Merge branch 'release-0.23'

Conflicts:
	.jshint

Author: longsleep

.jshint

@@ -1,10 +1,27 @@
 {
-	"smarttabs": true,
-	"onecase": true,
+	"asi": true,
+	"bitwise": false,
+	"browser": true,
+	"camelcase": false, // Disabled for now.
 	"curly": true,
 	"forin": true,
-	"trailing": true,
-	"asi": true,
+	"immed": true,
+	"latedef": true,
 	"maxlen": 1000,
-	"quotmark": false
+	"newcap": true,
+	"noarg": true,
+	"noempty": false, // Disabled for now.
+	"nonew": true,
+	"onecase": true,
+	"predef": [
+		"define",
+		"require",
+		"console"
+	],
+	"quotmark": false,
+	"smarttabs": true,
+	"trailing": true,
+	"undef": true,
+	"unused": false, // Disabled for now
+	"globalstrict": true
 }

debian/changelog

@@ -1,3 +1,31 @@
+spreed-webrtc-server (0.23.0) precise; urgency=low
+
+  * Added support for renegotation in web client (disabled).
+  * Rooms were refactored to be able to confirm joins.
+  * Added support to PIN lock rooms (server side).
+  * Updated javascript to follow now jshin rules.
+  * Updated plugin API to make the main App object available.
+  * Refactored server side configuration loading.
+  * Improved usability of image upload positioning and scaling.
+  * Stream lined third party javascript to reduce size.
+  * Javascript is now using 'strict' mode everywhere.
+  * Added suppport for Content Security Policy (CSP).
+  * Added Javascript source mappings where missing.
+  * Fixed bye handling in conferences to avoid endless dial tones.
+  * Added support for audio and/or video only connections when
+    the corresponding device is not there.
+  * Several icons were changed for usability reasons.
+  * Improved dialogs and texts for usability reasons.
+  * Room bar is now automatically visible when not in a call.
+  * Updated auto focus behavior of room select forms.
+  * Implemented a room history on welcome screen.
+  * Added a sign in button to the top bar.
+  * Changed order of settings form for usability reasons.
+  * Missed call toast now always is shown.
+  * Improved toast notification styles.
+
+ -- Simon Eisenmann <[email protected]>  Tue, 09 Dec 2014 15:45:52 +0100
+
 spreed-webrtc-server (0.22.8) precise; urgency=low
 
   * Removed opacity transition from chat pane to avoid compositing issues.

doc/CHANNELING-API.txt

@@ -87,6 +87,16 @@ Sending vs receiving document data encapsulation
     A    : Session attestation token. Only available for incoming data
            created by other sessions (optional).
 
+Error returns
+
+  Calls providing an Iid which fail will receive an Error document with the
+  following format:
+
+    {
+        "Type": "Error",
+        "Code": "value_identifying_error",
+        "Message": "A description of the error condition"
+    }
 
 Special purpose documents for channling
 
@@ -147,18 +157,115 @@ Special purpose documents for channling
         Hello: {
             Version: "1.0.0",
             Ua: "Test client 1.0",
-            Id: ""
+            Id: "",
+            "Credentials": {...}
         }
     }
 
-    Hello document is to be send by the client after connection was
-    established.
+    Hello document is to be send by the client after connection was established.
+    If an Iid is provided, a Welcome document will be returned if joining the
+    room with the given Id succeeds. Otherwise an Error document with one of the
+    error codes listed below will be returned. Note that any previous room will
+    have been left regardless of whether the response is successful.
 
     Keys under Hello:
 
