demansoltech · dimashasbi · Apr 9, 2022 · Apr 11, 2022 · Apr 12, 2022
diff --git a/server/api.go b/server/api.go
@@ -3,12 +3,17 @@ package main
 import (
 	"bytes"
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"
+	"strings"
 	"sync"
+	"time"
 
+	"github.com/cristalhq/jwt/v2"
 	"github.com/mattermost/mattermost-server/v5/mlog"
 	"github.com/mattermost/mattermost-server/v5/model"
 	"github.com/mattermost/mattermost-server/v5/plugin"
@@ -36,6 +41,12 @@ type StartMeetingFromAction struct {
 	} `json:"context"`
 }
 
+type CallbackValidation struct {
+	UserID    string
+	ChannelID string
+	room      string
+}
+
 func (p *Plugin) ServeHTTP(c *plugin.Context, w http.ResponseWriter, r *http.Request) {
 	switch path := r.URL.Path; path {
 	case "/api/v1/meetings/enrich":
@@ -46,6 +57,8 @@ func (p *Plugin) ServeHTTP(c *plugin.Context, w http.ResponseWriter, r *http.Req
 		p.handleConfig(w, r)
 	case "/jitsi_meet_external_api.js":
 		p.handleExternalAPIjs(w, r)
+	case "/auth-callback":
+		p.handleCallback(w, r)
 	default:
 		http.NotFound(w, r)
 	}
@@ -303,3 +316,92 @@ func (p *Plugin) handleEnrichMeetingJwt(w http.ResponseWriter, r *http.Request)
 		mlog.Warn("Unable to write response body", mlog.String("handler", "handleEnrichMeetingJwt"), mlog.Err(err))
 	}
 }
+
+func (p *Plugin) handleCallback(w http.ResponseWriter, r *http.Request) {
+	if err := p.getConfiguration().IsValid(); err != nil {
+		mlog.Error("Invalid plugin configuration", mlog.Err(err))
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	room := r.Header.Get("room")
+
+	user, err := p.API.GetUser(p.callback.UserID)
+	if err != nil {
+		http.Error(w, err.Error(), err.StatusCode)
+	}
+
+	jitsiURL := strings.TrimSpace(p.getConfiguration().GetJitsiURL())
+	jitsiURL = strings.TrimRight(jitsiURL, "/")
+	redirectURL := jitsiURL + "/" + room + "?jwt="
+
+	checkCallback, err2 := p.checkValidationCallback(user, room)
+	if err2 != nil {
+		jwtToken, err1 := p.createJwtToken(user, "invalidroom")
+		if err1 != nil {
+			mlog.Error("Error Create JWT context", mlog.Err(err1))
+			http.Error(w, "Internal error", http.StatusInternalServerError)
+		}
+		redirectURL = redirectURL + jwtToken
+		http.Redirect(w, r, redirectURL, http.StatusSeeOther)
+	}
+	if checkCallback {
+		jwtToken, err1 := p.createJwtToken(user, room)
+		if err1 != nil {
+			mlog.Error("Error Create JWT context", mlog.Err(err1))
+			http.Error(w, "Internal error", http.StatusInternalServerError)
+		}
+		redirectURL = redirectURL + jwtToken
+		http.Redirect(w, r, redirectURL, http.StatusSeeOther)
+	} else {
+		redirectURL = *p.API.GetConfig().ServiceSettings.SiteURL
+		http.Redirect(w, r, redirectURL, http.StatusSeeOther)
+	}
+}
+
+func (p *Plugin) createJwtToken(user *model.User, room string) (string, error) {
+	// Error check is done in configuration.IsValid()
+	jURL, _ := url.Parse(p.getConfiguration().GetJitsiURL())
+
+	var meetingLinkValidUntil = time.Time{}
+	meetingLinkValidUntil = time.Now().Add(time.Duration(p.getConfiguration().JitsiLinkValidTime) * time.Minute)
+
+	claims := Claims{}
+	claims.Issuer = p.getConfiguration().JitsiAppID
+	claims.Audience = []string{p.getConfiguration().JitsiAppID}
+	claims.ExpiresAt = jwt.NewNumericDate(meetingLinkValidUntil)
+	claims.Subject = jURL.Hostname()
+	claims.Room = room
+
+	sanitizedUser := user.DeepCopy()
+	config := p.API.GetConfig()
+	if config.PrivacySettings.ShowFullName == nil || !*config.PrivacySettings.ShowFullName {
+		sanitizedUser.FirstName = ""
+		sanitizedUser.LastName = ""
+	}
+	if config.PrivacySettings.ShowEmailAddress == nil || !*config.PrivacySettings.ShowEmailAddress {
+		sanitizedUser.Email = ""
+	}
+
+	newContext := Context{
+		User: User{
+			Avatar: fmt.Sprintf("%s/api/v4/users/%s/image?_=%d", *config.ServiceSettings.SiteURL, sanitizedUser.Id, sanitizedUser.LastPictureUpdate),
+			Name:   sanitizedUser.GetDisplayName(model.SHOW_NICKNAME_FULLNAME),
+			Email:  sanitizedUser.Email,
+			ID:     sanitizedUser.Id,
+		},
+		Group: claims.Context.Group,
+	}
+	claims.Context = newContext
+
+	return signClaims(p.getConfiguration().JitsiAppSecret, &claims)
+}
+
+func (p *Plugin) checkValidationCallback(user *model.User, room string) (bool, error) {
+	if p.callback.room != room {
+		return false, nil
+	} else if p.callback.UserID != user.Id {
+		return false, nil
+	}
+	return true, nil
+}
diff --git a/server/api_test.go b/server/api_test.go
@@ -0,0 +1,11 @@
+package main
+
+import "testing"
+
+func TestCallback(t *testing.T) {
+	// Case Success
+
+	// Case Fail Authenticate
+
+	// Case
+}
diff --git a/server/plugin.go b/server/plugin.go
@@ -35,6 +35,7 @@ type Plugin struct {
 
 	telemetryClient telemetry.Client
 	tracker         telemetry.Tracker
+	callback        CallbackValidation
 
 	// configurationLock synchronizes access to the configuration.
 	configurationLock sync.RWMutex
@@ -355,6 +356,13 @@ func (p *Plugin) startMeeting(user *model.User, channel *model.Channel, meetingI
 		}) + "\n\n" + meetingUntil,
 	}
 
+	callbackValidation := CallbackValidation{
+		UserID:    user.Id,
+		ChannelID: channel.Id,
+		room:      meetingID,
+	}
+	p.callback = callbackValidation
+
 	post := &model.Post{
 		UserId:    user.Id,
 		ChannelId: channel.Id,