mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-05-08 16:46:33 +02:00
Make "skipverify" configurable for remote proxy requests.
This commit is contained in:
parent
6fa606d44b
commit
cfcb09b382
|
@ -31,6 +31,11 @@ tokentype = static
|
|||
# streams.
|
||||
#token_key = privkey.pem
|
||||
|
||||
# If set to "true", certificate validation of remote stream requests will be
|
||||
# skipped. This should only be enabled during development, e.g. to work with
|
||||
# self-signed certificates.
|
||||
#skipverify = false
|
||||
|
||||
[tokens]
|
||||
# For token type "static": Mapping of <tokenid> = <publickey> of signaling
|
||||
# servers allowed to connect.
|
||||
|
|
|
@ -51,8 +51,9 @@ type RemoteConnection struct {
|
|||
url *url.URL
|
||||
conn *websocket.Conn
|
||||
|
||||
tokenId string
|
||||
tokenKey *rsa.PrivateKey
|
||||
tokenId string
|
||||
tokenKey *rsa.PrivateKey
|
||||
tlsConfig *tls.Config
|
||||
|
||||
msgId atomic.Int64
|
||||
helloMsgId string
|
||||
|
@ -61,7 +62,7 @@ type RemoteConnection struct {
|
|||
messageCallbacks map[string]chan *signaling.ProxyServerMessage
|
||||
}
|
||||
|
||||
func NewRemoteConnection(proxyUrl string, tokenId string, tokenKey *rsa.PrivateKey) (*RemoteConnection, error) {
|
||||
func NewRemoteConnection(proxyUrl string, tokenId string, tokenKey *rsa.PrivateKey, tlsConfig *tls.Config) (*RemoteConnection, error) {
|
||||
u, err := url.Parse(proxyUrl)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -70,8 +71,9 @@ func NewRemoteConnection(proxyUrl string, tokenId string, tokenKey *rsa.PrivateK
|
|||
result := &RemoteConnection{
|
||||
url: u,
|
||||
|
||||
tokenId: tokenId,
|
||||
tokenKey: tokenKey,
|
||||
tokenId: tokenId,
|
||||
tokenKey: tokenKey,
|
||||
tlsConfig: tlsConfig,
|
||||
|
||||
messageCallbacks: make(map[string]chan *signaling.ProxyServerMessage),
|
||||
}
|
||||
|
@ -101,11 +103,8 @@ func (c *RemoteConnection) Connect(ctx context.Context) error {
|
|||
}
|
||||
|
||||
dialer := websocket.Dialer{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
TLSClientConfig: &tls.Config{
|
||||
// TODO: Make this configurable.
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
TLSClientConfig: c.tlsConfig,
|
||||
}
|
||||
|
||||
conn, _, err := dialer.DialContext(ctx, u.String(), nil)
|
||||
|
|
|
@ -25,6 +25,7 @@ import (
|
|||
"context"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
@ -117,6 +118,7 @@ type ProxyServer struct {
|
|||
|
||||
tokenId string
|
||||
tokenKey *rsa.PrivateKey
|
||||
remoteTlsConfig *tls.Config
|
||||
remoteHostname string
|
||||
remoteConnections map[string]*RemoteConnection
|
||||
remoteConnectionsLock sync.Mutex
|
||||
|
@ -223,6 +225,7 @@ func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile) (*
|
|||
tokenId, _ := config.GetString("app", "token_id")
|
||||
var tokenKey *rsa.PrivateKey
|
||||
var remoteHostname string
|
||||
var remoteTlsConfig *tls.Config
|
||||
if tokenId != "" {
|
||||
tokenKeyFilename, _ := config.GetString("app", "token_key")
|
||||
if tokenKeyFilename == "" {
|
||||
|
@ -250,6 +253,14 @@ func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile) (*
|
|||
} else {
|
||||
log.Printf("Using \"%s\" as hostname for remote streams", remoteHostname)
|
||||
}
|
||||
|
||||
skipverify, _ := config.GetBool("backend", "skipverify")
|
||||
if skipverify {
|
||||
log.Println("WARNING: Remote stream requests verification is disabled!")
|
||||
remoteTlsConfig = &tls.Config{
|
||||
InsecureSkipVerify: skipverify,
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log.Printf("No token id configured, remote streams will be disabled")
|
||||
}
|
||||
|
@ -278,6 +289,7 @@ func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile) (*
|
|||
|
||||
tokenId: tokenId,
|
||||
tokenKey: tokenKey,
|
||||
remoteTlsConfig: remoteTlsConfig,
|
||||
remoteHostname: remoteHostname,
|
||||
remoteConnections: make(map[string]*RemoteConnection),
|
||||
}
|
||||
|
@ -1285,7 +1297,7 @@ func (s *ProxyServer) getRemoteConnection(ctx context.Context, url string) (*Rem
|
|||
return conn, nil
|
||||
}
|
||||
|
||||
conn, err := NewRemoteConnection(url, s.tokenId, s.tokenKey)
|
||||
conn, err := NewRemoteConnection(url, s.tokenId, s.tokenKey, s.remoteTlsConfig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue