bigbluebutton · antobinary · Mar 16, 2021 · Mar 16, 2021
diff --git a/bigbluebutton-html5/imports/api/annotations/server/methods/clearWhiteboard.js b/bigbluebutton-html5/imports/api/annotations/server/methods/clearWhiteboard.js
@@ -10,6 +10,8 @@ export default function clearWhiteboard(whiteboardId) {
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(whiteboardId, String);
 
   const payload = {

diff --git a/bigbluebutton-html5/imports/api/annotations/server/methods/sendAnnotation.js b/bigbluebutton-html5/imports/api/annotations/server/methods/sendAnnotation.js
@@ -1,8 +1,12 @@
+import { check } from 'meteor/check';
 import sendAnnotationHelper from './sendAnnotationHelper';
 import { extractCredentials } from '/imports/api/common/server/helpers';
 
 export default function sendAnnotation(annotation) {
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   sendAnnotationHelper(annotation, meetingId, requesterUserId);
 }
diff --git a/bigbluebutton-html5/imports/api/annotations/server/methods/sendBulkAnnotations.js b/bigbluebutton-html5/imports/api/annotations/server/methods/sendBulkAnnotations.js
@@ -1,8 +1,12 @@
 import { extractCredentials } from '/imports/api/common/server/helpers';
 import sendAnnotationHelper from './sendAnnotationHelper';
+import { check } from 'meteor/check';
 
 export default function sendBulkAnnotations(payload) {
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   payload.forEach(annotation => sendAnnotationHelper(annotation, meetingId, requesterUserId));
 }
diff --git a/bigbluebutton-html5/imports/api/annotations/server/methods/undoAnnotation.js b/bigbluebutton-html5/imports/api/annotations/server/methods/undoAnnotation.js
@@ -10,6 +10,8 @@ export default function undoAnnotation(whiteboardId) {
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(whiteboardId, String);
 
   const payload = {

diff --git a/bigbluebutton-html5/imports/api/breakouts/server/methods/createBreakout.js b/bigbluebutton-html5/imports/api/breakouts/server/methods/createBreakout.js
@@ -2,6 +2,7 @@ import { Meteor } from 'meteor/meteor';
 import RedisPubSub from '/imports/startup/server/redis';
 import Logger from '/imports/startup/server/logger';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import { check } from 'meteor/check';
 
 export default function createBreakoutRoom(rooms, durationInMinutes, record = false) {
   const REDIS_CONFIG = Meteor.settings.private.redis;
@@ -12,6 +13,9 @@ export default function createBreakoutRoom(rooms, durationInMinutes, record = fa
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const eventName = 'CreateBreakoutRoomsCmdMsg';
   if (rooms.length > MAX_BREAKOUT_ROOMS) {
     Logger.info(`Attempt to create breakout rooms with invalid number of rooms in meeting id=${meetingId}`);

diff --git a/bigbluebutton-html5/imports/api/breakouts/server/methods/requestJoinURL.js b/bigbluebutton-html5/imports/api/breakouts/server/methods/requestJoinURL.js
@@ -1,13 +1,17 @@
 import { Meteor } from 'meteor/meteor';
 import RedisPubSub from '/imports/startup/server/redis';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import { check } from 'meteor/check';
 
 export default function requestJoinURL({ breakoutId, userId: userIdToInvite }) {
   const REDIS_CONFIG = Meteor.settings.private.redis;
   const CHANNEL = REDIS_CONFIG.channels.toAkkaApps;
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const userId = userIdToInvite || requesterUserId;
   const eventName = 'RequestBreakoutJoinURLReqMsg';
 

diff --git a/bigbluebutton-html5/imports/api/external-videos/server/methods/emitExternalVideoEvent.js b/bigbluebutton-html5/imports/api/external-videos/server/methods/emitExternalVideoEvent.js
@@ -11,26 +11,29 @@ export default function emitExternalVideoEvent(options) {
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const { status, playerStatus } = options;
 
-  const user = Users.findOne({ meetingId, userId: requesterUserId })
+  const user = Users.findOne({ meetingId, userId: requesterUserId });
 
   if (user && user.presenter) {
-
     check(status, String);
     check(playerStatus, {
       rate: Match.Maybe(Number),
       time: Match.Maybe(Number),
       state: Match.Maybe(Boolean),
     });
 
