Commit Graph

220 Commits

Author SHA1 Message Date
damencho acdde6f1f5 fix: Skips check on domain verification disabled. Fixes #9313. 2021-06-02 11:50:26 -05:00
Aaron van Meerten 81c4e9a7fd fix: prosody: token alg is checked before public key is used 2021-06-02 11:50:16 -05:00
damencho 737d542ca8 fix: Fixes av moderation logic when granting moderator. 2021-06-02 09:38:25 +03:00
Andrei Bora 27481f0270 Allow both regex and normal check for the room name 2021-05-27 13:37:24 -05:00
damencho 15c08f90c4 feat: Adds new module to unlimit jicofo and jvb connections.
In case limited those connection will be whitelisted and unlimited. Updates existing configurations to make sure prosody update will not break it by limiting too much.

Uses 28c16c93d79a version of the module: https://modules.prosody.im/mod_limits_exception.html
Will be available in prosody 0.12.
2021-05-26 11:17:25 -05:00
scott boone 9657bd9b6d
removed a typo (#9244) 2021-05-19 16:02:59 -05:00
Scott Boone e6242f5bc7 lowercase to fix tokens with uppercase letters (e.g., slack JWTs) 2021-05-19 15:52:04 -05:00
damencho 1f41ddd228 fix: Drops extra message sent on leave. 2021-05-19 10:11:14 -05:00
Shawn Chin cff4ed83f6
Reservations prosody plugin (#8386)
* Added mod_reservations prosody plugin

* Removed comments re mutex

* Add support for HTTP retries and expose config to tweak retry behaviour

* Removed TODO comment. Feature implemented

* Added multi-tenant support

* renamed config var and default to always including tenant name in name field

* Simplified handling of multi-tenant

* Fixed bug with DELETE not called on reservation expiry

* fix: Fixes destroying room.

Co-authored-by: damencho <damencho@jitsi.org>
2021-05-13 22:20:21 -05:00
damencho a39f2aebd9 fix: Fixes handling tenant in util and lobby. 2021-05-13 13:52:45 -05:00
damencho 7396db71fd feat: jitsi_session: extracts URL parameters from BOSH or WS into session
Co-authored-by: Saúl Ibarra Corretgé <saghul@jitsi.org>
2021-05-13 06:29:42 -05:00
Дамян Минков 5c08b1ec5b
feat: A/V moderation (prosody module) (#9106)
* feat(prosody-modules): Moves a function for getting room to util.

* feat: Audio/Video moderation.

* squash: Fix docs.

* squash: Changes a field name in the message for adding jid to whitelist.

* squash: Moves to boolean from boolean string.

* squash: Only moderators get whitelist on join.

* squash: Check whether in room and moderator.

* squash: Send to participants only message about approval.

Skips sending the whole list.

* feat: Separates enable/disable by media type.

Adds actor to the messages to inform who enabled it.

* squash: Fixes reporting disable of the feature.

* squash: Fixes init of av_moderation_actors.

* squash: Fixes av_moderation_actor jid to be room jid.

* squash: Fixes comments.

* squash: Fixes warning about shadowing definition.

* squash: Updates ljm.

* fix: Fixes auto-granting from jicofo.

* squash: Further simplify...
2021-05-12 16:36:02 -05:00
damencho cb9c85e1bc fix: Updates jiconop2 to drop custom type. 2021-04-23 12:19:35 -05:00
Дамян Минков f4c8310ea7
JiConOp2 (#9052)
* feat: Exposes a hook to mod_external_services data.

The hook can be used to get turn servers and credentials from another module.

* feat: JiConOp2 pushes a message with some info to clients.

* feat: JiConOp adds config for shard name feature.

* squash: Changes message type to service-info.

* squash: Drops the event in external_services.
2021-04-22 12:54:34 -05:00
Andrei Bora 572b99b208 Verify room name using regex in JWT 2021-04-19 07:49:46 -05:00
damencho 0067f6b077 fix: Fixes lobby when allowners is enabled. 2021-03-25 15:20:49 -06:00
damencho 2e308d67d8 feat: Fixes filtering not needed presences.
We were filtering only self presences, no it filters and the presences to the other participants.
2021-03-09 16:19:43 -06:00
damencho b559cb8ec6 feat: Move checks for moderator in pre-join and filter extra presences.
We will filter the initial presence where participant is announced as `participant` and shortly after that we send a second presence with the new `moderator` role.
2021-03-08 16:01:32 -06:00
damencho 30a2e84da1 fix: Fixes filtering lobby presences. 2021-03-08 16:01:32 -06:00
damencho bf714c1c8b feat: Allow star for room in moderated tenants. 2021-01-28 16:28:39 -06:00
Дамян Минков 01c55bdb15
feat: Uses mod_external_services supporting urn:xmpp:extdisco:2. (#8455)
* feat: Uses mod_external_services supporting urn:xmpp:extdisco:2.

