wangys/urbanLifeline
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

主持人问题

Browse Source
This commit is contained in:
wangys
2025-12-27 20:08:05 +08:00
parent 750c112eac
commit 5db025b10f
4 changed files with 66 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
urbanLifelineServ/.bin/docker/urbanlifeline/docker-compose.yml
View File

@@ -1,8 +1,5 @@
version: '3.8' version: '3.8'
# urban-lifeline 开发环境 Docker Compose 配置
# 使用主机的 MySQL 数据库
networks: networks:
urban-lifeline: urban-lifeline:
driver: bridge driver: bridge
@@ -10,85 +7,65 @@ networks:
services: services:
nacos: nacos:
# 保持原有配置不变
image: nacos/nacos-server:v3.1.0 image: nacos/nacos-server:v3.1.0
container_name: urban-lifeline-nacos container_name: urban-lifeline-nacos
restart: unless-stopped restart: unless-stopped
networks: networks:
- urban-lifeline - urban-lifeline
ports: ports:
- "8081:8080" # Nacos Console (Web UI) - 映射到主机 8081 - "8081:8080"
- "8848:8848" # Nacos HTTP API - "8848:8848"
- "9848:9848" # Nacos gRPC 客户端请求 - "9848:9848"
- "9849:9849" # Nacos gRPC 服务间同步 - "9849:9849"
environment: environment:
# 运行模式
MODE: standalone MODE: standalone
# 数据库配置 - 使用主机 MySQL
SPRING_DATASOURCE_PLATFORM: mysql SPRING_DATASOURCE_PLATFORM: mysql
MYSQL_SERVICE_HOST: host.docker.internal # Docker Desktop MYSQL_SERVICE_HOST: host.docker.internal
# MYSQL_SERVICE_HOST: 172.17.0.1 # Linux 使用此行,注释上一行
MYSQL_SERVICE_PORT: 3306 MYSQL_SERVICE_PORT: 3306
MYSQL_SERVICE_DB_NAME: nacos_config MYSQL_SERVICE_DB_NAME: nacos_config
MYSQL_SERVICE_USER: root MYSQL_SERVICE_USER: root
MYSQL_SERVICE_PASSWORD: "123456" MYSQL_SERVICE_PASSWORD: "123456"
MYSQL_SERVICE_DB_PARAM: allowPublicKeyRetrieval=true&useSSL=false MYSQL_SERVICE_DB_PARAM: allowPublicKeyRetrieval=true&useSSL=false
# JVM 配置
JVM_XMS: 512m JVM_XMS: 512m
JVM_XMX: 512m JVM_XMX: 512m
JVM_XMN: 256m JVM_XMN: 256m
# 认证配置(开发环境关闭)
NACOS_AUTH_ENABLE: "false" NACOS_AUTH_ENABLE: "false"
NACOS_AUTH_TOKEN: ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ== NACOS_AUTH_TOKEN: ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==
NACOS_AUTH_IDENTITY_KEY: ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ== NACOS_AUTH_IDENTITY_KEY: ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==
NACOS_AUTH_IDENTITY_VALUE: ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ== NACOS_AUTH_IDENTITY_VALUE: ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==
volumes: volumes:
# 数据持久化到主机目录
- ../../../.data/docker/nacos/data:/home/nacos/data - ../../../.data/docker/nacos/data:/home/nacos/data
- ../../../.data/docker/nacos/logs:/home/nacos/logs - ../../../.data/docker/nacos/logs:/home/nacos/logs
healthcheck: healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8848/nacos/"] test: ["CMD", "curl", "-f", "http://localhost:8848/nacos/"]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
retries: 5 retries: 5
start_period: 60s start_period: 60s
