Commit Graph

193 Commits

Author SHA1 Message Date
Andrei Bora 50997ae6ac Stringify boolean values from jwt user context 2020-11-06 06:15:45 -06:00
Дамян Минков 9f65ae52f1
fix: Prosody modules - drop unused and duplicate code and drop chatty debug statements (#8027)
* chore: Updates mod_smacks.lua version to latest.

https://hg.prosody.im/prosody-modules/file/db75772afb28/mod_smacks/mod_smacks.lua

* Drop unused modules.

* Update docs.

* Move utility functions away from domain mapper.

* Remove some chatty debug log messages.

* Drops not needed patch for mod_websocket.
2020-11-04 08:25:03 -06:00
slauth 9742e90bb5 allow wildcard in token issuer verification 2020-11-03 10:45:47 -06:00
damencho 734631a7a4 fix: Avoids storing lobby room instance in the main room object.
We sometimes see "error   Top-level error, please report:
                  /usr/lib/prosody/util/serialization.lua:38: Can't serialize table: table has multiple references".
This also slows down restarting prosody.
2020-10-30 12:52:08 -05:00
emrah da33d8a033 fix: speakerstats_component, attempt to index (a nil value) 2020-10-20 07:48:23 -05:00
Дамян Минков 8dcf04897a
feat: Throttle out call attempts to the max number per minute (#7742)
* feat: Make possible to reload config for filter rayo iq.

* feat: Throttle out call attempts to the max number per minute

* squash: Updates comment about config
2020-09-22 10:53:43 -05:00
damencho 0354dbe889 fix: Updates docs and verification to halt joining process.
When returning the error and showing to user not allowed screen we were not completely halting the prejoin operation when token verification fails on room join and the token is valid in general.
2020-09-10 10:07:30 -05:00
Andrei Bora af71d80150 Fix call after timeout 2020-08-19 17:38:40 +03:00
Andrei Bora b765adca75 Solve review issues and add retries for http call 2020-08-19 17:11:18 +03:00
Andrei Bora 92e6cf7618 Add pre and post validation for users that want to use their own public keys 2020-08-19 16:50:24 +03:00
Aaron van Meerten c3329ec931
Merge pull request #7518 from jitsi/aaronkvanmeerten/jibri-queue-component-modules
FEAT: prosody jibri queue component module
2020-08-18 10:16:39 -05:00
damencho 25ae83bcf4 fix: Fixes #7514 when promoting new moderator and lobby is enabled. 2020-08-14 17:56:24 -05:00
Aaron van Meerten 82b1408454 FEAT: jibri queue clear asap cache for token util on config reload 2020-08-14 15:24:26 -05:00
Aaron van Meerten 36565f0c50 FIX: token util keyurl definition move to above callback definition 2020-08-14 15:23:54 -05:00
Aaron van Meerten 0c48e205d7
Merge branch 'master' into aaronkvanmeerten/jibri-queue-component-modules 2020-08-14 14:21:13 -05:00
Aaron van Meerten 5e35b69fc9 FIX: prosody token util handles race on timeout gracefully 2020-08-14 14:14:29 -05:00
Aaron van Meerten 3fd85720bc FIX: prosody jibri queue component reloads configuration 2020-08-14 14:13:57 -05:00
Aaron van Meerten e439d065b7 FEAT: token util better logging for timeouts, verification 2020-08-14 13:52:25 -05:00
Aaron van Meerten d716665f27 FIX: jibri-queue module log improvements 2020-08-13 16:41:42 -05:00
Aaron van Meerten d05fa32413 FIX: add flag to control whether to check room claim in JWT validation
jibri queue component stop checking room validation in token
Jibri queue component debug output when bad token is found
2020-08-12 14:43:34 -05:00
Aaron van Meerten 3da7798e9f FIX: prosody: output string for time and position in jibri queue 2020-08-10 15:21:56 -05:00
Aaron van Meerten 6fc9606c0d FEAT: support updating accepted issuer/aud for token lib 2020-08-10 15:21:31 -05:00
Aaron van Meerten 0bd100f027 FIX: prosody: comment on destroy_request 2020-08-07 13:16:17 -05:00
Aaron van Meerten f14a595462 FIX: prosody: destroy_request check 2020-08-07 13:15:55 -05:00
Aaron van Meerten c4155575f9 FIX: prosody: room validation on jibri-queue
The full room JID is now passed properly to verify_token
verify_token now also expects the correct jid for validation
2020-08-07 12:10:00 -05:00
Aaron van Meerten 11ee71a51c FEAT: jwt pubkey cache inside object
Allows each module that does token validation to have its own cache
2020-08-07 11:51:44 -05:00
Aaron van Meerten 9b7e8c98ad FEAT: default value for jibri queue region 2020-08-06 17:12:53 -05:00
Aaron van Meerten ad44558153 FEAT: validate keys at specific URL for jibri queue
Provide region value in POST to jibri-queue service
2020-08-06 17:12:31 -05:00
paweldomas 00b41dbb41 add mod_websocket patch for session event
It's to be used in docker-jitsi-meet to patch older
Prosody versions until this change becomes available.
2020-07-23 16:29:45 -05:00
damencho ddc2b4f26e fix: Adds display name to notifications about lobby operations.
Display name for lobby operations notifications are taken from the list of knocking participants which is available only to moderators. In case of not all moderators the notifications were broken.
2020-07-23 14:49:52 -05:00
Aaron van Meerten d70f9d6fd6 FIX: use correct URL paths for jibri queue service 2020-07-22 16:24:08 -04:00
Aaron van Meerten 7858f12df2 FEATURE: proper outbound iq handler for REST requests 2020-07-20 12:51:07 -04:00
Aaron van Meerten 828e578af4 FIX: rename disco info component to correct name
FIX: reply to iq only on successful reply from queue server
2020-07-17 16:19:25 -04:00
Aaron van Meerten 4289b23135 feature: jibri queue authorization header handler 2020-07-16 22:48:52 -04:00
Aaron van Meerten 099820b6ac prosody modules: jibri queue events for leave, room destroyed 2020-07-14 16:50:34 -04:00
Aaron van Meerten 25ded0bdeb prosody modules: add util function for rewritesplit JID 2020-07-14 16:49:51 -04:00
Aaron van Meerten 51fd10278b FIX: prosody jibri queue handle iq properly 2020-07-13 18:04:48 -04:00
abora8x8 5b89709483
Add hook for creating lobby before participants join (#7273)
* Add hook for create lobby

