jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-08-05 16:17:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2024-07-22 23:00

Browse Source
This commit is contained in:
Daniel Berteaud
2024-07-22 23:00:11 +02:00
parent f5421b17f0
commit cd302033bd
112 changed files with 15413 additions and 340 deletions
Download Patch File Download Diff File Expand all files Collapse all files

564
roles/jitsi/files/prosody/modules/util.lib.lua Normal file
View File

@@ -0,0 +1,564 @@
local jid = require "util.jid";
local timer = require "util.timer";
local http = require "net.http";
local cache = require "util.cache";
local http_timeout = 30;
local have_async, async = pcall(require, "util.async");
local http_headers = {
["User-Agent"] = "Prosody ("..prosody.version.."; "..prosody.platform..")"
};
local muc_domain_prefix = module:get_option_string("muc_mapper_domain_prefix", "conference");
-- defaults to module.host, the module that uses the utility
local muc_domain_base = module:get_option_string("muc_mapper_domain_base", module.host);
-- The "real" MUC domain that we are proxying to
local muc_domain = module:get_option_string("muc_mapper_domain", muc_domain_prefix.."."..muc_domain_base);
local escaped_muc_domain_base = muc_domain_base:gsub("%p", "%%%1");
local escaped_muc_domain_prefix = muc_domain_prefix:gsub("%p", "%%%1");
-- The pattern used to extract the target subdomain
-- (e.g. extract 'foo' from 'conference.foo.example.com')
local target_subdomain_pattern = "^"..escaped_muc_domain_prefix..".([^%.]+)%."..escaped_muc_domain_base;
-- table to store all incoming iqs without roomname in it, like discoinfo to the muc component
local roomless_iqs = {};
local OUTBOUND_SIP_JIBRI_PREFIXES = { 'outbound-sip-jibri@', 'sipjibriouta@', 'sipjibrioutb@' };
local INBOUND_SIP_JIBRI_PREFIXES = { 'inbound-sip-jibri@', 'sipjibriina@', 'sipjibriina@' };
local split_subdomain_cache = cache.new(1000);
local extract_subdomain_cache = cache.new(1000);
local internal_room_jid_cache = cache.new(1000);
local moderated_subdomains = module:get_option_set("allowners_moderated_subdomains", {})
local moderated_rooms = module:get_option_set("allowners_moderated_rooms", {})
-- Utility function to split room JID to include room name and subdomain
-- (e.g. from room1@conference.foo.example.com/res returns (room1, example.com, res, foo))
local function room_jid_split_subdomain(room_jid)
local ret = split_subdomain_cache:get(room_jid);
if ret then
return ret.node, ret.host, ret.resource, ret.subdomain;
end
local node, host, resource = jid.split(room_jid);
local target_subdomain = host and host:match(target_subdomain_pattern);
local cache_value = {node=node, host=host, resource=resource, subdomain=target_subdomain};
split_subdomain_cache:set(room_jid, cache_value);
return node, host, resource, target_subdomain;
end
--- Utility function to check and convert a room JID from
--- virtual room1@conference.foo.example.com to real [foo]room1@conference.example.com
-- @param room_jid the room jid to match and rewrite if needed
-- @param stanza the stanza
-- @return returns room jid [foo]room1@conference.example.com when it has subdomain
-- otherwise room1@conference.example.com(the room_jid value untouched)
local function room_jid_match_rewrite(room_jid, stanza)
local node, _, resource, target_subdomain = room_jid_split_subdomain(room_jid);
if not target_subdomain then
-- module:log("debug", "No need to rewrite out 'to' %s", room_jid);
return room_jid;
end
-- Ok, rewrite room_jid address to new format
local new_node, new_host, new_resource;
if node then
new_node, new_host, new_resource = "["..target_subdomain.."]"..node, muc_domain, resource;
else
-- module:log("debug", "No room name provided so rewriting only host 'to' %s", room_jid);
new_host, new_resource = muc_domain, resource;
if (stanza and stanza.attr and stanza.attr.id) then
roomless_iqs[stanza.attr.id] = stanza.attr.to;
end
end
return jid.join(new_node, new_host, new_resource);
end
-- Utility function to check and convert a room JID from real [foo]room1@muc.example.com to virtual room1@muc.foo.example.com
local function internal_room_jid_match_rewrite(room_jid, stanza)
-- first check for roomless_iqs
if (stanza and stanza.attr and stanza.attr.id and roomless_iqs[stanza.attr.id]) then
local result = roomless_iqs[stanza.attr.id];
roomless_iqs[stanza.attr.id] = nil;
return result;
end
local ret = internal_room_jid_cache:get(room_jid);
if ret then
return ret;
end
local node, host, resource = jid.split(room_jid);
