From a7c16654c39b688b3b34919007b705992bd405b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20N=C3=A9grier?= Date: Mon, 19 Oct 2020 12:07:05 +0200 Subject: [PATCH] Deploying with new configurable Jitsi conf --- .env.template | 1 + .github/workflows/build-and-deploy.yml | 3 +++ back/src/Enum/EnvironmentVariable.ts | 4 ++++ back/src/Services/SocketManager.ts | 12 ++++++------ deeployer.libsonnet | 11 ++++++++--- docker-compose.yaml | 2 ++ 6 files changed, 24 insertions(+), 9 deletions(-) diff --git a/.env.template b/.env.template index d1ee2885..d0db42e3 100644 --- a/.env.template +++ b/.env.template @@ -2,5 +2,6 @@ DEBUG_MODE=false JITSI_URL=meet.jit.si # If your Jitsi environment has authentication set up, you MUST set JITSI_PRIVATE_MODE to "true" and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret JITSI_PRIVATE_MODE=false +JITSI_ISS= SECRET_JITSI_KEY= ADMIN_API_TOKEN=123 diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 25d2b0cd..e77fb133 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -121,6 +121,9 @@ jobs: env: KUBE_CONFIG_FILE: ${{ secrets.KUBE_CONFIG_FILE }} ADMIN_API_TOKEN: ${{ secrets.ADMIN_API_TOKEN }} + JITSI_ISS: ${{ secrets.JITSI_ISS }} + JITSI_URL: ${{ secrets.JITSI_URL }} + SECRET_JITSI_KEY: ${{ secrets.SECRET_JITSI_KEY }} with: namespace: workadventure-${{ env.GITHUB_REF_SLUG }} diff --git a/back/src/Enum/EnvironmentVariable.ts b/back/src/Enum/EnvironmentVariable.ts index 9028bb17..0d4f5ed2 100644 --- a/back/src/Enum/EnvironmentVariable.ts +++ b/back/src/Enum/EnvironmentVariable.ts @@ -6,6 +6,8 @@ const ALLOW_ARTILLERY = process.env.ALLOW_ARTILLERY ? process.env.ALLOW_ARTILLER const ADMIN_API_URL = process.env.ADMIN_API_URL || 'http://admin'; const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || 'myapitoken'; const CPU_OVERHEAT_THRESHOLD = Number(process.env.CPU_OVERHEAT_THRESHOLD) || 80; +const JITSI_URL : string|undefined = (process.env.JITSI_URL === '') ? undefined : process.env.JITSI_URL; +const JITSI_ISS = process.env.JITSI_ISS || ''; const SECRET_JITSI_KEY = process.env.SECRET_JITSI_KEY || ''; export { @@ -17,5 +19,7 @@ export { GROUP_RADIUS, ALLOW_ARTILLERY, CPU_OVERHEAT_THRESHOLD, + JITSI_URL, + JITSI_ISS, SECRET_JITSI_KEY } diff --git a/back/src/Services/SocketManager.ts b/back/src/Services/SocketManager.ts index 71bcf468..e704ac4f 100644 --- a/back/src/Services/SocketManager.ts +++ b/back/src/Services/SocketManager.ts @@ -27,7 +27,7 @@ import {ProtobufUtils} from "../Model/Websocket/ProtobufUtils"; import {Group} from "../Model/Group"; import {cpuTracker} from "./CpuTracker"; import {isSetPlayerDetailsMessage} from "../Model/Websocket/SetPlayerDetailsMessage"; -import {GROUP_RADIUS, MINIMUM_DISTANCE, SECRET_JITSI_KEY} from "../Enum/EnvironmentVariable"; +import {GROUP_RADIUS, JITSI_ISS, MINIMUM_DISTANCE, SECRET_JITSI_KEY} from "../Enum/EnvironmentVariable"; import {Movable} from "../Model/Movable"; import {PositionInterface} from "../Model/PositionInterface"; import {adminApi} from "./AdminApi"; @@ -35,6 +35,7 @@ import Direction = PositionMessage.Direction; import {Gauge} from "prom-client"; import {emitError, emitInBatch} from "./IoSocketHelpers"; import Jwt from "jsonwebtoken"; +import {JITSI_URL} from "../Enum/EnvironmentVariable"; class SocketManager { private Worlds: Map = new Map(); @@ -606,13 +607,12 @@ class SocketManager { // Let's see if the current client has const isAdmin = client.tags.includes(tag); - // TODO: fix this when "moderator" property is available - const jwt = Jwt.sign({ "aud": "jitsi", - "iss": "meetworkadventure", - "sub": "coremeet.workadventu.re", - "room": room + "iss": JITSI_ISS, + "sub": JITSI_URL, + "room": room, + "moderator": isAdmin }, SECRET_JITSI_KEY, { expiresIn: '1d', algorithm: "HS256", diff --git a/deeployer.libsonnet b/deeployer.libsonnet index df04399a..4edb4728 100644 --- a/deeployer.libsonnet +++ b/deeployer.libsonnet @@ -16,7 +16,10 @@ "env": { "SECRET_KEY": "tempSecretKeyNeedsToChange", "ADMIN_API_TOKEN": env.ADMIN_API_TOKEN, - "ADMIN_API_URL": "https://admin."+url + "ADMIN_API_URL": "https://admin."+url, + "JITSI_ISS": env.JITSI_ISS, + "JITSI_URL": env.JITSI_URL, + "SECRET_JITSI_KEY": env.SECRET_JITSI_KEY, } }, "front": { @@ -28,10 +31,12 @@ "ports": [80], "env": { "API_URL": "api."+url, - "JITSI_URL": "meet.jit.si", + "JITSI_URL": env.JITSI_URL, + "SECRET_JITSI_KEY": env.SECRET_JITSI_KEY, "TURN_SERVER": "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443", "TURN_USER": "workadventure", - "TURN_PASSWORD": "WorkAdventure123" + "TURN_PASSWORD": "WorkAdventure123", + "JITSI_PRIVATE_MODE": if env.SECRET_JITSI_KEY != '' then "true" else "false" } }, "maps": { diff --git a/docker-compose.yaml b/docker-compose.yaml index 4684d53e..482dfbcb 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -76,6 +76,8 @@ services: SECRET_JITSI_KEY: "$SECRET_JITSI_KEY" ALLOW_ARTILLERY: "true" ADMIN_API_TOKEN: "$ADMIN_API_TOKEN" + JITSI_URL: $JITSI_URL + JITSI_ISS: $JITSI_ISS volumes: - ./back:/usr/src/app labels: