Commit Graph

46 Commits

Author SHA1 Message Date
Дамян Минков 744960bb1a
feat: Several module optimizations to avoid constant parsing of jids. (#12594)
* feat: Several module optimizations to avoid constant parsing of jids.

Caches the parsed values in a rotating table with limited size.
Skips constant creating of a stanza with never changing values - create it once and then just clone it.

* squash: Fixes extract_subdomain multiple values.

* squash: Fix table values when there is a nil element.

* squash: Fix skipping the roomless IQs.

* squash: Fix comments.
2022-11-28 14:18:59 -06:00
Дамян Минков 079a2a505d
feat: Adds LE choice when installing debian package. (#12154)
* feat: Adds LE choice when installing debian package.

* Update debian/jitsi-meet-web-config.templates

Co-authored-by: raluca8x8 <raluca.tocmag@8x8.com>

* squash: Print in the console the JaaS link everytime.

* squash: Note that JaaS does not support self-signed certs.

* squash: Fix message.

* squash: Moves acme.sh stuff into a script, so it is easy to re-run.

Co-authored-by: raluca8x8 <raluca.tocmag@8x8.com>
2022-09-13 07:55:00 -05:00
Stefan Weil 882d343e8b
chore(typos) fix some typos 2022-08-30 16:21:58 +02:00
luzpaz c7f96de787
fix(misc) fix typos
Found via `codespell -q 3 -S ./lang -L miliseconds`
2022-07-14 09:10:08 +02:00
Дамян Минков 4d51aedde0
feat: Adds room info http endpoint jwt protected. (#11738)
* feat: Adds room info http endpoint jwt protected.

Used from dialplan from jigasi for handling passwords in IVR.

* squash: Fixes comments.

* squash: nginx api/rom-info

* fix: Skips tenant checks when enableDomainVerification is false.

* squash: Drops duplicate code and supports multi-shards.

By adding room= parameter in query and tenant prefix for the api we add support for multi-shards setup.

* feat: Enable domain verification by default.

This is used when verifying room access with token_verification module.

* squash: Update docs.
2022-07-12 09:51:13 +03:00
Дамян Минков 1400b6ff0a
feat: Moves luajwtjitsi in jitsi-meet. (#11501)
* feat: Moves luajwtjitsi in jitsi-meet.

* squash: Fix luajwtjitsi name to include lib.
2022-05-09 09:15:12 -05:00
philip-cc 46dd88c91b
feat(jwt) refactor token authentication plugin to use new luajwtjitsi version 2022-04-19 13:06:20 +02:00
nosmicek 40353cf762
fix: Fixes nil error while processing wrong jwt value. Fixes #10970
Co-authored-by: David Mišurec <david.misurec@icewarp.com>
2022-02-17 12:05:39 -06:00
Дамян Минков ba6247daaf
fix: Fixes errors in prosody about string formatting and nil values. (#10037)
* fix: Fixes errors in prosody about string formatting and nil values.

error   Traceback[c2s]: /usr/lib/prosody/util/format.lua:59: invalid option '%b' to 'format'
stack traceback:

mod_polls.lua:25: attempt to index local 'data' (a nil value)
stack traceback:

