Commit Graph

256 Commits

Author SHA1 Message Date
Aaron Van Meerten 24c75b7332 FIX: better URL handler for jibri queue events 2020-06-29 18:46:15 -05:00
Aaron Van Meerten 2327a6d0b4 FEATURE: prosody: add http handler for jibri queue 2020-06-29 18:20:04 -05:00
Aaron Van Meerten b94c357cc2 WIP: jibri queue component prosody modules 2020-06-29 18:11:41 -05:00
Дамян Минков 6fbba52c6d
feat: Adds a new option to disable lobby for guests. (#7094)
* feat: Adds a new option to disable lobby for guests.

* squash: Rename config option.

* squash: Comment update.
2020-06-19 14:50:31 -05:00
Дамян Минков e6dbe65193
Moderated rooms or subdomains (#6959)
* fix: Fixes using token with no user context.

* feat(moderated): Adds option to add moderated rooms and subdomains.

When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room.

* squash: Renames function.

* ref: Removes filtering jicofo setting owners.

This will be disabled on jicofo side and will greatly simplify logic.
Also check the checks to avoid jwt for main domain to access subdomains and the other way around.

* fix: Skips allowners logic for admins.
2020-06-05 07:57:49 -05:00
Дамян Минков 78b01d2c97
Adding whitelist and move away from using custom field for password. (#6621)
* Adding whitelist and move away from using custom field for password.

We re-use room lock for lobby password.

* Make sure we do not run muc-occupant-pre-join for non members only rooms.

* Destroying lobby room, when main room is destroyed or membersonly is disabled.

* Adds destroy reason.

* Clears lobby room instance on destroy.

Fixes problem with on/off/on of lobby feature.

* Add lobby room jid only when members only is on.

* Sends main room jid on lobby destroy.

We can use that in client loggic to auto-join lobby participants to main room as lobby is disabled while waiting.

* fix: Fixes using is_healthcheck_room.

* squash: Enables lobby rooms feature by default.

* chore(deps): Update lib-jitsi-meet, to enable lobby rooms.
2020-05-27 18:01:41 -05:00
Saúl Ibarra Corretgé 7c4c8384fd doc: replace documentation with the handbook
- Leave a link on doc/README,api,quick-install
- Moved the cloud API swagger file to resources/
- Merged the coding conventions with CONTRIBUTING.md
2020-05-17 08:02:29 +02:00
Boris Grozev 76e1217439 ref: Make is_healthcheck_room more generic. 2020-05-12 18:22:14 -05:00
Wuriyanto 1b8e5d0244 change cjson to cjson.safe and cath error from decode function 2020-05-11 05:46:07 -05:00
damencho eea8fef044 Initial Lobby backend implementation. 2020-04-30 16:34:46 -05:00
drimovecz 3ab6b97b8b
Added module for filtering transcription requests from presence stanz… (#6404)
* Added module for filtering transcription requests from presence stanzas when the users making the requests do not have access to the transcription feature

* Add comments explaining the functionality and configuration for the transcription filtering module.

Co-authored-by: drimovecz <daniel.rimovecz@8x8.com>
2020-04-28 09:11:58 -05:00
Ruben Kerkhof 57bb2ead36 Conference timer should start counting at 0
It's starting at 1 hour because os.time(os.date("!*t") returns the wrong
time depending on system timezone. os.time() already returns the number
of seconds since epoch in UTC so just use that.

Fixes #5595
2020-04-23 10:22:02 -05:00
damencho be56521267 debian: Skips deploy-hook when there is no hook available. 2020-04-14 11:54:58 -05:00
Дамян Минков ffdd4f2eed
debian: updates around coturn package and order of install (#5729)
* debian: Update coturn udp port to non-privileged one.

* debian: Turnserver config requires jitsi-meet-web-config files.

* doc: Updates doc, removing `--no-install-recommends`.

* debian: Moves checks and configs to default to prosody 0.11.

* debian: Disable room locking on internal muc.

* add scripts for deploying coturn with certbot

* turnserver: Removes unused variable showing error.

* debian: updates let's encrypt and coturn scripts.

* debian: Detect failure to retrieve external ip address.

* debian: Always configure turn when the turnserver package is installed.

Co-authored-by: Julien Fastré <julien.fastre@champs-libres.coop>
2020-04-08 13:06:49 -05:00
GK2 ceeea7314c
debian: fix typo 2020-04-02 15:27:19 +02:00
GK2 08be68cda4
debian: fix install-letsencrypt-cert.sh to create misssing directory
Update install-letsencrypt-cert.sh to fix missing cron.weekly
REFS : https://github.com/jitsi/jitsi-meet/issues/5576
2020-04-02 15:10:27 +02:00
Steve Frécinaux aff6d4b36d Fix mod_muc_max_occupants to properly ignore whitelisted users
In a typical Jitsi Meet setup, this plugin can be used to limit the number of
occupants in a meeting room, while ignoring "utility" users. Such a
configuration could be:

    muc_max_occupants = 2
    muc_access_whitelist = {
        "focus@auth.meet.jitsi";
    }

It would be expected that this configuration allows two users to attend the
meeting room, but in practice only one is allowed, because the whitelist is not
honoured.

This commit fixes it by actually updating the `user` and `domain` variables
being checked. After this change, the scenario above works just fine.
2020-03-31 16:38:23 -05:00
Saúl Ibarra Corretgé 6596e27f69 Prevent meetings from being crawled by Google 2020-03-31 21:45:28 +02:00
paweldomas 04c0945930 add mod_websocket_smacks.patch
The patch and Prosody 0.11 is required for the XMPP stream resume
2020-03-11 06:56:40 -07:00
paweldomas 5f2acb70de add mod_smacks.lua version c49fea05772e
https://hg.prosody.im/prosody-modules/raw-file/c49fea05772e/mod_smacks/mod_smacks.lua
2020-03-11 06:56:40 -07:00
paweldomas 4dc10e82f1 feat(mod_auth_token): add support for 'previd' query param
The 'previd' query parameter will be use to match user id of the session
being resumed when the smacks module and token authentication are
enabled in Prosody. Otherwise user gets new random id every time and
this doesn't work with the smacks module.
2020-03-11 06:56:40 -07:00
Saúl Ibarra Corretgé 073fdc7b0e
sperakerstats: prevent access of nil object (#5112)
If the dominant speaker leaves their object will be gone from the mapping.
2020-03-06 12:33:41 +01:00
Pedro Henrique Linhares 1b6c5a7141
Set SASL username when using anonymous mechanism with auth_token (#5025) 2020-01-30 00:25:15 +00:00
Aaron van Meerten 5d86d202bd initial session for bosh and websockets (#5006)
* hook on websocket events

* initial session for bosh and websockets
2020-01-24 14:59:29 +00:00
Aaron van Meerten 710307725b fixes async_handler_wrapper (#5001)
* fixes async_handler_wrapper

adds missing runner variable from async to async_handler_wrapper
removes redundant have_async definition in wrap_async_run, defined at top of module

* only use async handler wrapper,
remove async_wrap_run
2020-01-23 19:31:05 +00:00
damencho 91fb4665d6 Fixes conference duration config to use valid IDNA. 2020-01-14 12:16:39 +00:00
theunafraid c2cf09a2ca Add conference timer (#4958) 2020-01-13 17:12:25 +00:00
Дамян Минков c73ba37202
Introduces installing coturn as turn server for jitsi-meet (#4959)
* Adds package that can configure using turnserver for jitsi-meet.

Activates http2 on the nginx host and uses the alpn send with the web requests to multiplex traffic to be served as web of proxied to the turn server.
It needs nginx at least v1.13.10.
Adds turncredentials module from Philipp Hancke, with small modification (all int values for hosts need to be strings/tostring()) in order to be able to use the module with prosody 0.11.

* Moves loading of stream after loading stream module (50-..).

* Leaves DISABLE_TCP_HARVESTER to be handled by jvb.

* Fixes comments.

* Properly detect first time coturn install and configure it.

* Handles upgrading from jetty serving web.

* Does not create jvb user if already exists.

* Fixes let's encrypt and adds turnserver handling.

* Enables use of turn server in config.js if available.

* Adds a check whether prosody config exists.

There are cases where deployments can still have configured prosody in the main prosody config in /etc/prosody.
2020-01-09 16:51:27 +00:00
damencho b4be1bcd05 Adds some checks about async.
There are modules that will not work with prosody 0.10 as they depend on util.async. Adds a safeguard and print error about it in the logs.
And others that just do not work because of the muc module API that they use.
2019-12-10 10:55:56 +01:00
damencho ebfc5a95ff Activates multidomain by default when installing with nginx. 2019-12-10 10:55:56 +01:00
Saúl Ibarra Corretgé da98d39b61 doc: add app download badges to README 2019-11-26 14:58:35 +01:00
damencho db6a2673de Handles unique Id for a meeting. 2019-11-26 10:37:19 +00:00
drimovecz ffded8d82a Drimovecz/speakerstats (#4851)
* Correctly process speaker stats events when the conference contains a subdomain
2019-11-13 15:37:09 +00:00
Aaron van Meerten be0950c1ec multidomain mapper functionality and examples (#4773)
* first pass at mod_muc_domain open source plus example

* doc - prosody config and config.js examples for mapper
2019-10-24 12:42:11 +01:00
drimovecz 6ecd150f75 Add context user on speaker stats 2019-10-23 09:24:43 +01:00
damencho 5cd351a46f Updates rayo filter to add user token info to dial messages.
Adds option to limit number of outgoing calls per user.
2019-09-30 16:53:38 +01:00
damencho a5fc62b920 Updates correct loading and fix checking is dominant speaker. 2019-07-26 11:18:55 +01:00
Aaron van Meerten 7ce44f85ca changed to using a setter for the asapKeyServer 2019-06-06 15:22:38 -05:00
Aaron van Meerten 41e0d782ce allows override of asap key server in token utility 2019-06-06 14:41:46 -05:00
Aaron van Meerten 8d1d573266 updates bosh to support optional prefix
use optional prefix in poltergeist room lookup
2019-05-16 14:23:36 -05:00
damencho ea54713f9a Supports prosody 0.11 when configuring.
Doing few changes needed for general config and for tokens.
2019-04-05 17:18:17 +02:00
jmacelroy 573cc64fcd Normalizing subdomain when checking JWTs; similar to room. 2019-02-01 13:19:33 -06:00
Aaron van Meerten 13165990fc supports a '*' in the sub claim to allow access to any room 2019-01-28 16:19:43 -06:00
damencho 380d9c75d1 Simplifies logic and renames a method. 2018-12-28 13:54:29 +00:00
damencho 7a09befd87 Updates time to be in ms and sends update of stats when user joins. 2018-12-28 13:54:29 +00:00
damencho 3b4037553a Adds server-side speaker stats handling.
Adds the component which receives the messages from client and a module which enabled on a virtual host will start advertising the component. When clients discover the component they will send message to the component with the name of the room where the dominant speaker event happen.
2018-12-28 13:54:29 +00:00
damencho c9c9f7eac0 Adds max occupant module. 2018-11-03 10:45:59 -05:00
jmacelroy 944cf4272d Creating a new async prosody http wrapper. 2018-07-16 21:58:48 +00:00
jmacelroy d189888902 feat(calls): Adding missed call event triggering. 2018-07-11 21:09:53 +00:00
damencho d12afc5c07 Fixes the room size api which returns string result back to client. 2018-07-09 13:44:24 -05:00
jmacelroy 1c6d22b75e Adding state to poltergeist store for correlating external resources with calls. 2018-06-29 14:51:48 -05:00
jmacelroy 401c43ee02 fix: Properly setting poltergeist ignore status. 2018-06-27 17:28:20 -05:00
Jacob MacElroy 6ae5adcb3d Creating a poltergiest library and using in for mod_muc_poltergeist. 2018-06-27 11:59:38 -05:00
damencho 361e5f0fad Adds identification of poltergeist's in presence. 2018-06-22 18:23:17 -05:00
Jacob MacElroy 0acc9187ed Preventing expired notification for poltergeist that have left.
The original presence stanza generation code for a poltergeist
has been re-factored and simplified a bit. Every time a
poltergeist presence is updated we first check that the poltergeist
still exists.
2018-06-20 14:37:58 -05:00
Дамян Минков ac834326e7
Token based features (#3075)
* Adds an option to disable features based on token data.

Reverts changes from b84e910086, removes disableDesktopSharing option and an interface_config option.

* Disable recording button based on token features data.

Hide recording if local participant isGuest and roles based on token.
When enableUserRolesBasedOnToken is enabled we were not hiding the record button for guests.

* Adds filtering of jibri iqs and rayo based on features.

Moves feature checking in separate utility function.
Renames utility method.

* Adds a footer text when outbound-call is not feature enabled.

