peertube-plugin-livechat/server/lib/prosody/config.ts

516 lines
19 KiB
TypeScript

// SPDX-FileCopyrightText: 2024 John Livingston <https://www.john-livingston.fr/>
//
// SPDX-License-Identifier: AGPL-3.0-only
import type { RegisterServerOptions } from '@peertube/peertube-types'
import type { Config as XMPPBotConfig } from 'xmppjs-chat-bot'
import type { ProsodyLogLevel } from './config/content'
import type { AvatarSet } from '../settings'
import * as fs from 'fs'
import * as path from 'path'
import { getBaseRouterRoute, RegisterServerOptionsV5 } from '../helpers'
import { ProsodyFilePaths } from './config/paths'
import { ConfigLogExpiration, ProsodyConfigContent } from './config/content'
import { getProsodyDomain } from './config/domain'
import { getAPIKey } from '../apikey'
import { parseExternalComponents } from './config/components'
import { getRemoteServerInfosDir } from '../federation/storage'
import { BotConfiguration } from '../configuration/bot'
import { debugMucAdmins } from '../debug'
import { ExternalAuthOIDC } from '../external-auth/oidc'
async function getWorkingDir (options: RegisterServerOptions): Promise<string> {
const peertubeHelpers = options.peertubeHelpers
const logger = peertubeHelpers.logger
logger.debug('Calling getWorkingDir')
if (!peertubeHelpers.plugin) {
throw new Error('Missing peertubeHelpers.plugin, have you the correct Peertube version?')
}
const dir = path.resolve(peertubeHelpers.plugin.getDataDirectoryPath(), 'prosody')
logger.debug('getWorkingDir will return the dir ' + dir)
return dir
}
async function getProsodyFilePaths (options: RegisterServerOptions): Promise<ProsodyFilePaths> {
const logger = options.peertubeHelpers.logger
logger.debug('Calling getProsodyFilePaths')
const dir = await getWorkingDir(options)
const settings = await options.settingsManager.getSettings([
'use-system-prosody', 'prosody-room-allow-s2s', 'prosody-certificates-dir', 'avatar-set'
])
let exec
let execArgs: string[] = []
let execCtl
let execCtlArgs: string[] = []
let appImageToExtract
// this one is always needed (must create the directory on startup)
const appImageExtractPath = path.resolve(dir, '..', 'prosodyAppImage')
if (settings['use-system-prosody']) {
exec = 'prosody'
execCtl = 'prosodyctl'
} else {
// const arch = process.arch
// if (arch === 'arm' || arch === 'arm64') {
// logger.info('Node process.arch is ' + arch + ', we will be using the aarch64 Prosody AppImage')
// appImageToExtract = path.resolve(__dirname, '../../prosody/livechat-prosody-aarch64.AppImage')
// } else {
// appImageToExtract = path.resolve(__dirname, '../../prosody/livechat-prosody-x86_64.AppImage')
// }
if (process.arch === 'x64' || process.arch === 'x86_64') {
logger.debug('Node process.arch is ' + process.arch + ', we will be using the x86_64 Prosody AppImage')
appImageToExtract = path.resolve(__dirname, '../../prosody/livechat-prosody-x86_64.AppImage')
exec = path.resolve(appImageExtractPath, 'squashfs-root/AppRun')
execArgs = ['prosody']
execCtl = exec
execCtlArgs = ['prosodyctl']
} else if (process.arch === 'arm64') {
logger.debug('Node process.arch is ' + process.arch + ', we will be using the aarch64 Prosody AppImage')
appImageToExtract = path.resolve(__dirname, '../../prosody/livechat-prosody-aarch64.AppImage')
exec = path.resolve(appImageExtractPath, 'squashfs-root/AppRun')
execArgs = ['prosody']
execCtl = exec
execCtlArgs = ['prosodyctl']
} else {
logger.info('Node process.arch is ' + process.arch + ', cant use the Prosody AppImage')
}
}
let certsDir: string | undefined = path.resolve(dir, 'certs')
let certsDirIsCustom = false
if (settings['prosody-room-allow-s2s'] && (settings['prosody-certificates-dir'] as string ?? '') !== '') {
if (!(await fs.promises.stat(settings['prosody-certificates-dir'] as string)).isDirectory()) {
// We can throw an exception here...