* squash: Fix more formatting concatenation.
2021-09-27 14:48:13 -05:00
Scott Boone 7af23f35ba added comment for future proofing 2021-08-18 14:01:11 -05:00
damencho acdde6f1f5 fix: Skips check on domain verification disabled. Fixes #9313. 2021-06-02 11:50:26 -05:00
Aaron van Meerten 81c4e9a7fd fix: prosody: token alg is checked before public key is used 2021-06-02 11:50:16 -05:00
Andrei Bora 27481f0270 Allow both regex and normal check for the room name 2021-05-27 13:37:24 -05:00
scott boone 9657bd9b6d
removed a typo (#9244) 2021-05-19 16:02:59 -05:00
Scott Boone e6242f5bc7 lowercase to fix tokens with uppercase letters (e.g., slack JWTs) 2021-05-19 15:52:04 -05:00
Andrei Bora 572b99b208 Verify room name using regex in JWT 2021-04-19 07:49:46 -05:00
damencho 895c92217a fix: Optimizes hot paths in prosody modules, string comparisons. 2020-11-06 13:33:14 -06:00
slauth 9742e90bb5 allow wildcard in token issuer verification 2020-11-03 10:45:47 -06:00
Andrei Bora b765adca75 Solve review issues and add retries for http call 2020-08-19 17:11:18 +03:00
Andrei Bora 92e6cf7618 Add pre and post validation for users that want to use their own public keys 2020-08-19 16:50:24 +03:00
Aaron van Meerten 36565f0c50 FIX: token util keyurl definition move to above callback definition 2020-08-14 15:23:54 -05:00
Aaron van Meerten 0c48e205d7
Merge branch 'master' into aaronkvanmeerten/jibri-queue-component-modules 2020-08-14 14:21:13 -05:00
Aaron van Meerten 5e35b69fc9 FIX: prosody token util handles race on timeout gracefully 2020-08-14 14:14:29 -05:00
Aaron van Meerten e439d065b7 FEAT: token util better logging for timeouts, verification 2020-08-14 13:52:25 -05:00
Aaron van Meerten d05fa32413 FIX: add flag to control whether to check room claim in JWT validation
jibri queue component stop checking room validation in token
Jibri queue component debug output when bad token is found
2020-08-12 14:43:34 -05:00
Aaron van Meerten 6fc9606c0d FEAT: support updating accepted issuer/aud for token lib 2020-08-10 15:21:31 -05:00
Aaron van Meerten 0bd100f027 FIX: prosody: comment on destroy_request 2020-08-07 13:16:17 -05:00
Aaron van Meerten f14a595462 FIX: prosody: destroy_request check 2020-08-07 13:15:55 -05:00
Aaron van Meerten 11ee71a51c FEAT: jwt pubkey cache inside object
Allows each module that does token validation to have its own cache
2020-08-07 11:51:44 -05:00
damencho 6d3d15a64b feat: Adds an option to validate a recording token. 2020-07-02 12:51:14 -05:00
Wuriyanto 1b8e5d0244 change cjson to cjson.safe and cath error from decode function 2020-05-11 05:46:07 -05:00
Aaron van Meerten 7ce44f85ca changed to using a setter for the asapKeyServer 2019-06-06 15:22:38 -05:00
Aaron van Meerten 41e0d782ce allows override of asap key server in token utility 2019-06-06 14:41:46 -05:00
jmacelroy 573cc64fcd Normalizing subdomain when checking JWTs; similar to room. 2019-02-01 13:19:33 -06:00
Aaron van Meerten 13165990fc supports a '*' in the sub claim to allow access to any room 2019-01-28 16:19:43 -06:00
Дамян Минков ac834326e7
Token based features (#3075)
* Adds an option to disable features based on token data.

Reverts changes from b84e910086, removes disableDesktopSharing option and an interface_config option.

* Disable recording button based on token features data.

Hide recording if local participant isGuest and roles based on token.
When enableUserRolesBasedOnToken is enabled we were not hiding the record button for guests.

* Adds filtering of jibri iqs and rayo based on features.

Moves feature checking in separate utility function.
Renames utility method.

* Adds a footer text when outbound-call is not feature enabled.

* Fixes comments.
2018-06-15 13:10:22 -05:00
Aaron van Meerten 622d4ba89c added checks for audience and issuer values (#1772)
* added checks for audience and issuer values
default audience and issuer checks to validate only appId
added missing documentation lines from the previous PR for context_user and context_group session values

* support for accepting any audience
option set to accept any audience by default
2017-07-13 13:30:17 -05:00
Aaron van Meerten fac6c30b1c use "sub" instead of "aud" to confirm tenant domain settings
stick user and group from token context into session if available
2017-07-12 12:57:55 -05:00
damencho 00afc32b6b Handles '*' as room name in jwt.
Allows '*' in jwt to allow connecting to any room.
2017-06-26 10:51:06 -05:00
damencho 34be638fca Fixes using public key to verify tokens. 2017-05-25 16:45:08 -05:00
damencho 9e728e4b25 Fixes crashing jwt util for anonymous domains.
Room name verification crashes when we have a configured anonymousdomain as it doesn't have any token extracted data. It is safe to skip this check as room creation is verified by jicofo and we have the option restrict_room_creation to admin users.
Removes obsolete print when updating jitsi-meet-tokens.
2017-05-16 08:21:46 -05:00
damencho 88a58a057e Removes not needed parameter token in process_and_verify_token. 2017-05-08 11:23:13 -05:00
damencho 4bb51516bb Adds domain name verification and multidomain support.
Adds option to enable/disable domain checking, disabled by default. Domain verification for multiple domains depends on new option muc_mapper_domain_base.
2017-05-08 11:23:13 -05:00
damencho 0805b9e99e Removes disableRoomNameConstraints option.
This option is useless, as if we do not need to verify room name, we just disable the mod_token_verification module.
2017-05-08 11:23:13 -05:00
damencho 82b27b45fe Moves token related code into util so it can be reused. 2017-05-08 11:23:13 -05:00
Saúl Ibarra Corretgé b01ad360da Move miscellaneous files to resources 2017-02-23 10:01:19 +01:00
Renamed from prosody-plugins/token/util.lib.lua (Browse further)