The old mod_turncredentials.lua is left to continue working for those using old installs.
New install will start using the new module which will no longer be needed with prosody 0.12.

https://hg.prosody.im/prosody-modules/file/4841cf3fded5/mod_external_services/mod_external_services.lua

* squash: Updates ljm to support urn:xmpp:extdisco:2.
2021-01-21 16:14:00 -06:00
bgrozev b6f7f8fba7
Remove the "focus" external component, use client_proxy instead. (#8381)
* feat: Add mod_client_proxy and mod_roster_command.

Taken from prosody-modules 4317:456b9f608fcf with the
mod_roster_command patch applied.

* feat: Use mod_client_proxy to proxy to jicofo.
2021-01-11 15:45:00 -06:00
Shawn 060a8628ce fixed admin check for token verification 2021-01-05 12:56:33 -06:00
Andrei Bora 898eca86d5 Make jwt accept boolean values for features 2020-11-23 11:34:34 -06:00
Andrei Bora c4ef7d8601 Fix get subdomain function 2020-11-11 08:37:35 -06:00
damencho f6127d45e9 fix: Fix module allowners and moderated rooms. 2020-11-10 10:43:29 -06:00
damencho 895c92217a fix: Optimizes hot paths in prosody modules, string comparisons. 2020-11-06 13:33:14 -06:00
Andrei Bora 50997ae6ac Stringify boolean values from jwt user context 2020-11-06 06:15:45 -06:00
Дамян Минков 9f65ae52f1
fix: Prosody modules - drop unused and duplicate code and drop chatty debug statements (#8027)
* chore: Updates mod_smacks.lua version to latest.

https://hg.prosody.im/prosody-modules/file/db75772afb28/mod_smacks/mod_smacks.lua

* Drop unused modules.

* Update docs.

* Move utility functions away from domain mapper.

* Remove some chatty debug log messages.

* Drops not needed patch for mod_websocket.
2020-11-04 08:25:03 -06:00
slauth 9742e90bb5 allow wildcard in token issuer verification 2020-11-03 10:45:47 -06:00
damencho 734631a7a4 fix: Avoids storing lobby room instance in the main room object.
We sometimes see "error   Top-level error, please report:
                  /usr/lib/prosody/util/serialization.lua:38: Can't serialize table: table has multiple references".
This also slows down restarting prosody.
2020-10-30 12:52:08 -05:00
emrah da33d8a033 fix: speakerstats_component, attempt to index (a nil value) 2020-10-20 07:48:23 -05:00
Дамян Минков 8dcf04897a
feat: Throttle out call attempts to the max number per minute (#7742)
* feat: Make possible to reload config for filter rayo iq.

* feat: Throttle out call attempts to the max number per minute

* squash: Updates comment about config
2020-09-22 10:53:43 -05:00
damencho 0354dbe889 fix: Updates docs and verification to halt joining process.
When returning the error and showing to user not allowed screen we were not completely halting the prejoin operation when token verification fails on room join and the token is valid in general.
2020-09-10 10:07:30 -05:00
Andrei Bora af71d80150 Fix call after timeout 2020-08-19 17:38:40 +03:00
Andrei Bora b765adca75 Solve review issues and add retries for http call 2020-08-19 17:11:18 +03:00
Andrei Bora 92e6cf7618 Add pre and post validation for users that want to use their own public keys 2020-08-19 16:50:24 +03:00
Aaron van Meerten c3329ec931
Merge pull request #7518 from jitsi/aaronkvanmeerten/jibri-queue-component-modules
FEAT: prosody jibri queue component module
2020-08-18 10:16:39 -05:00
damencho 25ae83bcf4 fix: Fixes #7514 when promoting new moderator and lobby is enabled. 2020-08-14 17:56:24 -05:00
Aaron van Meerten 82b1408454 FEAT: jibri queue clear asap cache for token util on config reload 2020-08-14 15:24:26 -05:00
Aaron van Meerten 36565f0c50 FIX: token util keyurl definition move to above callback definition 2020-08-14 15:23:54 -05:00
Aaron van Meerten 0c48e205d7
Merge branch 'master' into aaronkvanmeerten/jibri-queue-component-modules 2020-08-14 14:21:13 -05:00
Aaron van Meerten 5e35b69fc9 FIX: prosody token util handles race on timeout gracefully 2020-08-14 14:14:29 -05:00
Aaron van Meerten 3fd85720bc FIX: prosody jibri queue component reloads configuration 2020-08-14 14:13:57 -05:00
Aaron van Meerten e439d065b7 FEAT: token util better logging for timeouts, verification 2020-08-14 13:52:25 -05:00
Aaron van Meerten d716665f27 FIX: jibri-queue module log improvements 2020-08-13 16:41:42 -05:00
Aaron van Meerten d05fa32413 FIX: add flag to control whether to check room claim in JWT validation
jibri queue component stop checking room validation in token
Jibri queue component debug output when bad token is found
2020-08-12 14:43:34 -05:00
Aaron van Meerten 3da7798e9f FIX: prosody: output string for time and position in jibri queue 2020-08-10 15:21:56 -05:00
Aaron van Meerten 6fc9606c0d FEAT: support updating accepted issuer/aud for token lib 2020-08-10 15:21:31 -05:00
Aaron van Meerten 0bd100f027 FIX: prosody: comment on destroy_request 2020-08-07 13:16:17 -05:00
Aaron van Meerten f14a595462 FIX: prosody: destroy_request check 2020-08-07 13:15:55 -05:00
Aaron van Meerten c4155575f9 FIX: prosody: room validation on jibri-queue
The full room JID is now passed properly to verify_token
verify_token now also expects the correct jid for validation
2020-08-07 12:10:00 -05:00
Aaron van Meerten 11ee71a51c FEAT: jwt pubkey cache inside object
Allows each module that does token validation to have its own cache
2020-08-07 11:51:44 -05:00
Aaron van Meerten 9b7e8c98ad FEAT: default value for jibri queue region 2020-08-06 17:12:53 -05:00
Aaron van Meerten ad44558153 FEAT: validate keys at specific URL for jibri queue
Provide region value in POST to jibri-queue service
2020-08-06 17:12:31 -05:00
paweldomas 00b41dbb41 add mod_websocket patch for session event
It's to be used in docker-jitsi-meet to patch older
Prosody versions until this change becomes available.
2020-07-23 16:29:45 -05:00
damencho ddc2b4f26e fix: Adds display name to notifications about lobby operations.
Display name for lobby operations notifications are taken from the list of knocking participants which is available only to moderators. In case of not all moderators the notifications were broken.
2020-07-23 14:49:52 -05:00
Aaron van Meerten d70f9d6fd6 FIX: use correct URL paths for jibri queue service 2020-07-22 16:24:08 -04:00
Aaron van Meerten 7858f12df2 FEATURE: proper outbound iq handler for REST requests 2020-07-20 12:51:07 -04:00
Aaron van Meerten 828e578af4 FIX: rename disco info component to correct name
FIX: reply to iq only on successful reply from queue server
2020-07-17 16:19:25 -04:00
Aaron van Meerten 4289b23135 feature: jibri queue authorization header handler 2020-07-16 22:48:52 -04:00
Aaron van Meerten 099820b6ac prosody modules: jibri queue events for leave, room destroyed 2020-07-14 16:50:34 -04:00
Aaron van Meerten 25ded0bdeb prosody modules: add util function for rewritesplit JID 2020-07-14 16:49:51 -04:00
Aaron van Meerten 51fd10278b FIX: prosody jibri queue handle iq properly 2020-07-13 18:04:48 -04:00
abora8x8 5b89709483
Add hook for creating lobby before participants join (#7273)
* Add hook for create lobby

* Remove duplicated code
2020-07-13 11:29:35 -05:00
Maxence Dalmais 4e1f42a665 Update mod_muc_poltergeist.lua
Add avatar to user context so it is picked by the web interface
2020-07-08 07:08:50 -05:00
damencho f73e9947c0 fix: Uses room jids for the lobby notifications. 2020-07-06 09:56:01 -05:00
Дамян Минков b3a2905849
feat: Sends json messages notifying for lobby actions. (#7209)
* feat: Sends json messages notifying for lobby actions.

* squash: Fixes quotes to be consistent.

* fix: Fixes attempt to call global 'formdecode' (a nil value).
2020-07-03 08:26:44 -05:00
damencho 6d3d15a64b feat: Adds an option to validate a recording token. 2020-07-02 12:51:14 -05:00
Imre Faragó bfd5db355d prosody muc_size plugin, room get info error fix (Traceback[httpserver]: /usr/lib/prosody/util/async.lua:137: /prosody-plugins/mod_muc_size.lua:141: attempt to concatenate local 'subdomain' (a nil value) 2020-07-01 08:04:41 -05:00
Дамян Минков a4ca247056
Lobby required displayname (#7197)
* ref: Rename jitsi_bosh_query_room to jitsi_web_query_room.

