Tutorial - Self hosted Conference Mapper API

Maybe new PHP versions are different. But Is your code not pretty volnurable to SQL injections? An attacker could take over the SQL Server and maybe further?

Example:
If I put in the “id” parameter
1’; SELECT more blabla; ’

I think you need to escape or clean the parameters first before usage.

@DSchaef Thanks for the feedback. I’m running inline intrusion detection, but one can never be too cautious.

If someone would like the modify the php and share , I’m sure others would like to see your suggestion implemented. Thanks :slight_smile:

Hi Craig,

first of all thanks for your involvement.
then I tried your method. It works but I have one issue. unfortunately a big one) :

I have no sound once the user connected.
where if I commit a call from the session to a phone I have sound in both directions.

May be it’s because of some changes I did but I’m not sure.

Here are the changes I did :

  • As I was already hosting some jitsi plugin files on it, I put the Jitsi_confPin.php on the freePBX server.
  • Instead of autoincrement the id in mysql I generate a 6 digit number in the php and insert it as id in mysql.

that’s all.

So as I say before :

  • I create a new session : OK
  • In the information panel I see the 6 digits number : OK
  • I call FreePBX extension and get access to a working IVR : OK
  • I enter the jitsi session with phone : OK
  • Can communicate in any direction : KO (But got sound in both direction if a call is commit from the conference)

Whereas If I go back to the legacy api : I have sound in both direction.

I can’t understand what’s happening. Any idea?

Sounds like a bad header. I had that problem numerous time as I was building my IVR.

Synopsis:
The IVR should be taking the curl result and setting it as the room header. if the curl result contains the right room name, then call connects. if the header contains the right room name + some extra erroneous characters, like white spaces or carriage returns, you’ll still connect but the headers being exchanged will cause issues. Symptom being no audio in the rtp stream.

If you’re using FreePBX, set your dialplan to display your curl result in the logs using a “verbose” statement. Check the asterisk log for whitespeaces in the curl result. If that’s the case, reconfigure your curl command to remove the white spaces. (If you’re using my IVR Tutorial, the verbose statement is already there… you can just skip to viewing the logs)

Other approach to that could also be figuring out why the white spaces are sent, if that’s what’s happening

Ok, I’ll try that but I’m totally noob in Astrisk or FreePBX.

set your dialplan to display your curl result in the logs using a “verbose” statement.

This is already done in your custom extension script here, no ? :
exten => s,n,Verbose(0, ${CURL_RESULT});

Thanks by advance.

curl and header seem ok no hidden character:

[2020-05-14 15:41:50] VERBOSE[25704][C-00000007] pbx.c: Executing [s@Jitsi-Conference-Entry:16] Set("PJSIP/OVH-Trunk_Seconde_0033973765876-00000006", "CURL_RESULT=siptest")
[2020-05-14 15:41:53] VERBOSE[25704][C-00000007] pbx.c: Executing [s@Jitsi-Conference-Entry:20] SIPAddHeader("PJSIP/OVH-Trunk_Seconde_0033973765876-00000006", "Jitsi-Conference-Room:siptest")

Or may be I did not understand what I’m searching for. As I really am a noob.

You were right, there was an invisible \n

I generate de 6 digits like this :

$id = sprintf("%06d", mt_rand(1, 999999));
$sql = "INSERT INTO $db_table (id,conference) VALUES ('$id','$conference')";

May be the sprintf or the rand is the cause.
Anyway : Thank you it WOOOOORKS !!

1 Like

@DSchaef thanks again for the feedback. I had a little time to fiddle… re-posted the php using prepared statements and also restricted the user inputs. Should help those not running IDS :slight_smile:

This fixed our issue as well. For some reason the original code on our server was creating 2 database entries for every PHP call from jitsi. This resulted in it not displaying any dial-in information in the GUI because the request to get the dial-in code was returning 2 results so the source code reported invalid JSON.
Thank you!

Continuing the discussion from Tutorial - Self hosted Conference Mapper API:

Thanks for nice post. I have installed Kamailio as SIP Server. Can we integrate Kamailio to map the jitsi conference so that my SIP endpoints can join the meeting.

Please advice.

Thanks,
Santanu

Hi @Craig_Eustice
Thanks a lot for this great post.
I’m having 2 issues. I setup both the two procedures


and

The 1st issue is that The PIN and ID are not showing on “Share” .
But when I call to my DID number, it send me to the conference and it is asking me for my Conf ID. Then I put a fake ID.

The 2nd issue that after I put the Conference ID it takes exactly 2mn silent before it asked me the PIN, I gave a Fake one then it said please contact support, goodbye.
Please can you help ?
Thanks in advance.

Hello,
I fixed the issue about the silent call by copying again the dialplan from Tutorial - Jitsi / Jigasi & FreePBX integration. Along with Asterisk IVR to use Jitsi conference mapper API
I don;t have anymore silent.
The main issue now is that I’m not able to display the Phone, PIN and Password
Please can you help?
Thanks

Do you have these settings in your config.js?

    dialInNumbersUrl: 'https://api.jitsi.net/phoneNumberList',
    dialInConfCodeUrl:  'https://api.jitsi.net/conferenceMapper',

Or maybe you have errors in the produced json output, check browser js console whether you see some errors?

Hi damencho
Thank you for your quick response
below my configuration:

I tried with what you suggested also, but still the same no information for Number, PIN and Password
When I run developer tools on Chrome, there is no error,
Kindly any other suggestion?
Thanks

Maybe the problem is that it is http … just guessing. Check the network tab in the developer console when loading the page, do you see the requests for these addresses.

Hi @damencho

I installed let’sencrypt SSL on my FreePBX and added https but the issue is the same

When I click on “Invite More People” I get the log below:

Content.js:122 @atlaskit/modal-dialog: Deprecation warning - Use of the footer prop in ModalDialog is deprecated. Please compose your ModalDialog using the ‘components’ prop instead
value @ Content.js:122
Os @ react-dom.production.min.js:238
t.unstable_runWithPriority @ scheduler.production.min.js:20
ha @ react-dom.production.min.js:113
Ss @ react-dom.production.min.js:230
ms @ react-dom.production.min.js:206
(anonymous) @ react-dom.production.min.js:114
t.unstable_runWithPriority @ scheduler.production.min.js:20
ha @ react-dom.production.min.js:113
ba @ react-dom.production.min.js:114
ga @ react-dom.production.min.js:113
bs @ react-dom.production.min.js:207
zn @ react-dom.production.min.js:86

Hi @damencho

When I start a conference session, then I do a select in jitsiapi table, it’s giving me an empty table. Is it normal?
Thank you

mysql> select * from jitsiapi;
Empty set (0.00 sec)

mysql> desc jitsiapi;
±-----------±-------------±-----±----±--------±---------------+
| Field | Type | Null | Key | Default | Extra |
±-----------±-------------±-----±----±--------±---------------+
| id | int | NO | PRI | NULL | auto_increment |
| conference | varchar(255) | NO | UNI | NULL | |
±-----------±-------------±-----±----±--------±---------------+
2 rows in set (0.00 sec)

mysql>

And when running a conference below the jicofo.log

Jicofo 2020-12-06 01:08:35.029 INFO: [63] org.jitsi.jicofo.xmpp.FocusComponent.log() Focus request for room: boukar20@conference.meet.mydomain.com
Jicofo 2020-12-06 01:08:35.030 INFO: [63] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Authenticated jid: az0l6cgupflrvte1@guest.meet.mydomain.com/a263rOjf with session: AuthSession[ID=gobetest@meet.mydomain.com, JID=az0l6cgupflrvte1@guest.meet.mydomain.com/a263rOjf, SID=bd61d4da-1310-4160-93d3-d1b3690c2b66, MUID=227aa31494aa4835e72cc8a36c36e03f, LIFE_TM_SEC=5886, R=hamadou@conference.meet.mydomain.com]@234918426
Jicofo 2020-12-06 01:08:35.030 INFO: [63] org.jitsi.jicofo.auth.AbstractAuthAuthority.log() Jid az0l6cgupflrvte1@guest.meet.mydomain.com/a263rOjf authenticated as: gobetest@meet.mydomain.com
Jicofo 2020-12-06 01:08:35.030 INFO: [63] org.jitsi.jicofo.FocusManager.log() Created new focus for boukar20@conference.meet.mydomain.com@auth.meet.mydomain.com. Conference count 1,options: call_control=callcontrol.meet.mydomain.com channelLastN=4 enableLipSync=false startAudioMuted=10 startVideoMuted=10 openSctp=true disableRtx=false
Jicofo 2020-12-06 01:08:35.031 INFO: [63] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Joining the room: boukar20@conference.meet.mydomain.com
Jicofo 2020-12-06 01:08:35.965 INFO: [32] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@59e09b5d member=ChatMember[boukar20@conference.meet.mydomain.com/fb4bd43b, jid: null]@708224463]
Jicofo 2020-12-06 01:08:35.970 INFO: [32] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Member boukar20@conference.meet.mydomain.com/fb4bd43b joined.

So, I set these up, but somehow when mapping a new conference it generate two codes/mapping like this:

https://jitsimapper.fakedomain.com/conferencemapper.php?conference=sample@conference.fake.domain.com

{“message”:“Successfully retrieved conference mapping",“id”:232412,“conference”:"sample@conference.fake.domain.com”}{“message”:“Successfully retrieved conference mapping",“id”:232413,“conference”:"sample@conference.fake.domain.com”}

Anyway we can avoid it from doing that?

Pulling by just the id to pull the conference name seems fine:

https://jitsimapper.fakedomain.com/conferencemapper.php?id=232412

{“message”:“Successfully retrieved conference mapping",“id”:232412,“conference”:"sample@conference.fake.domain.com”}

So, I fixed the above by actually making the column for “conference” to be UNIQUE. Although, I noticed the id increments by 2 for every new mapping. Not a bad thing.