From f9a601d731bd1ebfdac7df5ba7524fcc8a9cb73d Mon Sep 17 00:00:00 2001 From: Ark74 Date: Fri, 11 Dec 2020 22:04:57 -0600 Subject: [PATCH] Move jwt as a external file --- mode/jwt.sh | 52 ++++++++++++++++++++++++++++++++++++ quick_jibri_installer.sh | 57 +++++----------------------------------- 2 files changed, 59 insertions(+), 50 deletions(-) create mode 100644 mode/jwt.sh diff --git a/mode/jwt.sh b/mode/jwt.sh new file mode 100644 index 0000000..e45ab50 --- /dev/null +++ b/mode/jwt.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# JWT Mode Setup +# SwITNet Ltd © - 2020, https://switnet.net/ +# GPLv3 or later. +DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++') +MEET_CONF="/etc/jitsi/meet/$DOMAIN-config.js" +APP_ID="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 16 | head -n1)" +SECRET_APP="$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 64 | head -n1)" +echo $APP_ID && echo $SECRET_APP + +## Required openssl for Focal 20.04 +if [ "$(lsb_release -sc)" = "focal" ]; then +echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \ +sudo tee /etc/apt/sources.list.d/rvm.list +apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F4E3FBBE +apt-get update +fi + +apt-get -y install \ + lua5.2 \ + liblua5.2 \ + luarocks \ + libssl1.0-dev \ + python3-jwt + +luarocks install basexx +luarocks install luacrypto +luarocks install lua-cjson 2.1.0-1 + +echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections +echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections + +apt-get install -y jitsi-meet-tokens + +#Setting up +sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" /etc/prosody/prosody.cfg.lua +sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua +sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua + +#allow_empty_token = true + +sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF + +echo -e "\nUse the following for your App (e.g. Rocket.Chat):\n" +pyjwt3 --key="$SECRET_APP" \ + encode \ + group="Rocket.Chat" \ + aud="$APP_ID" \ + iss="$APP_ID" \ + sub="$DOMAIN" \ + room="*" \ + algorithm="HS256" diff --git a/quick_jibri_installer.sh b/quick_jibri_installer.sh index 6232a1f..b329f70 100644 --- a/quick_jibri_installer.sh +++ b/quick_jibri_installer.sh @@ -510,8 +510,6 @@ do "Local") echo -e "\n > Users are created manually using prosodyctl, only moderators can open a room or launch recording.\n" ENABLE_SC="yes" - read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER - read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS break ;; "JWT") @@ -977,47 +975,22 @@ or '${SEC_ROOM_USER}@${DOMAIN}' using the password you just entered. If you have issues with the password refer to your sysadmin." sed -i "s|#org.jitsi.jicofo.auth.URL=XMPP:|org.jitsi.jicofo.auth.URL=XMPP:|" $JICOFO_SIP #Secure room initial user +read -p "Set username for secure room moderator: "$'\n' -r SEC_ROOM_USER +read -p "Secure room moderator password: "$'\n' -r SEC_ROOM_PASS prosodyctl register $SEC_ROOM_USER $DOMAIN $SEC_ROOM_PASS sed -i "s|SEC_ROOM=.*|SEC_ROOM=\"on\"|" jm-bm.sh fi ###JWT if [ "$ENABLE_JWT" = "yes" ]; then -echo -e "\nJWT auth are being setup..." +echo -e "\nJWT auth is being setup..." - ## Focal Openssl - if [ "$(lsb_release -sc)" = "focal" ]; then - echo "deb http://ppa.launchpad.net/rael-gc/rvm/ubuntu focal main" | \ - sudo tee /etc/apt/sources.list.d/rvm.list - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F4E3FBBE - apt-get update - fi +bash $PWD/mode/jwt.sh + else + echo "No authentication method selected." -apt-get -y install \ - lua5.2 \ - liblua5.2 \ - luarocks \ - libssl1.0-dev \ - python3-jwt - -luarocks install basexx -luarocks install luacrypto -luarocks install lua-cjson 2.1.0-1 - -echo "set jitsi-meet-tokens/appid string $APP_ID" | debconf-set-selections -echo "set jitsi-meet-tokens/appsecret password $SECRET_APP" | debconf-set-selections - -apt-get install -y jitsi-meet-tokens - -#Setting up -sed -i "s|c2s_require_encryption = true|c2s_require_encryption = false|" /etc/prosody/prosody.cfg.lua -sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_issuers = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua -sed -i "/app_secret/a \ \ \ \ \ \ \ \ asap_accepted_audiences = { \"$APP_ID\" }" /etc/prosody/conf.d/$DOMAIN.cfg.lua - -#allow_empty_token = true - -sed -i "s|// anonymousdomain: 'guest.example.com'|anonymousdomain: \'guest.$DOMAIN\'|" $MEET_CONF +read -n 1 -s -r -p "Press any key to continue..."$'\n' fi #Guest allow @@ -1040,22 +1013,6 @@ VirtualHost "guest.$DOMAIN" } P_SR - -echo "Use the following for your App (e.g. Rocket.Chat):" -pyjwt3 --key="$SECRET_APP" \ - encode \ - group="Rocket.Chat" \ - aud="$APP_ID" \ - iss="$APP_ID" \ - sub="$DOMAIN" \ - room="*" \ - algorithm="HS256" - - else - echo "No authentication method selected." - -read -n 1 -s -r -p "Press any key to continue..."$'\n' - fi #====================== #Start with video muted by default