matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Possibility to configure an OpenID Connect provider on the instance

Browse Source 
level WIP (#128)

Fix chat federation.
This commit is contained in:
John Livingston 2024-04-18 15:42:06 +02:00
parent 28936ed84b
commit 3efbfbc12b
No known key found for this signature in database
GPG Key ID: B17B5640CE66CDBC
8 changed files with 56 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -8,6 +8,7 @@ TODO: https://github.com/JohnXLivingston/peertube-plugin-livechat/issues/48
**Breaking changes**: **Breaking changes**:
* If you were adding custom CSS to livechat iframe, it could be broken, as the livechat is no more included in an iframe. Your custom styles are now added on a `div` element. * If you were adding custom CSS to livechat iframe, it could be broken, as the livechat is no more included in an iframe. Your custom styles are now added on a `div` element.
* If you enabled [XMPP Clients connections](https://livingston.frama.io/peertube-plugin-livechat/documentation/admin/advanced/xmpp_clients/), you must add a new DNS entry for `external.your_instance.example.com`. Check the documentation.
### New features ### New features

18
server/lib/conversejs/params.ts
View File

@ -79,6 +79,11 @@ async function getConverseJSParams (
let externalAuthOIDC let externalAuthOIDC
if (userIsConnected !== true) { if (userIsConnected !== true) {
if (!remoteConnectionInfos?.externalAuthCompatible) {
options.peertubeHelpers.logger.debug(
'The remote livechat plugin is not compatible with external authentication, not enabling the feature'
)
} else {
try { try {
const oidc = ExternalAuthOIDC.singleton() const oidc = ExternalAuthOIDC.singleton()
if (await oidc.isOk()) { if (await oidc.isOk()) {
@ -95,6 +100,7 @@ async function getConverseJSParams (
options.peertubeHelpers.logger.error(err) options.peertubeHelpers.logger.error(err)
} }
} }
}
return { return {
peertubeVideoOriginalUrl: roomInfos.video?.url, peertubeVideoOriginalUrl: roomInfos.video?.url,
@ -291,6 +297,7 @@ interface WCRemoteConnectionInfos {
wsUri?: string wsUri?: string
} }
authenticated?: boolean authenticated?: boolean
externalAuthCompatible: boolean
} }
async function _remoteConnectionInfos ( async function _remoteConnectionInfos (
@ -301,7 +308,8 @@ async function _remoteConnectionInfos (
if (!remoteChatInfos) { throw new Error('Should have remote chat infos for remote videos') } if (!remoteChatInfos) { throw new Error('Should have remote chat infos for remote videos') }
if (remoteChatInfos.type !== 'xmpp') { throw new Error('Should have remote xmpp chat infos for remote videos') } if (remoteChatInfos.type !== 'xmpp') { throw new Error('Should have remote xmpp chat infos for remote videos') }
const connectionInfos: WCRemoteConnectionInfos = { const connectionInfos: WCRemoteConnectionInfos = {
roomJID: remoteChatInfos.jid roomJID: remoteChatInfos.jid,
externalAuthCompatible: false
} }
if (compatibleRemoteAuthenticatedConnectionEnabled(remoteChatInfos, canWebsocketS2S, canDirectS2S)) { if (compatibleRemoteAuthenticatedConnectionEnabled(remoteChatInfos, canWebsocketS2S, canDirectS2S)) {
connectionInfos.authenticated = true connectionInfos.authenticated = true
@ -314,6 +322,14 @@ async function _remoteConnectionInfos (
wsUri: anonymousCI.wsUri wsUri: anonymousCI.wsUri
} }
} }
if (remoteChatInfos.xmppserver.external) {
// To be able to connect to a remote livechat using an external account,
// The remote server MUST have livechat >= 9.0.0...
// So we flag the connection as compatible or not, and we will disable the feature if not compatible.
connectionInfos.externalAuthCompatible = true
}
return connectionInfos return connectionInfos
} }

2
server/lib/federation/outgoing.ts
View File

@ -190,6 +190,7 @@ async function _serverBuildInfos (
const prosodyDomain = await getProsodyDomain(options) const prosodyDomain = await getProsodyDomain(options)
const mucDomain = 'room.' + prosodyDomain const mucDomain = 'room.' + prosodyDomain
const anonDomain = 'anon.' + prosodyDomain const anonDomain = 'anon.' + prosodyDomain
const externalDomain = 'external.' + prosodyDomain
let directs2s let directs2s
if (settings['prosody-room-allow-s2s'] && settings['prosody-s2s-port']) { if (settings['prosody-room-allow-s2s'] && settings['prosody-s2s-port']) {
@ -232,6 +233,7 @@ async function _serverBuildInfos (
return { return {
host: prosodyDomain, host: prosodyDomain,
muc: mucDomain, muc: mucDomain,
external: externalDomain, // we will always add it, even if disabled. Can't cause trouble.
directs2s, directs2s,
websockets2s, websockets2s,
anonymous anonymous

