Refactor code and improve internationalization support
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
- Updated import statements to remove invisible characters. - Standardized comments to use a consistent hyphen format. - Adjusted username validation error messages for consistency. - Enhanced email sending functions to include language support. - Added email internationalization configuration for dynamic translations. - Updated calendar and federation routes to include language in user queries. - Improved user feedback messages in German and English for clarity.
This commit is contained in:
216
README.md
216
README.md
@@ -1,4 +1,4 @@
|
||||
# 🔴 Redlight
|
||||
# 🔴 Redlight
|
||||
|
||||
A modern, self-hosted BigBlueButton frontend with beautiful themes, federation, and powerful features.
|
||||
|
||||
@@ -10,52 +10,52 @@ A modern, self-hosted BigBlueButton frontend with beautiful themes, federation,
|
||||
## ✨ Features
|
||||
|
||||
### Core Features
|
||||
- 🎥 **Video Conferencing** – Integrated BigBlueButton support for professional video meetings
|
||||
- 🎨 **15+ Themes** – Dracula, Nord, Catppuccin, Rosé Pine, Gruvbox, and more
|
||||
- 📝 **Room Management** – Create unlimited rooms with custom settings, access codes, and moderator codes
|
||||
- 🔐 **User Management** – Registration, login, role-based access control (Admin/User)
|
||||
- 📹 **Recording Management** – View, publish, and delete meeting recordings per room
|
||||
- 🌍 **Multi-Language Support** – German (Deutsch) and English built-in, easily extensible
|
||||
- ✉️ **Email Verification** – Optional SMTP-based email verification for user registration
|
||||
- 👤 **User Profiles** – Customizable avatars, themes, and language preferences
|
||||
- 📱 **Responsive Design** – Works seamlessly on mobile, tablet, and desktop
|
||||
- 🌐 **Federation** – Invite users from remote Redlight instances via Ed25519-signed messages
|
||||
- 🐉 **DragonflyDB / Redis** – JWT blacklisting for secure token revocation on logout
|
||||
- 🎥 **Video Conferencing** - Integrated BigBlueButton support for professional video meetings
|
||||
- 🎨 **15+ Themes** - Dracula, Nord, Catppuccin, Rosé Pine, Gruvbox, and more
|
||||
- 📝 **Room Management** - Create unlimited rooms with custom settings, access codes, and moderator codes
|
||||
- 🔐 **User Management** - Registration, login, role-based access control (Admin/User)
|
||||
- 📹 **Recording Management** - View, publish, and delete meeting recordings per room
|
||||
- 🌍 **Multi-Language Support** - German (Deutsch) and English built-in, easily extensible
|
||||
- ✉️ **Email Verification** - Optional SMTP-based email verification for user registration
|
||||
- 👤 **User Profiles** - Customizable avatars, themes, and language preferences
|
||||
- 📱 **Responsive Design** - Works seamlessly on mobile, tablet, and desktop
|
||||
- 🌐 **Federation** - Invite users from remote Redlight instances via Ed25519-signed messages
|
||||
- 🐉 **DragonflyDB / Redis** - JWT blacklisting for secure token revocation on logout
|
||||
|
||||
### Admin Features
|
||||
- 👥 **User Administration** – Manage users and roles
|
||||
- 🏢 **Branding Customization** – Custom app name, logos, and default theme
|
||||
- 📊 **Dashboard** – Overview of system statistics
|
||||
- 🔧 **Settings Management** – System-wide configuration
|
||||
- 👥 **User Administration** - Manage users and roles
|
||||
- 🏢 **Branding Customization** - Custom app name, logos, and default theme
|
||||
- 📊 **Dashboard** - Overview of system statistics
|
||||
- 🔧 **Settings Management** - System-wide configuration
|
||||
|
||||
### Room Features
|
||||
- 🔑 **Access Codes** – Restrict room access with optional passwords
|
||||
- 🔐 **Moderator Codes** – Separate code to grant moderator privileges
|
||||
- 🚪 **Guest Access** – Allow unauthenticated users to join meetings (rate-limited)