-    let rate = playerStatus.rate || 0;
-    let time = playerStatus.time || 0;
-    let state = playerStatus.state || 0;
-    const payload = { status, rate, time, state };
+    const rate = playerStatus.rate || 0;
+    const time = playerStatus.time || 0;
+    const state = playerStatus.state || 0;
+    const payload = {
+      status, rate, time, state,
+    };
 
     Logger.debug(`User id=${requesterUserId} sending ${EVENT_NAME} event:${state} for meeting ${meetingId}`);
     return RedisPubSub.publishUserMessage(CHANNEL, EVENT_NAME, meetingId, requesterUserId, payload);
-
   }
 }
diff --git a/...luebutton-html5/imports/api/group-chat-msg/server/methods/chatMessageBeforeJoinCounter.js b/...luebutton-html5/imports/api/group-chat-msg/server/methods/chatMessageBeforeJoinCounter.js
@@ -10,6 +10,10 @@ const PUBLIC_CHAT_TYPE = CHAT_CONFIG.type_public;
 
 export default function chatMessageBeforeJoinCounter() {
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
+
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const groupChats = GroupChat.find({
     $or: [
       { meetingId, access: PUBLIC_CHAT_TYPE },

diff --git a/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/clearPublicChatHistory.js b/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/clearPublicChatHistory.js
@@ -1,6 +1,7 @@
 import { Meteor } from 'meteor/meteor';
 import RedisPubSub from '/imports/startup/server/redis';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import { check } from 'meteor/check';
 
 export default function clearPublicChatHistory() {
   const REDIS_CONFIG = Meteor.settings.private.redis;
@@ -11,6 +12,9 @@ export default function clearPublicChatHistory() {
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const payload = {
     chatId: PUBLIC_GROUP_CHAT_ID,
   };

diff --git a/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/fetchMessagePerPage.js b/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/fetchMessagePerPage.js
@@ -1,14 +1,18 @@
 import { Meteor } from 'meteor/meteor';
-import GroupChat from '/imports/api/group-chat';
 import { GroupChatMsg } from '/imports/api/group-chat-msg';
 import Users from '/imports/api/users';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import { check } from 'meteor/check';
 
 const CHAT_CONFIG = Meteor.settings.public.chat;
 const ITENS_PER_PAGE = CHAT_CONFIG.itemsPerPage;
 
 export default function fetchMessagePerPage(chatId, page) {
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
+
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const User = Users.findOne({ userId: requesterUserId, meetingId });
 
   const messages = GroupChatMsg.find({ chatId, meetingId, timestamp: { $lt: User.authTokenValidatedTime } },

diff --git a/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/sendGroupChatMsg.js b/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/sendGroupChatMsg.js
@@ -34,6 +34,8 @@ export default function sendGroupChatMsg(chatId, message) {
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(message, Object);
 
   const parsedMessage = parseMessage(message.message);

diff --git a/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/startUserTyping.js b/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/startUserTyping.js
@@ -11,6 +11,8 @@ export default function startUserTyping(chatId) {
   const PUBLIC_GROUP_CHAT_ID = CHAT_CONFIG.public_group_id;
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(chatId, String);
 
   const payload = {

diff --git a/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/stopUserTyping.js b/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/stopUserTyping.js
@@ -1,10 +1,14 @@
 import { UsersTyping } from '/imports/api/group-chat-msg';
 import stopTyping from '../modifiers/stopTyping';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import { check } from 'meteor/check';
 
 export default function stopUserTyping() {
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const userTyping = UsersTyping.findOne({
     meetingId,
     userId: requesterUserId,

diff --git a/bigbluebutton-html5/imports/api/group-chat/server/methods/createGroupChat.js b/bigbluebutton-html5/imports/api/group-chat/server/methods/createGroupChat.js
@@ -11,6 +11,8 @@ export default function createGroupChat(receiver) {
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(receiver, Object);
 
   const payload = {

diff --git a/bigbluebutton-html5/imports/api/group-chat/server/methods/destroyGroupChat.js b/bigbluebutton-html5/imports/api/group-chat/server/methods/destroyGroupChat.js
@@ -1,12 +1,16 @@
 import { Meteor } from 'meteor/meteor';
 import RedisPubSub from '/imports/startup/server/redis';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import { check } from 'meteor/check';
 
