Merge branch 'master' into revert-794-install-quic

Author: jianjunz

source/portal/index.js

@@ -26,12 +26,13 @@ config.portal.ssl = config.portal.ssl || false;
 config.portal.force_tls_v12 = config.portal.force_tls_v12 || false;
 config.portal.reconnection_ticket_lifetime = config.portal.reconnection_ticket_lifetime || 600;
 config.portal.reconnection_timeout = Number.isInteger(config.portal.reconnection_timeout) ? config.portal.reconnection_timeout : 60;
+config.portal.cors = config.portal.cors || [];
 
 config.cluster = config.cluster || {};
 config.cluster.name = config.cluster.name || 'owt-cluster';
 config.cluster.join_retry = config.cluster.join_retry || 60;
 config.cluster.report_load_interval = config.cluster.report_load_interval || 1000;
-config.cluster.max_load = config.cluster.max_laod || 0.85;
+config.cluster.max_load = config.cluster.max_load || 0.85;
 config.cluster.network_max_scale = config.cluster.network_max_scale || 1000;
 
 config.capacity = config.capacity || {};
@@ -193,6 +194,7 @@ var startServers = function(id, tokenKey) {
                                 selfRpcId: id},
                                 rpcReq);
   socketio_server = require('./socketIOServer')({port: config.portal.port,
+                                                 cors: config.portal.cors,
                                                  ssl: config.portal.ssl,
                                                  forceTlsv12: config.portal.force_tls_v12,
                                                  keystorePath: config.portal.keystorePath,

source/portal/portal.toml

@@ -16,6 +16,8 @@ force_tls_v12 = false #default: false, tls1 and tls1.1 will not be allowed if se
 reconnection_ticket_lifetime = 600 #default: 600
 # Client will leave conference if it cannot reconnect to Socket.IO server after |reconnection_timeout| seconds.
 reconnection_timeout = 60 #default: 60
+#default: *, allow cross origin request share list. Add http(s)://web-app-server-ip-or-hostname:port to cors list in product deployment, example: ["http://web-app-server-ip-or-hostname:3001", "https://web-app-server-ip-or-hostname:3004"].
+cors = ["*"]
 
 
 [cluster]

source/portal/socketIOServer.js

@@ -352,14 +352,21 @@ var SocketIOServer = function(spec, portal, observer) {
     sioOptions.pingTimeout = spec.pingTimeout * 1000;
   }
 
-  var startInsecure = function(port) {
+  var startInsecure = function(port, cors) {
     var server = require('http').createServer().listen(port);
     io = require('socket.io').listen(server, sioOptions);
+    io.origins((origin, callback) => {
+      if (cors.indexOf(origin) < 0 && cors.indexOf('*') < 0) {
+        return callback('origin not allowed', false);
+      }
+
+      callback(null, true);
+    });
     run();
     return Promise.resolve('ok');
   };
 
-  var startSecured = function(port, keystorePath, forceTlsv12) {
+  var startSecured = function(port, cors, keystorePath, forceTlsv12) {
     return new Promise(function(resolve, reject) {
       var cipher = require('./cipher');
       var keystore = path.resolve(path.dirname(keystorePath), cipher.kstore);
@@ -372,6 +379,12 @@ var SocketIOServer = function(spec, portal, observer) {
           }
           var server = require('https').createServer(option).listen(port);
           io = require('socket.io').listen(server, sioOptions);
+          io.origins((origin, callback) => {
+            if (cors.indexOf(origin) < 0 && cors.indexOf('*') < 0) {
+              return callback('origin not allowed', false);
+            }
+            callback(null, true);
+          });
           run();
           resolve('ok');
         } else {
@@ -417,9 +430,9 @@ var SocketIOServer = function(spec, portal, observer) {
 
   that.start = function() {
     if (!spec.ssl) {
-      return startInsecure(spec.port);
+      return startInsecure(spec.port, spec.cors);
     } else {
-      return startSecured(spec.port, spec.keystorePath, spec.forceTlsv12);
+      return startSecured(spec.port, spec.cors, spec.keystorePath, spec.forceTlsv12);
     }
   };