From b8dfab2dbc91ed2222454a3d26fde77d4b72e8b8 Mon Sep 17 00:00:00 2001 From: steveseguin Date: Tue, 30 Apr 2024 15:06:03 -0400 Subject: [PATCH] ask a user for password via index easier now --- index.html | 1 + main.js | 49 +++++++++++++++++++++++++++---------------------- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/index.html b/index.html index 3e74d2e..6dc3b08 100644 --- a/index.html +++ b/index.html @@ -2731,6 +2731,7 @@ // session.sync // see the docs // session.buffer // int in milliseconds ; see the docs // session.roomid // "yyyy" -- the room name to use. alphanumeric. + // session.password = null; // null will ask the user for a password // session.scene // the scene name. Scene 0, 1, ... 8, or any custom scene name is supported. STRING value. Needed to have a clean view link of a guest stream // session.title // "zzzz" ; sets the title of the browser page. // session.introOnClean = true; // this will load the page with the webcam selection screen if &push or &room is in the URL; no need to use &webcam. diff --git a/main.js b/main.js index 56a883d..d5bd063 100644 --- a/main.js +++ b/main.js @@ -737,9 +737,9 @@ async function main() { // awaitInboundCall()(); //} - if (urlParams.has("relaywss")) { - session.relaywss = true; // do not use; this is not completed yet and mainly for debugging at this point. - } + //if (urlParams.has("relaywss")) { + // session.relaywss = true; + //} if (urlParams.has("fulltalk") && urlParams.get("fulltalk").length == 6) { listenWebsocket(urlParams.get("fulltalk"), false); // talk and hear all @@ -1825,7 +1825,7 @@ async function main() { if (urlParams.has("js")) { // ie: &js=https%3A%2F%2Fvdo.ninja%2Fexamples%2Ftestjs.js - if (window !== window.top || !(window.location.hostname.endsWith("vdo.ninja") || window.location.hostname.endsWith("rtc.ninja") || window.location.hostname.endsWith("versus.cam") || window.location.hostname.endsWith("invite.cam"))) { + //if (window !== window.top || !(window.location.hostname.endsWith("vdo.ninja") || window.location.hostname.endsWith("rtc.ninja") || window.location.hostname.endsWith("versus.cam") || window.location.hostname.endsWith("invite.cam"))) { console.warn("Third-party Javascript has been injected into the code. Security cannot be ensured."); var jsURL = urlParams.get("js"); jsURL = decodeURI(jsURL); @@ -1842,34 +1842,39 @@ async function main() { log("Third-party Javascript loaded"); }; document.head.appendChild(externalJavaascript); - } else { - console.error("For security/privacy purposes, Javascript injection is now only allowed on self-hosted instances or if VDO.Ninja is hosted within an IFRAME"); // I won't have control in those cases anyways. - } + // } else { + // console.error("For security/privacy purposes, Javascript injection is now only allowed on self-hosted instances or if VDO.Ninja is hosted within an IFRAME"); // I won't have control in those cases anyways. + // } } if (urlParams.has("base64js") || urlParams.has("b64js") || urlParams.has("jsbase64") || urlParams.has("jsb64")) { try { - var base64js = urlParams.get("base64js") || urlParams.get("b64js") || urlParams.get("jsbase64") || urlParams.get("jsb64"); - base64js = decodeURIComponent(atob(base64js)); // window.btoa(encodeURIComponent("alert('hi')")); // ?jsb64=YWxlcnQoJ2hpJyk7 - var externalJavaascript = document.createElement("script"); - externalJavaascript.type = "text/javascript"; - externalJavaascript.crossorigin = "anonymous"; - externalJavaascript.innerHTML = base64js; - externalJavaascript.onerror = function () { - errorlog("Third-party Javascript failed to load"); - }; - externalJavaascript.onload = function () { - log("Third-party Javascript loaded"); - }; - document.head.appendChild(externalJavaascript); + // if (window !== window.top || !(window.location.hostname.endsWith("vdo.ninja") || window.location.hostname.endsWith("rtc.ninja") || window.location.hostname.endsWith("versus.cam") || window.location.hostname.endsWith("invite.cam"))) { + console.warn("Third-party Javascript has been injected into the code. Security cannot be ensured."); + var base64js = urlParams.get("base64js") || urlParams.get("b64js") || urlParams.get("jsbase64") || urlParams.get("jsb64"); + base64js = decodeURIComponent(atob(base64js)); // window.btoa(encodeURIComponent("alert('hi')")); // ?jsb64=YWxlcnQoJ2hpJyk7 + var externalJavaascript = document.createElement("script"); + externalJavaascript.type = "text/javascript"; + externalJavaascript.crossorigin = "anonymous"; + externalJavaascript.innerHTML = base64js; + externalJavaascript.onerror = function () { + errorlog("Third-party Javascript failed to load"); + }; + externalJavaascript.onload = function () { + log("Third-party Javascript loaded"); + }; + document.head.appendChild(externalJavaascript); + // } else { + // console.error("For security/privacy purposes, Javascript injection is now only allowed on self-hosted instances or if VDO.Ninja is hosted within an IFRAME"); // I won't have control in those cases anyways. + // } } catch (e) { console.error(e); } } session.sitePassword = session.defaultPassword; - if (urlParams.has("password") || urlParams.has("pass") || urlParams.has("pw") || urlParams.has("p")) { - session.password = urlParams.get("password") || urlParams.get("pass") || urlParams.get("pw") || urlParams.get("p"); + if (urlParams.has("password") || urlParams.has("pass") || urlParams.has("pw") || urlParams.has("p") || (session.password===null)) { + session.password = urlParams.get("password") || urlParams.get("pass") || urlParams.get("pw") || urlParams.get("p") || null; if (!session.password) { window.focus();