 export default function destroyGroupChat() {
   const REDIS_CONFIG = Meteor.settings.private.redis;
   const CHANNEL = REDIS_CONFIG.channels.toAkkaApps;
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const eventName = 'DestroyGroupChatReqMsg';
 
   const payload = {

diff --git a/bigbluebutton-html5/imports/api/guest-users/server/methods/allowPendingUsers.js b/bigbluebutton-html5/imports/api/guest-users/server/methods/allowPendingUsers.js
@@ -11,6 +11,8 @@ const EVENT_NAME = 'GuestsWaitingApprovedMsg';
 export default function allowPendingUsers(guests, status) {
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(guests, Array);
   const mappedGuests = guests.map(guest => ({ status, guest: guest.intId }));
 

diff --git a/bigbluebutton-html5/imports/api/guest-users/server/methods/changeGuestPolicy.js b/bigbluebutton-html5/imports/api/guest-users/server/methods/changeGuestPolicy.js
@@ -11,6 +11,8 @@ const EVENT_NAME = 'SetGuestPolicyCmdMsg';
 export default function changeGuestPolicy(policyRule) {
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(policyRule, String);
 
   const payload = {

diff --git a/bigbluebutton-html5/imports/api/local-settings/server/methods/userChangedLocalSettings.js b/bigbluebutton-html5/imports/api/local-settings/server/methods/userChangedLocalSettings.js
@@ -10,6 +10,8 @@ export default function userChangedLocalSettings(settings) {
   if (!meetingId || !requesterUserId) return;
 
   check(settings, Object);
+  check(meetingId, String);
+  check(requesterUserId, String);
 
   const userLocalSettings = LocalSettings
     .findOne({ meetingId, userId: requesterUserId },

diff --git a/bigbluebutton-html5/imports/api/meetings/server/methods/clearRandomlySelectedUser.js b/bigbluebutton-html5/imports/api/meetings/server/methods/clearRandomlySelectedUser.js
@@ -1,10 +1,14 @@
 import Logger from '/imports/startup/server/logger';
 import Meetings from '/imports/api/meetings';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import { check } from 'meteor/check';
 
 export default function clearRandomlySelectedUser() {
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const selector = {
     meetingId,
   };

diff --git a/bigbluebutton-html5/imports/api/meetings/server/methods/endMeeting.js b/bigbluebutton-html5/imports/api/meetings/server/methods/endMeeting.js
@@ -2,13 +2,17 @@ import { Meteor } from 'meteor/meteor';
 import RedisPubSub from '/imports/startup/server/redis';
 import Logger from '/imports/startup/server/logger';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import { check } from 'meteor/check';
 
 export default function endMeeting() {
   const REDIS_CONFIG = Meteor.settings.private.redis;
   const CHANNEL = REDIS_CONFIG.channels.toAkkaApps;
   const EVENT_NAME = 'LogoutAndEndMeetingCmdMsg';
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const payload = {
     userId: requesterUserId,
   };

diff --git a/bigbluebutton-html5/imports/api/meetings/server/methods/toggleLockSettings.js b/bigbluebutton-html5/imports/api/meetings/server/methods/toggleLockSettings.js
@@ -9,6 +9,8 @@ export default function toggleLockSettings(lockSettingsProps) {
   const EVENT_NAME = 'ChangeLockSettingsInMeetingCmdMsg';
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(lockSettingsProps, {
     disableCam: Boolean,
     disableMic: Boolean,

diff --git a/bigbluebutton-html5/imports/api/meetings/server/methods/toggleRecording.js b/bigbluebutton-html5/imports/api/meetings/server/methods/toggleRecording.js
@@ -4,13 +4,18 @@ import RedisPubSub from '/imports/startup/server/redis';
 import { RecordMeetings } from '/imports/api/meetings';
 import Users from '/imports/api/users';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import { check } from 'meteor/check';
 
 export default function toggleRecording() {
   const REDIS_CONFIG = Meteor.settings.private.redis;
   const CHANNEL = REDIS_CONFIG.channels.toAkkaApps;
   const ROLE_MODERATOR = Meteor.settings.public.user.role_moderator;
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
+
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const EVENT_NAME = 'SetRecordingStatusCmdMsg';
 
