Next

RELEASE.md

@@ -1,3 +1,14 @@
+# 1.6.1
+
+_2025_12_04_
+
+- Public sessions can now be password protected
+- User actions are now logged in the database
+- Live updating has been improved, with reconnection and better error handling
+- External dependencies have been updated to fix vulnerabilities
+- SSO functionality now uses an internal cookie-based system making the API sessionless
+- Improve microphone and videoconference recording interface
+
 # 1.6.0
 
 _2025_10_08_

studio-api/.envdefault

@@ -23,7 +23,7 @@ DB_PASS=example
 DB_NAME=conversations
 
 # Request a specific version of the database (optional)
-DB_MIGRATION_TARGET=1.6.1
+DB_MIGRATION_TARGET=1.6.2
 
 # STT Config
 GATEWAY_SERVICES=https://<domain>
@@ -97,6 +97,8 @@ JWT_ALGORITHM=HS256
 LOCAL_AUTH_ENABLED=true
 
 # OIDC Type supported are : linagora
+SSO_ENCRYPTION_KEY=defaultEncryptionKeyChangeMe
+
 OIDC_TYPE=
 OIDC_ISSUER_URL=
 OIDC_URL=

studio-api/components/IoHandler/index.js

@@ -31,54 +31,52 @@ async function checkSocketAccess(socket, roomId) {
   const sessionRoomId = roomId.split("/")[0]
 
   try {
-    // Load session
     const sessionRes = await axios.get(
       `${process.env.SESSION_API_ENDPOINT}/sessions/${sessionRoomId}`,
     )
     const session = sessionRes?.data ?? sessionRes
 
-    // Check user auth
     const { isAuth, userId, sessionId } =
       await auth_middlewares.checkSocket(socket)
 
-    // Protected session data
     const protectedSession =
       await model.sessionData.getBySessionId(sessionRoomId)
     const hasPassword =
       protectedSession?.[0]?.password && protectedSession.length > 0
 
     // Public session + no protection
     if (session.visibility === "public" && !hasPassword) {
-      return true
+      return { allowed: true, userId }
     }
 
     // User is not authenticated
     if (!isAuth) {
-      return denySocket(socket)
+      denySocket(socket)
+      return { allowed: false, userId: undefined }
     }
 
-    // Public session & sessionId matches with a password
+    // Public session + password-protected, sessionId matches
     if (
       session.visibility === "public" &&
       sessionId === session.id &&
       hasPassword
     ) {
-      return true
+      return { allowed: true, userId }
     }
 
-    // Determine user access from organization access
+    // Organization access
     const access = await sessionSocketAccess(session, userId)
     if (access === true) {
-      // if (session.visibility === "organization") {
-      return true
+      return { allowed: true, userId }
     }
 
-    // Private & owner or explicitly granted access
+    // Private session & is owner
     if (session.visibility === "private" && session.owner === userId) {
-      return true
+      return { allowed: true, userId }
     }
 
-    return denySocket(socket)
+    denySocket(socket)
+    return { allowed: false, userId: undefined }
   } catch (err) {
     LogManager.logSocketEvent(
       socket,
@@ -90,9 +88,11 @@ async function checkSocketAccess(socket, roomId) {
       },
       { level: "error" },
     )
-    return denySocket(socket)
+    denySocket(socket)
+    return { allowed: false, userId: undefined }
   }
 }
+
 class IoHandler extends Component {
   constructor(app) {
     super(app, "WebServer") // Relies on a WebServer component to be registrated
@@ -130,12 +130,15 @@ class IoHandler extends Component {
       }
 
       socket.on("join_room", async (roomId) => {
-        if (!(await checkSocketAccess(socket, roomId))) return
+        const { allowed, userId } = await checkSocketAccess(socket, roomId)
+        if (!allowed) return
         LogManager.logSocketEvent(socket, {
           sessionId: roomId,
+          userId,
           action: SOCKET_EVENTS.JOIN,
           from: "session",
         })
+
         this.addSocketInRoom(roomId, socket)
       })
 

