Is is possible to limit concurrent conference room a authenticated user can setup

I want to limit the number of conference room an authenticated user can run concurrently at any time so that a user can not setup and run many conferences at the same time. Is it possible?

1 Like

As authenticated users has the same jid, this is possible by implementing a custom prosody module.

It will be a limit for concurrent sessions on one shard. So if you have multiple shards you will need a central service of tracking those.

Here is how to access all current sessions https://github.com/jitsi/jitsi-meet/blob/5940f2890a786808ea6157e38b000c34475183d5/resources/prosody-plugins/mod_muc_size.lua#L192
Also this is an example that can be useful https://github.com/jitsi/jitsi-meet/blob/5940f2890a786808ea6157e38b000c34475183d5/resources/prosody-plugins/mod_filter_iq_rayo.lua#L107

I managed to look at the example and got the session limiter to work. However, I am wondering where do we add the code to display proper message to user. I saw customized message can be displayed based on xmpp event but do we add and trigger the event in the LUA script?

For example when max people is reached (the mod_muc_max_occupants module) hits lib-jitsi-meet here: https://github.com/jitsi/lib-jitsi-meet/blob/5466c9d08a2c262ebb5889e3bb0cbbe6f08dc0c3/modules/xmpp/ChatRoom.js#L1044 and that triggers the chain of events

Hi - would you be able to share your script with the community? Thanks!

Sure, below is my simple code. However, there is still a problem I am facing that prevent this code to work properly when I use secure domain with anonymous users.

I have a different post regarding the problem I am facing, but nobody replied yet :slightly_frowning_face: Secure domain login issue

When I enable secure domain with anonymous user, I see strange behavior (I am not sure whether it is normal behavior). I have an user logging into the secure domain with password. However, from the jocofo.log I saw the logged on user was straight away kicked out and replaced by an anonymous user in the same session. If I use the code below, I got a guest user ID instead of the user’s ID. And when the user (which I think it is the guest user) hang up the session, the session is still being held in the server. And other users are still able to join the room as guest user without authenticating. I have no way to restrict the concurrent session by using the code below.

Can anyone help?

local split_jid = require “util.jid”.split;
local it = require “util.iterators”;

local MAX_USERSESSIONS = module:get_option_number(“muc_max_usersessions”, -1);

local function check_for_max_usersessions(event)
local room, origin, stanza = event.room, event.origin, event.stanza;

local actor = stanza.attr.from;
local user, domain, res = split_jid(stanza.attr.from);
local session = event.origin;

if user == nil then
return
end

local count = 0;
local u;
for key, value in pairs(prosody.full_sessions) do
u = tostring(value[“username”]);
if u:lower() ~= “focus” then
if u == user then
module:log(“info”, “Found same user " … user … " in a room”);
count = count + 1;
end
end
end
module:log(“info”, "Total count for user " … user … " is " … count);

if count > MAX_USERSESSIONS then
module:log(“info”, "User " … u … " attempts to create session over limit of " … MAX_USERSESSIONS);
origin.send(st.error_reply(stanza, “cancel”, “service-unavailable”));
return true;
end
end

if MAX_USERSESSIONS > 0 then
module:hook(“muc-occupant-pre-join”, check_for_max_usersessions, 10);
end

Thank you for sharing first of all. :slight_smile:

I’ll give it a try on my end and let you know the behavior. So, your code is called muc_max_usersessions.lua and enabled in the Virtual Host? Anything else to it.

Thanks again.

Just enable it in the virtual host and may be set up the muc_max_usersessions variable and that’s it.

Hi @damencho ,

I am still having problem getting the authenticated user’s JID.

As I see from the jicofo log:

Jicofo 2020-04-01 08:14:32.313 INFO: [828] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Authentication session created for gohyc@meet.cloudplay.cloud SID: 8e2460d3-183a-4a84-810b-f53a20cf918b
Jicofo 2020-04-01 08:14:32.313 INFO: [828] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Authenticated jid: gohyc@meet.cloudplay.cloud/U53W9Oj0 with session: AuthSession[ID=gohyc@meet.cloudplay.cloud, JID=gohyc@meet.cloudplay.cloud/U53W9Oj0, SID=8e2460d3-183a-4a84-810b-f53a20cf918b, MUID=8bd11aed09589272b4ffe66cc38cbefc, LIFE_TM_SEC=0, R=ito1@conference.meet.cloudplay.cloud]@704906742
Jicofo 2020-04-01 08:14:32.313 INFO: [828] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Jid gohyc@meet.cloudplay.cloud/U53W9Oj0 authenticated as: gohyc@meet.cloudplay.cloud
Jicofo 2020-04-01 08:14:32.314 INFO: [828] org.jitsi.jicofo.FocusManager.log() Created new focus for ito1@conference.meet.cloudplay.cloud@auth.meet.cloudplay.cloud. Conference count 1,options:
Jicofo 2020-04-01 08:14:32.314 INFO: [828] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Lip-sync enabled in ito1@conference.meet.cloudplay.cloud
Jicofo 2020-04-01 08:14:32.314 INFO: [828] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Joining the room: ito1@conference.meet.cloudplay.cloud
Jicofo 2020-04-01 08:14:32.437 INFO: [831] org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().401 Focus request for room: ito1@conference.meet.cloudplay.cloud
Jicofo 2020-04-01 08:14:32.437 INFO: [831] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Authenticated jid: jsxlcyshsioj0gru@guest.meet.cloudplay.cloud/09FMBVAP with session: AuthSession[ID=gohyc@meet.cloudplay.cloud, JID=jsxlcyshsioj0gru@guest.meet.cloudplay.cloud/09FMBVAP, SID=8e2460d3-183a-4a84-810b-f53a20cf918b, MUID=8bd11aed09589272b4ffe66cc38cbefc, LIFE_TM_SEC=0, R=ito1@conference.meet.cloudplay.cloud]@704906742
Jicofo 2020-04-01 08:14:32.437 INFO: [831] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Jid jsxlcyshsioj0gru@guest.meet.cloudplay.cloud/09FMBVAP authenticated as: gohyc@meet.cloudplay.cloud
Jicofo 2020-04-01 08:14:32.469 INFO: [29] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@46e6f569 member=ChatMember[ito1@conference.meet.cloudplay.cloud/0f306129, jid: null]@1192510968]
Jicofo 2020-04-01 08:14:32.470 INFO: [29] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Member ito1@conference.meet.cloudplay.cloud/0f306129 joined.

After user gohyc has authenticated, I can see the JID is gohyc@meet.cloudplay.cloud. But it is soon replaced by a guest user with a generated JID in the same browser session.

And when I use the lua code, I can only get the guest username and not the username (gohyc) who created the room.

for key, value in pairs(prosody.full_sessions) do
module:log(“info”, "user: " … tostring(value[“username”]));
end

Any idea?

Hi @gohyc, thanks for the script, have you managed to link the username with guest jid?

I’ve installed your module and i am facing the same problem, here are the logs if helps in anything,

PROSODY:

Apr 07 21:50:15 conference.next.bsx.cloud:muc_domain_mapper warn Session filters applied
Apr 07 21:50:15 mod_bosh info New BOSH session, assigned it sid ‘73baea06-f848-410c-9a20-72ca23a2d389’
Apr 07 21:50:15 bosh73baea06-f848-410c-9a20-72ca23a2d389 info Authenticated as _i-q-dnwpdfxru6m@guest.next.bsx.cloud
Apr 07 21:50:21 conference.next.bsx.cloud:muc_domain_mapper warn Session filters applied
Apr 07 21:50:21 mod_bosh info New BOSH session, assigned it sid ‘ef91fed6-dd30-4149-a28c-8428f7615e22’
Apr 07 21:50:21 boshef91fed6-dd30-4149-a28c-8428f7615e22 info Authenticated as adriano@next.bsx.cloud
Apr 07 21:50:21 conference.next.bsx.cloud:muc_max_usersessions info Total count for user focus is 0
Apr 07 21:50:22 boshef91fed6-dd30-4149-a28c-8428f7615e22 info BOSH client disconnected: session close
Apr 07 21:50:22 conference.next.bsx.cloud:muc_max_usersessions info Found same user _i-q-dnwpdfxru6m in a room
Apr 07 21:50:22 conference.next.bsx.cloud:muc_max_usersessions info Total count for user _i-q-dnwpdfxru6m is 1

