Disallow WS creation if room has restricted access

jam-systems · Jul 9, 2022 · 162d1ff · 162d1ff
1 parent 7a1e0a1
commit 162d1ff
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/pantry/services/ws.js b/pantry/services/ws.js
@@ -220,11 +220,10 @@ function addWebsocket(server) {
   const wss = new WebSocket.Server({noServer: true});
   wss.on('connection', handleConnection);
 
-  server.on('upgrade', (req, socket, head) => {
+  server.on('upgrade', async (req, socket, head) => {
     let [path, query] = req.url.split('?');
     let [roomId] = path.split('/').filter(t => t);
     let params = querystring.parse(query);
-
     let {id: peerId, subs, token} = params;
 
     // this is for forwarding messages to other containers
@@ -234,10 +233,15 @@ function addWebsocket(server) {
       internal = true;
     }
 
+    let roomInfo = await get('rooms/' + roomId);
+
     let publicKey = peerId?.split('.')[0];
     if (
       peerId === undefined ||
-      ((roomId === undefined || !ssrVerifyToken(token, publicKey)) && !internal)
+      ((roomId === undefined || !ssrVerifyToken(token, publicKey)) &&
+        !internal) ||
+      (roomInfo.access?.identities &&
+        !roomInfo.access?.identities.includes(publicKey))
     ) {
       console.log('ws rejected!', req.url, 'room', roomId, 'peer', peerId);
       socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');