From 1981e3102f6df84484617019a0b59d98a6d0ee57 Mon Sep 17 00:00:00 2001
From: jstsmthrgk <jstsmthrgk@devlol.org>
Date: Tue, 23 Mar 2021 22:21:36 +0100
Subject: [PATCH] Pusher federation

Credits to infowski for the original code.
---
 contrib/docker/.env.prod.template               |  3 +++
 .../docker-compose.prod.singledomain.yaml       |  1 +
 contrib/docker/docker-compose.prod.yaml         |  1 +
 docker-compose.yaml                             |  1 +
 pusher/src/Enum/EnvironmentVariable.ts          |  2 ++
 pusher/src/Services/JWTTokenManager.ts          | 17 +++++++++++++++--
 6 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/contrib/docker/.env.prod.template b/contrib/docker/.env.prod.template
index c0c10181..730a2cf5 100644
--- a/contrib/docker/.env.prod.template
+++ b/contrib/docker/.env.prod.template
@@ -18,3 +18,6 @@ START_ROOM_URL=/_/global/maps.workadventu.re/Floor0/floor0.json
 
 # The email address used by Let's encrypt to send renewal warnings (compulsory)
 ACME_EMAIL=
+
+# Set to true to allow using this instance as a target for the apiUrl property
+FEDERATE_PUSHER=false
diff --git a/contrib/docker/docker-compose.prod.singledomain.yaml b/contrib/docker/docker-compose.prod.singledomain.yaml
index 1d518b83..db1b2164 100644
--- a/contrib/docker/docker-compose.prod.singledomain.yaml
+++ b/contrib/docker/docker-compose.prod.singledomain.yaml
@@ -81,6 +81,7 @@ services:
       API_URL: back:50051
       JITSI_URL: $JITSI_URL
       JITSI_ISS: $JITSI_ISS
+      FEDERATE_PUSHER: $FEDERATE_PUSHER
     labels:
       - "traefik.http.middlewares.strip-pusher-prefix.stripprefix.prefixes=/pusher"
       - "traefik.http.routers.pusher.rule=Host(`${BASE_DOMAIN}`) && PathPrefix(`/pusher`)"
diff --git a/contrib/docker/docker-compose.prod.yaml b/contrib/docker/docker-compose.prod.yaml
index 6b3b8520..9202ae87 100644
--- a/contrib/docker/docker-compose.prod.yaml
+++ b/contrib/docker/docker-compose.prod.yaml
@@ -65,6 +65,7 @@ services:
       API_URL: back:50051
       JITSI_URL: $JITSI_URL
       JITSI_ISS: $JITSI_ISS
+      FEDERATE_PUSHER: $FEDERATE_PUSHER
     labels:
       - "traefik.http.routers.pusher.rule=Host(`pusher.${DOMAIN}`)"
       - "traefik.http.routers.pusher.entryPoints=web,traefik"
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 1c1bcb8f..2e942c0f 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -66,6 +66,7 @@ services:
       API_URL: back:50051
       JITSI_URL: $JITSI_URL
       JITSI_ISS: $JITSI_ISS
+      FEDERATE_PUSHER: $FEDERATE_PUSHER
     volumes:
       - ./pusher:/usr/src/app
     labels:
diff --git a/pusher/src/Enum/EnvironmentVariable.ts b/pusher/src/Enum/EnvironmentVariable.ts
index 5b3ec9c4..80af1b68 100644
--- a/pusher/src/Enum/EnvironmentVariable.ts
+++ b/pusher/src/Enum/EnvironmentVariable.ts
@@ -10,6 +10,7 @@ const CPU_OVERHEAT_THRESHOLD = Number(process.env.CPU_OVERHEAT_THRESHOLD) || 80;
 const JITSI_URL : string|undefined = (process.env.JITSI_URL === '') ? undefined : process.env.JITSI_URL;
 const JITSI_ISS = process.env.JITSI_ISS || '';
 const SECRET_JITSI_KEY = process.env.SECRET_JITSI_KEY || '';
+const FEDERATE_PUSHER = process.env.FEDERATE_PUSHER ? process.env.FEDERATE_PUSHER == 'true' : false;
 const PUSHER_HTTP_PORT = parseInt(process.env.PUSHER_HTTP_PORT || '8080') || 8080
 export const SOCKET_IDLE_TIMER = parseInt(process.env.SOCKET_IDLE_TIMER as string) || 30; // maximum time (in second) without activity before a socket is closed
 
@@ -26,5 +27,6 @@ export {
     JITSI_URL,
     JITSI_ISS,
     SECRET_JITSI_KEY,
+    FEDERATE_PUSHER,
     PUSHER_HTTP_PORT
 }
diff --git a/pusher/src/Services/JWTTokenManager.ts b/pusher/src/Services/JWTTokenManager.ts
index 68d5488a..76589716 100644
--- a/pusher/src/Services/JWTTokenManager.ts
+++ b/pusher/src/Services/JWTTokenManager.ts
@@ -1,4 +1,4 @@
-import {ADMIN_API_URL, ALLOW_ARTILLERY, SECRET_KEY} from "../Enum/EnvironmentVariable";
+import {ADMIN_API_URL, ALLOW_ARTILLERY, SECRET_KEY, FEDERATE_PUSHER} from "../Enum/EnvironmentVariable";
 import {uuid} from "uuidv4";
 import Jwt from "jsonwebtoken";
 import {TokenInterface} from "../Controller/AuthenticateController";
@@ -29,7 +29,20 @@ class JWTTokenManager {
         }
 
         return new Promise<string>((resolve, reject) => {
-            Jwt.verify(token, SECRET_KEY,  {},(err, tokenDecoded) => {
+
+            // Mock the jwt verification if pusher federation is enabled
+            const mockVerify = (token: string, secret: string, options: {},
+                                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                                callback: (err: Error | undefined, result: any) => void) => {
+                try {
+                    callback(undefined, Jwt.decode(token));
+                } catch (err) {
+                    callback(err, undefined);
+                }
+            };
+            const jwtVerify = FEDERATE_PUSHER ? mockVerify : Jwt.verify;
+
+            jwtVerify(token, SECRET_KEY, {}, (err, tokenDecoded) => {
                 const tokenInterface = tokenDecoded as TokenInterface;
                 if (err) {
                     console.error('An authentication error happened, invalid JsonWebToken.', err);