* Fixes comments.
2018-06-15 13:10:22 -05:00
Jacob MacElroy 83720a4ed5 fix(call-flows): Maintain presence tags and call id in poltergeist presence stanza. 2018-06-05 13:09:46 +00:00
Jacob MacElroy 01899b1dfd feat(call-flows): Removing cancel hook for ringing status. 2018-06-05 13:09:46 +00:00
Jacob MacElroy e367490839 Properly propagating call id for call response handling.
Previously a new call id was generated for INVITE and CANCEL.
Now the id generated during the initial INVITE will be used for
corresponding CANCEL events. Also, adding the ability to
trigger a call cancel via the poltergeist update api.
2018-06-01 19:18:09 +00:00
Jacob MacElroy b4983cfe04 No longer triggering calls for the Invited status of a poltergeist. 2018-05-31 18:58:47 +00:00
Jacob MacElroy fa9a4480e6 Fixing an issue with asnyc http request handlers.
The current poltergeist http api immediately returns
and does not wait for async work in the handler to finish. This
mostly occurs when a public asap key needs to be fetched due
to a cache miss. The fix implements the strategy described at
https://prosody.im/doc/developers/http.html
2018-05-30 11:41:44 -05:00
Jacob MacElroy 9e2a101089 Changing the status strings for call flows to be lowercased where possible.
This should allow us to have a consistent convention and assist
with client translation of status strings.
2018-05-24 10:49:31 -05:00
hristoterezov f12ba37cf3 fix(presence-status): Use lower case for call flow related statuses. 2018-05-23 15:22:01 -05:00
hristoterezov 2b1c875b91 feat(presence-status): Add more statuses. 2018-05-23 15:22:01 -05:00
Jacob MacElroy f60559fb67 Adding cancel to mod_muc_call 2018-05-14 16:34:37 +00:00
Jacob MacElroy 01e0dfe58a Adding a prosody module to support sip-style call flows.
When combined with mod_muc_poltergeist mod_muc_call allows
for enabling call features using a proper ext_events.lib.lua
implementation. By default when the module is configured only
stub implementations are used for ext_events.lib.lua as these
are unique between deployments.
2018-04-09 13:46:17 -05:00
Дамян Минков 6cc8800016 Update poltergeist's presence with identity information. (#2650) 2018-03-23 13:58:05 -07:00
bbaldino fef1d8b520 add a prosody module to insert identity information (when available) … (#2627)
* add a prosody module to insert identity information (when available) into
presence

prosody will check for jitsi_meet_context_user and
jitsi_meet_context_group in the session and, if they are present, insert
them into presence (we do this in prosody so they cannot be spoofed).

* remove unused 'presence' variable

* refactor to modify presence message in place

* make object member access consistent

* make the group information optional
2018-03-20 15:27:39 -05:00
Дамян Минков eb53944a4d Adds poltergeist support for locked rooms. (#2626) 2018-03-19 16:20:44 -05:00
damencho 98111c3593 On token verification failure return error, reason and stop processing.
This was broken with commit c1fb1a7def, which splits the result in order to print the error reason and in case of error was not returning the error and the message to prosody internals.
2017-10-26 14:01:21 -05:00
Дамян Минков 5b6d7a3040 Skips creating duplicate poltergeists for the same user. (#1925) 2017-08-23 16:14:44 -05:00
damencho 6e37fe175d Skips showing empty statuses. Updates poltergeist to report connected. 2017-08-23 14:10:10 -05:00
damencho 360283aa34 Adds multidomain support to rayo filter module. 2017-08-22 15:00:40 -05:00
damencho c1fb1a7def Installs required basexx when token package is installed. Fixes #1870.
Adds some debug messages when token verification fails for some reason.
2017-08-08 23:13:25 +03:00
Aaron van Meerten b6efdb533d Handles the async wrapping of the mod_muc_size functions
fixes handling of keyserver ASAP validation of tokens
wraps room and room-size APIs
2017-07-20 16:04:16 -05:00
Aaron van Meerten 22e9dc9893 Handles async context for all poltergeists
set up async context for all poltergeist calls
utils lib now has async wrapper for event handlers
2017-07-20 15:56:45 -05:00
damencho 8047fdf5a2 Makes possible for poltergeist to set status just before leaving. 2017-07-20 14:16:42 -05:00
damencho 2c873e8c7f Adds token verification for poltergeist accepted rest calls. 2017-07-20 13:56:55 -05:00
damencho 284b5f94b5 Adds initial status param when creating poltergeist. 2017-07-20 13:29:54 -05:00
damencho f40faecfbe Fixes using correct field for domain in multidomain mode. 2017-07-19 11:36:49 -05:00
damencho 4a9a8eec9a Send poltergeist presence update reusing previous presences.
If we do not reuse previous presences we lose avatar and name and people joining after the poltergeist creation will not be updated with those values.
2017-07-18 13:08:18 -05:00
damencho 308360fbe0 Cleans poltergeists table on remove occupant and when muc is destroyed. 2017-07-18 11:11:14 -05:00
damencho e6840981ca Handles removing poltergeists.
Adds http method to remove poltergeists. Adds configurable timeout after which poltergeists automatically are removed from the room.
2017-07-17 19:29:00 -05:00
damencho 64bb5563bc Returns error when there is no query, but params expected. 2017-07-17 17:38:29 -05:00
damencho 0cffbdb967 Fixes wrong parameter name. 2017-07-17 17:26:47 -05:00
damencho 58d06fe7e6 A poltergeist module.
Thanks to Matthew Wild for the initial help of creating these.
Module with REST interface to create poltergeist participants and change their statuses.
When user with same id joins the room, the poltergeist is removed.  We also make sure that that user uses same username when authenticates. This way we are sure that user will join the room with the same nick as the poltergeist.
2017-07-14 22:18:23 -05:00
damencho cc79b073f0 Fires event before setting username, allows listeners to override it.
This is a hook to override the username that will be used when authenticating token users (which are using anonymous login with auto-generated username).
2017-07-14 22:12:56 -05:00
damencho 599d84a889 Stores the room name from the bosh url into the session. 2017-07-14 22:08:41 -05:00
damencho 2b1e8cdeff Creates util for modules and adds method get_room_from_jid in it. 2017-07-14 22:03:36 -05:00
Aaron van Meerten 622d4ba89c added checks for audience and issuer values (#1772)
* added checks for audience and issuer values
default audience and issuer checks to validate only appId
added missing documentation lines from the previous PR for context_user and context_group session values

* support for accepting any audience
option set to accept any audience by default
2017-07-13 13:30:17 -05:00
Aaron van Meerten fac6c30b1c use "sub" instead of "aud" to confirm tenant domain settings
stick user and group from token context into session if available
2017-07-12 12:57:55 -05:00
damencho 00afc32b6b Handles '*' as room name in jwt.
Allows '*' in jwt to allow connecting to any room.
2017-06-26 10:51:06 -05:00
damencho 34be638fca Fixes using public key to verify tokens. 2017-05-25 16:45:08 -05:00
damencho 9e728e4b25 Fixes crashing jwt util for anonymous domains.
Room name verification crashes when we have a configured anonymousdomain as it doesn't have any token extracted data. It is safe to skip this check as room creation is verified by jicofo and we have the option restrict_room_creation to admin users.
Removes obsolete print when updating jitsi-meet-tokens.
2017-05-16 08:21:46 -05:00
damencho 61e637a639 Adds prosody module to filter incoming rayo iqs based on jwt token.
Returns forbidden error message if module is enabled and the user sending a dialout rayo command is not authenticated through jwt token or is not allowed to enter the room name from the rayo iq.
2017-05-08 15:34:32 -05:00
damencho 7d94d3fd1a Updates room size API to work with multiple domains.
Checks for a parameter named subdomain and if it exists, adds it to the roomname as used in multiple domain mode ([subdomain]roomname@conference.example.com).
Moves muc_size module to per-host module and adds token verification.
2017-05-08 11:23:13 -05:00
damencho 88a58a057e Removes not needed parameter token in process_and_verify_token. 2017-05-08 11:23:13 -05:00
damencho 4bb51516bb Adds domain name verification and multidomain support.
Adds option to enable/disable domain checking, disabled by default. Domain verification for multiple domains depends on new option muc_mapper_domain_base.
2017-05-08 11:23:13 -05:00
damencho 0805b9e99e Removes disableRoomNameConstraints option.
This option is useless, as if we do not need to verify room name, we just disable the mod_token_verification module.
2017-05-08 11:23:13 -05:00
damencho 82b27b45fe Moves token related code into util so it can be reused. 2017-05-08 11:23:13 -05:00
damencho 4ec4c45a90 Adds a second parameter named domain to muc_size module.
Adds and the default conference. part where the muc module live in default deployments.
2017-04-05 13:41:21 -05:00
damencho e0b829f92f Revert "Adds a second parameter named domain to muc_size module."
This reverts commit e2e04e3f16.
2017-04-04 18:45:58 -05:00
damencho e2e04e3f16 Adds a second parameter named domain to muc_size module. 2017-04-04 15:15:18 -05:00
damencho 589f77ef0e Adds prosody plugin that query existing rooms for information.
Queries room for their size or room particiapnt's information. Depends on luarocks net-url module.
2017-04-04 13:27:31 -05:00
damencho 8591fe00b6 Adds a script which install certificates from let's encrypt.
The script looks for nginx, apache2 or jetty configuration and edits the first one found. Nginx and apache2 will be reloaded, while jvb will be stopped, configured and started again.
2017-03-17 14:49:10 -05:00
Saúl Ibarra Corretgé b01ad360da Move miscellaneous files to resources 2017-02-23 10:01:19 +01:00