Mirrors
/
nextcloud-spreed
mirror of https://github.com/nextcloud/spreed
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14127 Commits
162 Branches
351 Tags
346 MiB
Tree: 41c19803ca
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '41c19803ca'
${ noResults }
nextcloud-spreed/lib/Config.php

551 lines
16 KiB
Raw Normal View History

Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Run cs:fix Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Make all classes strict Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Bye Spreed, hello Talk! Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Introduce event so other apps can override the list of TURN servers. Signed-off-by: Joachim Bauch <bauch@struktur.de>
4 years ago
Allow to define default permissions Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Add Mozart to avoid conflict with other JWT apps Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Introduce event so other apps can override the list of TURN servers. Signed-off-by: Joachim Bauch <bauch@struktur.de>
4 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Add config method to check if the user can access Talk Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Add config method to check if the user can access Talk Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow to define default permissions Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Publish the signaling mode as initial state Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Use a dedicated method to get the signaling mode Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Publish the signaling mode as initial state Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Use PHP7.4 property typehinting where possible Signed-off-by: Vitor Mattos <vitor@php.rio>
4 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Use PHP7.4 property typehinting where possible Signed-off-by: Vitor Mattos <vitor@php.rio>
4 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Use PHP7.4 property typehinting where possible Signed-off-by: Vitor Mattos <vitor@php.rio>
4 years ago
Only allow enabling SIP when the user can enable it Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Add config method to check if the user can access Talk Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Introduce event so other apps can override the list of TURN servers. Signed-off-by: Joachim Bauch <bauch@struktur.de>
4 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Add config method to check if the user can access Talk Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Introduce event so other apps can override the list of TURN servers. Signed-off-by: Joachim Bauch <bauch@struktur.de>
4 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Add config method to check if the user can access Talk Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Limit creating public and group conversations to a group Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Add config method to check if the user can access Talk Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Add a capability for the chat-read-status and the user setting Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Add a setting which groups can enable SIP in conversations Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Check if the SIP is configured Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Start with integration tests for invites Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add a config to disable breakout rooms Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Add dial-in info and fix group display names Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
No mix of _ and - Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Add a shared secret Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Add dial-in info and fix group display names Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Only allow enabling SIP when the user can enable it Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Split recording capability Now we have a hard capability called recording-v1 and a switable capability by config called recording Signed-off-by: Vitor Mattos <vitor@php.rio>
3 years ago
Minor things Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Split recording capability Now we have a hard capability called recording-v1 and a switable capability by config called recording Signed-off-by: Vitor Mattos <vitor@php.rio>
3 years ago
Minor things Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Add capability to toggle recording Signed-off-by: Vitor Mattos <vitor@php.rio>
3 years ago
Add config method to check if the user can access Talk Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Limit creating public and group conversations to a group Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Add config method to check if the user can access Talk Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Allow to define default permissions Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
