Fix #97 #54: Settings to hide the chat for anonymous users

2022-04-11 18:12:12 +02:00 · 2022-04-11 18:12:12 +02:00 · 01a052d380
commit 01a052d380
parent d24ef987a0
6 changed files with 59 additions and 14 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,15 @@
 # Changelog

+## 5.7.0
+
+### New features
+
+* You can disable the chat for anonymous users (users that are not connected to your Peertube instance).
+  * Note: this is a first version of this feature, released to quickly help some Peertube admins that are facing spam attacks.
+  * The chat will not be visible at all for anonymous users.
+  * In a future release, the chat will be replaced by a message saying «please log in to [...]».
+  * If you are not using the «Prosody controlled by Peertube» mode, this settings is not a real security feature. An attacker could easily find the chat uri and join it.
+
 ## 5.6.0

 ### Important notes
--- a/client/videowatch-client-plugin.ts
+++ b/client/videowatch-client-plugin.ts
@ -13,6 +13,10 @@ interface VideoWatchLoadedHookOptions {
  playlist?: any
 }

+function isAnonymousUser (registerOptions: RegisterClientOptions): boolean {
+  return !registerOptions.peertubeHelpers.isLoggedIn()
+}
+
 function guessIsMine (registerOptions: RegisterClientOptions, video: Video): boolean {
  // Note: this is not safe, but it is not a problem:
  // this function is used for non critical functions
@ -239,6 +243,10 @@ function register (registerOptions: RegisterClientOptions): void {
      settings = s

      logger.log('Checking if this video should have a chat...')
+      if (settings['chat-no-anonymous'] === true && isAnonymousUser(registerOptions)) {
+        logger.log('No chat for anonymous users')
+        return
+      }
      if (!videoHasWebchat(s, video)) {
        logger.log('This video has no webchat')
        return
--- a/documentation/common.md
+++ b/documentation/common.md
@ -39,6 +39,14 @@ You can choose some UUIDs for which the chat will be available.
 If you don't want te enable the feature for all videos, you can use this field to list videos UUIDs.
 You can add comments: everything rights to the # character will be stripped off, as for empty lines.

+### Hide the chat for anonymous users
+
+If checked, anonymous Peertube users won't see the chat.
+
+Note: for now this feature simply hide the chat.
+In a future release, the chat will be replaced by a message saying «please log in to [...]».
+See [v5.7.0 Release Notes](https://github.com/JohnXLivingston/peertube-plugin-livechat/blob/main/CHANGELOG.md#570) for more information.
+
 ### Webchat iframe style attribute

 You can add some custom styles that will be added to the iframe.
--- a/server/lib/prosody/config.ts
+++ b/server/lib/prosody/config.ts
@ -91,7 +91,8 @@ async function getProsodyConfig (options: RegisterServerOptions): Promise<Prosod
    'prosody-peertube-uri',
    'prosody-components',
    'prosody-components-port',
-    'prosody-components-list'
+    'prosody-components-list',
+    'chat-no-anonymous'
  ])

  const valuesToHideInDiagnostic = new Map<string, string>()
@ -100,6 +101,7 @@ async function getProsodyConfig (options: RegisterServerOptions): Promise<Prosod
    throw new Error('Invalid port')
  }
  const logByDefault = (settings['prosody-muc-log-by-default'] as boolean) ?? true
+  const disableAnon = (settings['chat-no-anonymous'] as boolean) || false
  const logExpirationSetting = (settings['prosody-muc-expiration'] as string) ?? DEFAULTLOGEXPIRATION
  const enableC2s = (settings['prosody-c2s'] as boolean) || false
  const enableComponents = (settings['prosody-components'] as boolean) || false
@ -124,6 +126,9 @@ async function getProsodyConfig (options: RegisterServerOptions): Promise<Prosod
  const testApiUrl = baseApiUrl + 'test?apikey=' + apikey