|
||||
- ⏱️ **Max Participants** – Set limits on concurrent participants
|
||||
- 🎤 **Mute on Join** – Automatically mute new participants
|
||||
- ✅ **Approval Mode** – Require moderator approval for participants
|
||||
- 🎙️ **Anyone Can Start** – Allow participants to start the meeting
|
||||
- 📹 **Recording Settings** – Control whether meetings are recorded
|
||||
- 📊 **Presentation Upload** – Upload PDF, PPTX, ODP, or image files as default slides
|
||||
- 🤝 **Room Sharing** – Share rooms with other registered users
|
||||
- 🔑 **Access Codes** - Restrict room access with optional passwords
|
||||
- 🔐 **Moderator Codes** - Separate code to grant moderator privileges
|
||||
- 🚪 **Guest Access** - Allow unauthenticated users to join meetings (rate-limited)
|
||||
- ⏱️ **Max Participants** - Set limits on concurrent participants
|
||||
- 🎤 **Mute on Join** - Automatically mute new participants
|
||||
- ✅ **Approval Mode** - Require moderator approval for participants
|
||||
- 🎙️ **Anyone Can Start** - Allow participants to start the meeting
|
||||
- 📹 **Recording Settings** - Control whether meetings are recorded
|
||||
- 📊 **Presentation Upload** - Upload PDF, PPTX, ODP, or image files as default slides
|
||||
- 🤝 **Room Sharing** - Share rooms with other registered users
|
||||
|
||||
### Security
|
||||
- 🛡️ **Comprehensive Rate Limiting** – Login, register, profile, avatar, guest-join, and federation endpoints
|
||||
- 🔒 **Input Validation** – Email format, field length limits, ID format checks, color format validation
|
||||
- 🕐 **Timing-Safe Comparisons** – Access codes and moderator codes compared with `crypto.timingSafeEqual`
|
||||
- 📏 **Streaming Upload Limits** – Avatar (5 MB) and presentation (50 MB) uploads reject early without buffering
|
||||
- 🧹 **XSS Prevention** – HTML-escaped emails, XML-escaped BBB parameters, SVG sanitization
|
||||
- 🔐 **JWT Blacklist** – Token revocation via DragonflyDB/Redis on logout
|
||||
- 🌐 **CORS Restriction** – Locked to `APP_URL` in production
|
||||
- ⚙️ **Configurable Trust Proxy** – `TRUST_PROXY` env var for reverse proxy setups
|
||||
- 🛡️ **Comprehensive Rate Limiting** - Login, register, profile, avatar, guest-join, and federation endpoints
|
||||
- 🔒 **Input Validation** - Email format, field length limits, ID format checks, color format validation
|
||||
- 🕐 **Timing-Safe Comparisons** - Access codes and moderator codes compared with `crypto.timingSafeEqual`
|
||||
- 📏 **Streaming Upload Limits** - Avatar (5 MB) and presentation (50 MB) uploads reject early without buffering
|
||||
- 🧹 **XSS Prevention** - HTML-escaped emails, XML-escaped BBB parameters, SVG sanitization
|
||||
- 🔐 **JWT Blacklist** - Token revocation via DragonflyDB/Redis on logout
|
||||
- 🌐 **CORS Restriction** - Locked to `APP_URL` in production
|
||||
- ⚙️ **Configurable Trust Proxy** - `TRUST_PROXY` env var for reverse proxy setups
|
||||
|
||||
### Developer Features
|
||||
- 🐳 **Docker Support** – Easy deployment with Docker Compose (includes PostgreSQL + DragonflyDB)
|
||||
- 🗄️ **Database Flexibility** – SQLite (default) or PostgreSQL support
|
||||
- 🔌 **REST API** – Comprehensive API for custom integrations
|
||||
- 📦 **Open Source** – Full source code transparency
|
||||
- 🛠️ **Self-Hosted** – Complete data privacy and control
|
||||
- 🐳 **Docker Support** - Easy deployment with Docker Compose (includes PostgreSQL + DragonflyDB)
|
||||
- 🗄️ **Database Flexibility** - SQLite (default) or PostgreSQL support
|
||||
- 🔌 **REST API** - Comprehensive API for custom integrations
|
||||
- 📦 **Open Source** - Full source code transparency
|
||||
- 🛠️ **Self-Hosted** - Complete data privacy and control
|
||||
|
||||
---
|
||||
|
||||
@@ -103,7 +103,7 @@ A modern, self-hosted BigBlueButton frontend with beautiful themes, federation,
|
||||
```env
|
||||
BBB_URL=https://your-bbb-server.com/bigbluebutton/api/
|
||||
BBB_SECRET=your-bbb-shared-secret
|
||||
JWT_SECRET=your-secret-key # REQUIRED – app won't start without this
|
||||
JWT_SECRET=your-secret-key # REQUIRED - app won't start without this
|
||||
APP_URL=https://your-domain.com # Used for CORS and email links
|
||||
DATABASE_URL=postgres://user:password@postgres:5432/redlight
|
||||
|
||||
@@ -165,7 +165,7 @@ A modern, self-hosted BigBlueButton frontend with beautiful themes, federation,
|
||||
- **Frontend**: React 18, Tailwind CSS, React Router, Lucide Icons
|
||||
- **Backend**: Node.js 20, Express, JWT, Bcrypt
|
||||
- **Database**: SQLite / PostgreSQL with better-sqlite3 / pg
|
||||
- **Cache**: DragonflyDB / Redis (ioredis) – JWT blacklisting
|
||||
- **Cache**: DragonflyDB / Redis (ioredis) - JWT blacklisting
|
||||
- **Email**: Nodemailer
|
||||
- **Build**: Vite
|
||||
|
||||
@@ -199,77 +199,77 @@ redlight/
|
||||
|
||||
## 🔐 Security
|
||||
|
||||
- **JWT Authentication** – Secure token-based auth with 7-day expiration and `jti`-based blacklisting via DragonflyDB/Redis
|
||||
- **Mandatory JWT Secret** – Server refuses to start without a `JWT_SECRET` env var
|
||||
- **HTTPS Ready** – Configure behind reverse proxy (nginx, Caddy); trust proxy via `TRUST_PROXY` env
|
||||
- **Password Hashing** – bcryptjs with salt rounds 12, minimum 8-character passwords
|
||||
- **Email Verification** – Optional SMTP-based email verification with resend support
|
||||
- **CORS Protection** – Restricted to `APP_URL` in production, open in development
|
||||
- **Rate Limiting** – Login, register, profile, password, avatar, guest-join, and federation endpoints
|
||||
- **Input Validation** – Email regex, field length limits, ID format checks, hex-color format checks
|
||||
- **Timing-Safe Comparisons** – Access codes and moderator codes compared via `crypto.timingSafeEqual`
|
||||
- **Upload Safety** – Streaming body size limits (avatar 5 MB, presentation 50 MB) abort early without buffering
|
||||
- **XSS / Injection Prevention** – HTML-escaped emails, XML-escaped BBB API parameters, SVG logos served as `attachment`
|
||||
- **Admin Isolation** – Role-based access control with strict admin checks
|
||||
- **JWT Authentication** - Secure token-based auth with 7-day expiration and `jti`-based blacklisting via DragonflyDB/Redis
|
||||
- **Mandatory JWT Secret** - Server refuses to start without a `JWT_SECRET` env var
|
||||
- **HTTPS Ready** - Configure behind reverse proxy (nginx, Caddy); trust proxy via `TRUST_PROXY` env
|
||||
- **Password Hashing** - bcryptjs with salt rounds 12, minimum 8-character passwords
|
||||
- **Email Verification** - Optional SMTP-based email verification with resend support
|
||||
- **CORS Protection** - Restricted to `APP_URL` in production, open in development
|
||||
- **Rate Limiting** - Login, register, profile, password, avatar, guest-join, and federation endpoints
|
||||
- **Input Validation** - Email regex, field length limits, ID format checks, hex-color format checks
|
||||
- **Timing-Safe Comparisons** - Access codes and moderator codes compared via `crypto.timingSafeEqual`
|
||||
- **Upload Safety** - Streaming body size limits (avatar 5 MB, presentation 50 MB) abort early without buffering
|
||||
- **XSS / Injection Prevention** - HTML-escaped emails, XML-escaped BBB API parameters, SVG logos served as `attachment`
|
||||
- **Admin Isolation** - Role-based access control with strict admin checks
|
||||
|
||||
---
|
||||
|
||||
## 📦 API Endpoints
|
||||
|
||||
### Authentication
|
||||
- `POST /api/auth/register` – Register new user
|
||||
- `POST /api/auth/login` – Login user
|
||||
- `POST /api/auth/logout` – Logout (blacklists JWT)
|
||||
- `GET /api/auth/verify-email?token=...` – Verify email with token
|
||||