Allow to select an attachment folder Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Allow setting multiple STUN servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Allow setting multiple STUN servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Make sure there is always a trailing slash Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Fix CSP with wss:// and ws:// signaling server Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Use InitialState for admin settings Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Don't provide a stun without internet connection Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Allow setting multiple STUN servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Don't provide a stun without internet connection Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Run cs:fix Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Don't provide a stun without internet connection Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Reduce MissingReturnType Signed-off-by: Vitor Mattos <vitor@php.rio>
4 years ago
Add a migration to copy the current stun and turn settings Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Introduce event so other apps can override the list of TURN servers. Signed-off-by: Joachim Bauch <bauch@struktur.de>
4 years ago
Use typed event Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Introduce event so other apps can override the list of TURN servers. Signed-off-by: Joachim Bauch <bauch@struktur.de>
4 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Add support for "turns:" scheme Until now no scheme could be configured to connect to the TURN server and "turn:" was used by default. The "turns:" scheme defines a connection over TLS, which in some cases is needed by clients behind a very restrictive firewall that only allows TLS connections. However, encrypted TURN connections also require a certificate to be set in the TURN server, which may not be always available. Moreover, encrypted TURN connections also require a domain. Due to all this now it is possible to set the TURN server scheme to "turn:", "turns:" or both, so the administrator can set the best suiting one. Already configured TURN servers that have no scheme configured yet defaults to "turn:" to keep the same behaviour as before. New configured TURN servers also default to "turn:", as "turns:" has some additional requirements as explained above. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
5 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Provide multiple TURN servers to webrtc client - Provides all in the backend specified turnservers to webrtc clients Signed-off-by: Sebastian L <sl@momou.ch>
5 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Provide multiple TURN servers to webrtc client - Provides all in the backend specified turnservers to webrtc clients Signed-off-by: Sebastian L <sl@momou.ch>
5 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Allow multiple turn servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Fix TURN credential generation. The temporary username must consist of the timestamp and a random username, see https://github.com/coturn/coturn/wiki/turnserver#turn-rest-api for details on the format. Signed-off-by: Joachim Bauch <bauch@struktur.de>
7 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Provide multiple TURN servers to webrtc client - Provides all in the backend specified turnservers to webrtc clients Signed-off-by: Sebastian L <sl@momou.ch>
5 years ago
Introduce event so other apps can override the list of TURN servers. Signed-off-by: Joachim Bauch <bauch@struktur.de>
4 years ago
Provide multiple TURN servers to webrtc client - Provides all in the backend specified turnservers to webrtc clients Signed-off-by: Sebastian L <sl@momou.ch>
5 years ago
Use typed event Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Introduce event so other apps can override the list of TURN servers. Signed-off-by: Joachim Bauch <bauch@struktur.de>
4 years ago
Provide multiple TURN servers to webrtc client - Provides all in the backend specified turnservers to webrtc clients Signed-off-by: Sebastian L <sl@momou.ch>
5 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