  const config = new ProsodyConfigContent(paths, prosodyDomain)
+  if (!disableAnon) {
+    config.useAnonymous()
+  }
  config.useHttpAuthentication(authApiUrl)
  config.usePeertubeBosh(prosodyDomain, port)
  config.useMucHttpDefault(roomApiUrl)
--- a/server/lib/prosody/config/content.ts
+++ b/server/lib/prosody/config/content.ts
@ -125,7 +125,7 @@ class ProsodyConfigContent {
  paths: ProsodyFilePaths
  global: ProsodyConfigGlobal
  authenticated?: ProsodyConfigVirtualHost
-  anon: ProsodyConfigVirtualHost
+  anon?: ProsodyConfigVirtualHost
  muc: ProsodyConfigComponent
  externalComponents: ProsodyConfigComponent[] = []
  log: string
@ -136,7 +136,6 @@ class ProsodyConfigContent {
    this.global = new ProsodyConfigGlobal()
    this.log = ''
    this.prosodyDomain = prosodyDomain
-    this.anon = new ProsodyConfigVirtualHost('anon.' + prosodyDomain)
    this.muc = new ProsodyConfigComponent('room.' + prosodyDomain, 'muc')

    this.global.set('daemonize', false)
@ -174,9 +173,6 @@ class ProsodyConfigContent {
    this.global.set('cross_domain_websocket', false)
    this.global.set('consider_websocket_secure', false)

-    this.anon.set('authentication', 'anonymous')
-    this.anon.set('modules_enabled', ['ping'])
-
    this.muc.set('muc_room_locking', false)
    this.muc.set('muc_tombstones', false)
    this.muc.set('muc_room_default_language', 'en')
@ -189,6 +185,12 @@ class ProsodyConfigContent {
    this.muc.set('muc_room_default_history_length', 20)
  }

+  useAnonymous (): void {
+    this.anon = new ProsodyConfigVirtualHost('anon.' + this.prosodyDomain)
+    this.anon.set('authentication', 'anonymous')
+    this.anon.set('modules_enabled', ['ping'])
+  }
+
  useHttpAuthentication (url: string): void {
    this.authenticated = new ProsodyConfigVirtualHost(this.prosodyDomain)

@ -212,12 +214,14 @@ class ProsodyConfigContent {

    this.global.set('consider_bosh_secure', true)

-    this.anon.set('trusted_proxies', ['127.0.0.1', '::1'])
-    this.anon.set('allow_anonymous_s2s', false)
-    this.anon.add('modules_enabled', 'http')
-    this.anon.add('modules_enabled', 'bosh')
-    this.anon.set('http_host', prosodyDomain)
-    this.anon.set('http_external_url', 'http://' + prosodyDomain)
+    if (this.anon) {
+      this.anon.set('trusted_proxies', ['127.0.0.1', '::1'])
+      this.anon.set('allow_anonymous_s2s', false)
+      this.anon.add('modules_enabled', 'http')
+      this.anon.add('modules_enabled', 'bosh')
+      this.anon.set('http_host', prosodyDomain)
+      this.anon.set('http_external_url', 'http://' + prosodyDomain)
+    }

    this.muc.set('restrict_room_creation', 'local')
    this.muc.set('http_host', prosodyDomain)
@ -339,8 +343,10 @@ class ProsodyConfigContent {
      content += this.authenticated.write()
      content += '\n\n'
    }
-    content += this.anon.write()
-    content += '\n\n'
+    if (this.anon) {
+      content += this.anon.write()
+      content += '\n\n'
+    }
    content += this.muc.write()
    content += '\n\n'
    for (const externalComponent of this.externalComponents) {
--- a/server/lib/settings.ts
+++ b/server/lib/settings.ts
@ -272,6 +272,14 @@ You can add comments: everything after the # character will be stripped off, and
 Don't add private videos, the UUIDs will be send to frontend.`,
    private: false
  })
+  registerSetting({
+    name: 'chat-no-anonymous',
+    label: 'Hide the chat for anonymous users',
+    type: 'input-checkbox',
+    default: false,
+    descriptionHTML: 'If checked, anonymous Peertube users won\'t see the chat.',
+    private: false
+  })

  registerSetting({
    name: 'chat-style',