- `POST /api/auth/resend-verification` – Resend verification email
|
||||
- `GET /api/auth/me` – Get current user info
|
||||
- `PUT /api/auth/profile` – Update profile (theme, language, display name)
|
||||
- `PUT /api/auth/password` – Change password
|
||||
- `POST /api/auth/avatar` – Upload avatar image
|
||||
- `DELETE /api/auth/avatar` – Remove avatar image
|
||||
- `POST /api/auth/register` - Register new user
|
||||
- `POST /api/auth/login` - Login user
|
||||
- `POST /api/auth/logout` - Logout (blacklists JWT)
|
||||
- `GET /api/auth/verify-email?token=...` - Verify email with token
|
||||
- `POST /api/auth/resend-verification` - Resend verification email
|
||||
- `GET /api/auth/me` - Get current user info
|
||||
- `PUT /api/auth/profile` - Update profile (theme, language, display name)
|
||||
- `PUT /api/auth/password` - Change password
|
||||
- `POST /api/auth/avatar` - Upload avatar image
|
||||
- `DELETE /api/auth/avatar` - Remove avatar image
|
||||
|
||||
### Rooms
|
||||
- `GET /api/rooms` – List user's rooms (owned + shared)
|
||||
- `POST /api/rooms` – Create new room
|
||||
- `GET /api/rooms/:uid` – Get room details
|
||||
- `PUT /api/rooms/:uid` – Update room
|
||||
- `DELETE /api/rooms/:uid` – Delete room
|
||||
- `POST /api/rooms/:uid/start` – Start meeting
|
||||
- `POST /api/rooms/:uid/join` – Join meeting as authenticated user
|
||||
- `POST /api/rooms/:uid/guest-join` – Join meeting as guest (rate-limited)
|
||||
- `POST /api/rooms/:uid/end` – End meeting
|
||||
- `GET /api/rooms/:uid/running` – Check if meeting is running
|
||||
- `GET /api/rooms/:uid/shares` – List shared users
|
||||
- `POST /api/rooms/:uid/shares` – Share room with user
|
||||
- `DELETE /api/rooms/:uid/shares/:userId` – Remove share
|
||||
- `POST /api/rooms/:uid/presentation` – Upload default presentation (PDF, PPTX, ODP, images)
|
||||
- `DELETE /api/rooms/:uid/presentation` – Remove presentation
|
||||
- `GET /api/rooms` - List user's rooms (owned + shared)
|
||||
- `POST /api/rooms` - Create new room
|
||||
- `GET /api/rooms/:uid` - Get room details
|
||||
- `PUT /api/rooms/:uid` - Update room
|
||||
- `DELETE /api/rooms/:uid` - Delete room
|
||||
- `POST /api/rooms/:uid/start` - Start meeting
|
||||
- `POST /api/rooms/:uid/join` - Join meeting as authenticated user
|
||||
- `POST /api/rooms/:uid/guest-join` - Join meeting as guest (rate-limited)
|
||||
- `POST /api/rooms/:uid/end` - End meeting
|
||||
- `GET /api/rooms/:uid/running` - Check if meeting is running
|
||||
- `GET /api/rooms/:uid/shares` - List shared users
|
||||
- `POST /api/rooms/:uid/shares` - Share room with user
|
||||
- `DELETE /api/rooms/:uid/shares/:userId` - Remove share
|
||||
- `POST /api/rooms/:uid/presentation` - Upload default presentation (PDF, PPTX, ODP, images)
|
||||
- `DELETE /api/rooms/:uid/presentation` - Remove presentation
|
||||
|
||||
### Recordings
|
||||
- `GET /api/recordings/:roomUid` – List room recordings
|
||||
- `PUT /api/recordings/:recordingId` – Publish/unpublish recording
|
||||
- `DELETE /api/recordings/:recordingId` – Delete recording
|
||||
- `GET /api/recordings/:roomUid` - List room recordings
|
||||
- `PUT /api/recordings/:recordingId` - Publish/unpublish recording
|
||||
- `DELETE /api/recordings/:recordingId` - Delete recording
|
||||
|
||||
### Admin
|
||||
- `GET /api/admin/users` – List all users
|
||||
- `GET /api/admin/stats` – System statistics
|
||||
- `POST /api/admin/users` – Create user (admin)
|
||||
- `PUT /api/admin/users/:id` – Update user
|
||||
- `DELETE /api/admin/users/:id` – Delete user
|
||||
- `GET /api/admin/users` - List all users
|
||||
- `GET /api/admin/stats` - System statistics
|
||||
- `POST /api/admin/users` - Create user (admin)
|
||||
- `PUT /api/admin/users/:id` - Update user
|
||||
- `DELETE /api/admin/users/:id` - Delete user
|
||||
|
||||
### Branding
|
||||