* Remove duplicated code
2020-07-13 11:29:35 -05:00
Maxence Dalmais 4e1f42a665 Update mod_muc_poltergeist.lua
Add avatar to user context so it is picked by the web interface
2020-07-08 07:08:50 -05:00
damencho f73e9947c0 fix: Uses room jids for the lobby notifications. 2020-07-06 09:56:01 -05:00
Дамян Минков b3a2905849
feat: Sends json messages notifying for lobby actions. (#7209)
* feat: Sends json messages notifying for lobby actions.

* squash: Fixes quotes to be consistent.

* fix: Fixes attempt to call global 'formdecode' (a nil value).
2020-07-03 08:26:44 -05:00
damencho 6d3d15a64b feat: Adds an option to validate a recording token. 2020-07-02 12:51:14 -05:00
Imre Faragó bfd5db355d prosody muc_size plugin, room get info error fix (Traceback[httpserver]: /usr/lib/prosody/util/async.lua:137: /prosody-plugins/mod_muc_size.lua:141: attempt to concatenate local 'subdomain' (a nil value) 2020-07-01 08:04:41 -05:00
Дамян Минков a4ca247056
Lobby required displayname (#7197)
* ref: Rename jitsi_bosh_query_room to jitsi_web_query_room.

This is no longer bosh only and is available for both bosh and websocket sessions.

* feat: Adds feature to disco-info indicating that display name is required.

* feat: Adds option to disable checking whether display name is required.

* ref: Clears auth_token when verification fails.

* squash: Fixing comments.

* squash: Updates to latest lib-jitsi-meet.
2020-06-30 08:15:08 -05:00
Aaron Van Meerten 24c75b7332 FIX: better URL handler for jibri queue events 2020-06-29 18:46:15 -05:00
Aaron Van Meerten 2327a6d0b4 FEATURE: prosody: add http handler for jibri queue 2020-06-29 18:20:04 -05:00
Aaron Van Meerten b94c357cc2 WIP: jibri queue component prosody modules 2020-06-29 18:11:41 -05:00
Дамян Минков 6fbba52c6d
feat: Adds a new option to disable lobby for guests. (#7094)
* feat: Adds a new option to disable lobby for guests.