# Linux 需要添加 extra_hosts 来访问主机服务
extra_hosts: extra_hosts:
- "host.docker.internal:host-gateway" - "host.docker.internal:host-gateway"
minio: minio:
# 保持原有配置不变
image: minio/minio:latest image: minio/minio:latest
container_name: urban-lifeline-minio container_name: urban-lifeline-minio
restart: unless-stopped restart: unless-stopped
networks: networks:
- urban-lifeline - urban-lifeline
ports: ports:
- "9000:9000" # MinIO API 端口 - "9000:9000"
- "9001:9001" # MinIO Console (Web UI) 端口 - "9001:9001"
environment: environment:
# 管理员账户配置
MINIO_ROOT_USER: minioadmin MINIO_ROOT_USER: minioadmin
MINIO_ROOT_PASSWORD: minioadmin123 MINIO_ROOT_PASSWORD: minioadmin123
# Console 地址配置
MINIO_CONSOLE_ADDRESS: ":9001" MINIO_CONSOLE_ADDRESS: ":9001"
MINIO_ADDRESS: ":9000" MINIO_ADDRESS: ":9000"
# 时区设置
TZ: Asia/Shanghai TZ: Asia/Shanghai
volumes: volumes:
# 数据持久化到主机目录
- ../../../.data/docker/minio/data:/data - ../../../.data/docker/minio/data:/data
- ../../../.data/docker/minio/config:/root/.minio - ../../../.data/docker/minio/config:/root/.minio
command: server /data --console-address ":9001" command: server /data --console-address ":9001"
healthcheck: healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s interval: 30s
@@ -96,47 +73,35 @@ services:
retries: 3 retries: 3
start_period: 30s start_period: 30s
# ====================== Jitsi Meet 视频会议服务 ====================== # ====================== Jitsi 核心修改开始 ======================
jitsi-web: jitsi-web:
# ✅ 保持原有配置不变,无需修改
image: jitsi/web:stable-9584 image: jitsi/web:stable-9584
container_name: urban-lifeline-jitsi-web container_name: urban-lifeline-jitsi-web
restart: unless-stopped restart: unless-stopped
networks: networks:
- urban-lifeline - urban-lifeline
ports: ports:
- "8280:80" # HTTP 端口(通过 Nginx 反向代理) - "8280:80"
- "8443:443" # HTTPS 端口 - "8443:443"
environment: environment:
# 基础配置Jitsi容器使用HTTP由Nginx提供HTTPS
TZ: Asia/Shanghai TZ: Asia/Shanghai
# PUBLIC_URL设置为独立子域名
PUBLIC_URL: https://org.xyzh.yslg.jitsi PUBLIC_URL: https://org.xyzh.yslg.jitsi
# 禁用容器内部HTTPS由Nginx统一处理HTTPS
ENABLE_HTTPS: 0 ENABLE_HTTPS: 0
ENABLE_HTTP_REDIRECT: 0 ENABLE_HTTP_REDIRECT: 0
DISABLE_HTTPS: 1 DISABLE_HTTPS: 1
# XMPP 配置
XMPP_DOMAIN: meet.jitsi XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_BOSH_URL_BASE: http://jitsi-prosody:5280 XMPP_BOSH_URL_BASE: http://jitsi-prosody:5280
XMPP_MUC_DOMAIN: muc.meet.jitsi XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_GUEST_DOMAIN: guest.meet.jitsi XMPP_GUEST_DOMAIN: guest.meet.jitsi
# Jicofo 配置(完全保留原设置)
JICOFO_COMPONENT_SECRET: jicofo-secret JICOFO_COMPONENT_SECRET: jicofo-secret
JICOFO_AUTH_USER: focus JICOFO_AUTH_USER: focus
# JVB 配置(完全保留原设置)
JVB_AUTH_USER: jvb JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: jvb-password JVB_AUTH_PASSWORD: jvb-password
# JWT 认证配置(完全保留原设置)
ENABLE_AUTH: 1 ENABLE_AUTH: 1
ENABLE_GUESTS: 1 ENABLE_GUESTS: 0
AUTH_TYPE: jwt AUTH_TYPE: jwt
JWT_APP_ID: urbanLifeline JWT_APP_ID: urbanLifeline
JWT_APP_SECRET: urbanLifeline-jitsi-secret-key-2025-production-safe-hs256 JWT_APP_SECRET: urbanLifeline-jitsi-secret-key-2025-production-safe-hs256
@@ -146,18 +111,13 @@ services:
JWT_ALLOW_EMPTY: 0 JWT_ALLOW_EMPTY: 0
JWT_AUTH_TYPE: token JWT_AUTH_TYPE: token
JWT_TOKEN_AUTH_MODULE: token_verification JWT_TOKEN_AUTH_MODULE: token_verification
# 界面/功能配置(完全保留原设置)
ENABLE_RECORDING: 0 ENABLE_RECORDING: 0
ENABLE_TRANSCRIPTIONS: 0 ENABLE_TRANSCRIPTIONS: 0
ENABLE_SUBDOMAINS: 0 ENABLE_SUBDOMAINS: 0
ENABLE_XMPP_WEBSOCKET: 1 ENABLE_XMPP_WEBSOCKET: 1
ENABLE_SCTP: 1 ENABLE_SCTP: 1
# 不使用Let's Encrypt使用mkcert证书
ENABLE_LETSENCRYPT: 0 ENABLE_LETSENCRYPT: 0
LETSENCRYPT_DOMAIN: org.xyzh.yslg.jitsi LETSENCRYPT_DOMAIN: org.xyzh.yslg.jitsi
volumes: volumes:
- ../../../.data/docker/jitsi/web:/config - ../../../.data/docker/jitsi/web:/config
- ../../../.data/docker/jitsi/web/crontabs:/var/spool/cron/crontabs - ../../../.data/docker/jitsi/web/crontabs:/var/spool/cron/crontabs
@@ -171,7 +131,6 @@ services:
retries: 3 retries: 3
start_period: 60s start_period: 60s
# XMPP 服务Prosody- 完全保留原配置
jitsi-prosody: jitsi-prosody:
image: jitsi/prosody:stable-9584 image: jitsi/prosody:stable-9584
container_name: urban-lifeline-jitsi-prosody container_name: urban-lifeline-jitsi-prosody
@@ -179,31 +138,23 @@ services:
networks: networks:
- urban-lifeline - urban-lifeline
expose: expose:
- "5222" # XMPP客户端连接内部 - "5222"
- "5347" # XMPP组件连接内部 - "5347"
- "5280" # BOSH/WebSocket内部 - "5280"
environment: environment:
TZ: Asia/Shanghai TZ: Asia/Shanghai
# XMPP域配置完全保留
XMPP_DOMAIN: meet.jitsi XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_MUC_DOMAIN: muc.meet.jitsi XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_GUEST_DOMAIN: guest.meet.jitsi XMPP_GUEST_DOMAIN: guest.meet.jitsi
# Jicofo组件密钥完全保留
JICOFO_COMPONENT_SECRET: jicofo-secret JICOFO_COMPONENT_SECRET: jicofo-secret
JICOFO_AUTH_USER: focus JICOFO_AUTH_USER: focus
JICOFO_AUTH_PASSWORD: focus-password JICOFO_AUTH_PASSWORD: focus-password
# JVB认证完全保留
JVB_AUTH_USER: jvb JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: jvb-password JVB_AUTH_PASSWORD: jvb-password
# JWT认证完全保留
ENABLE_AUTH: 1 ENABLE_AUTH: 1
ENABLE_GUESTS: 1 ENABLE_GUESTS: 0
AUTH_TYPE: jwt AUTH_TYPE: jwt
JWT_APP_ID: urbanLifeline JWT_APP_ID: urbanLifeline
JWT_APP_SECRET: urbanLifeline-jitsi-secret-key-2025-production-safe-hs256 JWT_APP_SECRET: urbanLifeline-jitsi-secret-key-2025-production-safe-hs256
@@ -212,13 +163,10 @@ services:
JWT_ALLOW_EMPTY: 0 JWT_ALLOW_EMPTY: 0
JWT_AUTH_TYPE: token JWT_AUTH_TYPE: token
JWT_TOKEN_AUTH_MODULE: token_verification JWT_TOKEN_AUTH_MODULE: token_verification
# 日志配置(完全保留)
LOG_LEVEL: info LOG_LEVEL: info
# 公共URL局域网访问
PUBLIC_URL: https://org.xyzh.yslg.jitsi PUBLIC_URL: https://org.xyzh.yslg.jitsi