-      Version : Channel protocol version (string).
-      Ua      : User agent description (string).
-      Id      : Room id. The default Room has the empty string Id ("") (string).
+      Version     : Channel protocol version (string).
+      Ua          : User agent description (string).
+      Id          : Room id. The default Room has the empty string Id ("") (string).
+      Credentials : An optional RoomCredentials document containing room
+                    authentication information. See the Room document for
+                    information on how such credentials should be handled after
+                    a Welcome is received for the requested room. Note that
+                    providing credentials while joining an existing room which
+                    does not require them is an error, such requests should be
+                    retried without credentials. In contrast, joining a
+                    non-existent room with credentials will create the room
+                    using the given credentials. Note that an error with a code
+                    of authorization_not_required or invalid_credentials shall
+                    cause the client to discard any cached room credentials.
+
+    Error codes:
+
+      default_room_disabled      : Joining the room "" is not allowed by this
+                                   server.
+      authorization_required     : Joining the given room requires credentials.
+      authorization_not_required : No credentials should be provided for this
+                                   room.
+      invalid_credentials        : The provided credentials are incorrect.
+      room_join_requires_account : Server configuration requires an
+                                   authenticated user account to join this room.
+
+  Welcome
+
+    {
+        "Type": "Welcome",
+        "Welcome": {
+            "Room": {...},
+            "Users": []
+        }
+    }
+
+    Welcome is sent in reply to a successful Hello, and contains all data
+    needed to set up the initial room connection.
+
+    Keys under Welcome:
+
+      Room:  Contains the current state of the room, see the description of
+             the Room document for more details.
+      Users: Contains the user list for the room, see the description of
+             the Users document for more details.
+
+  RoomCredentials
+
+    {
+        "PIN": "my-super-sekrit-code"
+    }
+
+    RoomCredentials contains room authentication information, and is used as a
+    child document when joining or updating a room.
+
+    Keys under RoomCredentials:
+
+      PIN : A password string which may be used by clients to authenticate
+            themselves. Note that acceptable characters for this field may be
+            constrained by the server based upon its configuration.
+
+  Room
+
+    {
+        "Type": "Room",
+        "Name": "room-name-here"
+        "Credentials": {...}
+    }
+
+    Clients may send a Room document in order to update all room properties
+    to the values given in the document. The room name must be given and match
+    the currently joined room. Successful updates will receive an updated Room
+    document as a reply, or an Error document if the update fails.
+
+    Addtionally, the Room document is included in responses to initial joins
+    and broadcast when room properties are updated.
+
+    Keys under Room:
+
+      Name :        The human readable ID of the room, currently must be globally
+                    unique.
+      Credentials : Optional authentication information for the room, see the
+                    documentation of the RoomCredentials document for more
+                    details. This field shall only be present when sending or
+                    receiving an update which alters room authentication data.
+                    It should only be inferred that authentication is not
+                    required if joining a room succeeds without credentials and
+                    no updates containing credentials has been received.
+                    Authentication may be disabled by sending a Room document
+                    containing a RoomCredentials document with only empty
+                    fields. Clients shall discard any cached authentication
+                    information upon receiving such an update.
+
+    Error codes:
+
+      not_in_room : Clients may only update rooms which they have joined.
 
 Peer connection documents
 

doc/plugin-example.js

@@ -18,17 +18,24 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
+
+"use strict";
 define(['angular'], function(angular) {
 
 	return {
 
-		// Angular modules - either overwrite existing modules or add new
-		// ones. All app dependencies are already loaded so modules defined
-		// here will be used instead of the default ones.
-		// To load add a new module to the angular app, append the name of
-		// the module to the modules array.
-		// Defining a module in a plugin is optional.
-		module: function(modules) {
+		/**
+		 * Modules function for this plugin. Use it to add Angular modules.
+		 * either overwrite existing modules or add new ones. All app dependencies
+		 * are already loaded so modules defined here will be used instead of
+		 * the default ones. Defining the module function on a plugin is optional.
+		 *
+		 * @param {array} modules - To add a new module to the angular app, append
+		 *                          the name of the module to the modules array.
+		 * @param {Object} launcher - The launcher object containg $q and $http.
+		 *
+		 */
+		module: function(modules, launcher) {
 
 			// Create and add a new module.
 			// See http://docs.angularjs.org/guide/module for details on Angular.
@@ -61,12 +68,18 @@ define(['angular'], function(angular) {
 
 		},
 
-		// Initialize function for this module.
-		// Add your angular stuff here. The app is the base Angular module for
-		// the web application. The plugin initialize function is called after
-		// the app initialize function.
-		// Defining the initialize function is optional.
-		initialize: function(app) {
+		/**
+		 * Initialize function for this plugin. Use this function to add your
+		 * your Angular stuff to the app. The plugin initializse function is
+		 * called after the app initialize function.
+		 *
+		 * @param {App} app - The base Angular module for the web application.
+		 * @param {Object} launcher - The launcher object containg $q and $http.
+		 * @returns {($q.promise|null)} - Return a $q.promise when you need the
+		 *                                launcher to wait.
+		 *
+		 */
+		initialize: function(app, launcher) {
 
 			console.log("Initializing plugin-example ...");
 

doc/plugin-test-authorize.js

@@ -18,6 +18,8 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
+
+"use strict";
 define(['angular', 'sjcl'], function(angular, sjcl) {
 
 	return {

html/head.html

@@ -5,6 +5,7 @@
 <meta name="mobile-web-app-capable" content="yes">
 <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
 <base href="<%.Cfg.B%>">
+<%if.Csp%><link rel="stylesheet" type="text/css" href="<%.Cfg.S%>/css/csp.min.css"><%end%>
 <link rel="stylesheet" type="text/css" href="<%.Cfg.S%>/css/bootstrap.min.css">
 <link rel="stylesheet" type="text/css" href="<%.Cfg.S%>/css/font-awesome.min.css">
 <link rel="stylesheet" type="text/css" href="<%.Cfg.S%>/css/main.min.css">

