From 953a4d2425df7128c35c4b1edebb88e8bfe28a97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= <s@saghul.net>
Date: Thu, 1 Apr 2021 14:20:15 +0200
Subject: [PATCH] jicofo: use a client proxy connection

---
 docker-compose.yml                                |  1 -
 env.example                                       |  3 ---
 gen-passwords.sh                                  |  2 --
 jicofo/rootfs/etc/cont-init.d/10-config           | 10 ++--------
 jicofo/rootfs/etc/services.d/jicofo/run           |  2 +-
 prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua |  4 ++--
 prosody/rootfs/etc/cont-init.d/10-config          |  5 +++--
 7 files changed, 8 insertions(+), 19 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 2d1c72d..c41f321 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -188,7 +188,6 @@ services:
             - ENABLE_CODEC_H264
             - ENABLE_RECORDING
             - ENABLE_SCTP
-            - JICOFO_COMPONENT_SECRET
             - JICOFO_AUTH_USER
             - JICOFO_AUTH_PASSWORD
             - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
diff --git a/env.example b/env.example
index a95a13d..f90e3e3 100644
--- a/env.example
+++ b/env.example
@@ -9,9 +9,6 @@
 # DO NOT reuse passwords
 #
 
-# XMPP component password for Jicofo
-JICOFO_COMPONENT_SECRET=
-
 # XMPP password for Jicofo client connections
 JICOFO_AUTH_PASSWORD=
 
diff --git a/gen-passwords.sh b/gen-passwords.sh
index c05a07b..7d90529 100755
--- a/gen-passwords.sh
+++ b/gen-passwords.sh
@@ -4,7 +4,6 @@ function generatePassword() {
     openssl rand -hex 16
 }
 
-JICOFO_COMPONENT_SECRET=$(generatePassword)
 JICOFO_AUTH_PASSWORD=$(generatePassword)
 JVB_AUTH_PASSWORD=$(generatePassword)
 JIGASI_XMPP_PASSWORD=$(generatePassword)
@@ -12,7 +11,6 @@ JIBRI_RECORDER_PASSWORD=$(generatePassword)
 JIBRI_XMPP_PASSWORD=$(generatePassword)
 
 sed -i.bak \
-    -e "s#JICOFO_COMPONENT_SECRET=.*#JICOFO_COMPONENT_SECRET=${JICOFO_COMPONENT_SECRET}#g" \
     -e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
     -e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
     -e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \
diff --git a/jicofo/rootfs/etc/cont-init.d/10-config b/jicofo/rootfs/etc/cont-init.d/10-config
index ab305ff..80b9e77 100644
--- a/jicofo/rootfs/etc/cont-init.d/10-config
+++ b/jicofo/rootfs/etc/cont-init.d/10-config
@@ -1,13 +1,7 @@
 #!/usr/bin/with-contenv bash
 
-if [[ -z $JICOFO_COMPONENT_SECRET || -z $JICOFO_AUTH_PASSWORD ]]; then
-    echo 'FATAL ERROR: Jicofo component secret and auth password must be set'
-    exit 1
-fi
-
-OLD_JICOFO_COMPONENT_SECRET=s3cr37
-if [[ "$JICOFO_COMPONENT_SECRET" == "$OLD_JICOFO_COMPONENT_SECRET" ]]; then
-    echo 'FATAL ERROR: Jicofo component secret must be changed, check the README'
+if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
+    echo 'FATAL ERROR: Jicofo auth password must be set'
     exit 1
 fi
 
diff --git a/jicofo/rootfs/etc/services.d/jicofo/run b/jicofo/rootfs/etc/services.d/jicofo/run
index 1365242..836716b 100644
--- a/jicofo/rootfs/etc/services.d/jicofo/run
+++ b/jicofo/rootfs/etc/services.d/jicofo/run
@@ -3,6 +3,6 @@
 JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jicofo.conf"
 DAEMON=/usr/share/jicofo/jicofo.sh
 DAEMON_DIR=/usr/share/jicofo/
-DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --secret=$JICOFO_COMPONENT_SECRET --user_name=$JICOFO_AUTH_USER --user_domain=$XMPP_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD"
+DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --user_name=$JICOFO_AUTH_USER --user_domain=$XMPP_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD"
 
 exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"
diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
index 1a1df5b..4dcf674 100644
--- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
+++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
@@ -166,8 +166,8 @@ Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
     muc_room_locking = false
     muc_room_default_public_jids = true
 
-Component "focus.{{ .Env.XMPP_DOMAIN }}"
-    component_secret = "{{ .Env.JICOFO_COMPONENT_SECRET }}"
+Component "focus.{{ .Env.XMPP_DOMAIN }}" "client_proxy"
+    target_address = "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}"
 
 Component "speakerstats.{{ .Env.XMPP_DOMAIN }}" "speakerstats_component"
     muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}"
diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config
index 82f02eb..3322fbc 100644
--- a/prosody/rootfs/etc/cont-init.d/10-config
+++ b/prosody/rootfs/etc/cont-init.d/10-config
@@ -29,12 +29,13 @@ cp -r /defaults/* /config
 tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
 tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua
 
-if [[ -z $JICOFO_COMPONENT_SECRET || -z $JICOFO_AUTH_PASSWORD ]]; then
-    echo 'FATAL ERROR: Jicofo component secret and auth password must be set'
+if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
+    echo 'FATAL ERROR: Jicofo auth password must be set'
     exit 1
 fi
 
 prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
+prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN $JICOFO_AUTH_USER@$XMPP_AUTH_DOMAIN
 
 if [[ -z $JVB_AUTH_PASSWORD ]]; then
     echo 'FATAL ERROR: JVB auth password must be set'