PLT-6358: Server HTTP client improvements (#6980)

* restrict untrusted, internal http connections by default

* command test fix

* more test fixes

* change setting from toggle to whitelist

* requested ui changes

* add isdefault diagnostic

* fix tests

1 files changed, 16 insertions, 1 deletions

diff --git a/app/webrtc.go b/app/webrtc.go
index 4d44234a8..f8361bbb2 100644
--- a/app/webrtc.go
+++ b/app/webrtc.go
@@ -59,7 +59,7 @@ func GetWebrtcToken(sessionId string) (string, *model.AppError) {
 	rq, _ := http.NewRequest("POST", *utils.Cfg.WebrtcSettings.GatewayAdminUrl, strings.NewReader(model.MapToJson(data)))
 	rq.Header.Set("Content-Type", "application/json")
 
-	if rp, err := utils.HttpClient().Do(rq); err != nil {
+	if rp, err := utils.HttpClient(true).Do(rq); err != nil {
 		return "", model.NewAppError("WebRTC.Token", "model.client.connecting.app_error", nil, err.Error(), http.StatusInternalServerError)
 	} else if rp.StatusCode >= 300 {
 		defer CloseBody(rp)
@@ -80,3 +80,18 @@ func GenerateTurnPassword(username string, secret string) string {
 	h.Write([]byte(username))
 	return base64.StdEncoding.EncodeToString(h.Sum(nil))
 }
+
+func RevokeWebrtcToken(sessionId string) {
+	token := base64.StdEncoding.EncodeToString([]byte(sessionId))
+	data := make(map[string]string)
+	data["janus"] = "remove_token"
+	data["token"] = token
+	data["transaction"] = model.NewId()
+	data["admin_secret"] = *utils.Cfg.WebrtcSettings.GatewayAdminSecret
+
+	rq, _ := http.NewRequest("POST", *utils.Cfg.WebrtcSettings.GatewayAdminUrl, strings.NewReader(model.MapToJson(data)))
+	rq.Header.Set("Content-Type", "application/json")
+
+	// we do not care about the response
+	utils.HttpClient(true).Do(rq)
+}