fix(recording): Stop broken recording backend

nickvergessen · nickvergessen · commit cd5cce036edd · 2024-05-16T11:37:02.000+02:00
Signed-off-by: Joas Schilling &lt;coding@schilljs.com&gt;
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
@@ -280,6 +280,7 @@ protected function pageHandler(string $token = '', string $callUser = '', string
 	#[NoCSRFRequired]
 	#[PublicPage]
 	#[BruteForceProtection(action: 'talkRoomToken')]
+	#[BruteForceProtection(action: 'talkRecordingStatus')]
 	public function recording(string $token): Response {
 		try {
 			$room = $this->manager->getRoomByToken($token);
@@ -291,6 +292,13 @@ public function recording(string $token): Response {
 			return $response;
 		}
 
+		if ($room->getCallRecording() === Room::RECORDING_NONE) {
+			$response = new NotFoundResponse();
+			$this->logger->debug('Recording "' . ($this->userId ?? 'ANONYMOUS') . '" throttled for accessing "' . $token . '"', ['app' => 'spreed-bfp']);
+			$response->throttle(['token' => $token, 'action' => 'talkRecordingStatus']);
+			return $response;
+		}
+
 		if (class_exists(LoadViewer::class)) {
 			$this->eventDispatcher->dispatchTyped(new LoadViewer());
 		}
diff --git a/lib/Controller/RecordingController.php b/lib/Controller/RecordingController.php
@@ -161,6 +161,7 @@ protected function getInputStream(): string {
 	#[OpenAPI(scope: 'backend-recording')]
 	#[PublicPage]
 	#[BruteForceProtection(action: 'talkRecordingSecret')]
+	#[BruteForceProtection(action: 'talkRecordingStatus')]
 	public function backend(): DataResponse {
 		$json = $this->getInputStream();
 		if (!$this->validateBackendRequest($json)) {
@@ -218,6 +219,22 @@ private function backendStarted(array $started): DataResponse {
 			], Http::STATUS_NOT_FOUND);
 		}
 
+		if ($room->getCallRecording() === Room::RECORDING_NONE) {
+			$this->logger->error('Recording backend tried to start recording in room {token}, but it was not requested by a moderator.', [
+				'token' => $token,
+				'app' => 'spreed-recording',
+			]);
+			$response = new DataResponse([
+				'type' => 'error',
+				'error' => [
+					'code' => 'no_such_room',
+					'message' => 'Room not found.',
+				],
+			], Http::STATUS_NOT_FOUND);
+			$response->throttle(['action' => 'talkRecordingStatus']);
+			return $response;
+		}
+
 		try {
 			$participant = $this->participantService->getParticipantByActor($room, $actor['type'], $actor['id']);
 		} catch (ParticipantNotFoundException $e) {