if host ~= muc_domain or not node then
-- module:log("debug", "No need to rewrite %s (not from the MUC host)", room_jid);
internal_room_jid_cache:set(room_jid, room_jid);
return room_jid;
end
local target_subdomain, target_node = extract_subdomain(node);
if not (target_node and target_subdomain) then
-- module:log("debug", "Not rewriting... unexpected node format: %s", node);
internal_room_jid_cache:set(room_jid, room_jid);
return room_jid;
end
-- Ok, rewrite room_jid address to pretty format
ret = jid.join(target_node, muc_domain_prefix..".".. target_subdomain.."."..muc_domain_base, resource);
internal_room_jid_cache:set(room_jid, ret);
return ret;
end
--- Finds and returns room by its jid
-- @param room_jid the room jid to search in the muc component
-- @return returns room if found or nil
function get_room_from_jid(room_jid)
local _, host = jid.split(room_jid);
local component = hosts[host];
if component then
local muc = component.modules.muc
if muc and rawget(muc,"rooms") then
-- We're running 0.9.x or 0.10 (old MUC API)
return muc.rooms[room_jid];
elseif muc and rawget(muc,"get_room_from_jid") then
-- We're running >0.10 (new MUC API)
return muc.get_room_from_jid(room_jid);
else
return
end
end
end
-- Returns the room if available, work and in multidomain mode
-- @param room_name the name of the room
-- @param group name of the group (optional)
-- @return returns room if found or nil
function get_room_by_name_and_subdomain(room_name, subdomain)
local room_address;
-- if there is a subdomain we are in multidomain mode and that subdomain is not our main host
if subdomain and subdomain ~= "" and subdomain ~= muc_domain_base then
room_address = jid.join("["..subdomain.."]"..room_name, muc_domain);
else
room_address = jid.join(room_name, muc_domain);
end
return get_room_from_jid(room_address);
end
function async_handler_wrapper(event, handler)
if not have_async then
module:log("error", "requires a version of Prosody with util.async");
return nil;
end
local runner = async.runner;
-- Grab a local response so that we can send the http response when
-- the handler is done.
local response = event.response;
local async_func = runner(
function (event)
local result = handler(event)
-- If there is a status code in the result from the
-- wrapped handler then add it to the response.
if tonumber(result.status_code) ~= nil then
response.status_code = result.status_code
end
-- If there are headers in the result from the
-- wrapped handler then add them to the response.
if result.headers ~= nil then
response.headers = result.headers
end
-- Send the response to the waiting http client with
-- or without the body from the wrapped handler.
if result.body ~= nil then
response:send(result.body)
else
response:send();
end
end
)
async_func:run(event)
-- return true to keep the client http connection open.
return true;
end
--- Updates presence stanza, by adding identity node
-- @param stanza the presence stanza
-- @param user the user to which presence we are updating identity
-- @param group the group of the user to which presence we are updating identity
-- @param creator_user the user who created the user which presence we
-- are updating (this is the poltergeist case, where a user creates
-- a poltergeist), optional.
-- @param creator_group the group of the user who created the user which
-- presence we are updating (this is the poltergeist case, where a user creates
-- a poltergeist), optional.
function update_presence_identity(
stanza, user, group, creator_user, creator_group)
-- First remove any 'identity' element if it already
-- exists, so it cannot be spoofed by a client
stanza:maptags(
function(tag)
for k, v in pairs(tag) do
if k == "name" and v == "identity" then
return nil
end
end
return tag
end
)
stanza:tag("identity"):tag("user");
for k, v in pairs(user) do
v = tostring(v)
stanza:tag(k):text(v):up();
end
stanza:up();
-- Add the group information if it is present
if group then
stanza:tag("group"):text(group):up();
end
-- Add the creator user information if it is present
if creator_user then
stanza:tag("creator_user");
for k, v in pairs(creator_user) do
stanza:tag(k):text(v):up();
end
stanza:up();
-- Add the creator group information if it is present
if creator_group then
stanza:tag("creator_group"):text(creator_group):up();
end
end
stanza:up(); -- Close identity tag
end
-- Utility function to check whether feature is present and enabled. Allow
-- a feature if there are features present in the session(coming from
-- the token) and the value of the feature is true.
