc/amYTFo799LySPM12Fk3vc+Nc6o4gYZQ= github.com/livekit/psrpc v0.5.3-0.20240426045048-8ba067a45715/go.mod h1:CQUBSPfYYAaevg1TNCc6/aYsa8DJH4jSRFdCeSZk5u0= github.com/mackerelio/go-osstat v0.2.4 h1:qxGbdPkFo65PXOb/F/nhDKpF2nGmGaCFDLXoZjJTtUs= diff --git a/pkg/service/roomservice.go b/pkg/service/roomservice.go index c138727a4..285c025d9 100644 --- a/pkg/service/roomservice.go +++ b/pkg/service/roomservice.go @@ -22,11 +22,13 @@ import ( "github.com/avast/retry-go/v4" "github.com/pkg/errors" "github.com/twitchtv/twirp" + "google.golang.org/protobuf/proto" "github.com/livekit/livekit-server/pkg/agent" "github.com/livekit/livekit-server/pkg/config" "github.com/livekit/livekit-server/pkg/routing" "github.com/livekit/livekit-server/pkg/rtc" + "github.com/livekit/protocol/egress" "github.com/livekit/protocol/livekit" "github.com/livekit/protocol/rpc" ) @@ -76,7 +78,9 @@ func NewRoomService( } func (s *RoomService) CreateRoom(ctx context.Context, req *livekit.CreateRoomRequest) (*livekit.Room, error) { - AppendLogFields(ctx, "room", req.Name, "request", req) + clone := redactCreateRoomRequest(req) + + AppendLogFields(ctx, "room", clone.Name, "request", clone) if err := EnsureCreatePermission(ctx); err != nil { return nil, twirpAuthError(err) } else if req.Egress != nil && s.egressLauncher == nil { @@ -342,3 +346,24 @@ func (s *RoomService) startRoom(ctx context.Context, roomName livekit.RoomName) res.ResponseSource.Close() }, nil } + +func redactCreateRoomRequest(req *livekit.CreateRoomRequest) *livekit.CreateRoomRequest { + if req.Egress == nil { + // nothing to redact + return req + } + + clone := proto.Clone(req).(*livekit.CreateRoomRequest) + + if clone.Egress.Room != nil { + egress.RedactEncodedOutputs(clone.Egress.Room) + } + if clone.Egress.Participant != nil { + egress.RedactAutoEncodedOutput(clone.Egress.Participant) + } + if clone.Egress.Tracks != nil { + egress.RedactUpload(clone.Egress.Tracks) + } + + return clone +}