// Because if the user input a wrong directory, the plugin will not register,
// and they will never be able to fix the conf.
logger.error('Certificate directory does not exist or is not a directory')
certsDir = undefined
} else {
certsDir = settings['prosody-certificates-dir'] as string
}
certsDirIsCustom = true
} else {
// In this case we are generating and using self signed certificates
// Note: when using prosodyctl to generate self-signed certificates,
// there are wrongly generated in the data dir.
// So we will use this dir as the certs dir.
certsDir = path.resolve(dir, 'data')
}
let avatarSet: AvatarSet = (settings['avatar-set'] ?? 'sepia') as AvatarSet
let avatarsDir
let avatarsFiles
let botAvatarsDir
let botAvatarsFiles
if (avatarSet === 'none') {
botAvatarsDir = path.resolve(__dirname, '../../bot_avatars/', 'sepia') // fallback to default avatars for the bot
botAvatarsFiles = await _listAvatars(botAvatarsDir)
} else {
if (!['sepia', 'cat', 'bird', 'fenec', 'abstract', 'legacy'].includes(avatarSet)) {
logger.error('Invalid avatar-set setting, using sepia as default')
avatarSet = 'sepia'
}
avatarsDir = path.resolve(__dirname, '../../avatars/', avatarSet)
avatarsFiles = await _listAvatars(avatarsDir)
botAvatarsDir = path.resolve(__dirname, '../../bot_avatars/', avatarSet)
botAvatarsFiles = await _listAvatars(botAvatarsDir)
}
return {
dir: dir,
pid: path.resolve(dir, 'prosody.pid'),
error: path.resolve(dir, 'prosody.err'),
log: path.resolve(dir, 'prosody.log'),
config: path.resolve(dir, 'prosody.cfg.lua'),
data: path.resolve(dir, 'data'),
certs: certsDir,
certsDirIsCustom,
modules: path.resolve(__dirname, '../../prosody-modules'),
avatars: avatarsDir,
avatarsFiles,
botAvatars: botAvatarsDir,
botAvatarsFiles,
exec,
execArgs,
execCtl,
execCtlArgs,
appImageToExtract,
appImageExtractPath
}
}
type ProsodyConfigCertificates = false | 'generate-self-signed' | 'use-from-dir'
interface ProsodyConfig {
content: string
paths: ProsodyFilePaths
host: string
port: string
baseApiUrl: string
roomType: 'video' | 'channel'
logByDefault: boolean
logExpiration: ConfigLogExpiration
valuesToHideInDiagnostic: Map<string, string>
certificates: ProsodyConfigCertificates
bots: {
moderation?: XMPPBotConfig
}
}
async function getProsodyConfig (options: RegisterServerOptionsV5): Promise<ProsodyConfig> {
const logger = options.peertubeHelpers.logger
logger.debug('Calling getProsodyConfig')
const settings = await options.settingsManager.getSettings([
'prosody-port',
'prosody-muc-log-by-default',
'prosody-muc-expiration',
'prosody-c2s',
'prosody-c2s-port',
'prosody-c2s-interfaces',
'prosody-room-allow-s2s',
'prosody-s2s-port',
'prosody-s2s-interfaces',
'prosody-certificates-dir',
'prosody-room-type',
'prosody-peertube-uri',
'prosody-components',
'prosody-components-port',
'prosody-components-interfaces',
'prosody-components-list',
'chat-no-anonymous',
'auto-ban-anonymous-ip',
'federation-dont-publish-remotely',
'disable-channel-configuration',
'chat-terms'
])
const valuesToHideInDiagnostic = new Map<string, string>()
const port = (settings['prosody-port'] as string) || '52800'
if (!/^\d+$/.test(port)) {
throw new Error('Invalid port')
}
const logByDefault = (settings['prosody-muc-log-by-default'] as boolean) ?? true
const disableAnon = (settings['chat-no-anonymous'] as boolean) || false
const autoBanIP = (settings['auto-ban-anonymous-ip'] as boolean) || false
const logExpirationSetting = (settings['prosody-muc-expiration'] as string) ?? DEFAULTLOGEXPIRATION
const enableC2S = (settings['prosody-c2s'] as boolean) || false
// enableRoomS2S: room can be joined from remote XMPP servers (Peertube or not)
const enableRoomS2S = (settings['prosody-room-allow-s2s'] as boolean) || false
const enableComponents = (settings['prosody-components'] as boolean) || false
const prosodyDomain = await getProsodyDomain(options)
const paths = await getProsodyFilePaths(options)
const roomType = settings['prosody-room-type'] === 'channel' ? 'channel' : 'video'
// enableRemoteChatConnections: local users can communicate with external rooms
const enableRemoteChatConnections = !(settings['federation-dont-publish-remotely'] as boolean)
let certificates: ProsodyConfigCertificates = false
const useBots = !settings['disable-channel-configuration']
const bots: ProsodyConfig['bots'] = {}
const chatTerms = (typeof settings['chat-terms'] === 'string') && settings['chat-terms']
? settings['chat-terms']
: undefined
let useExternal: boolean = false
try {
const oidcs = ExternalAuthOIDC.allSingletons()
for (const oidc of oidcs) {
if (await oidc.isOk()) {
// At least one external authentcation => we must enable the external virtual host.
useExternal = true
break
}
}
} catch (err) {
logger.error(err)
useExternal = false
}
// Note: for the bots to connect, we must allow multiplexing.
// This will be done on the http (BOSH/Websocket) port, as it only listen on localhost.
// TODO: to improve performance, try to avoid multiplexing, and find a better way for bots to connect.
const useMultiplexing = useBots
const apikey = await getAPIKey(options)
valuesToHideInDiagnostic.set('APIKey', apikey)
const publicServerUrl = options.peertubeHelpers.config.getWebserverUrl()
let basePeertubeUrl = settings['prosody-peertube-uri'] as string
if (basePeertubeUrl) {
logger.debug('basePeertubeUrl for internal API: using the settings value')
if (!/^https?:\/\/[a-z0-9.-_]+(?::\d+)?$/.test(basePeertubeUrl)) {
throw new Error('Invalid prosody-peertube-uri')
}
}
if (!basePeertubeUrl && ('getServerListeningConfig' in options.peertubeHelpers.config)) {
// Peertube >=5.1 has getServerListeningConfig to get relevant information.
const listeningConfig = options.peertubeHelpers.config.getServerListeningConfig()
if (listeningConfig?.port) {
if (!listeningConfig.hostname || listeningConfig.hostname === '::') {
logger.debug(
'basePeertubeUrl for internal API: getServerListeningConfig.hostname==="' +
(listeningConfig.hostname ?? '') +
'", fallbacking on 127.0.0.1.'
