mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-05-30 12:34:13 +02:00
Make "skipverify" configurable for remote proxy requests.
This commit is contained in:
parent
6fa606d44b
commit
cfcb09b382
|
@ -31,6 +31,11 @@ tokentype = static
|
||||||
# streams.
|
# streams.
|
||||||
#token_key = privkey.pem
|
#token_key = privkey.pem
|
||||||
|
|
||||||
|
# If set to "true", certificate validation of remote stream requests will be
|
||||||
|
# skipped. This should only be enabled during development, e.g. to work with
|
||||||
|
# self-signed certificates.
|
||||||
|
#skipverify = false
|
||||||
|
|
||||||
[tokens]
|
[tokens]
|
||||||
# For token type "static": Mapping of <tokenid> = <publickey> of signaling
|
# For token type "static": Mapping of <tokenid> = <publickey> of signaling
|
||||||
# servers allowed to connect.
|
# servers allowed to connect.
|
||||||
|
|
|
@ -51,8 +51,9 @@ type RemoteConnection struct {
|
||||||
url *url.URL
|
url *url.URL
|
||||||
conn *websocket.Conn
|
conn *websocket.Conn
|
||||||
|
|
||||||
tokenId string
|
tokenId string
|
||||||
tokenKey *rsa.PrivateKey
|
tokenKey *rsa.PrivateKey
|
||||||
|
tlsConfig *tls.Config
|
||||||
|
|
||||||
msgId atomic.Int64
|
msgId atomic.Int64
|
||||||
helloMsgId string
|
helloMsgId string
|
||||||
|
@ -61,7 +62,7 @@ type RemoteConnection struct {
|
||||||
messageCallbacks map[string]chan *signaling.ProxyServerMessage
|
messageCallbacks map[string]chan *signaling.ProxyServerMessage
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewRemoteConnection(proxyUrl string, tokenId string, tokenKey *rsa.PrivateKey) (*RemoteConnection, error) {
|
func NewRemoteConnection(proxyUrl string, tokenId string, tokenKey *rsa.PrivateKey, tlsConfig *tls.Config) (*RemoteConnection, error) {
|
||||||
u, err := url.Parse(proxyUrl)
|
u, err := url.Parse(proxyUrl)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -70,8 +71,9 @@ func NewRemoteConnection(proxyUrl string, tokenId string, tokenKey *rsa.PrivateK
|
||||||
result := &RemoteConnection{
|
result := &RemoteConnection{
|
||||||
url: u,
|
url: u,
|
||||||
|
|
||||||
tokenId: tokenId,
|
tokenId: tokenId,
|
||||||
tokenKey: tokenKey,
|
tokenKey: tokenKey,
|
||||||
|
tlsConfig: tlsConfig,
|
||||||
|
|
||||||
messageCallbacks: make(map[string]chan *signaling.ProxyServerMessage),
|
messageCallbacks: make(map[string]chan *signaling.ProxyServerMessage),
|
||||||
}
|
}
|
||||||
|
@ -101,11 +103,8 @@ func (c *RemoteConnection) Connect(ctx context.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
dialer := websocket.Dialer{
|
dialer := websocket.Dialer{
|
||||||
Proxy: http.ProxyFromEnvironment,
|
Proxy: http.ProxyFromEnvironment,
|
||||||
TLSClientConfig: &tls.Config{
|
TLSClientConfig: c.tlsConfig,
|
||||||
// TODO: Make this configurable.
|
|
||||||
InsecureSkipVerify: true,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
conn, _, err := dialer.DialContext(ctx, u.String(), nil)
|
conn, _, err := dialer.DialContext(ctx, u.String(), nil)
|
||||||
|
|
|
@ -25,6 +25,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
|
"crypto/tls"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
@ -117,6 +118,7 @@ type ProxyServer struct {
|
||||||
|
|
||||||
tokenId string
|
tokenId string
|
||||||
tokenKey *rsa.PrivateKey
|
tokenKey *rsa.PrivateKey
|
||||||
|
remoteTlsConfig *tls.Config
|
||||||
remoteHostname string
|
remoteHostname string
|
||||||
remoteConnections map[string]*RemoteConnection
|
remoteConnections map[string]*RemoteConnection
|
||||||
remoteConnectionsLock sync.Mutex
|
remoteConnectionsLock sync.Mutex
|
||||||
|
@ -223,6 +225,7 @@ func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile) (*
|
||||||
tokenId, _ := config.GetString("app", "token_id")
|
tokenId, _ := config.GetString("app", "token_id")
|
||||||
var tokenKey *rsa.PrivateKey
|
var tokenKey *rsa.PrivateKey
|
||||||
var remoteHostname string
|
var remoteHostname string
|
||||||
|
var remoteTlsConfig *tls.Config
|
||||||
if tokenId != "" {
|
if tokenId != "" {
|
||||||
tokenKeyFilename, _ := config.GetString("app", "token_key")
|
tokenKeyFilename, _ := config.GetString("app", "token_key")
|
||||||
if tokenKeyFilename == "" {
|
if tokenKeyFilename == "" {
|
||||||
|
@ -250,6 +253,14 @@ func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile) (*
|
||||||
} else {
|
} else {
|
||||||
log.Printf("Using \"%s\" as hostname for remote streams", remoteHostname)
|
log.Printf("Using \"%s\" as hostname for remote streams", remoteHostname)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
skipverify, _ := config.GetBool("backend", "skipverify")
|
||||||
|
if skipverify {
|
||||||
|
log.Println("WARNING: Remote stream requests verification is disabled!")
|
||||||
|
remoteTlsConfig = &tls.Config{
|
||||||
|
InsecureSkipVerify: skipverify,
|
||||||
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
log.Printf("No token id configured, remote streams will be disabled")
|
log.Printf("No token id configured, remote streams will be disabled")
|
||||||
}
|
}
|
||||||
|
@ -278,6 +289,7 @@ func NewProxyServer(r *mux.Router, version string, config *goconf.ConfigFile) (*
|
||||||
|
|
||||||
tokenId: tokenId,
|
tokenId: tokenId,
|
||||||
tokenKey: tokenKey,
|
tokenKey: tokenKey,
|
||||||
|
remoteTlsConfig: remoteTlsConfig,
|
||||||
remoteHostname: remoteHostname,
|
remoteHostname: remoteHostname,
|
||||||
remoteConnections: make(map[string]*RemoteConnection),
|
remoteConnections: make(map[string]*RemoteConnection),
|
||||||
}
|
}
|
||||||
|
@ -1285,7 +1297,7 @@ func (s *ProxyServer) getRemoteConnection(ctx context.Context, url string) (*Rem
|
||||||
return conn, nil
|
return conn, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
conn, err := NewRemoteConnection(url, s.tokenId, s.tokenKey)
|
conn, err := NewRemoteConnection(url, s.tokenId, s.tokenKey, s.remoteTlsConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue