From eba7cfcec5402573d15cc593e8fea5e99b5e0d41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=8F=D0=BD=20=D0=9C=D0=B8=D0=BD=D0=BA?=
 =?UTF-8?q?=D0=BE=D0=B2?= <damencho@jitsi.org>
Date: Wed, 21 Sep 2022 14:57:30 -0400
Subject: [PATCH] feat: Adds automatic jaas account creation. (#12213)

* feat: Adds automatic jaas account creation.

* squash: Prints return data if any.

* squash: Moves jitsi-challenge.txt to /usr/share/jitsi-meet/.well-known.
---
 debian/jitsi-meet-web-config.postinst | 10 +++-
 resources/register-jaas-account.sh    | 85 +++++++++++++++++++++++++++
 2 files changed, 93 insertions(+), 2 deletions(-)
 create mode 100755 resources/register-jaas-account.sh

diff --git a/debian/jitsi-meet-web-config.postinst b/debian/jitsi-meet-web-config.postinst
index a28cecc95..ead5cfb01 100644
--- a/debian/jitsi-meet-web-config.postinst
+++ b/debian/jitsi-meet-web-config.postinst
@@ -221,8 +221,14 @@ case "$1" in
             invoke-rc.d apache2 reload || true
         fi
 
-        if [ "$ISSUE_LE_CERT" = "true" ] ; then
-            /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL $JVB_HOSTNAME
+        # If scripts fail they will print suggestions for next steps, do not fail install
+        # those can be re-run later
+        # run the scripts only on new install or when re-configuring
+        if [ "$ISSUE_LE_CERT" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ] ; then
+            /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL $JVB_HOSTNAME || true
+        fi
+        if [ "${JAAS_INPUT}" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ] ; then
+            /usr/share/jitsi-meet/scripts/register-jaas-account.sh $EMAIL $JVB_HOSTNAME || true
         fi
 
         echo ""
diff --git a/resources/register-jaas-account.sh b/resources/register-jaas-account.sh
new file mode 100755
index 000000000..52d1904ee
--- /dev/null
+++ b/resources/register-jaas-account.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+set -e
+
+EMAIL=$1
+DOMAIN=$2
+
+if [ -z "${DOMAIN}" ] || [ -z "${EMAIL}" ]; then
+    echo "You need to provide email and domain as parameters."
+    exit 1
+fi
+
+JAAS_ENDPOINT="https://account-provisioning.cloudflare.jitsi.net/operations"
+CHALLENGE_FILE="/usr/share/jitsi-meet/.well-known/jitsi-challenge.txt"
+SUPPORT_MSG="Reach out to JaaS support or retry with /usr/share/jitsi-meet/scripts/register-jaas-account.sh"
+
+create_error=0
+create_data=$(curl -s -f -X 'POST' "${JAAS_ENDPOINT}" -H 'Content-Type: application/json' -H 'accept: */*' \
+  -d "{ \"domain\": \"${DOMAIN}\", \"email\": \"${EMAIL}\" }") || create_error=$?
+if [ ${create_error} -ne 0 ]; then
+    echo "Account creation failed. Status: ${create_error}, response: ${create_data}"
+    exit 2
+fi
+
+# Creating the challenge file
+echo "${create_data}" | jq -r .challenge > ${CHALLENGE_FILE}
+
+op_id=$(echo "${create_data}" | jq -r .operationId)
+ready_error=0
+ready_data=$(curl -s -f -X 'PUT' "${JAAS_ENDPOINT}/${op_id}/ready") || ready_error=$?
+if [ ${ready_error} -ne 0 ]; then
+    echo "Validating domain failed. Status: ${ready_error}"
+    echo "Response: "
+    echo "${ready_data}" | jq -r
+    echo "${SUPPORT_MSG}"
+    echo
+    exit 3
+fi
+
+SLEEP_TIME=0
+WAIT_BEFORE_CHECK=10
+TIMEOUT=60
+echo -n "Creating..."
+(while true; do
+    provisioned_data=$(curl -s -f "${JAAS_ENDPOINT}/${op_id}")
+
+    status=$(echo "${provisioned_data}" | jq -r .status)
+
+    if [ "${status}" == "PROVISIONED" ]; then
+        echo ""
+        echo "=================="
+        echo ""
+        echo "JaaS account was created. To finish setup follow the email that was sent."
+        echo ""
+        echo "=================="
+        exit 0;
+    elif  [ "${status}" == "FAILED" ]; then
+        echo ""
+        echo "=================="
+        echo ""
+        echo "JaaS account creation failed:${provisioned_data}"
+        echo ""
+        echo "=================="
+        exit 4
+    elif  [ "${status}" == "VERIFIED" ] && [ "${verified}" != "true" ]; then
+        echo -n "Account was successfully verified..."
+        verified="true"
+    fi
+
+    if [ ${SLEEP_TIME} -ge ${TIMEOUT} ]; then
+        echo ""
+        echo "=================="
+        echo ""
+        echo "Timeout creating account. ${SUPPORT_MSG}"
+        echo ""
+        echo "=================="
+        exit 5
+    fi
+
+    echo -n "waiting..."
+    sleep ${WAIT_BEFORE_CHECK}
+    SLEEP_TIME=$((SLEEP_TIME+WAIT_BEFORE_CHECK))
+done)
+
+rm ${CHALLENGE_FILE} || true