-- If features is not present in the token we skip feature detection and allow
-- everything.
function is_feature_allowed(features, ft)
if (features == nil or features[ft] == "true" or features[ft] == true) then
return true;
else
return false;
end
end
--- Extracts the subdomain and room name from internal jid node [foo]room1
-- @return subdomain(optional, if extracted or nil), the room name
function extract_subdomain(room_node)
local ret = extract_subdomain_cache:get(room_node);
if ret then
return ret.subdomain, ret.room;
end
local subdomain, room_name = room_node:match("^%[([^%]]+)%](.+)$");
local cache_value = {subdomain=subdomain, room=room_name};
extract_subdomain_cache:set(room_node, cache_value);
return subdomain, room_name;
end
function starts_with(str, start)
if not str then
return false;
end
return str:sub(1, #start) == start
end
function starts_with_one_of(str, prefixes)
if not str then
return false;
end
for i=1,#prefixes do
if starts_with(str, prefixes[i]) then
return prefixes[i];
end
end
return false
end
function ends_with(str, ending)
return ending == "" or str:sub(-#ending) == ending
end
-- healthcheck rooms in jicofo starts with a string '__jicofo-health-check'
function is_healthcheck_room(room_jid)
return starts_with(room_jid, "__jicofo-health-check");
end
--- Utility function to make an http get request and
--- retry @param retry number of times
-- @param url endpoint to be called
-- @param retry nr of retries, if retry is
-- @param auth_token value to be passed as auth Bearer
-- nil there will be no retries
-- @returns result of the http call or nil if
-- the external call failed after the last retry
function http_get_with_retry(url, retry, auth_token)
local content, code, cache_for;
local timeout_occurred;
local wait, done = async.waiter();
local request_headers = http_headers or {}
if auth_token ~= nil then
request_headers['Authorization'] = 'Bearer ' .. auth_token
end
local function cb(content_, code_, response_, request_)
if timeout_occurred == nil then
code = code_;
if code == 200 or code == 204 then
-- module:log("debug", "External call was successful, content %s", content_);
content = content_;
-- if there is cache-control header, let's return the max-age value
if response_ and response_.headers and response_.headers['cache-control'] then
local vals = {};
for k, v in response_.headers['cache-control']:gmatch('(%w+)=(%w+)') do
vals[k] = v;
end
-- max-age=123 will be parsed by the regex ^ to age=123
cache_for = vals.age;
end
else
module:log("warn", "Error on GET request: Code %s, Content %s",
code_, content_);
end
done();
else
module:log("warn", "External call reply delivered after timeout from: %s", url);
end
end
local function call_http()
return http.request(url, {
headers = request_headers,
method = "GET"
}, cb);
end
local request = call_http();
local function cancel()
-- TODO: This check is racey. Not likely to be a problem, but we should
-- still stick a mutex on content / code at some point.
if code == nil then
timeout_occurred = true;
module:log("warn", "Timeout %s seconds making the external call to: %s", http_timeout, url);
-- no longer present in prosody 0.11, so check before calling
if http.destroy_request ~= nil then
http.destroy_request(request);
end
if retry == nil then
module:log("debug", "External call failed and retry policy is not set");
done();
elseif retry ~= nil and retry < 1 then
module:log("debug", "External call failed after retry")
done();
else
module:log("debug", "External call failed, retry nr %s", retry)
retry = retry - 1;
request = call_http()
return http_timeout;
end
end
end
timer.add_task(http_timeout, cancel);
wait();
return content, code, cache_for;
end
-- Checks whether there is status in the <x node
-- @param muc_x the <x element from presence
-- @param status checks for this status
-- @returns true if the status is found, false otherwise or if no muc_x is provided.