Jifoco

Jicofo 2020-04-07 21:50:15.941 INFO: [78] org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().401 Focus request for room: asd@conference.next.bsx.cloud
Jicofo 2020-04-07 21:50:21.345 INFO: [85] org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().401 Focus request for room: asd@conference.next.bsx.cloud
Jicofo 2020-04-07 21:50:22.000 INFO: [47] org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().401 Focus request for room: asd@conference.next.bsx.cloud
Jicofo 2020-04-07 21:50:22.000 INFO: [47] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Authentication session created for adriano@next.bsx.cloud SID: 6f6d2270-72f3-4531-bb90-83f53805448b
Jicofo 2020-04-07 21:50:22.001 INFO: [47] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Authenticated jid: adriano@next.bsx.cloud/KKSQ_Exm with session: AuthSession[ID=adriano@next.bsx.cloud, JID=adriano@next.bsx.cloud/KKSQ_Exm, SID=6f6d2270-72f3-4531-bb90-83f53805448b, MUID=3ca789559608b5cd7f7c4e91021f8198, LIFE_TM_SEC=0, R=asd@conference.next.bsx.cloud]@578454368
Jicofo 2020-04-07 21:50:22.001 INFO: [47] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Jid adriano@next.bsx.cloud/KKSQ_Exm authenticated as: adriano@next.bsx.cloud
Jicofo 2020-04-07 21:50:22.001 INFO: [47] org.jitsi.jicofo.FocusManager.log() Created new focus for asd@conference.next.bsx.cloud@auth.next.bsx.cloud. Conference count 1,options:
Jicofo 2020-04-07 21:50:22.002 INFO: [47] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Lip-sync enabled in asd@conference.next.bsx.cloud
Jicofo 2020-04-07 21:50:22.002 INFO: [47] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Joining the room: asd@conference.next.bsx.cloud
Jicofo 2020-04-07 21:50:22.126 INFO: [49] org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().401 Focus request for room: asd@conference.next.bsx.cloud
Jicofo 2020-04-07 21:50:22.126 INFO: [49] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Authenticated jid: _i-q-dnwpdfxru6m@guest.next.bsx.cloud/_OWAeEZs with session: AuthSession[ID=adriano@next.bsx.cloud, JID=_i-q-dnwpdfxru6m@guest.next.bsx.cloud/_OWAeEZs, SID=6f6d2270-72f3-4531-bb90-83f53805448b, MUID=3ca789559608b5cd7f7c4e91021f8198, LIFE_TM_SEC=0, R=asd@conference.next.bsx.cloud]@578454368
Jicofo 2020-04-07 21:50:22.127 INFO: [49] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Jid _i-q-dnwpdfxru6m@guest.next.bsx.cloud/_OWAeEZs authenticated as: adriano@next.bsx.cloud
Jicofo 2020-04-07 21:50:22.150 INFO: [30] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@36c34be1 member=ChatMember[asd@conference.next.bsx.cloud/47a2f4ba, jid: null]@696252031]
Jicofo 2020-04-07 21:50:22.153 INFO: [30] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Member asd@conference.next.bsx.cloud/47a2f4ba joined.

Thanks

I have no progress since then. I have run out of idea. And waiting for experts’ help also.

I will try to do more tests. I will update when I make any progress.

Disclaimer: I am by no means an Jitsi expert and the following is based on speculation more than established facts. So while parts of it may be wrong it hopefully helps to put you back on the right track…

What I think is happening is that authentication is merely used as a signal to jicofo (the user focus@…) that the authenticated user is granted permissions to create conferences. Jicofo then will create a new muc at the guest domain (no authentication) and the authenticated user joins the new muc using a randomized id on the guest domain. I dont know whether the authenticated session is terminated immediately or not and therefore cant tell if its possible to count these authenticated sessions. So you probably want to check whether the original user information is available in any event attribute Prosody fires when the room on the guest domain is created.

When I use secure domain without anonymous domain, the room is created and the authenticated user stays in the room and I am able to get the ID by the username of the session. However, when anonymous domain is used then it behaves differently. The authenticated user logout and come back in as guest.

I can see from the jicofo.log with the following line when the user join back in as guest:

Jicofo 2020-03-24 09:46:54.667 INFO: [97] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Authenticated jid: ibnvgtcwdohxknua@guest.jolo.cloudplay.cloud/slF4rllU with session: AuthSession[ID=gohyc@jolo.cloudplay.cloud, JID=ibnvgtcwdohxknua@guest.jolo.cloudplay.cloud/slF4rllU, SID=d2673ff1-38a8-444b-be3b-df492dea39ca, MUID=a914667a16fb77deb3250a19a1c60408, LIFE_TM_SEC=10, R=test1@conference.jolo.cloudplay.cloud]@107926734

There is something called AuthSession[ID=gohyc@jolo.cloudplay.cloud. How can we get this value from LUA? I have been reading documents and looking through sample codes but I couldn’t find anything.

Anyone?

In reference to your original issue that you posted, I had the same problem. I set up for secure authentication based on step 5 of the installation and I am using by own simplified version of max users without the whitelist. I think this may solve your problem -
In: /etc/jitsi/jicofo/sip-communicator.properties -
Add this line: org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true
After I added the line: After all users leave the room, room cannot be reused without going through authentication again for the first user. I hope this solves your problem if not I will look back to see what else I did.