From beb414aec7b688f3d703f5e9000519c148613780 Mon Sep 17 00:00:00 2001 From: hiroshisuga <45039819+hiroshisuga@users.noreply.github.com> Date: Sun, 19 Sep 2021 07:56:39 +0900 Subject: [PATCH] Use the user image for BBB avatar #2 (Limit image size) (#2860) * Update bbb_server.rb * Update bbb_server.rb * showing user avatar To make sure something unexpected happens * revert if current_user due to the undefined error * Update bbb_server.rb 'if current_user' should not have problem, but rubocop complains... * Update bbb_server.rb * add an option to avatar image * Add an option to avatar image * add an option avatar_image * Update rooms_controller.rb * Update joiner.rb * Update bbb_server.rb * Update joiner.rb * Update joiner.rb * Update rooms_controller.rb * Update joiner.rb * Update sample.env * Update application_helper.rb * Update rooms_controller.rb * Update joiner.rb * Update bbb_server.rb * Update application_helper.rb Add a check if the URL is valid. * double the limit * move the judgement to controller * Update joiner.rb * Update rooms_controller.rb * Update application_helper.rb * Update rooms_controller.rb * Update application.rb * Update joiner.rb * Update rooms_controller.rb * Update joiner.rb * Update rooms_controller.rb * Update application_helper.rb * Update application.rb * in case parameter not set * change to MAX_AVATAR_SIZE * Notification default value Co-authored-by: Jesus Federico Co-authored-by: Ahmad Farhat --- app/controllers/concerns/bbb_server.rb | 1 + app/controllers/concerns/joiner.rb | 10 ++++++++++ app/controllers/rooms_controller.rb | 1 + config/application.rb | 3 +++ sample.env | 4 ++++ 5 files changed, 19 insertions(+) diff --git a/app/controllers/concerns/bbb_server.rb b/app/controllers/concerns/bbb_server.rb index d38d52da..1346f187 100644 --- a/app/controllers/concerns/bbb_server.rb +++ b/app/controllers/concerns/bbb_server.rb @@ -54,6 +54,7 @@ module BbbServer join_opts = {} join_opts[:userID] = uid if uid join_opts[:join_via_html5] = true + join_opts[:avatarURL] = options[:avatarURL] if options[:avatarURL].present? join_opts[:createTime] = room.last_session.to_datetime.strftime("%Q") if room.last_session bbb_server.join_meeting_url(room.bbb_id, name, password, join_opts) diff --git a/app/controllers/concerns/joiner.rb b/app/controllers/concerns/joiner.rb index 3021082c..e5d621d7 100644 --- a/app/controllers/concerns/joiner.rb +++ b/app/controllers/concerns/joiner.rb @@ -47,6 +47,15 @@ module Joiner end end + def valid_avatar?(url) + return false if URI.regexp.match(url).nil? + uri = URI(url) + http = Net::HTTP.new(uri.host, uri.port) + http.use_ssl = true if uri.scheme == 'https' + response = http.request_head(uri) + return response['content-length'].to_i < Rails.configuration.max_avatar_size + end + def join_room(opts) @room_settings = JSON.parse(@room[:room_settings]) @@ -60,6 +69,7 @@ module Joiner opts[:mute_on_start] = room_setting_with_config("muteOnStart") if current_user + opts[:avatarURL] = current_user.image if current_user.image.present? && valid_avatar?(current_user.image) redirect_to join_path(@room, current_user.name, opts, current_user.uid) else join_name = params[:join_name] || params[@room.invite_path][:join_name] diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb index a2741d29..debf2511 100644 --- a/app/controllers/rooms_controller.rb +++ b/app/controllers/rooms_controller.rb @@ -180,6 +180,7 @@ class RoomsController < ApplicationController opts[:mute_on_start] = room_setting_with_config("muteOnStart") opts[:require_moderator_approval] = room_setting_with_config("requireModeratorApproval") opts[:record] = record_meeting + opts[:avatarURL] = current_user.image if current_user.image.present? && valid_avatar?(current_user.image) begin redirect_to join_path(@room, current_user.name, opts, current_user.uid) diff --git a/config/application.rb b/config/application.rb index 18704274..a4937383 100644 --- a/config/application.rb +++ b/config/application.rb @@ -183,5 +183,8 @@ module Greenlight # Default admin password config.admin_password_default = ENV['ADMIN_PASSWORD'] || 'administrator' + + # Max avatar image size + config.max_avatar_size = ENV['MAX_AVATAR_SIZE'].to_i.zero? ? 100000 : ENV['MAX_AVATAR_SIZE'].to_i end end diff --git a/sample.env b/sample.env index 0bb33966..2c10cbcc 100644 --- a/sample.env +++ b/sample.env @@ -356,3 +356,7 @@ DEFAULT_REGISTRATION=open # For details, see: https://github.com/puma/puma#clustered-mode # Default: 1 #WEB_CONCURRENCY=1 + +# Max avatar image size (bytes) +# Default: 100000 +MAX_AVATAR_SIZE=100000