Prosody auth WIP.

2021-05-03 20:37:23 +02:00
parent d2e36344af
commit 4a4ffaae2d
8 changed files with 414 additions and 12 deletions
--- a/server/lib/prosody/config.ts
+++ b/server/lib/prosody/config.ts
@ -94,11 +94,14 @@ async function getProsodyConfig (options: RegisterServerOptions): Promise<Prosod
  const peertubeDomain = 'localhost'
  const paths = await getProsodyFilePaths(options)

-  const roomApiUrl = options.peertubeHelpers.config.getWebserverUrl() +
+  const baseApiUrl = options.peertubeHelpers.config.getWebserverUrl() +
    getBaseRouter() +
-    'api/room?jid={room.jid|jid_node}'
+    'api/'
+  const authApiUrl = baseApiUrl + 'user'
+  const roomApiUrl = baseApiUrl + 'room?jid={room.jid|jid_node}'

  const config = new ProsodyConfigContent(paths)
+  config.useHttpAuthentication(authApiUrl)
  config.usePeertubeBosh(peertubeDomain, port)
  config.useMucHttpDefault(roomApiUrl)
  config.setArchive('1w') // Remove archived messages after 1 week
--- a/server/lib/prosody/config/content.ts
+++ b/server/lib/prosody/config/content.ts
@ -99,6 +99,7 @@ type ProsodyLogLevel = 'debug' | 'info'
 class ProsodyConfigContent {
  paths: ProsodyFilePaths
  global: ProsodyConfigGlobal
+  authenticated?: ProsodyConfigVirtualHost
  anon: ProsodyConfigVirtualHost
  muc: ProsodyConfigComponent
  log: string
@ -154,6 +155,15 @@ class ProsodyConfigContent {
    this.muc.set('muc_room_default_history_length', 20)
  }

+  useHttpAuthentication (url: string): void {
+    this.authenticated = new ProsodyConfigVirtualHost('localhost')
+
+    this.authenticated.set('authentication', 'http')
+    this.authenticated.set('modules_enabled', ['ping', 'auth_http'])
+
+    this.authenticated.set('http_auth_url', url)
+  }
+
  usePeertubeBosh (peertubeDomain: string, port: string): void {
    this.global.set('c2s_require_encryption', false)
    this.global.set('interfaces', ['127.0.0.1', '::1'])
@ -176,6 +186,15 @@ class ProsodyConfigContent {
    this.anon.set('http_external_url', 'http://' + peertubeDomain)

    this.muc.set('restrict_room_creation', 'local')
+
+    if (this.authenticated) {
+      this.authenticated.set('trusted_proxies', ['127.0.0.1', '::1'])
+      this.authenticated.set('allow_anonymous_s2s', false)
+      this.authenticated.add('modules_enabled', 'http')
+      this.authenticated.add('modules_enabled', 'bosh')
+      this.authenticated.set('http_host', peertubeDomain)
+      this.authenticated.set('http_external_url', 'http://' + peertubeDomain)
+    }
  }

  useMucHttpDefault (url: string): void {
@ -208,6 +227,10 @@ class ProsodyConfigContent {
    content += this.global.write()
    content += this.log + '\n'
    content += '\n\n'
+    if (this.authenticated) {
+      content += this.authenticated.write()
+      content += '\n\n'
+    }
    content += this.anon.write()
    content += '\n\n'
    content += this.muc.write()
--- a/server/lib/routers/api.ts
+++ b/server/lib/routers/api.ts
@ -44,11 +44,17 @@ async function initApiRouter (options: RegisterServerOptions): Promise<Router> {
      }
      // check settings (chat enabled for this video?)
      const settings = await options.settingsManager.getSettings([
+        'chat-use-prosody',
        'chat-only-locals',
        'chat-all-lives',
        'chat-all-non-lives',
        'chat-videos-list'
      ])
+      if (!settings['chat-use-prosody']) {
+        logger.warn('Prosody chat is not active')
+        res.sendStatus(403)
+        return
+      }
      if (!videoHasWebchat({
        'chat-only-locals': settings['chat-only-locals'] as boolean,
        'chat-all-lives': settings['chat-all-lives'] as boolean,
@ -73,6 +79,82 @@ async function initApiRouter (options: RegisterServerOptions): Promise<Router> {
    }
  ))