html/main.html

@@ -1,5 +1,5 @@
 <%define "mainPage"%><!doctype html>
-<html class="no-js">
+<html class="no-js"<%if.Csp%> ng-csp<%end%>>
 <head>
 <%template "head" .%>
 </head>
@@ -26,7 +26,7 @@
                     <button title="{{_('Share a file as presentation')}}" class="btn aenablebtn btn-presentation" ng-show="status=='connected' || status=='conference' || layout.presentation" ng-model="layout.presentation" btn-checkbox><i class="fa fa-folder-open-o"></i></button>
                     <button title="{{_('Share your screen')}}" class="btn aenablebtn btn-screenshare" ng-disabled="!supported.screensharing" ng-show="status=='connected' || status=='conference' || layout.screenshare" ng-model="layout.screenshare" btn-checkbox><i class="fa fa-desktop"></i></button>
                     <button title="{{_('Chat')}}" class="btn btn-chat" ng-class="{messagesunseen: chatMessagesUnseen>0}" ng-model="layout.chat" btn-checkbox btn-checkbox-true="true" btn-checkbox-false="false"><i class="fa fa-comments-o"></i><span class="badge" ng-show="chatMessagesUnseen" ng-bind="chatMessagesUnseen"></span></button>
-                    <button ng-show="myid && myuserid" title="{{_('Contacts')}}" class="btn btn-contacts" ng-click="openContactsManager()"><i class="fa fa-bookmark-o"></i></button>
+                    <button ng-show="myid && myuserid" title="{{_('Contacts')}}" class="btn btn-contacts" ng-click="openContactsManager()"><i class="fa fa-sitemap"></i></button>
                     <button title="{{_('Mute microphone')}}" class="btn btn-mutemicrophone amutebtn" ng-model="microphoneMute" btn-checkbox btn-checkbox-true="true" btn-checkbox-false="false"><i class="fa"></i></button>
                     <button title="{{_('Turn camera off')}}" class="btn btn-mutecamera amutebtn" ng-model="cameraMute" btn-checkbox btn-checkbox-true="true" btn-checkbox-false="false"><i class="fa"></i></button>
                     <button title="{{_('Settings')}}" class="btn btn-settings" ng-model="layout.settings" btn-checkbox btn-checkbox-true="true" btn-checkbox-false="false"><i class="fa fa-cog"></i></button>

server.conf.in

@@ -78,6 +78,9 @@ encryptionSecret = tne-default-encryption-block-key
 ; all users will join this room if enabled. If it is disabled then a room join
 ; form will be shown instead.
 ;defaultRoomEnabled = true
+; Whether a user account is required to create a room. This only has an effect
+; if user accounts are enabled. Optional, defaults to false.
+;authorizeRoomCreation = false
 ; Server token is a public random string which is used to enhance security of
 ; server generated security tokens. When the serverToken is changed all existing
 ; nonces become invalid. Use 32 or 64 characters (eg. 16 or 32 byte hex).
@@ -98,6 +101,18 @@ serverRealm = local
 ; a front end webserver. Check the doc folder for more info about plugins and
 ; examples.
 ;plugin = extra/static/myplugin.js
+; Content-Security-Policy HTTP response header value.
+; Spreed WebRTC requires inline styles, WebSocket connection to itself and
+; data: URL for images.
+; The currently recommended CSP is:
+;   default-src 'self';
+;   style-src 'self' 'unsafe-inline';
+;   img-src 'self' data:;
+;   connect-src 'self' wss://server:port/ws;
+;contentSecurityPolicy =
+; Content-Security-Policy-Report-Only HTTP response header value. Use this
+; to test your CSP before putting it into production.
+;contentSecurityPolicyReportOnly =
 
 [log]
 ;logfile = /var/log/spreed-webrtc-server.log

src/app/spreed-webrtc-server/buffercache.go

@@ -160,3 +160,21 @@ func (cache *bufferCache) New() Buffer {
 func (cache *bufferCache) Wrap(data []byte) Buffer {
 	return &directBuffer{refcnt: 1, cache: cache, buf: bytes.NewBuffer(data)}
 }
+
+func readAll(dest Buffer, r io.Reader) error {
+	var err error
+	defer func() {
+		e := recover()
+		if e == nil {
+			return
+		}
+		if panicErr, ok := e.(error); ok && panicErr == bytes.ErrTooLarge {
+			err = panicErr
+		} else {
+			panic(e)
+		}
+	}()
+
+	_, err = dest.ReadFrom(r)
+	return err
+}

src/app/spreed-webrtc-server/channeling.go

@@ -21,10 +21,41 @@
 
 package main
 
+type DataError struct {
+	Type    string
+	Code    string
+	Message string
+}
+
+func NewDataError(code, message string) error {
+	return &DataError{"Error", code, message}
+}
+
+func (err *DataError) Error() string {
+	return err.Message
+}
+
+type DataRoomCredentials struct {
+	PIN string
+}
+
 type DataHello struct {
-	Version string
-	Ua      string
-	Id      string
+	Version     string
+	Ua          string
+	Id          string
+	Credentials *DataRoomCredentials
+}
+
+type DataWelcome struct {
+	Type  string
+	Room  *DataRoom
+	Users []*DataSession
+}
+
+type DataRoom struct {
+	Type        string
+	Name        string
+	Credentials *DataRoomCredentials
 }
 
 type DataOffer struct {
@@ -159,6 +190,7 @@ type DataIncoming struct {
 	Alive          *DataAlive
 	Authentication *DataAuthentication
 	Sessions       *DataSessions
+	Room           *DataRoom
 	Iid            string `json:",omitempty"`
 }