Mercurial > libervia-web
comparison libervia/web/server/restricted_bridge.py @ 1600:0a4433a343a3
browser (calls): implement WebRTC file sharing:
- Send file through WebRTC when the new `file` button is used during a call.
- Show a confirmation dialog and download file sent by WebRTC.
rel 442
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sat, 06 Apr 2024 13:06:17 +0200 |
| parents | 7941444c1671 |
| children | 6feac4a25e60 |
comparison
equal
deleted
inserted
replaced
| 1599:197350e8bf3b | 1600:0a4433a343a3 |
|---|---|
| 14 # GNU Affero General Public License for more details. | 14 # GNU Affero General Public License for more details. |
| 15 | 15 |
| 16 # You should have received a copy of the GNU Affero General Public License | 16 # You should have received a copy of the GNU Affero General Public License |
| 17 # along with this program. If not, see <http://www.gnu.org/licenses/>. | 17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 18 | 18 |
| 19 from libervia.backend.core import exceptions | |
| 20 from libervia.backend.core.log import getLogger | |
| 19 from libervia.backend.tools.common import data_format | 21 from libervia.backend.tools.common import data_format |
| 20 from libervia.backend.core import exceptions | 22 |
| 21 from libervia.web.server.constants import Const as C | 23 from libervia.web.server.constants import Const as C |
| 24 | |
| 25 | |
| 26 log = getLogger(__name__) | |
| 22 | 27 |
| 23 | 28 |
| 24 class RestrictedBridge: | 29 class RestrictedBridge: |
| 25 """bridge with limited access, which can be used in browser | 30 """bridge with limited access, which can be used in browser |
| 26 | 31 |
| 91 | 96 |
| 92 async def external_disco_get(self, entity, profile): | 97 async def external_disco_get(self, entity, profile): |
| 93 self.no_service_profile(profile) | 98 self.no_service_profile(profile) |
| 94 return await self.host.bridge_call( | 99 return await self.host.bridge_call( |
| 95 "external_disco_get", entity, profile) | 100 "external_disco_get", entity, profile) |
| 101 | |
| 102 async def file_jingle_send( | |
| 103 self, | |
| 104 peer_jid: str, | |
| 105 filepath: str, | |
| 106 name: str, | |
| 107 file_desc: str, | |
| 108 extra_s: str, | |
| 109 profile: str | |
| 110 ) -> str: | |
| 111 self.no_service_profile(profile) | |
| 112 if filepath: | |
| 113 # The file sending must be done P2P from the browser directly (the file is | |
| 114 # from end-user machine), and its data must be set in "extra". | |
| 115 # "filepath" must NOT be used in this case, as it would link a local file | |
| 116 # (i.e. from the backend machine), which is an obvious security issue. | |
| 117 log.warning( | |
| 118 f'"filepath" user by {profile!r} in file_jingle_send, this is not ' | |
| 119 "allowed, hack attempt?" | |
| 120 ) | |
| 121 raise exceptions.PermissionError( | |
| 122 "Using a filepath is not allowed." | |
| 123 ) | |
| 124 return await self.host.bridge_call( | |
| 125 "file_jingle_send", peer_jid, "", name, file_desc, extra_s, profile | |
| 126 ) | |
| 96 | 127 |
| 97 async def history_get( | 128 async def history_get( |
| 98 self, | 129 self, |
| 99 from_jid: str, | 130 from_jid: str, |
| 100 to_jid: str, | 131 to_jid: str, |