Pusher federation

Credits to infowski for the original code.
2021-03-23 22:21:36 +01:00 · 2021-03-23 22:21:36 +01:00 · 1981e3102f
parent 98cb445dd2
commit 1981e3102f
6 changed files with 23 additions and 2 deletions
--- a/contrib/docker/.env.prod.template
+++ b/contrib/docker/.env.prod.template
@ -18,3 +18,6 @@ START_ROOM_URL=/_/global/maps.workadventu.re/Floor0/floor0.json

 # The email address used by Let's encrypt to send renewal warnings (compulsory)
 ACME_EMAIL=
+
+# Set to true to allow using this instance as a target for the apiUrl property
+FEDERATE_PUSHER=false
--- a/contrib/docker/docker-compose.prod.singledomain.yaml
+++ b/contrib/docker/docker-compose.prod.singledomain.yaml
@ -81,6 +81,7 @@ services:
      API_URL: back:50051
      JITSI_URL: $JITSI_URL
      JITSI_ISS: $JITSI_ISS
+      FEDERATE_PUSHER: $FEDERATE_PUSHER
    labels:
      - "traefik.http.middlewares.strip-pusher-prefix.stripprefix.prefixes=/pusher"
      - "traefik.http.routers.pusher.rule=Host(`${BASE_DOMAIN}`) && PathPrefix(`/pusher`)"
--- a/contrib/docker/docker-compose.prod.yaml
+++ b/contrib/docker/docker-compose.prod.yaml
@ -65,6 +65,7 @@ services:
      API_URL: back:50051
      JITSI_URL: $JITSI_URL
      JITSI_ISS: $JITSI_ISS
+      FEDERATE_PUSHER: $FEDERATE_PUSHER
    labels:
      - "traefik.http.routers.pusher.rule=Host(`pusher.${DOMAIN}`)"
      - "traefik.http.routers.pusher.entryPoints=web,traefik"
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -66,6 +66,7 @@ services:
      API_URL: back:50051
      JITSI_URL: $JITSI_URL
      JITSI_ISS: $JITSI_ISS
+      FEDERATE_PUSHER: $FEDERATE_PUSHER
    volumes:
      - ./pusher:/usr/src/app
    labels:
--- a/pusher/src/Enum/EnvironmentVariable.ts
+++ b/pusher/src/Enum/EnvironmentVariable.ts
@ -10,6 +10,7 @@ const CPU_OVERHEAT_THRESHOLD = Number(process.env.CPU_OVERHEAT_THRESHOLD) || 80;
 const JITSI_URL : string|undefined = (process.env.JITSI_URL === '') ? undefined : process.env.JITSI_URL;
 const JITSI_ISS = process.env.JITSI_ISS || '';
 const SECRET_JITSI_KEY = process.env.SECRET_JITSI_KEY || '';
+const FEDERATE_PUSHER = process.env.FEDERATE_PUSHER ? process.env.FEDERATE_PUSHER == 'true' : false;
 const PUSHER_HTTP_PORT = parseInt(process.env.PUSHER_HTTP_PORT || '8080') || 8080
 export const SOCKET_IDLE_TIMER = parseInt(process.env.SOCKET_IDLE_TIMER as string) || 30; // maximum time (in second) without activity before a socket is closed

@ -26,5 +27,6 @@ export {
    JITSI_URL,
    JITSI_ISS,
    SECRET_JITSI_KEY,
+    FEDERATE_PUSHER,
    PUSHER_HTTP_PORT
 }
--- a/pusher/src/Services/JWTTokenManager.ts
+++ b/pusher/src/Services/JWTTokenManager.ts
@ -1,4 +1,4 @@
-import {ADMIN_API_URL, ALLOW_ARTILLERY, SECRET_KEY} from "../Enum/EnvironmentVariable";
+import {ADMIN_API_URL, ALLOW_ARTILLERY, SECRET_KEY, FEDERATE_PUSHER} from "../Enum/EnvironmentVariable";
 import {uuid} from "uuidv4";
 import Jwt from "jsonwebtoken";
 import {TokenInterface} from "../Controller/AuthenticateController";
@ -29,7 +29,20 @@ class JWTTokenManager {
        }

        return new Promise<string>((resolve, reject) => {
-            Jwt.verify(token, SECRET_KEY,  {},(err, tokenDecoded) => {
+
+            // Mock the jwt verification if pusher federation is enabled
+            const mockVerify = (token: string, secret: string, options: {},
+                                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                                callback: (err: Error | undefined, result: any) => void) => {
+                try {
+                    callback(undefined, Jwt.decode(token));
+                } catch (err) {
+                    callback(err, undefined);
+                }
+            };
+            const jwtVerify = FEDERATE_PUSHER ? mockVerify : Jwt.verify;
+
+            jwtVerify(token, SECRET_KEY, {}, (err, tokenDecoded) => {
                const tokenInterface = tokenDecoded as TokenInterface;
                if (err) {
                    console.error('An authentication error happened, invalid JsonWebToken.', err);