Possibility to configure an OpenID Connect provider on the instance

level WIP (#128) Fix chat federation.
2024-04-18 15:42:06 +02:00
parent 28936ed84b
commit 3efbfbc12b
8 changed files with 56 additions and 16 deletions
--- a/server/lib/conversejs/params.ts
+++ b/server/lib/conversejs/params.ts
@ -79,20 +79,26 @@ async function getConverseJSParams (

  let externalAuthOIDC
  if (userIsConnected !== true) {
-    try {
-      const oidc = ExternalAuthOIDC.singleton()
-      if (await oidc.isOk()) {
-        const authUrl = oidc.getConnectUrl()
-        const buttonLabel = oidc.getButtonLabel()
-        if (authUrl && buttonLabel) {
-          externalAuthOIDC = {
-            buttonLabel: buttonLabel,
-            url: authUrl
+    if (!remoteConnectionInfos?.externalAuthCompatible) {
+      options.peertubeHelpers.logger.debug(
+        'The remote livechat plugin is not compatible with external authentication, not enabling the feature'
+      )
+    } else {
+      try {
+        const oidc = ExternalAuthOIDC.singleton()
+        if (await oidc.isOk()) {
+          const authUrl = oidc.getConnectUrl()
+          const buttonLabel = oidc.getButtonLabel()
+          if (authUrl && buttonLabel) {
+            externalAuthOIDC = {
+              buttonLabel: buttonLabel,
+              url: authUrl
+            }
          }
        }
+      } catch (err) {
+        options.peertubeHelpers.logger.error(err)
      }
-    } catch (err) {
-      options.peertubeHelpers.logger.error(err)
    }
  }

@ -291,6 +297,7 @@ interface WCRemoteConnectionInfos {
    wsUri?: string
  }
  authenticated?: boolean
+  externalAuthCompatible: boolean
 }

 async function _remoteConnectionInfos (
@ -301,7 +308,8 @@ async function _remoteConnectionInfos (
  if (!remoteChatInfos) { throw new Error('Should have remote chat infos for remote videos') }
  if (remoteChatInfos.type !== 'xmpp') { throw new Error('Should have remote xmpp chat infos for remote videos') }
  const connectionInfos: WCRemoteConnectionInfos = {
-    roomJID: remoteChatInfos.jid
+    roomJID: remoteChatInfos.jid,
+    externalAuthCompatible: false
  }
  if (compatibleRemoteAuthenticatedConnectionEnabled(remoteChatInfos, canWebsocketS2S, canDirectS2S)) {
    connectionInfos.authenticated = true
@ -314,6 +322,14 @@ async function _remoteConnectionInfos (
      wsUri: anonymousCI.wsUri
    }
  }
+
+  if (remoteChatInfos.xmppserver.external) {
+    // To be able to connect to a remote livechat using an external account,
+    // The remote server MUST have livechat >= 9.0.0...
+    // So we flag the connection as compatible or not, and we will disable the feature if not compatible.
+    connectionInfos.externalAuthCompatible = true
+  }
+
  return connectionInfos
 }

--- a/server/lib/federation/outgoing.ts
+++ b/server/lib/federation/outgoing.ts
@ -190,6 +190,7 @@ async function _serverBuildInfos (
  const prosodyDomain = await getProsodyDomain(options)
  const mucDomain = 'room.' + prosodyDomain
  const anonDomain = 'anon.' + prosodyDomain
+  const externalDomain = 'external.' + prosodyDomain

  let directs2s
  if (settings['prosody-room-allow-s2s'] && settings['prosody-s2s-port']) {
@ -232,6 +233,7 @@ async function _serverBuildInfos (
  return {
    host: prosodyDomain,
    muc: mucDomain,
+    external: externalDomain, // we will always add it, even if disabled. Can't cause trouble.
    directs2s,
    websockets2s,
    anonymous
--- a/server/lib/federation/sanitize.ts
+++ b/server/lib/federation/sanitize.ts
@ -88,6 +88,12 @@ function sanitizePeertubeLiveChatServerInfos (
    muc
  }

+  // This comes with livechat >= 9.0.0, can be absent.
+  const external = _validateHost(xmppserver.external, checkHost)
+  if (external) {
+    r.external = external
+  }
+
  if (xmppserver.directs2s) {
    if ((typeof xmppserver.directs2s) === 'object') {
      const port = xmppserver.directs2s.port
--- a/server/lib/federation/storage.ts
+++ b/server/lib/federation/storage.ts
@ -122,7 +122,8 @@ async function storeRemoteServerInfos (
  const mainHost = xmppserver.host
  const hosts = [
    xmppserver.host,
-    xmppserver.muc
+    xmppserver.muc,
+    xmppserver.external
  ]

  for (const host of hosts) {
--- a/server/lib/federation/types.ts
+++ b/server/lib/federation/types.ts
@ -7,6 +7,7 @@ interface VideoBuildResultContext {
 interface PeertubeXMPPServerInfos {
  host: string // main host (should be the peertube url)
  muc: string // muc component url
+  external?: string // external users virtualhost (livechat version >=9.0.0)
  directs2s?: { // if direct S2S is enabled
    port: string
  }
--- a/server/lib/prosody/config/content.ts
+++ b/server/lib/prosody/config/content.ts
@ -375,6 +375,7 @@ class ProsodyConfigContent {

    this.muc.add('modules_enabled', 'dialback') // This allows s2s connections without certicicates!
    this.authenticated?.add('modules_enabled', 'dialback') // This allows s2s connections without certicicates!
+    this.external?.add('modules_enabled', 'dialback') // same.
  }

  useExternalComponents (