* squash: Rename config option.

* squash: Comment update.
2020-06-19 14:50:31 -05:00
Дамян Минков e6dbe65193
Moderated rooms or subdomains (#6959)
* fix: Fixes using token with no user context.

* feat(moderated): Adds option to add moderated rooms and subdomains.

When a user joins such room or subdomain in order to be a moderator needs to provide a valid jwt token for that room.

* squash: Renames function.

* ref: Removes filtering jicofo setting owners.

This will be disabled on jicofo side and will greatly simplify logic.
Also check the checks to avoid jwt for main domain to access subdomains and the other way around.

* fix: Skips allowners logic for admins.
2020-06-05 07:57:49 -05:00
Дамян Минков 78b01d2c97
Adding whitelist and move away from using custom field for password. (#6621)
* Adding whitelist and move away from using custom field for password.

We re-use room lock for lobby password.

* Make sure we do not run muc-occupant-pre-join for non members only rooms.

* Destroying lobby room, when main room is destroyed or membersonly is disabled.

* Adds destroy reason.

* Clears lobby room instance on destroy.

Fixes problem with on/off/on of lobby feature.

* Add lobby room jid only when members only is on.

* Sends main room jid on lobby destroy.

We can use that in client loggic to auto-join lobby participants to main room as lobby is disabled while waiting.

* fix: Fixes using is_healthcheck_room.

* squash: Enables lobby rooms feature by default.

* chore(deps): Update lib-jitsi-meet, to enable lobby rooms.
2020-05-27 18:01:41 -05:00
Boris Grozev 76e1217439 ref: Make is_healthcheck_room more generic. 2020-05-12 18:22:14 -05:00
Wuriyanto 1b8e5d0244 change cjson to cjson.safe and cath error from decode function 2020-05-11 05:46:07 -05:00
damencho eea8fef044 Initial Lobby backend implementation. 2020-04-30 16:34:46 -05:00
drimovecz 3ab6b97b8b
Added module for filtering transcription requests from presence stanz… (#6404)
* Added module for filtering transcription requests from presence stanzas when the users making the requests do not have access to the transcription feature

* Add comments explaining the functionality and configuration for the transcription filtering module.

Co-authored-by: drimovecz <daniel.rimovecz@8x8.com>
2020-04-28 09:11:58 -05:00
Ruben Kerkhof 57bb2ead36 Conference timer should start counting at 0
It's starting at 1 hour because os.time(os.date("!*t") returns the wrong
time depending on system timezone. os.time() already returns the number
of seconds since epoch in UTC so just use that.

Fixes #5595
2020-04-23 10:22:02 -05:00
Дамян Минков ffdd4f2eed
debian: updates around coturn package and order of install (#5729)
* debian: Update coturn udp port to non-privileged one.

* debian: Turnserver config requires jitsi-meet-web-config files.

* doc: Updates doc, removing `--no-install-recommends`.

* debian: Moves checks and configs to default to prosody 0.11.

* debian: Disable room locking on internal muc.

* add scripts for deploying coturn with certbot

* turnserver: Removes unused variable showing error.

* debian: updates let's encrypt and coturn scripts.

* debian: Detect failure to retrieve external ip address.

* debian: Always configure turn when the turnserver package is installed.

Co-authored-by: Julien Fastré <julien.fastre@champs-libres.coop>
2020-04-08 13:06:49 -05:00
Steve Frécinaux aff6d4b36d Fix mod_muc_max_occupants to properly ignore whitelisted users
In a typical Jitsi Meet setup, this plugin can be used to limit the number of
occupants in a meeting room, while ignoring "utility" users. Such a
configuration could be:

    muc_max_occupants = 2
    muc_access_whitelist = {
        "focus@auth.meet.jitsi";
    }

It would be expected that this configuration allows two users to attend the
meeting room, but in practice only one is allowed, because the whitelist is not
honoured.