+  router.post('/user/register', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      res.sendStatus(501)
+    }
+  ))
+
+  router.get('/user/check_password', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      const settings = await options.settingsManager.getSettings([
+        'chat-use-prosody',
+        'chat-only-locals',
+        'chat-all-lives',
+        'chat-all-non-lives',
+        'chat-videos-list'
+      ])
+      if (!settings['chat-use-prosody']) {
+        logger.warn('Prosody chat is not active')
+        res.status(200).send('false')
+        return
+      }
+      const user = req.query.user
+      const server = req.query.server
+      const pass = req.query.pass
+      if (server !== 'localhost') {
+        logger.warn(`Cannot call check_password on user on server ${server as string}.`)
+        res.status(200).send('false')
+        return
+      }
+      if (user === 'john' && pass === 'password') {
+        res.status(200).send('true')
+        return
+      }
+      res.status(200).send('false')
+    }
+  ))
+
+  router.get('/user/user_exists', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      const settings = await options.settingsManager.getSettings([
+        'chat-use-prosody',
+        'chat-only-locals',
+        'chat-all-lives',
+        'chat-all-non-lives',
+        'chat-videos-list'
+      ])
+      if (!settings['chat-use-prosody']) {
+        logger.warn('Prosody chat is not active')
+        res.status(200).send('false')
+        return
+      }
+      const user = req.query.user
+      const server = req.query.server
+      if (server !== 'localhost') {
+        logger.warn(`Cannot call user_exists on user on server ${server as string}.`)
+        res.status(200).send('false')
+        return
+      }
+      if (user === 'john') {
+        res.status(200).send('true')
+      }
+      res.status(200).send('false')
+    }
+  ))
+
+  router.post('/user/set_password', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      res.sendStatus(501)
+    }
+  ))
+
+  router.post('/user/remove_user', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      res.sendStatus(501)
+    }
+  ))
+
  return router
 }

--- a/server/lib/routers/webchat.ts
+++ b/server/lib/routers/webchat.ts
@ -1,6 +1,7 @@
 import type { Router, RequestHandler, Request, Response, NextFunction } from 'express'
 import type { ProxyOptions } from 'express-http-proxy'
 import { getBaseRouter } from '../helpers'
+import { asyncMiddleware } from '../middlewares/async'
 import * as path from 'path'
 const bodyParser = require('body-parser')

@ -20,8 +21,8 @@ async function initWebchatRouter (options: RegisterServerOptions): Promise<Route

  const router: Router = getRouter()
  // eslint-disable-next-line @typescript-eslint/no-misused-promises
-  router.get('/room/:videoUUID', async (req: Request, res: Response, next: NextFunction): Promise<void> => {
-    try {
+  router.get('/room/:videoUUID', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction): Promise<void> => {
      const settings = await settingsManager.getSettings([
        'chat-use-prosody', 'chat-use-builtin', 'chat-room', 'chat-server',
        'chat-bosh-uri', 'chat-ws-uri'
@ -69,14 +70,13 @@ async function initWebchatRouter (options: RegisterServerOptions): Promise<Route
      page = page.replace(/{{ROOM}}/g, room)
      page = page.replace(/{{BOSH_SERVICE_URL}}/g, boshUri)
      page = page.replace(/{{WS_SERVICE_URL}}/g, wsUri)
+      page = page.replace(/{{TRY_AUTHENTICATED_MODE}}/g, settings['chat-use-prosody'] ? 'true' : 'false')

      res.status(200)
      res.type('html')
      res.send(page)
-    } catch (error) {
-      next(error)
    }
-  })
+  ))

  changeHttpBindRoute(options, null)
  router.all('/http-bind',