From d0ba7d017daa5c325ff2aa827073ce37546cdc02 Mon Sep 17 00:00:00 2001 From: John Livingston Date: Thu, 10 Aug 2023 14:45:04 +0200 Subject: [PATCH] External Components interface configuration: You can now configure on which network interfaces Prosody will listen for external components. --- CHANGELOG.md | 6 +++++- client/admin-plugin-client-plugin.ts | 1 + languages/en.yml | 18 ++++++++++++++++-- server/lib/prosody/config.ts | 14 +++++++++++++- server/lib/prosody/config/content.ts | 12 ++++++++++-- server/lib/settings.ts | 9 +++++++++ .../en/documentation/admin/settings.md | 19 ++++++++++++++++++- 7 files changed, 72 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fbcfb258..888f53a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,11 @@ ### New features -* Moderation bot +* Moderation bot. + +### Minor changes and fixes + +* You can now configure on which network interfaces Prosody will listen for external components. ### Minor changes and fixes diff --git a/client/admin-plugin-client-plugin.ts b/client/admin-plugin-client-plugin.ts index a5d7a59f..9eb4f444 100644 --- a/client/admin-plugin-client-plugin.ts +++ b/client/admin-plugin-client-plugin.ts @@ -208,6 +208,7 @@ function register ({ registerHook, registerSettingsScript, peertubeHelpers }: Re case 'prosody-certificates-dir': return options.formValues['prosody-room-allow-s2s'] !== true case 'prosody-components-port': + case 'prosody-components-interfaces': case 'prosody-components-list': return options.formValues['prosody-components'] !== true case 'converse-autocolors': diff --git a/languages/en.yml b/languages/en.yml index eb05735c..39cdcabd 100644 --- a/languages/en.yml +++ b/languages/en.yml @@ -253,16 +253,30 @@ prosody_c2s_port_description: | prosody_components_label: "Enable custom Prosody external components" prosody_components_description: | Enable the use of external XMPP components.
- This option alone only allows connections from localhost.
+ This option alone only allows connections from localhost. + You have to setup the listening interfaces and open the port on your firewall to make it available from remote servers.
This feature can, for example, be used to connect some bots to the chatting rooms. prosody_components_port_label: "Prosody external components port" prosody_components_port_description: | The port that will be used by XMPP components to connect to the Prosody server.
Change it if this port is already in use on your server.
- You can keep this port closed on your firewall for now, it will not be accessed from the outer world.
+ You can keep this port closed on your firewall if you don't allow access on interfaces other than localhost.
Note: this might change in a near future, as it is planned to add a feature to activate external connections. +prosody_components_interfaces_label: "Prosody external components network interfaces" +prosody_components_interfaces_description: | + The network interfaces to listen on for external components connections.
+ List of IP to listen on, coma separated (spaces will be stripped).
+ You can use «*» to listen on all IPv4 interfaces, and «::» for all IPv6.
+ Examples: + + prosody_components_list_label: "External components" prosody_components_list_description: | The external components to declare: diff --git a/server/lib/prosody/config.ts b/server/lib/prosody/config.ts index 2e382756..b04f7451 100644 --- a/server/lib/prosody/config.ts +++ b/server/lib/prosody/config.ts @@ -144,6 +144,7 @@ async function getProsodyConfig (options: RegisterServerOptionsV5): Promise s.trim()) + // Check that there is no invalid values (to avoid injections): + componentsInterfaces.forEach(networkInterface => { + if (networkInterface === '*') return + if (networkInterface === '::') return + if (networkInterface.match(/^\d+\.\d+\.\d+\.\d+$/)) return + if (networkInterface.match(/^[a-f0-9:]+$/)) return + throw new Error('Invalid components interfaces') + }) const components = parseExternalComponents((settings['prosody-components-list'] as string) || '', prosodyDomain) for (const component of components) { valuesToHideInDiagnostic.set('Component ' + component.name + ' secret', component.secret) } - config.useExternalComponents(componentsPort, components) + config.useExternalComponents(componentsPort, componentsInterfaces, components) } if (enableRoomS2S || enableRemoteChatConnections) { diff --git a/server/lib/prosody/config/content.ts b/server/lib/prosody/config/content.ts index 6447f608..8643d428 100644 --- a/server/lib/prosody/config/content.ts +++ b/server/lib/prosody/config/content.ts @@ -315,9 +315,17 @@ class ProsodyConfigContent { this.authenticated?.add('modules_enabled', 'dialback') // This allows s2s connections without certicicates! } - useExternalComponents (componentsPort: string, components: ExternalComponent[]): void { + useExternalComponents ( + componentsPort: string, + componentsInterfaces: string[] | null, + components: ExternalComponent[] + ): void { this.global.set('component_ports', [componentsPort]) - this.global.set('component_interfaces', ['127.0.0.1', '::1']) + if (componentsInterfaces !== null) { + this.global.set('component_interfaces', componentsInterfaces) + } else { + this.global.set('component_interfaces', []) + } for (const component of components) { const c = new ProsodyConfigComponent(component.name) diff --git a/server/lib/settings.ts b/server/lib/settings.ts index 8768937c..62f23acb 100644 --- a/server/lib/settings.ts +++ b/server/lib/settings.ts @@ -358,6 +358,15 @@ Please read descriptionHTML: loc('prosody_components_port_description') }) + registerSetting({ + name: 'prosody-components-interfaces', + label: loc('prosody_components_interfaces_label'), + type: 'input', + default: '127.0.0.1, ::1', + private: true, + descriptionHTML: loc('prosody_components_interfaces_description') + }) + registerSetting({ name: 'prosody-components-list', label: loc('prosody_components_list_label'), diff --git a/support/documentation/content/en/documentation/admin/settings.md b/support/documentation/content/en/documentation/admin/settings.md index 803d495d..682afcf4 100644 --- a/support/documentation/content/en/documentation/admin/settings.md +++ b/support/documentation/content/en/documentation/admin/settings.md @@ -159,8 +159,25 @@ As example, this option can allow an instance of Matterbridge (once it could use ### {{% livechat_label prosody_components_label %}} This settings enable XMPP external components to connect to the server. -For now, this option **only allows connections from localhost components**. +By default, this option **only allows connections from localhost components**. +You have to change the "{{% livechat_label prosody_components_interfaces_label %}}" value to listen on other network interfaces. This feature could be used to connect bridges or bots. More informations on Prosody external components [here](https://prosody.im/doc/components). + +#### {{% livechat_label prosody_components_label %}} + +{{% livechat_label prosody_components_description %}} + +#### {{% livechat_label prosody_components_port_label %}} + +{{% livechat_label prosody_components_port_description %}} + +#### {{% livechat_label prosody_components_interfaces_label %}} + +{{% livechat_label prosody_components_interfaces_description %}} + +#### {{% livechat_label prosody_components_list_label %}} + +{{% livechat_label prosody_components_list_description %}}