function presence_check_status(muc_x, status)
if not muc_x then
return false;
end
for statusNode in muc_x:childtags('status') do
if statusNode.attr.code == status then
return true;
end
end
return false;
end
-- Retrieves the focus from the room and cache it in the room object
-- @param room The room name for which to find the occupant
local function get_focus_occupant(room)
return room:get_occupant_by_nick(room.jid..'/focus');
end
-- Checks whether the jid is moderated, the room name is in moderated_rooms
-- or if the subdomain is in the moderated_subdomains
-- @return returns on of the:
-- -> false
-- -> true, room_name, subdomain
-- -> true, room_name, nil (if no subdomain is used for the room)
function is_moderated(room_jid)
if moderated_subdomains:empty() and moderated_rooms:empty() then
return false;
end
local room_node = jid.node(room_jid);
-- parses bare room address, for multidomain expected format is:
-- [subdomain]roomName@conference.domain
local target_subdomain, target_room_name = extract_subdomain(room_node);
if target_subdomain then
if moderated_subdomains:contains(target_subdomain) then
return true, target_room_name, target_subdomain;
end
elseif moderated_rooms:contains(room_node) then
return true, room_node, nil;
end
return false;
end
-- check if the room tenant starts with vpaas-magic-cookie-
-- @param room the room to check
function is_vpaas(room)
if not room then
return false;
end
-- stored check in room object if it exist
if room.is_vpaas ~= nil then
return room.is_vpaas;
end
room.is_vpaas = false;
local node, host = jid.split(room.jid);
if host ~= muc_domain or not node then
return false;
end
local tenant, conference_name = node:match('^%[([^%]]+)%](.+)$');
if not (tenant and conference_name) then
return false;
end
if not starts_with(tenant, 'vpaas-magic-cookie-') then
return false;
end
room.is_vpaas = true;
return true;
end
-- Returns the initiator extension if the stanza is coming from a sip jigasi
function is_sip_jigasi(stanza)
return stanza:get_child('initiator', 'http://jitsi.org/protocol/jigasi');
end
function get_sip_jibri_email_prefix(email)
if not email then
return nil;
elseif starts_with_one_of(email, INBOUND_SIP_JIBRI_PREFIXES) then
return starts_with_one_of(email, INBOUND_SIP_JIBRI_PREFIXES);
elseif starts_with_one_of(email, OUTBOUND_SIP_JIBRI_PREFIXES) then
return starts_with_one_of(email, OUTBOUND_SIP_JIBRI_PREFIXES);
else
return nil;
end
end
function is_sip_jibri_join(stanza)
if not stanza then
return false;
end
local features = stanza:get_child('features');
local email = stanza:get_child_text('email');
if not features or not email then
return false;
end
for i = 1, #features do
local feature = features[i];
if feature.attr and feature.attr.var and feature.attr.var == "http://jitsi.org/protocol/jibri" then
if get_sip_jibri_email_prefix(email) then
module:log("debug", "Occupant with email %s is a sip jibri ", email);
return true;
end
end
end
return false
end
-- process a host module directly if loaded or hooks to wait for its load
function process_host_module(name, callback)
local function process_host(host)
if host == name then
callback(module:context(host), host);
end
end
if prosody.hosts[name] == nil then
module:log('info', 'No host/component found, will wait for it: %s', name)
-- when a host or component is added
prosody.events.add_handler('host-activated', process_host);
else
process_host(name);
end
end
function table_shallow_copy(t)
local t2 = {}
for k, v in pairs(t) do
t2[k] = v
end
return t2
end
return {
OUTBOUND_SIP_JIBRI_PREFIXES = OUTBOUND_SIP_JIBRI_PREFIXES;
INBOUND_SIP_JIBRI_PREFIXES = INBOUND_SIP_JIBRI_PREFIXES;
extract_subdomain = extract_subdomain;
is_feature_allowed = is_feature_allowed;
is_healthcheck_room = is_healthcheck_room;
is_moderated = is_moderated;
is_sip_jibri_join = is_sip_jibri_join;
is_sip_jigasi = is_sip_jigasi;
is_vpaas = is_vpaas;
get_focus_occupant = get_focus_occupant;
get_room_from_jid = get_room_from_jid;
get_room_by_name_and_subdomain = get_room_by_name_and_subdomain;
get_sip_jibri_email_prefix = get_sip_jibri_email_prefix;
async_handler_wrapper = async_handler_wrapper;
presence_check_status = presence_check_status;
process_host_module = process_host_module;
room_jid_match_rewrite = room_jid_match_rewrite;
room_jid_split_subdomain = room_jid_split_subdomain;
internal_room_jid_match_rewrite = internal_room_jid_match_rewrite;
update_presence_identity = update_presence_identity;
http_get_with_retry = http_get_with_retry;
ends_with = ends_with;
starts_with = starts_with;
starts_with_one_of = starts_with_one_of;
table_shallow_copy = table_shallow_copy;
};