- `GET /api/branding` – Get branding settings
|
||||
- `PUT /api/branding` – Update branding (admin only)
|
||||
- `POST /api/branding/logo` – Upload custom logo
|
||||
- `DELETE /api/branding/logo` – Remove custom logo
|
||||
- `GET /api/branding` - Get branding settings
|
||||
- `PUT /api/branding` - Update branding (admin only)
|
||||
- `POST /api/branding/logo` - Upload custom logo
|
||||
- `DELETE /api/branding/logo` - Remove custom logo
|
||||
|
||||
### Federation
|
||||
- `GET /.well-known/redlight` – Instance discovery (domain, public key)
|
||||
- `POST /api/federation/invite` – Send invitation to remote user
|
||||
- `POST /api/federation/receive` – Receive invitation from remote instance (rate-limited)
|
||||
- `GET /api/federation/invitations` – List received invitations
|
||||
- `PUT /api/federation/invitations/:id` – Accept / decline invitation
|
||||
- `DELETE /api/federation/invitations/:id` – Delete invitation
|
||||
- `GET /.well-known/redlight` - Instance discovery (domain, public key)
|
||||
- `POST /api/federation/invite` - Send invitation to remote user
|
||||
- `POST /api/federation/receive` - Receive invitation from remote instance (rate-limited)
|
||||
- `GET /api/federation/invitations` - List received invitations
|
||||
- `PUT /api/federation/invitations/:id` - Accept / decline invitation
|
||||
- `DELETE /api/federation/invitations/:id` - Delete invitation
|
||||
|
||||
---
|
||||
|
||||
@@ -313,26 +313,26 @@ docker-compose up -d
|
||||
```
|
||||
|
||||
Services:
|
||||
- **redlight** – Node.js application
|
||||
- **postgres** – PostgreSQL database
|
||||
- **dragonfly** – DragonflyDB (Redis-compatible) for JWT blacklisting
|
||||
- **redlight** - Node.js application
|
||||
- **postgres** - PostgreSQL database
|
||||
- **dragonfly** - DragonflyDB (Redis-compatible) for JWT blacklisting
|
||||
|
||||
### Environment Variables
|
||||
|
||||
| Variable | Required | Default | Description |
|
||||
|----------|----------|---------|-------------|
|
||||
| `BBB_URL` | Yes | – | BigBlueButton API URL |
|
||||
| `BBB_SECRET` | Yes | – | BigBlueButton shared secret |
|
||||
| `JWT_SECRET` | Yes | – | Secret for signing JWTs (server won't start without it) |
|
||||
| `APP_URL` | Recommended | – | Public URL of the app (used for CORS + email links) |
|
||||
| `BBB_URL` | Yes | - | BigBlueButton API URL |
|
||||
| `BBB_SECRET` | Yes | - | BigBlueButton shared secret |
|
||||
| `JWT_SECRET` | Yes | - | Secret for signing JWTs (server won't start without it) |
|
||||
| `APP_URL` | Recommended | - | Public URL of the app (used for CORS + email links) |
|
||||
| `DATABASE_URL` | No | SQLite | PostgreSQL connection string |
|
||||
| `REDIS_URL` | No | `redis://localhost:6379` | DragonflyDB / Redis URL |
|
||||
| `TRUST_PROXY` | No | `loopback` | Express trust proxy setting (number or string) |
|
||||
| `SMTP_HOST` | No | – | SMTP server for email verification |
|
||||
| `SMTP_HOST` | No | - | SMTP server for email verification |
|
||||
| `SMTP_PORT` | No | `587` | SMTP port |
|
||||
| `SMTP_USER` | No | – | SMTP username |
|
||||
| `SMTP_PASS` | No | – | SMTP password |
|
||||
| `FEDERATION_DOMAIN` | No | – | Domain for federation (enables cross-instance invites) |
|
||||
| `SMTP_USER` | No | - | SMTP username |
|
||||
| `SMTP_PASS` | No | - | SMTP password |
|
||||
| `FEDERATION_DOMAIN` | No | - | Domain for federation (enables cross-instance invites) |
|
||||
|
||||
### Production Deployment
|
||||
|
||||
@@ -419,7 +419,7 @@ curl "https://your-bbb-server/bigbluebutton/api/getMeetings?checksum=..."
|
||||
|
||||
## 📝 License
|
||||
|
||||
This project is licensed under the MIT License – see [LICENSE](LICENSE) file for details.
|
||||
This project is licensed under the MIT License - see [LICENSE](LICENSE) file for details.
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user