Psalm auto fixes Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Use a dedicated method to get the signaling mode Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Publish the signaling mode as initial state Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Use a dedicated method to get the signaling mode Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Add a signaling_dev app config for easier HPB clustering development Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Don't allow multiple HPB without clustering and add a cache warning Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Add a signaling_dev app config for easier HPB clustering development Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Use a dedicated method to get the signaling mode Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Publish the signaling mode as initial state Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Fix passing of configured servers to the UI and wrong own URL to validate users. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Also add the stun and turn servers to the CSP Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Fix tests Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Allow setting up multiple signaling servers. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Fix passing of configured servers to the UI and wrong own URL to validate users. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Make all classes strict Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Don't always skip certificate verification of connections to backend. Make it a configuration option instead. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Show a warning when there are too many participants in a call without external signaling Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Add support for algorithm "EdDSA" and add tests. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Add support for algorithm "EdDSA" and add tests. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Add support for algorithm "EdDSA" and add tests. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Implement JWT auth for signaling connection. Signed-off-by: Joachim Bauch <bauch@struktur.de>
3 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Make all classes strict Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Allow multiple signaling servers Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Implement backend APIs to be used by standalone signaling server. A standalone signaling server can be configured in the admin UI and is notified through the BackendController on changes that should be sent to connected clients. See #339 for a description of the backend API. Signed-off-by: Joachim Bauch <bauch@struktur.de>
8 years ago
Add config setting to limit the number of videos in the grid The limit can be set with OCC like "occ config:app:set spreed --value=XXX grid_videos_limit". The changes will take effect once the user reloads the page. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
5 years ago
Enable limitation by default as it increases performance Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add config setting to limit the number of videos in the grid The limit can be set with OCC like "occ config:app:set spreed --value=XXX grid_videos_limit". The changes will take effect once the user reloads the page. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
5 years ago
Add config setting to make grid videos limit a hard limit The hard limit can be enabled with OCC with "occ config:app:set spreed --value=yes grid_videos_limit_enforced". The changes will take effect once the user reloads the page The grid videos limit by default is a fuzzy limit, as the number of videos shown could be larger due to the available space and aspect ratio to distribute the videos on. When the limit is made a hard limit the distributed slots will be the same as before, but only as many videos as allowed by the limit will be filled in each page. However, note that with the hard limit the grid may look "broken", as there is still space to be filled with videos yet they are in the next page. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
5 years ago
Make config non static Signed-off-by: Joas Schilling <coding@schilljs.com>
9 years ago
  1. <?php
  3. declare(strict_types=1);
  4. /**
  5. * @author Joachim Bauch <mail@joachim-bauch.de>
  6. *
  7. * @license GNU AGPL version 3 or any later version
  8. *
  9. * This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as
  11. * published by the Free Software Foundation, either version 3 of the
  12. * License, or (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. */
  24. namespace OCA\Talk;
  26. use OCA\Talk\Events\GetTurnServersEvent;
  27. use OCA\Talk\Model\Attendee;
  28. use OCA\Talk\Vendor\Firebase\JWT\JWT;
  29. use OCP\AppFramework\Utility\ITimeFactory;
  30. use OCP\EventDispatcher\IEventDispatcher;
  31. use OCP\IConfig;
  32. use OCP\IGroupManager;
  33. use OCP\IURLGenerator;
  34. use OCP\IUser;
  35. use OCP\IUserManager;
  36. use OCP\Security\ISecureRandom;
  37. use OCP\Server;
  39. class Config {
  40. public const SIGNALING_INTERNAL = 'internal';
  41. public const SIGNALING_EXTERNAL = 'external';
  42. public const SIGNALING_CLUSTER_CONVERSATION = 'conversation_cluster';
  44. public const SIGNALING_TICKET_V1 = 1;
