custom login interface

[Les Piech]

what would be the best practices around creating a custom login interface for users to join.  I would like to have user's login using participant (for guests only, eg 12345)  and moderator (for hosts, eg 54321) code that would be authenticated either at an external database (eg. via odbc) or by an api to an authentication server.  once authenticated the user would be joined to a room that would be identified by the participant code (eg. room 12345).

Ideally i would like to use a custom external freeswitch (which I note is possible) where either the participant or moderator code is sent in the sip invite ( eg 12...@fs.com for guests or 54...@fs.com for mods)

would I use greenlight to do this or uninstall greenlight and build it in some other way?

any help or direction appreciated.

[Brent W. Baccala]

Let me answer your question by sharing about 100 lines of Python code :-)

A bit of context - this FastCGI server is my current method of authenticating into my Big Blue Button systems.  It handles a URL of the form https://SITE/login/JWT, where JWT is a JSON Web Token (signed with the server's API key) that identifies the user.

Another (simple) script, called bbb-mklogin, generates the signed JWTs and prints them out as URLs.

All this script does is authenticate the JWT in the URL, and then calls the various API routines needed to start up a Big Blue Button session.

The script does use a Python package called bigbluebutton that I've submitted in a pull request, but it hasn't been approved yet.  I'm hoping that we'll get into the standard repository, so that running "apt install python3-bigbluebutton" is all you need to get this package.  If you want a copy in the meantime, just let me know and I'll post it.

I hope this gets you started to "[create] a custom login interface for users to join".  If you want Python and FastCGI, that is.  If you want some language, look at the Big Blue Button API documentation.  At the bottom of that page, you'll find like to sample code for JSP, PHP, and Ruby.

    agape

    brent

#! /usr/bin/python3

#

# A FastCGI script used to authenticate users into Big Blue Button

# using a JSON web token signed with the Big Blue Button API key.

#

# Such tokens are generated by the bbb-mklogin script.

#

# In addition to the standard JWT claims 'sub' (Subject) and 'exp'

# (expiration time, which is required), we also require 'role'

# (either 'm' for moderator or 'v' for viewer).

#

# Optional claim: 'mtg' for meeting ID (default is hostname)

#

# Moderators will start the meeting when they enter.  Viewers will

# get an error message if the meeting isn't already running.

import os

import re

import jwt

import socket

import fastcgi

import bigbluebutton

# These passwords don't have to be very secure because the API key

# is what really protects everything.  If you have the API key

# can get these passwords from the meeting's XML data anyway.

moderatorPW = 'jidtyv7RG8g0gsGMLq5M'

attendeePW = 'aQxdAAEi2fQq27TB6rTf'

# maps first letter of 'role' claim to the join password to be used

role_password = {'m' : moderatorPW,

                 'a' : attendeePW,

                 'v' : attendeePW,

}

# FASTCGI server

@fastcgi.fastcgi(sock='/run/bbb-auth-jwt/fastcgi.sock')

def login():

    try:

        JWT = os.environ['SCRIPT_NAME'].split('/')[-1]

        jwt_options = {'require_exp' : True}

        jwt_algorithms = ['HS256']

        decoded = jwt.decode(jwt = JWT, key = bigbluebutton.securitySalt(),

                             options = jwt_options,

                             algorithms = jwt_algorithms)

        fullName = decoded['sub']

        if 'mtg' in decoded:

            meetingID = decoded['mtg']

        else:

            meetingID = socket.gethostname()

        roomName = meetingID

        password = role_password[decoded['role'].lower()[0]]

        # This API call will quietly fail if the meeting is already running.

        if password == moderatorPW:

            bigbluebutton.create(name = roomName,

                                 meetingID = meetingID,

                                 attendeePW = attendeePW,

                                 moderatorPW = moderatorPW,

                                 isBreakoutRoom = False,

            )

        if False:

            # using redirect = False and using the URL from the XML

            # seems to be buggy right now (2.3.0~alpha7)

            response = bigbluebutton.join(meetingID = meetingID,

                                          fullName = fullName,

                                          password = password,

                                          redirect = False,

            )

            url = response.xpath('.//url')[0].text

            print(f"Location: {url}\n")

        else:

            # to evade the bug, use an internal package function to

            # construct the join URL without calling it, then redirect

            # to that URL instead

            response = bigbluebutton._APIurl('join', {'meetingID': meetingID,

                                                      'fullName': fullName,

                                                      'password': password,

                                                      'redirect': 'true',

            })

            print(f"Location: {response}\n")

    except Exception as ex:

        print(f"""Content-type: text/html

<HTML>

<HEAD>

<TITLE>Login Failed</TITLE>

</HEAD>

<BODY>

<CENTER><H3>Login Failed</H3></CENTER>

Something went wrong!

<PRE>

{repr(ex)}

</PRE>

</BODY>

</HTML>

""")

[Les Piech]

perfect, thanks!