External Components interface configuration:

You can now configure on which network interfaces Prosody will listen for external components.
2023-08-10 14:45:04 +02:00
parent 28c586fc09
commit d0ba7d017d
7 changed files with 72 additions and 7 deletions
--- a/server/lib/prosody/config.ts
+++ b/server/lib/prosody/config.ts
@ -144,6 +144,7 @@ async function getProsodyConfig (options: RegisterServerOptionsV5): Promise<Pros
    'prosody-peertube-uri',
    'prosody-components',
    'prosody-components-port',
+    'prosody-components-interfaces',
    'prosody-components-list',
    'chat-no-anonymous',
    'federation-dont-publish-remotely'
@ -230,11 +231,22 @@ async function getProsodyConfig (options: RegisterServerOptionsV5): Promise<Pros
    if (!/^\d+$/.test(componentsPort)) {
      throw new Error('Invalid external components port')
    }
+    const componentsInterfaces = ((settings['prosody-components-interfaces'] as string) || '')
+      .split(',')
+      .map(s => s.trim())
+    // Check that there is no invalid values (to avoid injections):
+    componentsInterfaces.forEach(networkInterface => {
+      if (networkInterface === '*') return
+      if (networkInterface === '::') return
+      if (networkInterface.match(/^\d+\.\d+\.\d+\.\d+$/)) return
+      if (networkInterface.match(/^[a-f0-9:]+$/)) return
+      throw new Error('Invalid components interfaces')
+    })
    const components = parseExternalComponents((settings['prosody-components-list'] as string) || '', prosodyDomain)
    for (const component of components) {
      valuesToHideInDiagnostic.set('Component ' + component.name + ' secret', component.secret)
    }
-    config.useExternalComponents(componentsPort, components)
+    config.useExternalComponents(componentsPort, componentsInterfaces, components)
  }

  if (enableRoomS2S || enableRemoteChatConnections) {
--- a/server/lib/prosody/config/content.ts
+++ b/server/lib/prosody/config/content.ts
@ -315,9 +315,17 @@ class ProsodyConfigContent {
    this.authenticated?.add('modules_enabled', 'dialback') // This allows s2s connections without certicicates!
  }

-  useExternalComponents (componentsPort: string, components: ExternalComponent[]): void {
+  useExternalComponents (
+    componentsPort: string,
+    componentsInterfaces: string[] | null,
+    components: ExternalComponent[]
+  ): void {
    this.global.set('component_ports', [componentsPort])
-    this.global.set('component_interfaces', ['127.0.0.1', '::1'])
+    if (componentsInterfaces !== null) {
+      this.global.set('component_interfaces', componentsInterfaces)
+    } else {
+      this.global.set('component_interfaces', [])
+    }

    for (const component of components) {
      const c = new ProsodyConfigComponent(component.name)
--- a/server/lib/settings.ts
+++ b/server/lib/settings.ts
@ -358,6 +358,15 @@ Please read
    descriptionHTML: loc('prosody_components_port_description')
  })

+  registerSetting({
+    name: 'prosody-components-interfaces',
+    label: loc('prosody_components_interfaces_label'),
+    type: 'input',
+    default: '127.0.0.1, ::1',
+    private: true,
+    descriptionHTML: loc('prosody_components_interfaces_description')
+  })
+
  registerSetting({
    name: 'prosody-components-list',
    label: loc('prosody_components_list_label'),