recording: check for each secret for secret rollover use-cases

DE-IBH · May 16, 2024 · 76d52fa · 76d52fa
1 parent 5599d0e
commit 76d52fa
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 12 deletions.
diff --git a/b3lb/rest/models.py b/b3lb/rest/models.py
@@ -37,7 +37,7 @@
 from rest.classes.storage import DBStorage
 from storages.backends.s3 import ClientError, S3Storage
 from textwrap import wrap
-from typing import Any, Dict
+from typing import Any, Dict, List
 import rest.b3lb.constants as cst
 import uuid as uid
 
@@ -400,12 +400,6 @@ class Meta(object):
     def __str__(self):
         return "{}-{}".format(self.tenant.slug, str(self.sub_id).zfill(3))
 
-    @property
-    def get_valid_secret(self) -> str:
-        if self.secret2:
-            return str(self.secret2)
-        return str(self.secret)
-
     @property
     def endpoint(self) -> str:
         if self.sub_id == 0:
@@ -424,6 +418,11 @@ def records_effective_hold_time(self) -> int:
         else:
             return min(self.records_hold_time, self.tenant.records_hold_time)
 
+    @property
+    def secrets(self) -> List[str]:
+        # returns all secrets for secret rollover use-cases
+        return [self.secret, self.secret2]
+
 
 class SecretAdmin(admin.ModelAdmin):
     model = Secret

diff --git a/b3lb/rest/task/recording.py b/b3lb/rest/task/recording.py
@@ -86,12 +86,19 @@ def render_record(record_set: RecordSet):
                 for record_profile in RecordProfile.objects.filter(is_default=True):
                     record_id = render_by_profile(record_set, record_profile, tempdir)
 
-    # Greenlight v3 sends a record ready URL, Greenlight v2 doesn't send one
+    # implementation of recording ready callback url
+    # https://docs.bigbluebutton.org/development/api/#recording-ready-callback-url
     if record_set.recording_ready_origin_url:
-        body = {"signed_parameters": jwt_encode({"meeting_id": record_set.meta_meeting_id, "record_id": record_id}, record_set.secret.get_valid_secret)}
-        response = post(record_set.recording_ready_origin_url, json=body)
-        print(f"Send record ready callback to: {record_set.recording_ready_origin_url} with return code: {response.status_code}")
-        if response.status_code < 200 or 299 < response.status_code:
+        success = False
+        for secret in record_set.secret.secrets:
+            if not success:
+                body = {"signed_parameters": jwt_encode({"meeting_id": record_set.meta_meeting_id, "record_id": record_id}, secret)}
+                response = post(record_set.recording_ready_origin_url, json=body)
+                print(f"Send record ready callback to: {record_set.recording_ready_origin_url} with return code: {response.status_code}")
+                if 200 <= response.status_code <= 299:
+                    success = True
+
+        if not success:
             return False
 
     record_set.status = RecordSet.RENDERED