This commit fixes it by actually updating the `user` and `domain` variables
being checked. After this change, the scenario above works just fine.
2020-03-31 16:38:23 -05:00
paweldomas 04c0945930 add mod_websocket_smacks.patch
The patch and Prosody 0.11 is required for the XMPP stream resume
2020-03-11 06:56:40 -07:00
paweldomas 5f2acb70de add mod_smacks.lua version c49fea05772e
https://hg.prosody.im/prosody-modules/raw-file/c49fea05772e/mod_smacks/mod_smacks.lua
2020-03-11 06:56:40 -07:00
paweldomas 4dc10e82f1 feat(mod_auth_token): add support for 'previd' query param
The 'previd' query parameter will be use to match user id of the session
being resumed when the smacks module and token authentication are
enabled in Prosody. Otherwise user gets new random id every time and
this doesn't work with the smacks module.
2020-03-11 06:56:40 -07:00
Saúl Ibarra Corretgé 073fdc7b0e
sperakerstats: prevent access of nil object (#5112)
If the dominant speaker leaves their object will be gone from the mapping.
2020-03-06 12:33:41 +01:00
Pedro Henrique Linhares 1b6c5a7141
Set SASL username when using anonymous mechanism with auth_token (#5025) 2020-01-30 00:25:15 +00:00
Aaron van Meerten 5d86d202bd initial session for bosh and websockets (#5006)
* hook on websocket events

* initial session for bosh and websockets
2020-01-24 14:59:29 +00:00
Aaron van Meerten 710307725b fixes async_handler_wrapper (#5001)
* fixes async_handler_wrapper

adds missing runner variable from async to async_handler_wrapper
removes redundant have_async definition in wrap_async_run, defined at top of module

* only use async handler wrapper,
remove async_wrap_run
2020-01-23 19:31:05 +00:00
damencho 91fb4665d6 Fixes conference duration config to use valid IDNA. 2020-01-14 12:16:39 +00:00
theunafraid c2cf09a2ca Add conference timer (#4958) 2020-01-13 17:12:25 +00:00
Дамян Минков c73ba37202
Introduces installing coturn as turn server for jitsi-meet (#4959)
* Adds package that can configure using turnserver for jitsi-meet.

Activates http2 on the nginx host and uses the alpn send with the web requests to multiplex traffic to be served as web of proxied to the turn server.
It needs nginx at least v1.13.10.
Adds turncredentials module from Philipp Hancke, with small modification (all int values for hosts need to be strings/tostring()) in order to be able to use the module with prosody 0.11.

* Moves loading of stream after loading stream module (50-..).

* Leaves DISABLE_TCP_HARVESTER to be handled by jvb.

* Fixes comments.

* Properly detect first time coturn install and configure it.

* Handles upgrading from jetty serving web.

* Does not create jvb user if already exists.

* Fixes let's encrypt and adds turnserver handling.

* Enables use of turn server in config.js if available.

* Adds a check whether prosody config exists.

There are cases where deployments can still have configured prosody in the main prosody config in /etc/prosody.
2020-01-09 16:51:27 +00:00
damencho b4be1bcd05 Adds some checks about async.
There are modules that will not work with prosody 0.10 as they depend on util.async. Adds a safeguard and print error about it in the logs.
And others that just do not work because of the muc module API that they use.
2019-12-10 10:55:56 +01:00
damencho ebfc5a95ff Activates multidomain by default when installing with nginx. 2019-12-10 10:55:56 +01:00
damencho db6a2673de Handles unique Id for a meeting. 2019-11-26 10:37:19 +00:00
drimovecz ffded8d82a Drimovecz/speakerstats (#4851)
* Correctly process speaker stats events when the conference contains a subdomain
2019-11-13 15:37:09 +00:00
Aaron van Meerten be0950c1ec multidomain mapper functionality and examples (#4773)
* first pass at mod_muc_domain open source plus example