  45. public const SIGNALING_TICKET_V2 = 2;
  47. protected IConfig $config;
  48. protected ITimeFactory $timeFactory;
  49. private IGroupManager $groupManager;
  50. private IUserManager $userManager;
  51. private IURLGenerator $urlGenerator;
  52. private ISecureRandom $secureRandom;
  53. private IEventDispatcher $dispatcher;
  55. protected array $canEnableSIP = [];
  57. public function __construct(IConfig $config,
  58. ISecureRandom $secureRandom,
  59. IGroupManager $groupManager,
  60. IUserManager $userManager,
  61. IURLGenerator $urlGenerator,
  62. ITimeFactory $timeFactory,
  63. IEventDispatcher $dispatcher) {
  64. $this->config = $config;
  65. $this->secureRandom = $secureRandom;
  66. $this->groupManager = $groupManager;
  67. $this->userManager = $userManager;
  68. $this->urlGenerator = $urlGenerator;
  69. $this->timeFactory = $timeFactory;
  70. $this->dispatcher = $dispatcher;
  71. }
  73. /**
  74. * @return string[]
  75. */
  76. public function getAllowedTalkGroupIds(): array {
  77. $groups = $this->config->getAppValue('spreed', 'allowed_groups', '[]');
  78. $groups = json_decode($groups, true);
  79. return \is_array($groups) ? $groups : [];
  80. }
  82. public function getUserReadPrivacy(string $userId): int {
  83. return (int) $this->config->getUserValue(
  84. $userId,
  85. 'spreed', 'read_status_privacy',
  86. (string) Participant::PRIVACY_PUBLIC);
  87. }
  89. /**
  90. * @return string[]
  91. */
  92. public function getSIPGroups(): array {
  93. $groups = $this->config->getAppValue('spreed', 'sip_bridge_groups', '[]');
  94. $groups = json_decode($groups, true);
  95. return \is_array($groups) ? $groups : [];
  96. }
  98. public function isSIPConfigured(): bool {
  99. return $this->getSIPSharedSecret() !== ''
  100. && $this->getDialInInfo() !== '';
  101. }
  103. /**
  104. * Determine if Talk federation is enabled on this instance
  105. */
  106. public function isFederationEnabled(): bool {
  107. // TODO: Set to default true once implementation is complete
  108. return $this->config->getAppValue('spreed', 'federation_enabled', 'no') === 'yes';
  109. }
  111. public function isBreakoutRoomsEnabled(): bool {
  112. return $this->config->getAppValue('spreed', 'breakout_rooms', 'yes') === 'yes';
  113. }
  115. public function getDialInInfo(): string {
  116. return $this->config->getAppValue('spreed', 'sip_bridge_dialin_info');
  117. }
  119. public function getSIPSharedSecret(): string {
  120. return $this->config->getAppValue('spreed', 'sip_bridge_shared_secret');
  121. }
  123. public function canUserEnableSIP(IUser $user): bool {
  124. if (isset($this->canEnableSIP[$user->getUID()])) {
  125. return $this->canEnableSIP[$user->getUID()];
  126. }
  128. $this->canEnableSIP[$user->getUID()] = false;
  130. $allowedGroups = $this->getSIPGroups();
  131. if (empty($allowedGroups)) {
  132. $this->canEnableSIP[$user->getUID()] = true;
  133. } else {
  134. $userGroups = $this->groupManager->getUserGroupIds($user);
  135. $this->canEnableSIP[$user->getUID()] = !empty(array_intersect($allowedGroups, $userGroups));
  136. }
  138. return $this->canEnableSIP[$user->getUID()];
  139. }
  141. public function isRecordingEnabled(): bool {
  142. $isSignalingInternal = $this->getSignalingMode() === self::SIGNALING_INTERNAL;
  143. $recordingAllowed = $this->config->getAppValue('spreed', 'call_recording', 'yes') === 'yes';
  145. return !$isSignalingInternal && $recordingAllowed;
  146. }
  148. public function isDisabledForUser(IUser $user): bool {
  149. $allowedGroups = $this->getAllowedTalkGroupIds();
  150. if (empty($allowedGroups)) {
  151. return false;
  152. }
  154. $userGroups = $this->groupManager->getUserGroupIds($user);
  155. return empty(array_intersect($allowedGroups, $userGroups));
  156. }
  158. /**
  159. * @return string[]
  160. */
  161. public function getAllowedConversationsGroupIds(): array {
  162. $groups = $this->config->getAppValue('spreed', 'start_conversations', '[]');
  163. $groups = json_decode($groups, true);
  164. return \is_array($groups) ? $groups : [];
  165. }
  167. public function isNotAllowedToCreateConversations(IUser $user): bool {
  168. $allowedGroups = $this->getAllowedConversationsGroupIds();
  169. if (empty($allowedGroups)) {
  170. return false;
  171. }
  173. $userGroups = $this->groupManager->getUserGroupIds($user);
  174. return empty(array_intersect($allowedGroups, $userGroups));
  175. }
  177. public function getDefaultPermissions(): int {
  178. // Admin configured default permissions
  179. $configurableDefault = $this->config->getAppValue('spreed', 'default_permissions');
  180. if ($configurableDefault !== '') {
  181. return (int) $configurableDefault;
  182. }
  184. // Falling back to an unrestricted set of permissions, only ignoring the lobby is off
  185. return Attendee::PERMISSIONS_MAX_DEFAULT & ~Attendee::PERMISSIONS_LOBBY_IGNORE;
  186. }
  188. public function getAttachmentFolder(string $userId): string {
  189. return $this->config->getUserValue($userId, 'spreed', 'attachment_folder', '/Talk');
  190. }
  192. /**
  193. * @return string[]
  194. */
  195. public function getAllServerUrlsForCSP(): array {
  196. $urls = [];
  198. foreach ($this->getStunServers() as $server) {
  199. $urls[] = $server;
  200. }
  202. foreach ($this->getTurnServers() as $server) {
  203. $urls[] = $server['server'];
  204. }
  206. foreach ($this->getSignalingServers() as $server) {
  207. $urls[] = $this->getWebSocketDomainForSignalingServer($server['server']);
  208. }
  210. return $urls;
  211. }
  213. protected function getWebSocketDomainForSignalingServer(string $url): string {
  214. $url .= '/';
  215. if (strpos($url, 'https://') === 0) {
  216. return 'wss://' . substr($url, 8, strpos($url, '/', 9) - 8);
  217. }
  219. if (strpos($url, 'http://') === 0) {
  220. return 'ws://' . substr($url, 7, strpos($url, '/', 8) - 7);
  221. }
  223. if (strpos($url, 'wss://') === 0) {
  224. return substr($url, 0, strpos($url, '/', 7));
  225. }
  227. if (strpos($url, 'ws://') === 0) {
  228. return substr($url, 0, strpos($url, '/', 6));
  229. }
  231. $protocol = strpos($url, '://');
  232. if ($protocol !== false) {
  233. return substr($url, $protocol + 3, strpos($url, '/', $protocol + 3) - $protocol - 3);
  234. }
  236. return substr($url, 0, strpos($url, '/'));
  237. }
  239. /**
  240. * @return string[]
  241. */
  242. public function getStunServers(): array {
  243. $config = $this->config->getAppValue('spreed', 'stun_servers', json_encode(['stun.nextcloud.com:443']));
  244. $servers = json_decode($config, true);
  246. if (!is_array($servers) || empty($servers)) {
  247. $servers = ['stun.nextcloud.com:443'];
  248. }
  250. if (!$this->config->getSystemValueBool('has_internet_connection', true)) {
  251. $servers = array_filter($servers, static function ($server) {
  252. return $server !== 'stun.nextcloud.com:443';
  253. });
  254. }
  256. return $servers;
  257. }
  259. /**
  260. * Generates a username and password for the TURN server
  261. *
  262. * @return array
  263. */
  264. public function getTurnServers(bool $withEvent = true): array {
  265. $config = $this->config->getAppValue('spreed', 'turn_servers');
  266. $servers = json_decode($config, true);
  268. if ($servers === null || empty($servers) || !is_array($servers)) {
  269. $servers = [];
  270. }
  272. if ($withEvent) {
  273. $event = new GetTurnServersEvent($servers);
  274. $this->dispatcher->dispatchTyped($event);
  275. $servers = $event->getServers();
  276. }
  278. foreach ($servers as $key => $server) {
  279. $servers[$key]['schemes'] = $server['schemes'] ?? 'turn';
  280. }
  282. return $servers;
  283. }
  285. /**
  286. * Prepares a list of TURN servers with username and password
  287. *
  288. * @return array
  289. */
  290. public function getTurnSettings(): array {
  291. $servers = $this->getTurnServers();
  293. if (empty($servers)) {
  294. return [];
  295. }
  297. // Credentials are valid for 24h
  298. // FIXME add the TTL to the response and properly reconnect then
  299. $timestamp = $this->timeFactory->getTime() + 86400;
  300. $rnd = $this->secureRandom->generate(16);
  301. $username = $timestamp . ':' . $rnd;
  303. foreach ($servers as $server) {
  304. $u = $server['username'] ?? $username;
  305. $password = $server['password'] ?? base64_encode(hash_hmac('sha1', $u, $server['secret'], true));
  307. $turnSettings[] = [
  308. 'schemes' => $server['schemes'],
  309. 'server' => $server['server'],
  310. 'username' => $u,
  311. 'password' => $password,
  312. 'protocols' => $server['protocols'],
  313. ];
  314. }
  316. return $turnSettings;
  317. }
  319. public function getSignalingMode(bool $cleanExternalSignaling = true): string {
  320. $validModes = [
  321. self::SIGNALING_INTERNAL,
  322. self::SIGNALING_EXTERNAL,
  323. self::SIGNALING_CLUSTER_CONVERSATION,
  324. ];
  326. $mode = $this->config->getAppValue('spreed', 'signaling_mode', null);
  327. if ($mode === self::SIGNALING_INTERNAL) {
  328. return self::SIGNALING_INTERNAL;
  329. }
  331. $numSignalingServers = count($this->getSignalingServers());
  332. if ($numSignalingServers === 0) {
  333. return self::SIGNALING_INTERNAL;
  334. }
  335. if ($numSignalingServers === 1
  336. && $cleanExternalSignaling
  337. && $this->config->getAppValue('spreed', 'signaling_dev', 'no') === 'no') {
  338. return self::SIGNALING_EXTERNAL;
  339. }
  341. return \in_array($mode, $validModes, true) ? $mode : self::SIGNALING_EXTERNAL;
  342. }
  344. /**
  345. * Returns list of signaling servers. Each entry contains the URL of the
  346. * server and a flag whether the certificate should be verified.
  347. *
  348. * @return array
  349. */
  350. public function getSignalingServers(): array {
  351. $config = $this->config->getAppValue('spreed', 'signaling_servers');
  352. $signaling = json_decode($config, true);
  353. if (!is_array($signaling) || !isset($signaling['servers'])) {
  354. return [];
  355. }
  357. return $signaling['servers'];
  358. }
  360. /**
  361. * @return string
  362. */
  363. public function getSignalingSecret(): string {
  364. $config = $this->config->getAppValue('spreed', 'signaling_servers');
  365. $signaling = json_decode($config, true);
  367. if (!is_array($signaling)) {
  368. return '';
  369. }
  371. return $signaling['secret'];
  372. }
  374. public function getHideSignalingWarning(): bool {
  375. return $this->config->getAppValue('spreed', 'hide_signaling_warning', 'no') === 'yes';
  376. }
  378. /**
  379. * @param int $version
  380. * @param string $userId
  381. * @return string
  382. */
  383. public function getSignalingTicket(int $version, ?string $userId): string {
  384. switch ($version) {
  385. case self::SIGNALING_TICKET_V1:
  386. return $this->getSignalingTicketV1($userId);
  387. case self::SIGNALING_TICKET_V2:
  388. return $this->getSignalingTicketV2($userId);
  389. default:
  390. return $this->getSignalingTicketV1($userId);
  391. }
  392. }
  394. /**
  395. * @param string $userId
  396. * @return string
  397. */
  398. private function getSignalingTicketV1(?string $userId): string {
  399. if (empty($userId)) {
  400. $secret = $this->config->getAppValue('spreed', 'signaling_ticket_secret');
  401. } else {
  402. $secret = $this->config->getUserValue($userId, 'spreed', 'signaling_ticket_secret');
  403. }
  404. if (empty($secret)) {
  405. // Create secret lazily on first access.
  406. // TODO(fancycode): Is there a possibility for a race condition?
  407. $secret = $this->secureRandom->generate(255);
  408. if (empty($userId)) {
  409. $this->config->setAppValue('spreed', 'signaling_ticket_secret', $secret);
  410. } else {
  411. $this->config->setUserValue($userId, 'spreed', 'signaling_ticket_secret', $secret);
  412. }
  413. }
  415. // Format is "random:timestamp:userid:checksum" and "checksum" is the
  416. // SHA256-HMAC of "random:timestamp:userid" with the per-user secret.
  417. $random = $this->secureRandom->generate(16);
  418. $timestamp = $this->timeFactory->getTime();
  419. $data = $random . ':' . $timestamp . ':' . $userId;
  420. $hash = hash_hmac('sha256', $data, $secret);
  421. return $data . ':' . $hash;
  422. }
  424. private function ensureSignalingTokenKeys(string $alg): void {
  425. $secret = $this->config->getAppValue('spreed', 'signaling_token_privkey_' . strtolower($alg));
  426. if ($secret) {
  427. return;
  428. }
  430. if (substr($alg, 0, 2) === 'ES') {
  431. $privKey = openssl_pkey_new([
  432. 'curve_name' => 'prime256v1',
  433. 'private_key_type' => OPENSSL_KEYTYPE_EC,
  434. ]);
  435. $pubKey = openssl_pkey_get_details($privKey);
  436. $public = $pubKey['key'];
  437. if (!openssl_pkey_export($privKey, $secret)) {
  438. throw new \Exception('Could not export private key');
  439. }
  440. } elseif (substr($alg, 0, 2) === 'RS') {
  441. $privKey = openssl_pkey_new([
  442. 'private_key_bits' => 2048,
  443. 'private_key_type' => OPENSSL_KEYTYPE_RSA,
  444. ]);
  445. $pubKey = openssl_pkey_get_details($privKey);
  446. $public = $pubKey['key'];
  447. if (!openssl_pkey_export($privKey, $secret)) {
  448. throw new \Exception('Could not export private key');