# 🔥 新增1 - Prosody层禁用JWT自动授予主持人权限JWT模式核心
JWT_DISABLE_AUTO_MODERATOR: true
volumes: volumes:
- ../../../.data/docker/jitsi/prosody/config:/config - ../../../.data/docker/jitsi/prosody/config:/config
- ../../../.data/docker/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom - ../../../.data/docker/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom
@@ -229,7 +177,6 @@ services:
retries: 3 retries: 3
start_period: 90s start_period: 90s
# 会议焦点控制器Jicofo- 完全保留原配置
jitsi-jicofo: jitsi-jicofo:
image: jitsi/jicofo:stable-9584 image: jitsi/jicofo:stable-9584
container_name: urban-lifeline-jitsi-jicofo container_name: urban-lifeline-jitsi-jicofo
@@ -238,28 +185,22 @@ services:
- urban-lifeline - urban-lifeline
environment: environment:
TZ: Asia/Shanghai TZ: Asia/Shanghai
# XMPP配置完全保留
XMPP_DOMAIN: meet.jitsi XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_MUC_DOMAIN: muc.meet.jitsi XMPP_MUC_DOMAIN: muc.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_SERVER: jitsi-prosody XMPP_SERVER: jitsi-prosody
# Jicofo认证完全保留
JICOFO_COMPONENT_SECRET: jicofo-secret JICOFO_COMPONENT_SECRET: jicofo-secret
JICOFO_AUTH_USER: focus JICOFO_AUTH_USER: focus
JICOFO_AUTH_PASSWORD: focus-password JICOFO_AUTH_PASSWORD: focus-password
# JWT配置完全保留
AUTH_TYPE: jwt AUTH_TYPE: jwt
# JVB配置完全保留
JVB_BREWERY_MUC: jvbbrewery JVB_BREWERY_MUC: jvbbrewery
JICOFO_ENABLE_HEALTH_CHECKS: true
# 日志级别(完全保留) # 保留原有配置
JICOFO_ENABLE_HEALTH_CHECKS: "true" JICOFO_ENABLE_AUTO_OWNER: false
JICOFO_ENABLE_AUTO_LOGIN: false
# 🔥 新增2 - 兜底:强制清空初始主持人,杜绝所有自动分配可能
JICOFO_CONFERENCE_INITIAL_OWNER: ""
volumes: volumes:
- ../../../.data/docker/jitsi/jicofo:/config - ../../../.data/docker/jitsi/jicofo:/config
depends_on: depends_on:
@@ -271,46 +212,33 @@ services:
retries: 3 retries: 3
start_period: 90s start_period: 90s
# 视频桥接服务JVB- 仅修复 WebSocket 相关保留IP/端口
jitsi-jvb: jitsi-jvb:
# ✅ 保持原有配置不变,无需修改
image: jitsi/jvb:stable-9584 image: jitsi/jvb:stable-9584
container_name: urban-lifeline-jitsi-jvb container_name: urban-lifeline-jitsi-jvb
restart: unless-stopped restart: unless-stopped
networks: networks:
- urban-lifeline - urban-lifeline
ports: ports:
- "10000:10000/udp" # 保留原 UDP 端口 - "10000:10000/udp"
- "4443:4443/tcp" # 保留原 TCP 端口 - "4443:4443/tcp"
environment: environment:
TZ: Asia/Shanghai TZ: Asia/Shanghai
# XMPP配置完全保留
XMPP_DOMAIN: meet.jitsi XMPP_DOMAIN: meet.jitsi
XMPP_AUTH_DOMAIN: auth.meet.jitsi XMPP_AUTH_DOMAIN: auth.meet.jitsi
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
XMPP_SERVER: jitsi-prosody XMPP_SERVER: jitsi-prosody
# JVB认证完全保留
JVB_AUTH_USER: jvb JVB_AUTH_USER: jvb
JVB_AUTH_PASSWORD: jvb-password JVB_AUTH_PASSWORD: jvb-password
# JVB配置完全保留
JVB_BREWERY_MUC: jvbbrewery JVB_BREWERY_MUC: jvbbrewery
JVB_PORT: 10000 JVB_PORT: 10000
JVB_STUN_SERVERS: stun.l.google.com:19302,stun1.l.google.com:19302 JVB_STUN_SERVERS: stun.l.google.com:19302,stun1.l.google.com:19302
