From 9d40405f759c4302a337c6c41b3754821680a094 Mon Sep 17 00:00:00 2001 From: John Livingston Date: Thu, 25 May 2023 10:32:33 +0200 Subject: [PATCH] Fix session.secure for outgoint websocket s2s. --- CHANGELOG.md | 1 - .../mod_websocket_s2s_peertubelivechat.lua | 15 +++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52c75659..35d99917 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,6 @@ TODO: documentation, and settings names/descriptions changes related to direct XMPP S2S connections. TODO?: mod_s2s_peertubelivechat: dont allow to connect to remote server that are not Peertube servers? TODO: when sanitizing remote chat endpoint, check that the domain is the same as the video domain (or is room.videodomain.tld). -TODO: outgoing s2s connection have a session.secure=true hardcoded. Should not. TODO: only compatible with Prosody 0.12.x. So it should be documented for people using «system Prosody». And i should fix the ARM AppImage. TODO: it seems that in some case A->B can be Websocket, and B->A direct S2S. Check if this is fine. And maybe we can optimise some code, by allowing directS2S event if current server dont accept it. TODO: check that the keepalive is working with websocket s2s. It seems the connection is often close and reopened. diff --git a/prosody-modules/mod_websocket_s2s_peertubelivechat/mod_websocket_s2s_peertubelivechat.lua b/prosody-modules/mod_websocket_s2s_peertubelivechat/mod_websocket_s2s_peertubelivechat.lua index ef8cb22d..74c0a7a6 100644 --- a/prosody-modules/mod_websocket_s2s_peertubelivechat/mod_websocket_s2s_peertubelivechat.lua +++ b/prosody-modules/mod_websocket_s2s_peertubelivechat/mod_websocket_s2s_peertubelivechat.lua @@ -546,6 +546,10 @@ function route_to_new_session(event) log("debug", "No websocket s2s capabilities from remote host %s", to_host); return; end + local ws_url = ws_properties.url; + if (not ws_url) then + log("error", "Missing url in the discover-websocket-s2s result"); + end log("debug", "Found a Websocket endpoint for s2s communications to remote host %s", to_host); local session = s2s_new_outgoing(from_host, to_host); @@ -561,12 +565,19 @@ function route_to_new_session(event) session.open_stream = session_open_stream; session.close = session_close; - session.secure = true; -- FIXME should test if protocol is wss or ws local ex = {}; ex["headers"] = ws_properties.extra_headers or {}; ex["protocol"] = "xmpp"; + if ws_url:find('^wss') ~= nil then + log("debug", "Outgoing WS S2S Session is considered secure, we are using wss"); + session.secure = true; + else + log("debug", "Outgoing WS S2S Session is considered insecure, because the endpoint is not using wss"); + session.secure = false; + end + -- now we start using the session logger local log = session.log; log("debug", "Starting the s2s websocket connection process"); @@ -595,7 +606,7 @@ function route_to_new_session(event) -- is called. But here, we switch the connection listener to use the -- s2s_listener as soon as the connection is open. So it can't work. -- That's why I use net.http, and handle the Websocket handshake by hand. - local ws_connection = custom_connect(ws_properties['url'], ex, { + local ws_connection = custom_connect(ws_url, ex, { onopen = onopen; onclose = onclose; });