)
basePeertubeUrl = `http://127.0.0.1:${listeningConfig.port}`
} else {
logger.debug('basePeertubeUrl for internal API: using getServerListeningConfig')
basePeertubeUrl = `http://${listeningConfig.hostname}:${listeningConfig.port}`
}
}
}
if (!basePeertubeUrl) {
// In still nothing, just using the public url (it will get througt nginx, but will work)
logger.debug('basePeertubeUrl for internal API: using public Url')
basePeertubeUrl = publicServerUrl
}
const baseApiUrl = basePeertubeUrl + getBaseRouterRoute(options) + 'api/'
const authApiUrl = baseApiUrl + 'user' // FIXME: should be protected by apikey, but mod_auth_http cant handle params
const roomApiUrl = baseApiUrl + 'room?apikey=' + apikey + '&jid={room.jid|jid_node}'
const testApiUrl = baseApiUrl + 'test?apikey=' + apikey
const config = new ProsodyConfigContent(paths, prosodyDomain, chatTerms)
if (!disableAnon) {
config.useAnonymous(autoBanIP)
}
if (useExternal) {
config.useExternal(apikey)
}
config.useHttpAuthentication(authApiUrl)
const useWS = !!options.registerWebSocketRoute // this comes with Peertube >=5.0.0, and is a prerequisite to websocket
config.usePeertubeBoshAndWebsocket(prosodyDomain, port, publicServerUrl, useWS, useMultiplexing)
config.useMucHttpDefault(roomApiUrl)
if (enableC2S) {
const c2sPort = (settings['prosody-c2s-port'] as string) || '52822'
if (!/^\d+$/.test(c2sPort)) {
throw new Error('Invalid c2s port')
}
const c2sInterfaces = ((settings['prosody-c2s-interfaces'] as string) || '127.0.0.1, ::1')
.split(',')
.map(s => s.trim())
// Check that there is no invalid values (to avoid injections):
c2sInterfaces.forEach(networkInterface => {
if (networkInterface === '*') return
if (networkInterface === '::') return
if (networkInterface.match(/^\d+\.\d+\.\d+\.\d+$/)) return
if (networkInterface.match(/^[a-f0-9:]+$/)) return
throw new Error('Invalid c2s interfaces')
})
config.useC2S(c2sPort, c2sInterfaces)
}
if (enableComponents) {
const componentsPort = (settings['prosody-components-port'] as string) || '53470'
if (!/^\d+$/.test(componentsPort)) {
throw new Error('Invalid external components port')
}
const componentsInterfaces = ((settings['prosody-components-interfaces'] as string) || '')
.split(',')
.map(s => s.trim())
// Check that there is no invalid values (to avoid injections):
componentsInterfaces.forEach(networkInterface => {
if (networkInterface === '*') return
if (networkInterface === '::') return
if (networkInterface.match(/^\d+\.\d+\.\d+\.\d+$/)) return
if (networkInterface.match(/^[a-f0-9:]+$/)) return
throw new Error('Invalid components interfaces')
})
const components = parseExternalComponents((settings['prosody-components-list'] as string) || '', prosodyDomain)
for (const component of components) {
valuesToHideInDiagnostic.set('Component ' + component.name + ' secret', component.secret)
}
config.useExternalComponents(componentsPort, componentsInterfaces, components)
}
if (enableRoomS2S || enableRemoteChatConnections) {
certificates = 'generate-self-signed'
if (config.paths.certsDirIsCustom) {
certificates = 'use-from-dir'
}
let s2sPort, s2sInterfaces
if (enableRoomS2S) {
s2sPort = (settings['prosody-s2s-port'] as string) || '5269'
if (!/^\d+$/.test(s2sPort)) {
throw new Error('Invalid s2s port')
}
s2sInterfaces = ((settings['prosody-s2s-interfaces'] as string) || '')
.split(',')
.map(s => s.trim())
// Check that there is no invalid values (to avoid injections):
s2sInterfaces.forEach(networkInterface => {
if (networkInterface === '*') return
if (networkInterface === '::') return
if (networkInterface.match(/^\d+\.\d+\.\d+\.\d+$/)) return
if (networkInterface.match(/^[a-f0-9:]+$/)) return
throw new Error('Invalid s2s interfaces')
})
} else {
s2sPort = null
s2sInterfaces = null
}
config.useS2S(s2sPort, s2sInterfaces, publicServerUrl, getRemoteServerInfosDir(options))
}
const logExpiration = readLogExpiration(options, logExpirationSetting)
config.useMam(logByDefault, logExpiration)
// TODO: add a settings to choose?
config.useDefaultPersistent()
config.useManageRoomsApi(apikey)
config.usePeertubeVCards(basePeertubeUrl)
if (paths.avatars && paths.avatarsFiles) {
config.useAnonymousRandomVCards(paths.avatars, paths.avatarsFiles)
}
if (useBots) {
config.useBotsVirtualHost(paths.botAvatars, paths.botAvatarsFiles)
bots.moderation = await BotConfiguration.singleton().getModerationBotGlobalConf()
if (bots.moderation?.connection?.password && typeof bots.moderation.connection.password === 'string') {
valuesToHideInDiagnostic.set('BotPassword', bots.moderation.connection.password)
}
}
config.usePoll()
config.useTestModule(apikey, testApiUrl)
const debugMucAdminJids = debugMucAdmins(options)
if (debugMucAdminJids) {
config.addMucAdmins(debugMucAdminJids)
}
let logLevel: ProsodyLogLevel | undefined
if (logger.level && (typeof logger.level === 'string')) {
if (logger.level === 'error' || logger.level === 'info' || logger.level === 'debug') {
logLevel = logger.level
} else if (logger.level === 'warn' || logger.level === 'warning') {
// Should be 'warn', but just in case... (this value was buggy with peertube <= 3.2.0-rc1)
logLevel = 'warn'
}
}
if (logLevel === undefined) {
logger.info('No log level found in Peertube, will use default "info" for Prosody')
logLevel = 'info'
}
config.setLog(logLevel)
const content = config.write()
return {
content,
paths,
port,
baseApiUrl,
host: prosodyDomain,
roomType,
logByDefault,
logExpiration,
valuesToHideInDiagnostic,
certificates,
bots
}
}
async function writeProsodyConfig (options: RegisterServerOptions): Promise<ProsodyConfig> {
const logger = options.peertubeHelpers.logger
logger.debug('Calling writeProsodyConfig')
logger.debug('Computing the Prosody config content')
const config = await getProsodyConfig(options)
const content = config.content
const fileName = config.paths.config
logger.info(`Writing prosody configuration file to ${fileName}`)
await fs.promises.writeFile(fileName, content)
logger.debug('Prosody configuration file writen')
return config
}
const DEFAULTLOGEXPIRATION = '1w'
const DEFAULTLOGEXPIRATIONTYPE = 'period'
function readLogExpiration (options: RegisterServerOptions, logExpiration: string): ConfigLogExpiration {
const logger = options.peertubeHelpers.logger
logExpiration = logExpiration?.trim()
if (logExpiration === 'never') {
return {
value: 'never',
type: 'never'
}
}
if (/^\d+$/.test(logExpiration)) {
if (logExpiration === '0') {
logger.error('Invalid prosody-muc-expiration value, cannot be 0.')
return {
value: DEFAULTLOGEXPIRATION,
type: DEFAULTLOGEXPIRATIONTYPE,
error: '0 is not an acceptable value.'
}
}
return {
value: logExpiration,
type: 'seconds',
seconds: parseInt(logExpiration)
}
}
const matches = logExpiration.match(/^(\d+)([d|w|m|y])$/)
if (matches) {
const d = matches[1]
if (d === '0') {
logger.error(`Invalid prosody-muc-expiration value, cannot be ${logExpiration}.`)
return {
value: DEFAULTLOGEXPIRATION,
type: DEFAULTLOGEXPIRATIONTYPE,
error: '0 is not an acceptable value.'
}
}
return {
value: logExpiration,
type: 'period'
}
}
logger.error(`Invalid prosody-muc-expiration value '${logExpiration}'.`)
return {
value: DEFAULTLOGEXPIRATION,
type: DEFAULTLOGEXPIRATIONTYPE,
error: `Invalid value '${logExpiration}'.`
}
}
function getProsodyConfigContentForDiagnostic (config: ProsodyConfig, content?: string): string {
let r: string = content ?? config.content
for (const [key, value] of config.valuesToHideInDiagnostic.entries()) {
// replaceAll not available, using trick:
r = r.split(value).join(`***${key}***`)
}
return r
}
async function _listAvatars (dir: string): Promise<string[]> {
const files = await fs.promises.readdir(dir)
const r = []
for (const file of files) {
if (!file.endsWith('.jpg') && !file.endsWith('.png')) {
continue
}
r.push(file)
}
return r.sort()
}
export {
ProsodyConfig,
getProsodyConfig,
getWorkingDir,
getProsodyFilePaths,
writeProsodyConfig,
getProsodyConfigContentForDiagnostic
}