   let meetingRecorded;

diff --git a/bigbluebutton-html5/imports/api/meetings/server/methods/toggleWebcamsOnlyForModerator.js b/bigbluebutton-html5/imports/api/meetings/server/methods/toggleWebcamsOnlyForModerator.js
@@ -9,6 +9,9 @@ export default function toggleWebcamsOnlyForModerator(webcamsOnlyForModerator) {
   const EVENT_NAME = 'UpdateWebcamsOnlyForModeratorCmdMsg';
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
+
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(webcamsOnlyForModerator, Boolean);
 
   const payload = {

diff --git a/bigbluebutton-html5/imports/api/meetings/server/methods/transferUser.js b/bigbluebutton-html5/imports/api/meetings/server/methods/transferUser.js
@@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor';
 import RedisPubSub from '/imports/startup/server/redis';
 import Logger from '/imports/startup/server/logger';
 import { extractCredentials } from '/imports/api/common/server/helpers';
-
+import { check } from 'meteor/check';
 
 export default function transferUser(fromMeetingId, toMeetingId) {
   const REDIS_CONFIG = Meteor.settings.private.redis;
@@ -11,6 +11,9 @@ export default function transferUser(fromMeetingId, toMeetingId) {
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const payload = {
     fromMeetingId,
     toMeetingId,

diff --git a/...luebutton-html5/imports/api/network-information/server/methods/userInstabilityDetected.js b/...luebutton-html5/imports/api/network-information/server/methods/userInstabilityDetected.js
@@ -5,6 +5,9 @@ import { extractCredentials } from '/imports/api/common/server/helpers';
 
 export default function userInstabilityDetected(sender) {
   const { meetingId, requesterUserId: receiver } = extractCredentials(this.userId);
+
+  check(meetingId, String);
+  check(receiver, String);
   check(sender, String);
 
   const payload = {

diff --git a/bigbluebutton-html5/imports/api/polls/server/methods/publishPoll.js b/bigbluebutton-html5/imports/api/polls/server/methods/publishPoll.js
@@ -2,13 +2,18 @@ import RedisPubSub from '/imports/startup/server/redis';
 import Polls from '/imports/api/polls';
 import Logger from '/imports/startup/server/logger';
 import { extractCredentials } from '/imports/api/common/server/helpers';
+import { check } from 'meteor/check';
 
 export default function publishPoll() {
   const REDIS_CONFIG = Meteor.settings.private.redis;
   const CHANNEL = REDIS_CONFIG.channels.toAkkaApps;
   const EVENT_NAME = 'ShowPollResultReqMsg';
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
+
+  check(meetingId, String);
+  check(requesterUserId, String);
+
   const poll = Polls.findOne({ meetingId }); // TODO--send pollid from client
   if (!poll) {
     Logger.error(`Attempted to publish inexisting poll for meetingId: ${meetingId}`);

diff --git a/bigbluebutton-html5/imports/api/polls/server/methods/publishTypedVote.js b/bigbluebutton-html5/imports/api/polls/server/methods/publishTypedVote.js
@@ -10,6 +10,8 @@ export default function publishTypedVote(id, pollAnswer) {
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(pollAnswer, String);
   check(id, String);
 

diff --git a/bigbluebutton-html5/imports/api/polls/server/methods/publishVote.js b/bigbluebutton-html5/imports/api/polls/server/methods/publishVote.js
@@ -10,6 +10,8 @@ export default function publishVote(pollId, pollAnswerId) {
   const EVENT_NAME = 'RespondToPollReqMsg';
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(pollAnswerId, Number);
   check(pollId, String);
 

diff --git a/bigbluebutton-html5/imports/api/polls/server/methods/startPoll.js b/bigbluebutton-html5/imports/api/polls/server/methods/startPoll.js
@@ -10,6 +10,8 @@ export default function startPoll(pollType, pollId, question, answers) {
 
   const { meetingId, requesterUserId } = extractCredentials(this.userId);
 
+  check(meetingId, String);
+  check(requesterUserId, String);
   check(pollId, String);
   check(pollType, String);