studio-api/components/MongoMigration/controllers/schema/activityLog.js

@@ -0,0 +1,36 @@
+const debug = require("debug")(
+  `linto:components:MongoMigration:controllers:schema:activityLog`,
+)
+
+module.exports = async function (db, collectionName) {
+  try {
+    if (!collectionName) return
+    const collection = db.collection(collectionName)
+
+    await collection.createIndex(
+      { timestamp: 1 },
+      { expireAfterSeconds: 60 * 60 * 24 * 365 }, // 1 year in ms
+    )
+
+    await collection.createIndex({ "http.status": 1 })
+    await collection.createIndex({ "user.id": 1 })
+    await collection.createIndex({ scope: 1 })
+    await collection.createIndex({ source: 1 })
+
+    await collection.createIndex({
+      timestamp: -1,
+      "user.id": 1,
+    })
+
+    await collection.createIndex({
+      timestamp: -1,
+      "organization.id": 1,
+    })
+
+    console.log(
+      `Collection "${collectionName}" with TTL index created successfully.`,
+    )
+  } catch (error) {
+    console.error("Error creating collection:", error)
+  }
+}

studio-api/components/MongoMigration/controllers/schema/tokens.js

@@ -7,7 +7,14 @@ module.exports = async function (db, collectionName) {
     if (!collectionName) return
     await db
       .collection(collectionName)
-      .createIndex({ createdAt: 1 }, { expireAfterSeconds: 1209600 }) // 14 days in seconds
+      .createIndex({ expiresAt: 1 }, { expireAfterSeconds: 0 })
+
+    const indexes = await db.collection(collectionName).indexes()
+    indexes.map(async (index) => {
+      if (index.name === "createdAt_1") {
+        await db.collection(collectionName).dropIndex("createdAt_1")
+      }
+    })
 
     console.log(
       `Collection "${collectionName}" with TTL index created successfully.`,

studio-api/components/MongoMigration/version/1.2.0/token.js

@@ -1,5 +1,5 @@
 const debug = require("debug")(
-  `linto:components:MongoMigration:controllers:version:1.1.2:organization`,
+  `linto:components:MongoMigration:controllers:version:1.1.2:token`,
 )
 
 const collections_name = "tokens"

studio-api/components/MongoMigration/version/1.6.2/activityLog.js

@@ -0,0 +1,19 @@
+const debug = require("debug")(
+  `linto:components:MongoMigration:controllers:version:1.6.2:activityLog`,
+)
+
+const collections_name = "activityLog"
+
+const initIndexActivity = require(
+  `${process.cwd()}/components/MongoMigration/controllers/schema/activityLog`,
+)
+
+module.exports = {
+  async up(db) {
+    await initIndexActivity(db, collections_name)
+  },
+
+  async down(db) {
+    // No lower version for this migration
+  },
+}

studio-api/components/MongoMigration/version/1.6.2/token.js

@@ -0,0 +1,19 @@
+const debug = require("debug")(
+  `linto:components:MongoMigration:controllers:version:1.6.2:token`,
+)
+
+const collections_name = "tokens"
+
+const initToken = require(
+  `${process.cwd()}/components/MongoMigration/controllers/schema/tokens`,
+)
+
+module.exports = {
+  async up(db) {
+    await initToken(db, collections_name)
+  },
+
+  async down(db) {
+    // No lower version for this migration
+  },
+}

studio-api/components/MongoMigration/version/1.6.2/version.js

@@ -0,0 +1,20 @@
+const debug = require("debug")(
+  `linto:components:MongoMigration:controllers:version:1.5.6:version`,
+)
+
+const previous_version = "1.6.1"
+const version = "1.6.2"
+
+module.exports = {
+  async up(db) {
+    return db
+      .collection("version")
+      .updateMany({}, { $set: { version: version } })
+  },
+
+  async down(db) {
+    return db
+      .collection("version")
+      .updateMany({}, { $set: { version: previous_version } })
+  },
+}