  449. }
  450. } elseif ($alg === 'EdDSA') {
  451. $privKey = sodium_crypto_sign_keypair();
  452. $public = base64_encode(sodium_crypto_sign_publickey($privKey));
  453. $secret = base64_encode(sodium_crypto_sign_secretkey($privKey));
  454. } else {
  455. throw new \Exception('Unsupported algorithm ' . $alg);
  456. }
  458. $this->config->setAppValue('spreed', 'signaling_token_privkey_' . strtolower($alg), $secret);
  459. $this->config->setAppValue('spreed', 'signaling_token_pubkey_' . strtolower($alg), $public);
  460. }
  462. public function getSignalingTokenAlgorithm(): string {
  463. return $this->config->getAppValue('spreed', 'signaling_token_alg', 'ES256');
  464. }
  466. public function getSignalingTokenPrivateKey(?string $alg = null): string {
  467. if (!$alg) {
  468. $alg = $this->getSignalingTokenAlgorithm();
  469. }
  470. $this->ensureSignalingTokenKeys($alg);
  472. return $this->config->getAppValue('spreed', 'signaling_token_privkey_' . strtolower($alg));
  473. }
  475. public function getSignalingTokenPublicKey(?string $alg = null): string {
  476. if (!$alg) {
  477. $alg = $this->getSignalingTokenAlgorithm();
  478. }
  479. $this->ensureSignalingTokenKeys($alg);
  481. return $this->config->getAppValue('spreed', 'signaling_token_pubkey_' . strtolower($alg));
  482. }
  484. /**
  485. * @param IUser $user
  486. * @return array
  487. */
  488. public function getSignalingUserData(IUser $user): array {
  489. return [
  490. 'displayname' => $user->getDisplayName(),
  491. ];
  492. }
  494. /**
  495. * @param string $userId
  496. * @return string
  497. */
  498. private function getSignalingTicketV2(?string $userId): string {
  499. $timestamp = $this->timeFactory->getTime();
  500. $data = [
  501. 'iss' => $this->urlGenerator->getAbsoluteURL(''),
  502. 'iat' => $timestamp,
  503. 'exp' => $timestamp + 60, // Valid for 1 minute.
  504. ];
  505. $user = !empty($userId) ? $this->userManager->get($userId) : null;
  506. if ($user instanceof IUser) {
  507. $data['sub'] = $user->getUID();
  508. $data['userdata'] = $this->getSignalingUserData($user);
  509. }
  511. $alg = $this->getSignalingTokenAlgorithm();
  512. $secret = $this->getSignalingTokenPrivateKey($alg);
  513. $token = JWT::encode($data, $secret, $alg);
  514. return $token;
  515. }
  517. /**
  518. * @param string $userId
  519. * @param string $ticket
  520. * @return bool
  521. */
  522. public function validateSignalingTicket(?string $userId, string $ticket): bool {
  523. if (empty($userId)) {
  524. $secret = $this->config->getAppValue('spreed', 'signaling_ticket_secret');
  525. } else {
  526. $secret = $this->config->getUserValue($userId, 'spreed', 'signaling_ticket_secret');
  527. }
  528. if (empty($secret)) {
  529. return false;
  530. }
  532. $lastColon = strrpos($ticket, ':');
  533. if ($lastColon === false) {
  534. // Immediately reject invalid formats.
  535. return false;
  536. }
  538. // TODO(fancycode): Should we reject tickets that are too old?
  539. $data = substr($ticket, 0, $lastColon);
  540. $hash = hash_hmac('sha256', $data, $secret);
  541. return hash_equals($hash, substr($ticket, $lastColon + 1));
  542. }
  544. public function getGridVideosLimit(): int {
  545. return (int) $this->config->getAppValue('spreed', 'grid_videos_limit', '19'); // 5*4 - self
  546. }
  548. public function getGridVideosLimitEnforced(): bool {
  549. return $this->config->getAppValue('spreed', 'grid_videos_limit_enforced', 'no') === 'yes';
  550. }
  551. }