6
server/lib/federation/sanitize.ts
View File

@ -88,6 +88,12 @@ function sanitizePeertubeLiveChatServerInfos (
muc muc
} }
// This comes with livechat >= 9.0.0, can be absent.
const external = _validateHost(xmppserver.external, checkHost)
if (external) {
r.external = external
}
if (xmppserver.directs2s) { if (xmppserver.directs2s) {
if ((typeof xmppserver.directs2s) === 'object') { if ((typeof xmppserver.directs2s) === 'object') {
const port = xmppserver.directs2s.port const port = xmppserver.directs2s.port

3
server/lib/federation/storage.ts
View File

@ -122,7 +122,8 @@ async function storeRemoteServerInfos (
const mainHost = xmppserver.host const mainHost = xmppserver.host
const hosts = [ const hosts = [
xmppserver.host, xmppserver.host,
xmppserver.muc xmppserver.muc,
xmppserver.external
] ]
for (const host of hosts) { for (const host of hosts) {

1
server/lib/federation/types.ts
View File

@ -7,6 +7,7 @@ interface VideoBuildResultContext {
interface PeertubeXMPPServerInfos { interface PeertubeXMPPServerInfos {
host: string // main host (should be the peertube url) host: string // main host (should be the peertube url)
muc: string // muc component url muc: string // muc component url
external?: string // external users virtualhost (livechat version >=9.0.0)
directs2s?: { // if direct S2S is enabled directs2s?: { // if direct S2S is enabled
port: string port: string
} }

1
server/lib/prosody/config/content.ts
View File

@ -375,6 +375,7 @@ class ProsodyConfigContent {
this.muc.add('modules_enabled', 'dialback') // This allows s2s connections without certicicates! this.muc.add('modules_enabled', 'dialback') // This allows s2s connections without certicicates!
this.authenticated?.add('modules_enabled', 'dialback') // This allows s2s connections without certicicates! this.authenticated?.add('modules_enabled', 'dialback') // This allows s2s connections without certicicates!
this.external?.add('modules_enabled', 'dialback') // same.
} }
useExternalComponents ( useExternalComponents (

18
support/documentation/content/en/documentation/admin/advanced/xmpp_clients.md
View File

@ -57,9 +57,9 @@ so that the outer world can connect to it.
### DNS ### DNS
You need to add a [DNS record](https://prosody.im/doc/dns) allowing remote servers to find the "room.your_instance.tld" component. You need to add [DNS records](https://prosody.im/doc/dns) allowing remote servers to find "room.your_instance.tld" and "external.your_instance.tld" components.
The easiest way to do this is to add an SRV record for the "room" [subdomain](https://prosody.im/doc/dns#subdomains): The easiest way to do this is to add SRV records for the "room" and "external" [subdomain](https://prosody.im/doc/dns#subdomains):
* record name: _xmpp-server._tcp.room.your_instance.tld. (replace «your_instance.tld» by your instance uri) * record name: _xmpp-server._tcp.room.your_instance.tld. (replace «your_instance.tld» by your instance uri)
* TTL: 3600 * TTL: 3600
@ -70,13 +70,25 @@ The easiest way to do this is to add an SRV record for the "room" [subdomain](ht
* port: 5269 (adapt if your changed the default port) * port: 5269 (adapt if your changed the default port)
* target: your_instance.tld. (replace by your instance uri) * target: your_instance.tld. (replace by your instance uri)
* record name: _xmpp-server._tcp.external.your_instance.tld. (replace «your_instance.tld» by your instance uri)
* TTL: 3600
* class: IN
* SRV: 0
* priority: 0
* weight: 5
* port: 5269 (adapt if your changed the default port)
* target: your_instance.tld. (replace by your instance uri)
Be careful to keep the dot after "your_instance.tld". Be careful to keep the dot after "your_instance.tld".
Using the `dig` command to check your record, you should get a result similar to this: Using the `dig` command to check your records, you should get a result similar to this:
```bash ```bash
$ dig +short _xmpp-server._tcp.room.videos.john-livingston.fr. SRV $ dig +short _xmpp-server._tcp.room.videos.john-livingston.fr. SRV
0 5 5269 videos.john-livingston.fr. 0 5 5269 videos.john-livingston.fr.
$ dig +short _xmpp-server._tcp.external.videos.john-livingston.fr. SRV
0 5 5269 videos.john-livingston.fr.
``` ```
If you are **not using the standard `5269` port**, you must also add a SRV record for `_xmpp-server._tcp.your_instance.tld.` (same as above, just without the `room.` prefix). If you are **not using the standard `5269` port**, you must also add a SRV record for `_xmpp-server._tcp.your_instance.tld.` (same as above, just without the `room.` prefix).