fix: resolve server bugs and unify app-name handling
Build & Push Docker Image / build (push) Successful in 4m6s
Build & Push Docker Image / build (push) Successful in 4m6s
Bug fixes:
- bbb.js: replace undefined t('defaultWelcome') call that threw a
ReferenceError when a room had an empty welcome message, breaking
meeting creation. Default welcome and the guest-invite hint are now
localised via the i18n system (new "bbb" namespace in de/en).
- auth.js: app name was read from the never-written 'branding' settings
key, so custom names never appeared in verification emails or the TOTP
issuer. Now resolved through a shared getAppName() helper.
- auth.js: lowercase the email in the registration duplicate check so
case-variant duplicates return a clean 409 instead of a 500 (UNIQUE
violation).
- federation.js: select the user's "language" column so federation
invite emails respect the recipient's language instead of always
defaulting to English.
- calendar.js: a set reminder could not be cleared. COALESCE treated an
explicit reminder_minutes: null as "keep existing"; use a direct
assignment that distinguishes "omitted" (keep) from "null" (clear).
- index.js / analytics.js: exclude the BBB learning-analytics callback
from the global 100kb body limit and give it its own 5mb limit, since
analytics payloads for large meetings can be several MB.
Cleanup:
- Add server/config/appName.js as the single source of truth for the
app name (admin setting -> APP_NAME env -> 'Redlight') and use it in
auth, admin, rooms, calendar and federation, replacing the previous
mix of wrong DB key, direct app_name reads and bare process.env reads.
- Localise the BBB default welcome message in the room owner's language.
- Remove two unused safeAppName variables in mailer.js.
This commit is contained in:
@@ -0,0 +1,20 @@
|
||||
import { getDb } from './database.js';
|
||||
|
||||
/**
|
||||
* Resolve the configured application name.
|
||||
* Resolution order: admin-set 'app_name' setting → APP_NAME env var → 'Redlight'.
|
||||
*
|
||||
* The app name is stored in the settings table under the key 'app_name'
|
||||
* (see routes/branding.js). This helper is the single source of truth so the
|
||||
* configured name is used consistently across emails, the 2FA issuer, etc.
|
||||
*/
|
||||
export async function getAppName() {
|
||||
try {
|
||||
const db = getDb();
|
||||
const row = await db.get("SELECT value FROM settings WHERE key = 'app_name'");
|
||||
if (row?.value) return row.value;
|
||||
} catch {
|
||||
// fall through to env/default if the DB is unavailable
|
||||
}
|
||||
return process.env.APP_NAME || 'Redlight';
|
||||
}
|
||||
@@ -1,6 +1,7 @@
|
||||
import crypto from 'crypto';
|
||||
import xml2js from 'xml2js';
|
||||
import { log, fmtDuration, fmtStatus, fmtMethod, fmtReturncode, sanitizeBBBParams } from './logger.js';
|
||||
import { t } from './emaili18n.js';
|
||||
|
||||
const BBB_URL = process.env.BBB_URL || 'https://your-bbb-server.com/bigbluebutton/api/';
|
||||
const BBB_SECRET = process.env.BBB_SECRET || '';
|
||||
@@ -73,15 +74,15 @@ function getRoomPasswords(uid) {
|
||||
return { moderatorPW: modPw, attendeePW: attPw };
|
||||
}
|
||||
|
||||
export async function createMeeting(room, logoutURL, loginURL = null, presentationUrl = null, analyticsCallbackURL = null) {
|
||||
export async function createMeeting(room, logoutURL, loginURL = null, presentationUrl = null, analyticsCallbackURL = null, lang = 'en') {
|
||||
const { moderatorPW, attendeePW } = getRoomPasswords(room.uid);
|
||||
|
||||
// Build welcome message with guest invite link
|
||||
// HTML-escape user-controlled content to prevent stored XSS via BBB
|
||||
let welcome = room.welcome_message ? escapeHtml(room.welcome_message) : t('defaultWelcome');
|
||||
let welcome = room.welcome_message ? escapeHtml(room.welcome_message) : escapeHtml(t(lang, 'bbb.defaultWelcome'));
|
||||
if (logoutURL) {
|
||||
const guestLink = `${logoutURL}/join/${room.uid}`;
|
||||
welcome += `<br><br>To invite other participants, share this link:<br><a href="${escapeHtml(guestLink)}">${escapeHtml(guestLink)}</a>`;
|
||||
welcome += `<br><br>${escapeHtml(t(lang, 'bbb.inviteHint'))}<br><a href="${escapeHtml(guestLink)}">${escapeHtml(guestLink)}</a>`;
|
||||
// Access code is intentionally NOT shown in the welcome message to prevent
|
||||
// leaking it to all meeting participants.
|
||||
}
|
||||
|
||||
@@ -64,7 +64,6 @@ export async function sendVerificationEmail(to, name, verifyUrl, appName = 'Redl
|
||||
const from = process.env.SMTP_FROM || process.env.SMTP_USER;
|
||||
const headerAppName = sanitizeHeaderValue(appName);
|
||||
const safeName = escapeHtml(name);
|
||||
const safeAppName = escapeHtml(appName);
|
||||
|
||||
await transporter.sendMail({
|
||||
from: `"${headerAppName}" <${from}>`,
|
||||
@@ -112,7 +111,6 @@ export async function sendFederationInviteEmail(to, name, fromUser, roomName, me
|
||||
const safeFromUser = escapeHtml(fromUser);
|
||||
const safeRoomName = escapeHtml(roomName);
|
||||
const safeMessage = message ? escapeHtml(message) : null;
|
||||
const safeAppName = escapeHtml(appName);
|
||||
|
||||
const introHtml = t(lang, 'email.federationInvite.intro')
|
||||
.replace('{fromUser}', `<strong style="color:#cdd6f4;">${safeFromUser}</strong>`);
|
||||
|
||||
Reference in New Issue
Block a user