# 本地IP配置局域网IP - 关键配置!)
DOCKER_HOST_ADDRESS: 192.168.0.253 DOCKER_HOST_ADDRESS: 192.168.0.253
JVB_ADVERTISE_IPS: 192.168.0.253 JVB_ADVERTISE_IPS: 192.168.0.253
# 启用统计(完全保留)
JVB_ENABLE_APIS: rest,colibri JVB_ENABLE_APIS: rest,colibri
# 性能优化(完全保留)
JVB_TCP_HARVESTER_DISABLED: "false" JVB_TCP_HARVESTER_DISABLED: "false"
JVB_TCP_PORT: 4443 JVB_TCP_PORT: 4443
JVB_TCP_MAPPED_PORT: 4443 JVB_TCP_MAPPED_PORT: 4443
volumes: volumes:
- ../../../.data/docker/jitsi/jvb:/config - ../../../.data/docker/jitsi/jvb:/config
depends_on: depends_on:

21
urbanLifelineServ/workcase/src/main/java/org/xyzh/workcase/service/JitsiTokenServiceImpl.java
View File

@@ -44,15 +44,34 @@ public class JitsiTokenServiceImpl implements JitsiTokenService {
userContext.put("name", userName); userContext.put("name", userName);
userContext.put("moderator", isModerator); userContext.put("moderator", isModerator);
// 构建affiliation (这是Jitsi识别主持人的关键字段)
Map<String, Object> user = new HashMap<>();
user.put("id", userId);
user.put("name", userName);
user.put("moderator", isModerator);
user.put("affiliation", isModerator ? "owner" : "member"); // owner=主持人, member=普通成员
// 构建context
Map<String, Object> context = new HashMap<>();
context.put("user", user);
// 【调试日志】打印用户上下文
logger.info("【JWT用户上下文】roomName={}, userId={}, userName={}, isModerator={}, affiliation={}, user={}",
roomName, userId, userName, isModerator, isModerator ? "owner" : "member", user);
// 构建JWT claims // 构建JWT claims
Map<String, Object> claims = new HashMap<>(); Map<String, Object> claims = new HashMap<>();
claims.put("context", Map.of("user", userContext)); claims.put("context", context);
claims.put("room", roomName); claims.put("room", roomName);
claims.put("iss", jitsiProperties.getApp().getId()); claims.put("iss", jitsiProperties.getApp().getId());
claims.put("aud", "jitsi"); claims.put("aud", "jitsi");
claims.put("sub", jitsiProperties.getServer().getUrl()); claims.put("sub", jitsiProperties.getServer().getUrl());
claims.put("exp", exp / 1000); // 秒级时间戳 claims.put("exp", exp / 1000); // 秒级时间戳
claims.put("nbf", now / 1000); claims.put("nbf", now / 1000);
claims.put("moderator", isModerator); // 在顶层也添加moderator字段
// 【调试日志】打印完整claims
logger.info("【JWT Claims】roomName={}, claims={}", roomName, claims);
// 构建JWT Header必须包含 typ: JWT // 构建JWT Header必须包含 typ: JWT
Map<String, Object> header = new HashMap<>(); Map<String, Object> header = new HashMap<>();

15
urbanLifelineServ/workcase/src/main/java/org/xyzh/workcase/service/VideoMeetingServiceImpl.java
View File

@@ -126,6 +126,11 @@ public class VideoMeetingServiceImpl implements VideoMeetingService {
meetingDTO.setCreator(userId); meetingDTO.setCreator(userId);
meetingDTO.setCreatorType(userType); meetingDTO.setCreatorType(userType);
meetingDTO.setCreatorName(userName); meetingDTO.setCreatorName(userName);
// 【调试日志】打印会议创建者信息
logger.info("【创建会议】meetingId={}, 创建者userId=[{}](类型:{}), creatorName={}, creatorType={}",
meetingId, userId, userId.getClass().getSimpleName(), userName, userType);
meetingDTO.setParticipantCount(0); meetingDTO.setParticipantCount(0);
meetingDTO.setOptsn(IdUtil.getOptsn()); meetingDTO.setOptsn(IdUtil.getOptsn());
@@ -330,6 +335,13 @@ public class VideoMeetingServiceImpl implements VideoMeetingService {
// 会议创建人才是主持人 // 会议创建人才是主持人
boolean isModerator = userId.equals(meeting.getCreator()); boolean isModerator = userId.equals(meeting.getCreator());
// 【调试日志】打印主持人判断详情
logger.info("【主持人判断】meetingId={}, 当前用户ID=[{}](类型:{}), 创建者ID=[{}](类型:{}), isModerator={}",
meetingId,
userId, userId.getClass().getSimpleName(),
meeting.getCreator(), meeting.getCreator() != null ? meeting.getCreator().getClass().getSimpleName() : "null",
isModerator);
if (members != null && !members.isEmpty()) { if (members != null && !members.isEmpty()) {
ChatMemberVO member = members.get(0); ChatMemberVO member = members.get(0);
userName = member.getUserName(); userName = member.getUserName();
@@ -343,6 +355,9 @@ public class VideoMeetingServiceImpl implements VideoMeetingService {
isModerator isModerator
); );
logger.info("【JWT Token生成】meetingId={}, userId={}, userName={}, isModerator={}",
meetingId, userId, userName, isModerator);
// 7. 构建真正的Jitsi iframe URL // 7. 构建真正的Jitsi iframe URL
String jitsiIframeUrl = jitsiTokenService.buildIframeUrl( String jitsiIframeUrl = jitsiTokenService.buildIframeUrl(
meeting.getJitsiRoomName(), meeting.getJitsiRoomName(),