Prosody auth, first working code:

* generated password on an api call * use this password to authenticate on prosody * using helper getAuthUser when available, else fallback to custom code
2021-05-04 13:00:44 +02:00
parent fb7e98d20e
commit 76adc7124f
8 changed files with 204 additions and 38 deletions
--- a/server/lib/routers/api.ts
+++ b/server/lib/routers/api.ts
@ -1,6 +1,8 @@
 import type { Router, Request, Response, NextFunction } from 'express'
 import { videoHasWebchat } from '../../../shared/lib/video'
 import { asyncMiddleware } from '../middlewares/async'
+import { prosodyCheckUserPassword, prosodyRegisterUser, prosodyUserRegistered } from '../prosody/auth'
+import { getAuthUser } from '../helpers'

 // See here for description: https://modules.prosody.im/mod_muc_http_defaults.html
 interface RoomDefaults {
@ -79,6 +81,25 @@ async function initApiRouter (options: RegisterServerOptions): Promise<Router> {
    }
  ))

+  router.get('/auth', asyncMiddleware(
+    async (req: Request, res: Response, _next: NextFunction) => {
+      const user = getAuthUser(options, res)
+      if (!user) {
+        res.sendStatus(403)
+        return
+      }
+      if (user.blocked) {
+        res.sendStatus(403)
+        return
+      }
+      const password: string = await prosodyRegisterUser(user.username)
+      res.status(200).json({
+        jid: user.username + '@localhost',
+        password: password
+      })
+    }
+  ))
+
  router.post('/user/register', asyncMiddleware(
    async (req: Request, res: Response, _next: NextFunction) => {
      res.sendStatus(501)
@ -107,7 +128,7 @@ async function initApiRouter (options: RegisterServerOptions): Promise<Router> {
        res.status(200).send('false')
        return
      }
-      if (user === 'john' && pass === 'password') {
+      if (user && pass && await prosodyCheckUserPassword(user as string, pass as string)) {
        res.status(200).send('true')
        return
      }
@ -136,8 +157,9 @@ async function initApiRouter (options: RegisterServerOptions): Promise<Router> {
        res.status(200).send('false')
        return
      }
-      if (user === 'john') {
+      if (user && await prosodyUserRegistered(user as string)) {
        res.status(200).send('true')
+        return
      }
      res.status(200).send('false')
    }
--- a/server/lib/routers/settings.ts
+++ b/server/lib/routers/settings.ts
@ -24,7 +24,7 @@ async function initSettingsRouter (options: RegisterServerOptions): Promise<Rout
        res.sendStatus(403)
        return
      }
-      if (!isUserAdmin(res)) {
+      if (!isUserAdmin(options, res)) {
        res.sendStatus(403)
        return
      }
--- a/server/lib/routers/webchat.ts
+++ b/server/lib/routers/webchat.ts
@ -32,11 +32,15 @@ async function initWebchatRouter (options: RegisterServerOptions): Promise<Route
      let room: string
      let boshUri: string
      let wsUri: string
+      let authenticationUrl: string = ''
      if (settings['chat-use-prosody']) {
        server = 'anon.localhost'
        room = '{{VIDEO_UUID}}@room.localhost'
        boshUri = getBaseRouter() + 'webchat/http-bind'
        wsUri = ''
+        authenticationUrl = options.peertubeHelpers.config.getWebserverUrl() +
+          getBaseRouter() +
+          'api/auth'
      } else if (settings['chat-use-builtin']) {
        if (!settings['chat-server']) {
          throw new Error('Missing chat-server settings.')
@ -70,7 +74,7 @@ async function initWebchatRouter (options: RegisterServerOptions): Promise<Route
      page = page.replace(/{{ROOM}}/g, room)
      page = page.replace(/{{BOSH_SERVICE_URL}}/g, boshUri)
      page = page.replace(/{{WS_SERVICE_URL}}/g, wsUri)
-      page = page.replace(/{{TRY_AUTHENTICATED_MODE}}/g, settings['chat-use-prosody'] ? 'true' : 'false')
+      page = page.replace(/{{AUTHENTICATION_URL}}/g, authenticationUrl)

      res.status(200)
      res.type('html')