From f18acb493dc15bb0bc35836715d92fc4c9444ac3 Mon Sep 17 00:00:00 2001
From: emrah <emrah.eryilmaz@nordeck.net>
Date: Sat, 1 Jul 2023 17:02:00 +0300
Subject: [PATCH] jicofo, prosody: allow to set different AUTH_TYPE

---
 docker-compose.yml                            |  2 ++
 jicofo/rootfs/defaults/jicofo.conf            | 23 ++++++++++---------
 .../rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 23 ++++++++++---------
 prosody/rootfs/defaults/saslauthd.conf        |  4 +++-
 4 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index d618ebe..ded4d1b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -229,6 +229,7 @@ services:
             - LDAP_URL
             - LDAP_USE_TLS
             - MAX_PARTICIPANTS
+            - PROSODY_AUTH_TYPE
             - PROSODY_RESERVATION_ENABLED
             - PROSODY_RESERVATION_REST_BASE_URL
             - PROSODY_ENABLE_RATE_LIMITS
@@ -285,6 +286,7 @@ services:
             - ENABLE_SCTP
             - ENABLE_AUTO_LOGIN
             - JICOFO_AUTH_PASSWORD
+            - JICOFO_AUTH_TYPE
             - JICOFO_BRIDGE_REGION_GROUPS
             - JICOFO_ENABLE_AUTH
             - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf
index 6a54d93..7738600 100644
--- a/jicofo/rootfs/defaults/jicofo.conf
+++ b/jicofo/rootfs/defaults/jicofo.conf
@@ -1,13 +1,14 @@
-{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }}
-{{ $JICOFO_ENABLE_AUTH := (.Env.JICOFO_ENABLE_AUTH | default .Env.ENABLE_AUTH) | default "0" | toBool }}
-{{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "0" | toBool }}
-{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }}
-{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool }}
-{{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool }}
-{{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool }}
-{{ $ENABLE_REST := .Env.JICOFO_ENABLE_REST | default "0" | toBool }}
-{{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool }}
-{{ $HEALTH_CHECKS_USE_PRESENCE := .Env.JICOFO_HEALTH_CHECKS_USE_PRESENCE | default "0" | toBool }}
+{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" -}}
+{{ $JICOFO_ENABLE_AUTH := .Env.JICOFO_ENABLE_AUTH | default $ENABLE_AUTH | toBool -}}
+{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
+{{ $JICOFO_AUTH_TYPE := .Env.JICOFO_AUTH_TYPE | default $AUTH_TYPE -}}
+{{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "0" | toBool -}}
+{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}}
+{{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}}
+{{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool -}}
+{{ $ENABLE_REST := .Env.JICOFO_ENABLE_REST | default "0" | toBool -}}
+{{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool -}}
+{{ $HEALTH_CHECKS_USE_PRESENCE := .Env.JICOFO_HEALTH_CHECKS_USE_PRESENCE | default "0" | toBool -}}
 {{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}}
 {{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}}
 {{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}}
@@ -29,7 +30,7 @@ jicofo {
     authentication {
       enabled = true
       // The type of authentication. Supported values are XMPP or JWT.
-      {{ if eq $AUTH_TYPE "jwt" }}
+      {{ if eq $JICOFO_AUTH_TYPE "jwt" }}
       type = JWT
       {{ else }}
       type = XMPP
diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
index 117bf0e..c26f8f8 100644
--- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
+++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
@@ -1,7 +1,8 @@
 {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
-{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool)}}
-{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}}
 {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
+{{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}}
+{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
+{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}}
 {{ $JIBRI_XMPP_USER := .Env.JIBRI_XMPP_USER | default "jibri" -}}
 {{ $JIGASI_XMPP_USER := .Env.JIGASI_XMPP_USER | default "jigasi" -}}
 {{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
@@ -98,11 +99,11 @@ external_services = {
 };
 {{- end }}
 
-{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }}
+{{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }}
 asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" }
 {{ end }}
 
-{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_AUDIENCES }}
+{{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_AUDIENCES }}
 asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" }
 {{ end }}
 
@@ -125,7 +126,7 @@ VirtualHost "jigasi.meet.jitsi"
 
 VirtualHost "{{ $XMPP_DOMAIN }}"
 {{ if $ENABLE_AUTH }}
-  {{ if eq $AUTH_TYPE "jwt" }}
+  {{ if eq $PROSODY_AUTH_TYPE "jwt" }}
     authentication = "{{ $JWT_AUTH_TYPE }}"
     app_id = "{{ .Env.JWT_APP_ID }}"
     app_secret = "{{ .Env.JWT_APP_SECRET }}"
@@ -134,11 +135,11 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
     asap_key_server = "{{ .Env.JWT_ASAP_KEYSERVER }}"
     {{ end }}
     enable_domain_verification = {{ $JWT_ENABLE_DOMAIN_VERIFICATION }}
-  {{ else if eq $AUTH_TYPE "ldap" }}
+  {{ else if eq $PROSODY_AUTH_TYPE "ldap" }}
     authentication = "cyrus"
     cyrus_application_name = "xmpp"
     allow_unencrypted_plain_auth = true
-  {{ else if eq $AUTH_TYPE "matrix" }}
+  {{ else if eq $PROSODY_AUTH_TYPE "matrix" }}
     authentication = "matrix_user_verification"
     app_id = "{{ $MATRIX_UVS_ISSUER }}"
     uvs_base_url = "{{ .Env.MATRIX_UVS_URL }}"
@@ -148,7 +149,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
     {{ if $MATRIX_UVS_SYNC_POWER_LEVELS }}
     uvs_sync_power_levels = true
     {{ end }}
-  {{ else if eq $AUTH_TYPE "internal" }}
+  {{ else if eq $PROSODY_AUTH_TYPE "internal" }}
     authentication = "internal_hashed"
   {{ end }}
 {{ else }}
@@ -187,7 +188,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
         {{ if .Env.XMPP_MODULES }}
         "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}";
         {{ end }}
-        {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "ldap") }}
+        {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "ldap") }}
         "auth_cyrus";
         {{end}}
         {{ if $PROSODY_RESERVATION_ENABLED }}
@@ -270,10 +271,10 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc"
         {{ if .Env.XMPP_MUC_MODULES -}}
         "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}";
         {{ end -}}
-        {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") -}}
+        {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "jwt") -}}
         "{{ $JWT_TOKEN_AUTH_MODULE }}";
         {{ end }}
-        {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "matrix") $MATRIX_UVS_SYNC_POWER_LEVELS -}}
+        {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "matrix") $MATRIX_UVS_SYNC_POWER_LEVELS -}}
         "matrix_power_sync";
         {{ end -}}
         {{ if not $DISABLE_POLLS -}}
diff --git a/prosody/rootfs/defaults/saslauthd.conf b/prosody/rootfs/defaults/saslauthd.conf
index 543b5eb..79cdc0a 100644
--- a/prosody/rootfs/defaults/saslauthd.conf
+++ b/prosody/rootfs/defaults/saslauthd.conf
@@ -1,6 +1,8 @@
+{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
+{{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE }}
 {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
 
-{{ if eq (.Env.AUTH_TYPE | default "internal") "ldap" }}
+{{ if eq $PROSODY_AUTH_TYPE "ldap" }}
 ldap_servers: {{ .Env.LDAP_URL }}
 ldap_search_base: {{ .Env.LDAP_BASE }}
 {{ if .Env.LDAP_BINDDN | default "" }}