mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-06-20 22:55:02 +02:00
Merge pull request #290 from strukturag/ci-fix-slow-cpu
Fix issues on slow CPUs
This commit is contained in:
commit
0165788fe3
|
@ -1173,7 +1173,16 @@ func (s *ClientSession) filterMessage(message *ServerMessage) *ServerMessage {
|
||||||
switch message.Event.Type {
|
switch message.Event.Type {
|
||||||
case "join":
|
case "join":
|
||||||
if s.HasPermission(PERMISSION_HIDE_DISPLAYNAMES) {
|
if s.HasPermission(PERMISSION_HIDE_DISPLAYNAMES) {
|
||||||
message.Event.Join = filterDisplayNames(message.Event.Join)
|
// Create unique copy of message for only this client.
|
||||||
|
message = &ServerMessage{
|
||||||
|
Id: message.Id,
|
||||||
|
Type: message.Type,
|
||||||
|
Event: &EventServerMessage{
|
||||||
|
Type: message.Event.Type,
|
||||||
|
Target: message.Event.Target,
|
||||||
|
Join: filterDisplayNames(message.Event.Join),
|
||||||
|
},
|
||||||
|
}
|
||||||
}
|
}
|
||||||
case "message":
|
case "message":
|
||||||
if message.Event.Message == nil || message.Event.Message.Data == nil || len(*message.Event.Message.Data) == 0 || !s.HasPermission(PERMISSION_HIDE_DISPLAYNAMES) {
|
if message.Event.Message == nil || message.Event.Message.Data == nil || len(*message.Event.Message.Data) == 0 || !s.HasPermission(PERMISSION_HIDE_DISPLAYNAMES) {
|
||||||
|
@ -1189,7 +1198,19 @@ func (s *ClientSession) filterMessage(message *ServerMessage) *ServerMessage {
|
||||||
if displayName, found := (*data.Chat.Comment)["actorDisplayName"]; found && displayName != "" {
|
if displayName, found := (*data.Chat.Comment)["actorDisplayName"]; found && displayName != "" {
|
||||||
(*data.Chat.Comment)["actorDisplayName"] = ""
|
(*data.Chat.Comment)["actorDisplayName"] = ""
|
||||||
if encoded, err := json.Marshal(data); err == nil {
|
if encoded, err := json.Marshal(data); err == nil {
|
||||||
message.Event.Message.Data = (*json.RawMessage)(&encoded)
|
// Create unique copy of message for only this client.
|
||||||
|
message = &ServerMessage{
|
||||||
|
Id: message.Id,
|
||||||
|
Type: message.Type,
|
||||||
|
Event: &EventServerMessage{
|
||||||
|
Type: message.Event.Type,
|
||||||
|
Target: message.Event.Target,
|
||||||
|
Message: &RoomEventMessage{
|
||||||
|
RoomId: message.Event.Message.RoomId,
|
||||||
|
Data: (*json.RawMessage)(&encoded),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,13 +36,19 @@ import (
|
||||||
type reloadableCredentials struct {
|
type reloadableCredentials struct {
|
||||||
config *tls.Config
|
config *tls.Config
|
||||||
|
|
||||||
pool *CertPoolReloader
|
loader *CertificateReloader
|
||||||
|
pool *CertPoolReloader
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *reloadableCredentials) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
|
func (c *reloadableCredentials) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
|
||||||
// use local cfg to avoid clobbering ServerName if using multiple endpoints
|
// use local cfg to avoid clobbering ServerName if using multiple endpoints
|
||||||
cfg := c.config.Clone()
|
cfg := c.config.Clone()
|
||||||
cfg.RootCAs = c.pool.GetCertPool()
|
if c.loader != nil {
|
||||||
|
cfg.GetClientCertificate = c.loader.GetClientCertificate
|
||||||
|
}
|
||||||
|
if c.pool != nil {
|
||||||
|
cfg.RootCAs = c.pool.GetCertPool()
|
||||||
|
}
|
||||||
if cfg.ServerName == "" {
|
if cfg.ServerName == "" {
|
||||||
serverName, _, err := net.SplitHostPort(authority)
|
serverName, _, err := net.SplitHostPort(authority)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -78,7 +84,12 @@ func (c *reloadableCredentials) ClientHandshake(ctx context.Context, authority s
|
||||||
|
|
||||||
func (c *reloadableCredentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
|
func (c *reloadableCredentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
|
||||||
cfg := c.config.Clone()
|
cfg := c.config.Clone()
|
||||||
cfg.ClientCAs = c.pool.GetCertPool()
|
if c.loader != nil {
|
||||||
|
cfg.GetCertificate = c.loader.GetCertificate
|
||||||
|
}
|
||||||
|
if c.pool != nil {
|
||||||
|
cfg.ClientCAs = c.pool.GetCertPool()
|
||||||
|
}
|
||||||
|
|
||||||
conn := tls.Server(rawConn, cfg)
|
conn := tls.Server(rawConn, cfg)
|
||||||
if err := conn.Handshake(); err != nil {
|
if err := conn.Handshake(); err != nil {
|
||||||
|
@ -130,21 +141,18 @@ func NewReloadableCredentials(config *goconf.ConfigFile, server bool) (credentia
|
||||||
cfg := &tls.Config{
|
cfg := &tls.Config{
|
||||||
NextProtos: []string{"h2"},
|
NextProtos: []string{"h2"},
|
||||||
}
|
}
|
||||||
|
var loader *CertificateReloader
|
||||||
|
var err error
|
||||||
if certificateFile != "" && keyFile != "" {
|
if certificateFile != "" && keyFile != "" {
|
||||||
loader, err := NewCertificateReloader(certificateFile, keyFile)
|
loader, err = NewCertificateReloader(certificateFile, keyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("invalid GRPC %s certificate / key in %s / %s: %w", prefix, certificateFile, keyFile, err)
|
return nil, fmt.Errorf("invalid GRPC %s certificate / key in %s / %s: %w", prefix, certificateFile, keyFile, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if server {
|
|
||||||
cfg.GetCertificate = loader.GetCertificate
|
|
||||||
} else {
|
|
||||||
cfg.GetClientCertificate = loader.GetClientCertificate
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var pool *CertPoolReloader
|
||||||
if caFile != "" {
|
if caFile != "" {
|
||||||
pool, err := NewCertPoolReloader(caFile)
|
pool, err = NewCertPoolReloader(caFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -152,14 +160,9 @@ func NewReloadableCredentials(config *goconf.ConfigFile, server bool) (credentia
|
||||||
if server {
|
if server {
|
||||||
cfg.ClientAuth = tls.RequireAndVerifyClientCert
|
cfg.ClientAuth = tls.RequireAndVerifyClientCert
|
||||||
}
|
}
|
||||||
creds := &reloadableCredentials{
|
|
||||||
config: cfg,
|
|
||||||
pool: pool,
|
|
||||||
}
|
|
||||||
return creds, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.GetCertificate == nil {
|
if loader == nil && pool == nil {
|
||||||
if server {
|
if server {
|
||||||
log.Printf("WARNING: No GRPC server certificate and/or key configured, running unencrypted")
|
log.Printf("WARNING: No GRPC server certificate and/or key configured, running unencrypted")
|
||||||
} else {
|
} else {
|
||||||
|
@ -168,5 +171,10 @@ func NewReloadableCredentials(config *goconf.ConfigFile, server bool) (credentia
|
||||||
return insecure.NewCredentials(), nil
|
return insecure.NewCredentials(), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return credentials.NewTLS(cfg), nil
|
creds := &reloadableCredentials{
|
||||||
|
config: cfg,
|
||||||
|
loader: loader,
|
||||||
|
pool: pool,
|
||||||
|
}
|
||||||
|
return creds, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,6 +27,7 @@ import (
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"crypto/x509/pkix"
|
"crypto/x509/pkix"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
|
"io/fs"
|
||||||
"math/big"
|
"math/big"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
|
@ -86,3 +87,32 @@ func WritePublicKey(key *rsa.PublicKey, filename string) error {
|
||||||
|
|
||||||
return os.WriteFile(filename, data, 0755)
|
return os.WriteFile(filename, data, 0755)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func replaceFile(t *testing.T, filename string, data []byte, perm fs.FileMode) {
|
||||||
|
t.Helper()
|
||||||
|
oldStat, err := os.Stat(filename)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("can't stat old file %s: %s", filename, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
for {
|
||||||
|
if err := os.WriteFile(filename, data, perm); err != nil {
|
||||||
|
t.Fatalf("can't write file %s: %s", filename, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
newStat, err := os.Stat(filename)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("can't stat new file %s: %s", filename, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// We need different modification times.
|
||||||
|
if !newStat.ModTime().Equal(oldStat.ModTime()) {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
time.Sleep(time.Millisecond)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -126,7 +126,7 @@ func Test_GrpcServer_ReloadCerts(t *testing.T) {
|
||||||
|
|
||||||
org2 := "Updated certificate"
|
org2 := "Updated certificate"
|
||||||
cert2 := GenerateSelfSignedCertificateForTesting(t, 1024, org2, key)
|
cert2 := GenerateSelfSignedCertificateForTesting(t, 1024, org2, key)
|
||||||
os.WriteFile(certFile, cert2, 0755) // nolint
|
replaceFile(t, certFile, cert2, 0755)
|
||||||
|
|
||||||
cp2 := x509.NewCertPool()
|
cp2 := x509.NewCertPool()
|
||||||
if !cp2.AppendCertsFromPEM(cert2) {
|
if !cp2.AppendCertsFromPEM(cert2) {
|
||||||
|
@ -215,7 +215,7 @@ func Test_GrpcServer_ReloadCA(t *testing.T) {
|
||||||
|
|
||||||
org2 := "Updated client"
|
org2 := "Updated client"
|
||||||
clientCert2 := GenerateSelfSignedCertificateForTesting(t, 1024, org2, clientKey)
|
clientCert2 := GenerateSelfSignedCertificateForTesting(t, 1024, org2, clientKey)
|
||||||
os.WriteFile(caFile, clientCert2, 0755) // nolint
|
replaceFile(t, caFile, clientCert2, 0755)
|
||||||
|
|
||||||
pair2, err := tls.X509KeyPair(clientCert2, pem.EncodeToMemory(&pem.Block{
|
pair2, err := tls.X509KeyPair(clientCert2, pem.EncodeToMemory(&pem.Block{
|
||||||
Type: "RSA PRIVATE KEY",
|
Type: "RSA PRIVATE KEY",
|
||||||
|
|
Loading…
Reference in a new issue