Skip to content

Commit e496ef1

Browse files
gcordalisgcordalis
committed
feat(adapter.ts): add domain restriction functionality to control room access
feat(config.ts): introduce ALLOWED_DOMAINS configuration to specify permitted email domains
1 parent 95617a3 commit e496ef1

File tree

2 files changed

+21
-1
lines changed

2 files changed

+21
-1
lines changed

adapter.ts

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,8 @@ import {
1717
KEYCLOAK_ORIGIN_INTERNAL,
1818
KEYCLOAK_REALM,
1919
PORT,
20-
PERMISSIONS_FILE
20+
PERMISSIONS_FILE,
21+
ALLOWED_DOMAINS
2122
} from "./config.ts";
2223
import { createContext } from "./context.ts";
2324

@@ -98,6 +99,17 @@ async function generateJWT(
9899
}
99100
}
100101

102+
// -----------------------------------------------------------------------------
103+
// Check if the domain is allowed to moderate the room
104+
// -----------------------------------------------------------------------------
105+
function isAllowedDomain(email: string, allowedDomains: string[]): boolean {
106+
if (!allowedDomains.length) return true; // If no domains specified, allow all
107+
if (!email) return false;
108+
109+
const domain = email.split("@")[1]?.toLowerCase();
110+
return allowedDomains.some(allowed => allowed.toLowerCase() === domain);
111+
}
112+
101113
// -----------------------------------------------------------------------------
102114
// Get the access token from Keycloak by using the short-term auth code
103115
//
@@ -213,6 +225,12 @@ async function tokenize(req: Request): Promise<Response> {
213225
const userInfo = await getUserInfo(token);
214226
if (!userInfo) return unauthorized();
215227

228+
// Check email domain
229+
if (!isAllowedDomain(userInfo["email"] as string, ALLOWED_DOMAINS)) {
230+
console.log(`User ${userInfo["email"]} is not allowed to access the room`);
231+
return unauthorized();
232+
}
233+
216234
// Enhance userinfo
217235
userInfo["lobby_bypass"] = true;
218236
userInfo["security_bypass"] = true;
@@ -469,6 +487,7 @@ function main() {
469487
if (PERMISSIONS_FILE) {
470488
console.log(`PERMISSIONS_FILE: ${PERMISSIONS_FILE}`);
471489
}
490+
console.log(`ALLOWED_DOMAINS: ${ALLOWED_DOMAINS}`);
472491

473492
serve(handler, {
474493
hostname: HOSTNAME,

config.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,3 +19,4 @@ export const HOSTNAME = Deno.env.get("HOSTNAME") || "127.0.0.1";
1919
export const PORT = Number(Deno.env.get("PORT") || 9000);
2020
export const DEBUG = Deno.env.get("DEBUG") === "true";
2121
export const PERMISSIONS_FILE = Deno.env.get("PERMISSIONS_FILE") || false;
22+
export const ALLOWED_DOMAINS = (Deno.env.get("ALLOWED_DOMAINS") || "").split(",").filter(Boolean);

0 commit comments

Comments
 (0)