Merge pull request #122 from jitsi/token-parameter-additions

prosody: new variables for prosody

prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua

@@ -4,6 +4,10 @@ http_default_host = "{{ .Env.XMPP_DOMAIN }}"
 
 {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }}
 {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }}
+{{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" }}
+{{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool }}
+{{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" }}
+{{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }}
 
 {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }}
 asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" }
@@ -16,11 +20,15 @@ asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AU
 VirtualHost "{{ .Env.XMPP_DOMAIN }}"
 {{ if $ENABLE_AUTH }}
   {{ if eq $AUTH_TYPE "jwt" }}
-    authentication = "token"
+    authentication = "{{ $JWT_AUTH_TYPE }}"
     app_id = "{{ .Env.JWT_APP_ID }}"
     app_secret = "{{ .Env.JWT_APP_SECRET }}"
-    allow_empty_token = false
-  {{ else if eq $AUTH_TYPE "ldap" }}
+    allow_empty_token = {{ if $JWT_ALLOW_EMPTY }}true{{ else }}false{{ end }}
+    {{ if $JWT_ASAP_KEYSERVER }}
+    asap_key_server = "{{ .Env.JWT_ASAP_KEYSERVER }}"
+    {{ end }}
+
+    {{ else if eq $AUTH_TYPE "ldap" }}
     authentication = "cyrus"
     cyrus_application_name = "xmpp"
     allow_unencrypted_plain_auth = true
@@ -78,7 +86,7 @@ Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
         "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}";
         {{ end }}
         {{ if eq $AUTH_TYPE "jwt" }}
-        "token_verification";
+        "{{ $JWT_TOKEN_AUTH_MODULE }}";
         {{ end }}
     }
 

prosody/rootfs/defaults/prosody.cfg.lua

@@ -1,3 +1,5 @@
+{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }}
+
 -- Prosody Example Configuration File
 --
 -- Information on configuring Prosody can be found on our
@@ -70,6 +72,9 @@ modules_enabled = {
 		--"watchregistrations"; -- Alert admins of registrations
 		--"motd"; -- Send a message to users when they log in
 		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
+        {{ if .Env.GLOBAL_MODULES }}
+        "{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}";
+        {{ end }}
 };
 
 https_ports = { }
@@ -143,9 +148,13 @@ authentication = "internal_plain"
 --  Logs info and higher to /var/log
 --  Logs errors to syslog also
 log = {
-	{ levels = {min = "info"}, to = "console"};
+	{ levels = {min = "{{ $LOG_LEVEL }}"}, to = "console"};
 }
 
+{{ if .Env.GLOBAL_CONFIG }}
+{{ join "\n" (splitList "\\n" .Env.GLOBAL_CONFIG) }}
+{{ end }}
+
 component_interface = { "*" }
 
 data_path = "/config/data"

prosody/rootfs/etc/cont-init.d/10-config

@@ -31,6 +31,7 @@ fi
 
 if [[ ! -f $PROSODY_CFG ]]; then
     cp -r /defaults/* /config
+    tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
     tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua
 
     prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD