fix: resolve server bugs and unify app-name handling
Build & Push Docker Image / build (push) Successful in 4m6s
Build & Push Docker Image / build (push) Successful in 4m6s
Bug fixes:
- bbb.js: replace undefined t('defaultWelcome') call that threw a
ReferenceError when a room had an empty welcome message, breaking
meeting creation. Default welcome and the guest-invite hint are now
localised via the i18n system (new "bbb" namespace in de/en).
- auth.js: app name was read from the never-written 'branding' settings
key, so custom names never appeared in verification emails or the TOTP
issuer. Now resolved through a shared getAppName() helper.
- auth.js: lowercase the email in the registration duplicate check so
case-variant duplicates return a clean 409 instead of a 500 (UNIQUE
violation).
- federation.js: select the user's "language" column so federation
invite emails respect the recipient's language instead of always
defaulting to English.
- calendar.js: a set reminder could not be cleared. COALESCE treated an
explicit reminder_minutes: null as "keep existing"; use a direct
assignment that distinguishes "omitted" (keep) from "null" (clear).
- index.js / analytics.js: exclude the BBB learning-analytics callback
from the global 100kb body limit and give it its own 5mb limit, since
analytics payloads for large meetings can be several MB.
Cleanup:
- Add server/config/appName.js as the single source of truth for the
app name (admin setting -> APP_NAME env -> 'Redlight') and use it in
auth, admin, rooms, calendar and federation, replacing the previous
mix of wrong DB key, direct app_name reads and bare process.env reads.
- Localise the BBB default welcome message in the room owner's language.
- Remove two unused safeAppName variables in mailer.js.
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
import crypto from 'crypto';
|
||||
import xml2js from 'xml2js';
|
||||
import { log, fmtDuration, fmtStatus, fmtMethod, fmtReturncode, sanitizeBBBParams } from './logger.js';
|
||||
import { t } from './emaili18n.js';
|
||||
|
||||
const BBB_URL = process.env.BBB_URL || 'https://your-bbb-server.com/bigbluebutton/api/';
|
||||
const BBB_SECRET = process.env.BBB_SECRET || '';
|
||||
@@ -73,15 +74,15 @@ function getRoomPasswords(uid) {
|
||||
return { moderatorPW: modPw, attendeePW: attPw };
|
||||
}
|
||||
|
||||
export async function createMeeting(room, logoutURL, loginURL = null, presentationUrl = null, analyticsCallbackURL = null) {
|
||||
export async function createMeeting(room, logoutURL, loginURL = null, presentationUrl = null, analyticsCallbackURL = null, lang = 'en') {
|
||||
const { moderatorPW, attendeePW } = getRoomPasswords(room.uid);
|
||||
|
||||
// Build welcome message with guest invite link
|
||||
// HTML-escape user-controlled content to prevent stored XSS via BBB
|
||||
let welcome = room.welcome_message ? escapeHtml(room.welcome_message) : t('defaultWelcome');
|
||||
let welcome = room.welcome_message ? escapeHtml(room.welcome_message) : escapeHtml(t(lang, 'bbb.defaultWelcome'));
|
||||
if (logoutURL) {
|
||||
const guestLink = `${logoutURL}/join/${room.uid}`;
|
||||
welcome += `<br><br>To invite other participants, share this link:<br><a href="${escapeHtml(guestLink)}">${escapeHtml(guestLink)}</a>`;
|
||||
welcome += `<br><br>${escapeHtml(t(lang, 'bbb.inviteHint'))}<br><a href="${escapeHtml(guestLink)}">${escapeHtml(guestLink)}</a>`;
|
||||
// Access code is intentionally NOT shown in the welcome message to prevent
|
||||
// leaking it to all meeting participants.
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user