* doc - prosody config and config.js examples for mapper
2019-10-24 12:42:11 +01:00
drimovecz 6ecd150f75 Add context user on speaker stats 2019-10-23 09:24:43 +01:00
damencho 5cd351a46f Updates rayo filter to add user token info to dial messages.
Adds option to limit number of outgoing calls per user.
2019-09-30 16:53:38 +01:00
damencho a5fc62b920 Updates correct loading and fix checking is dominant speaker. 2019-07-26 11:18:55 +01:00
Aaron van Meerten 7ce44f85ca changed to using a setter for the asapKeyServer 2019-06-06 15:22:38 -05:00
Aaron van Meerten 41e0d782ce allows override of asap key server in token utility 2019-06-06 14:41:46 -05:00
Aaron van Meerten 8d1d573266 updates bosh to support optional prefix
use optional prefix in poltergeist room lookup
2019-05-16 14:23:36 -05:00
damencho ea54713f9a Supports prosody 0.11 when configuring.
Doing few changes needed for general config and for tokens.
2019-04-05 17:18:17 +02:00
jmacelroy 573cc64fcd Normalizing subdomain when checking JWTs; similar to room. 2019-02-01 13:19:33 -06:00
Aaron van Meerten 13165990fc supports a '*' in the sub claim to allow access to any room 2019-01-28 16:19:43 -06:00
damencho 380d9c75d1 Simplifies logic and renames a method. 2018-12-28 13:54:29 +00:00
damencho 7a09befd87 Updates time to be in ms and sends update of stats when user joins. 2018-12-28 13:54:29 +00:00
damencho 3b4037553a Adds server-side speaker stats handling.
Adds the component which receives the messages from client and a module which enabled on a virtual host will start advertising the component. When clients discover the component they will send message to the component with the name of the room where the dominant speaker event happen.
2018-12-28 13:54:29 +00:00
damencho c9c9f7eac0 Adds max occupant module. 2018-11-03 10:45:59 -05:00
jmacelroy 944cf4272d Creating a new async prosody http wrapper. 2018-07-16 21:58:48 +00:00
jmacelroy d189888902 feat(calls): Adding missed call event triggering. 2018-07-11 21:09:53 +00:00
damencho d12afc5c07 Fixes the room size api which returns string result back to client. 2018-07-09 13:44:24 -05:00
jmacelroy 1c6d22b75e Adding state to poltergeist store for correlating external resources with calls. 2018-06-29 14:51:48 -05:00
jmacelroy 401c43ee02 fix: Properly setting poltergeist ignore status. 2018-06-27 17:28:20 -05:00
Jacob MacElroy 6ae5adcb3d Creating a poltergiest library and using in for mod_muc_poltergeist. 2018-06-27 11:59:38 -05:00
damencho 361e5f0fad Adds identification of poltergeist's in presence. 2018-06-22 18:23:17 -05:00
Jacob MacElroy 0acc9187ed Preventing expired notification for poltergeist that have left.
The original presence stanza generation code for a poltergeist
has been re-factored and simplified a bit. Every time a
poltergeist presence is updated we first check that the poltergeist
still exists.
2018-06-20 14:37:58 -05:00
Дамян Минков ac834326e7
Token based features (#3075)
* Adds an option to disable features based on token data.

Reverts changes from b84e910086, removes disableDesktopSharing option and an interface_config option.

* Disable recording button based on token features data.

Hide recording if local participant isGuest and roles based on token.
When enableUserRolesBasedOnToken is enabled we were not hiding the record button for guests.

* Adds filtering of jibri iqs and rayo based on features.

Moves feature checking in separate utility function.
Renames utility method.

* Adds a footer text when outbound-call is not feature enabled.

* Fixes comments.
2018-06-15 13:10:22 -05:00
Jacob MacElroy 83720a4ed5 fix(call-flows): Maintain presence tags and call id in poltergeist presence stanza. 2018-06-05 13:09:46 +00:00
Jacob MacElroy 01899b1dfd feat(call-flows): Removing cancel hook for ringing status. 2018-06-05 13:09:46 +00:00
Jacob MacElroy e367490839 Properly propagating call id for call response handling.
Previously a new call id was generated for INVITE and CANCEL.
Now the id generated during the initial INVITE will be used for
corresponding CANCEL events. Also, adding the ability to
trigger a call cancel via the poltergeist update api.
2018-06-01 19:18:09 +00:00
Jacob MacElroy b4983cfe04 No longer triggering calls for the Invited status of a poltergeist. 2018-05-31 18:58:47 +00:00
Jacob MacElroy fa9a4480e6 Fixing an issue with asnyc http request handlers.
The current poltergeist http api immediately returns
and does not wait for async work in the handler to finish. This
mostly occurs when a public asap key needs to be fetched due
to a cache miss. The fix implements the strategy described at
https://prosody.im/doc/developers/http.html
2018-05-30 11:41:44 -05:00
Jacob MacElroy 9e2a101089 Changing the status strings for call flows to be lowercased where possible.
This should allow us to have a consistent convention and assist
with client translation of status strings.
2018-05-24 10:49:31 -05:00