This is no longer bosh only and is available for both bosh and websocket sessions.

* feat: Adds feature to disco-info indicating that display name is required.

* feat: Adds option to disable checking whether display name is required.

* ref: Clears auth_token when verification fails.

* squash: Fixing comments.

* squash: Updates to latest lib-jitsi-meet.
2020-06-30 08:15:08 -05:00
Aaron Van Meerten 24c75b7332 FIX: better URL handler for jibri queue events 2020-06-29 18:46:15 -05:00
Aaron Van Meerten 2327a6d0b4 FEATURE: prosody: add http handler for jibri queue 2020-06-29 18:20:04 -05:00
Aaron Van Meerten b94c357cc2 WIP: jibri queue component prosody modules 2020-06-29 18:11:41 -05:00
Дамян Минков 6fbba52c6d
feat: Adds a new option to disable lobby for guests. (#7094)
* feat: Adds a new option to disable lobby for guests.

* squash: Rename config option.

* squash: Comment update.
2020-06-19 14:50:31 -05:00
Дамян Минков e6dbe65193
Moderated rooms or subdomains (#6959)
* fix: Fixes using token with no user context.

* feat(moderated): Adds option to add moderated rooms and subdomains.

When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room.

* squash: Renames function.

* ref: Removes filtering jicofo setting owners.

This will be disabled on jicofo side and will greatly simplify logic.
Also check the checks to avoid jwt for main domain to access subdomains and the other way around.

* fix: Skips allowners logic for admins.
2020-06-05 07:57:49 -05:00
Дамян Минков 78b01d2c97
Adding whitelist and move away from using custom field for password. (#6621)
* Adding whitelist and move away from using custom field for password.

We re-use room lock for lobby password.

* Make sure we do not run muc-occupant-pre-join for non members only rooms.

* Destroying lobby room, when main room is destroyed or membersonly is disabled.

* Adds destroy reason.

* Clears lobby room instance on destroy.

Fixes problem with on/off/on of lobby feature.

* Add lobby room jid only when members only is on.

* Sends main room jid on lobby destroy.

We can use that in client loggic to auto-join lobby participants to main room as lobby is disabled while waiting.

* fix: Fixes using is_healthcheck_room.

* squash: Enables lobby rooms feature by default.

* chore(deps): Update lib-jitsi-meet, to enable lobby rooms.
2020-05-27 18:01:41 -05:00
Boris Grozev 76e1217439 ref: Make is_healthcheck_room more generic. 2020-05-12 18:22:14 -05:00
Wuriyanto 1b8e5d0244 change cjson to cjson.safe and cath error from decode function 2020-05-11 05:46:07 -05:00
damencho eea8fef044 Initial Lobby backend implementation. 2020-04-30 16:34:46 -05:00
drimovecz 3ab6b97b8b
Added module for filtering transcription requests from presence stanz… (#6404)
* Added module for filtering transcription requests from presence stanzas when the users making the requests do not have access to the transcription feature

* Add comments explaining the functionality and configuration for the transcription filtering module.

Co-authored-by: drimovecz <daniel.rimovecz@8x8.com>
2020-04-28 09:11:58 -05:00
Ruben Kerkhof 57bb2ead36 Conference timer should start counting at 0
It's starting at 1 hour because os.time(os.date("!*t") returns the wrong
time depending on system timezone. os.time() already returns the number
of seconds since epoch in UTC so just use that.

Fixes #5595
2020-04-23 10:22:02 -05:00
Дамян Минков ffdd4f2eed
debian: updates around coturn package and order of install (#5729)
* debian: Update coturn udp port to non-privileged one.

* debian: Turnserver config requires jitsi-meet-web-config files.

* doc: Updates doc, removing `--no-install-recommends`.

* debian: Moves checks and configs to default to prosody 0.11.

* debian: Disable room locking on internal muc.

* add scripts for deploying coturn with certbot

* turnserver: Removes unused variable showing error.

* debian: updates let's encrypt and coturn scripts.

* debian: Detect failure to retrieve external ip address.

* debian: Always configure turn when the turnserver package is installed.

Co-authored-by: Julien Fastré <julien.fastre@champs-libres.coop>
2020-04-08 13:06:49 -05:00
Steve Frécinaux aff6d4b36d Fix mod_muc_max_occupants to properly ignore whitelisted users
In a typical Jitsi Meet setup, this plugin can be used to limit the number of
occupants in a meeting room, while ignoring "utility" users. Such a
configuration could be:

    muc_max_occupants = 2
    muc_access_whitelist = {
        "focus@auth.meet.jitsi";
    }

It would be expected that this configuration allows two users to attend the
meeting room, but in practice only one is allowed, because the whitelist is not
honoured.

This commit fixes it by actually updating the `user` and `domain` variables
being checked. After this change, the scenario above works just fine.
2020-03-31 16:38:23 -05:00
paweldomas 04c0945930 add mod_websocket_smacks.patch
The patch and Prosody 0.11 is required for the XMPP stream resume
2020-03-11 06:56:40 -07:00
paweldomas 5f2acb70de add mod_smacks.lua version c49fea05772e
https://hg.prosody.im/prosody-modules/raw-file/c49fea05772e/mod_smacks/mod_smacks.lua
2020-03-11 06:56:40 -07:00
paweldomas 4dc10e82f1 feat(mod_auth_token): add support for 'previd' query param
The 'previd' query parameter will be use to match user id of the session
being resumed when the smacks module and token authentication are
enabled in Prosody. Otherwise user gets new random id every time and
this doesn't work with the smacks module.
2020-03-11 06:56:40 -07:00
Saúl Ibarra Corretgé 073fdc7b0e
sperakerstats: prevent access of nil object (#5112)
If the dominant speaker leaves their object will be gone from the mapping.
2020-03-06 12:33:41 +01:00
Pedro Henrique Linhares 1b6c5a7141
Set SASL username when using anonymous mechanism with auth_token (#5025) 2020-01-30 00:25:15 +00:00
Aaron van Meerten 5d86d202bd initial session for bosh and websockets (#5006)
* hook on websocket events

* initial session for bosh and websockets
2020-01-24 14:59:29 +00:00
Aaron van Meerten 710307725b fixes async_handler_wrapper (#5001)
* fixes async_handler_wrapper

adds missing runner variable from async to async_handler_wrapper
removes redundant have_async definition in wrap_async_run, defined at top of module

* only use async handler wrapper,
remove async_wrap_run
2020-01-23 19:31:05 +00:00
damencho 91fb4665d6 Fixes conference duration config to use valid IDNA. 2020-01-14 12:16:39 +00:00
theunafraid c2cf09a2ca Add conference timer (#4958) 2020-01-13 17:12:25 +00:00
Дамян Минков c73ba37202
Introduces installing coturn as turn server for jitsi-meet (#4959)
* Adds package that can configure using turnserver for jitsi-meet.

Activates http2 on the nginx host and uses the alpn send with the web requests to multiplex traffic to be served as web of proxied to the turn server.
It needs nginx at least v1.13.10.
Adds turncredentials module from Philipp Hancke, with small modification (all int values for hosts need to be strings/tostring()) in order to be able to use the module with prosody 0.11.

* Moves loading of stream after loading stream module (50-..).

* Leaves DISABLE_TCP_HARVESTER to be handled by jvb.

* Fixes comments.

* Properly detect first time coturn install and configure it.

* Handles upgrading from jetty serving web.

* Does not create jvb user if already exists.

* Fixes let's encrypt and adds turnserver handling.

* Enables use of turn server in config.js if available.

* Adds a check whether prosody config exists.

There are cases where deployments can still have configured prosody in the main prosody config in /etc/prosody.
2020-01-09 16:51:27 +00:00
damencho b4be1bcd05 Adds some checks about async.
There are modules that will not work with prosody 0.10 as they depend on util.async. Adds a safeguard and print error about it in the logs.
And others that just do not work because of the muc module API that they use.
2019-12-10 10:55:56 +01:00
damencho ebfc5a95ff Activates multidomain by default when installing with nginx. 2019-12-10 10:55:56 +01:00
damencho db6a2673de Handles unique Id for a meeting. 2019-11-26 10:37:19 +00:00
drimovecz ffded8d82a Drimovecz/speakerstats (#4851)
* Correctly process speaker stats events when the conference contains a subdomain
2019-11-13 15:37:09 +00:00
Aaron van Meerten be0950c1ec multidomain mapper functionality and examples (#4773)
* first pass at mod_muc_domain open source plus example

* doc - prosody config and config.js examples for mapper
2019-10-24 12:42:11 +01:00
drimovecz 6ecd150f75 Add context user on speaker stats 2019-10-23 09:24:43 +01:00