Add configuration for internal secrets of signaling servers

This will be used to authenticate as an internal client in the signaling server rather than having to authenticate as a regular participant. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
author: Daniel Calviño Sánchez <danxuliu@gmail.com> 2023-02-15 13:01:18 +0100
committer: Daniel Calviño Sánchez <danxuliu@gmail.com> 2023-02-20 14:30:08 +0100
commit: 4ca0ae10ad9c691da9665d68e4ca66f12c2d2013 (patch)
tree: ad2c8c6fa57433e8a17972210950276d02c07879 /recording
parent: 463f6d46277b5a6ea4d412c45f4e16f19ea68d46 (diff)
2 files changed, 76 insertions, 0 deletions
diff --git a/recording/server.conf.in b/recording/server.conf.in
index 111916235..0e27413fe 100644
--- a/recording/server.conf.in
+++ b/recording/server.conf.in
@@ -65,3 +65,32 @@
 # Shared secret for requests from and to the backend servers. This must be the
 # same value as configured in the Nextcloud admin ui.
 #secret = the-shared-secret
+
+[signaling]
+# Common shared secret for authenticating as an internal client of signaling
+# servers if a specific secret is not set for a signaling server. This must be
+# the same value as configured in the signaling server configuration file.
+#internalsecret = the-shared-secret-for-internal-clients
+
+# Comma-separated list of signaling servers with specific internal secrets.
+#signalings = signaling-id, another-signaling
+
+# Signaling server configurations as defined in the "[signaling]" section above.
+# The section names must match the ids used in "signalings" above.
+#[signaling-id]
+# URL of the signaling server
+#url = https://signaling.domain.invalid
+
+# Shared secret for authenticating as an internal client of signaling servers.
+# This must be the same value as configured in the signaling server
+# configuration file.
+#internalsecret = the-shared-secret-for-internal-clients
+
+#[another-signaling]
+# URL of the signaling server
+#url = https://signaling.otherdomain.invalid
+
+# Shared secret for authenticating as an internal client of signaling servers.
+# This must be the same value as configured in the signaling server
+# configuration file.
+#internalsecret = the-shared-secret-for-internal-clients
diff --git a/recording/src/nextcloud/talk/recording/Config.py b/recording/src/nextcloud/talk/recording/Config.py
index 9e177dedb..6ce01bd50 100644
--- a/recording/src/nextcloud/talk/recording/Config.py
+++ b/recording/src/nextcloud/talk/recording/Config.py
@@ -36,6 +36,7 @@ class Config:
         self._configParser = ConfigParser()
 
         self._backendIdsByBackendUrl = {}
+        self._signalingIdsBySignalingUrl = {}
 
     def load(self, fileName):
         fileName = os.path.abspath(fileName)
@@ -48,6 +49,7 @@ class Config:
         self._configParser.read(fileName)
 
         self._loadBackends()
+        self._loadSignalings()
 
     def _loadBackends(self):
         self._backendIdsByBackendUrl = {}
@@ -72,6 +74,35 @@ class Config:
             backendUrl = self._configParser[backendId]['url'].rstrip('/')
             self._backendIdsByBackendUrl[backendUrl] = backendId
 
+    def _loadSignalings(self):
+        self._signalingIdsBySignalingUrl = {}
+
+        if 'signaling' not in self._configParser:
+            self._logger.warning(f"No configured signalings")
+
+            return
+
+        if 'signalings' not in self._configParser['signaling']:
+            if 'internalsecret' not in self._configParser['signaling']:
+                self._logger.warning(f"No configured signalings")
+
+            return
+
+        signalingIds = self._configParser.get('signaling', 'signalings')
+        signalingIds = [signalingId.strip() for signalingId in signalingIds.split(',')]
+
+        for signalingId in signalingIds:
+            if 'url' not in self._configParser[signalingId]:
+                self._logger.error(f"Missing 'url' property for signaling {signalingId}")
+                continue
+
+            if 'internalsecret' not in self._configParser[signalingId]:
+                self._logger.error(f"Missing 'internalsecret' property for signaling {signalingId}")
+                continue
+
+            signalingUrl = self._configParser[signalingId]['url'].rstrip('/')
+            self._signalingIdsBySignalingUrl[signalingUrl] = signalingId
+
     def getLogLevel(self):
         """
         Returns the log level.
@@ -157,4 +188,20 @@ class Config:
 
         return self._configParser.get('backend', key, fallback=default)
 
+    def getSignalingSecret(self, signalingUrl):
+        """
+        Returns the shared secret for authenticating as an internal client of
+        signaling servers.
+
+        Defaults to None.
+        """
+        signalingUrl = signalingUrl.rstrip('/')
+        if signalingUrl in self._signalingIdsBySignalingUrl:
+            signalingId = self._signalingIdsBySignalingUrl[signalingUrl]
+
+            if self._configParser.get(signalingId, 'internalsecret', fallback=None):
+                return self._configParser.get(signalingId, 'internalsecret')
+
+        return self._configParser.get('signaling', 'internalsecret', fallback=None)
+
 config = Config()
author	Daniel Calviño Sánchez <danxuliu@gmail.com>	2023-02-15 13:01:18 +0100
committer	Daniel Calviño Sánchez <danxuliu@gmail.com>	2023-02-20 14:30:08 +0100
commit	4ca0ae10ad9c691da9665d68e4ca66f12c2d2013 (patch)
tree	ad2c8c6fa57433e8a17972210950276d02c07879 /recording
parent	463f6d46277b5a6ea4d412c45f4e16f19ea68d46 (diff)