From 5108697ac88c0819519e34d9895c3f6343fb3671 Mon Sep 17 00:00:00 2001 From: Jason Robinson Date: Fri, 4 Sep 2020 13:14:52 +0300 Subject: [PATCH] Add support for Jitsi openidtoken-jwt auth If the widget URL specifies this auth, generate a JWT token containing the info needed by the Jitsi backend. --- package.json | 1 + src/vector/jitsi/index.ts | 53 +++++++++++++++++++++++++++++++++++++-- yarn.lock | 5 ++++ 3 files changed, 57 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index d6d7140a09..0a151e0e28 100644 --- a/package.json +++ b/package.json @@ -59,6 +59,7 @@ "browser-request": "^0.3.3", "gfm.css": "^1.1.2", "highlight.js": "^9.13.1", + "jsrsasign": "^9.1.5", "matrix-js-sdk": "github:matrix-org/matrix-js-sdk#develop", "matrix-react-sdk": "github:matrix-org/matrix-react-sdk#develop", "olm": "https://packages.matrix.org/npm/olm/olm-3.1.4.tgz", diff --git a/src/vector/jitsi/index.ts b/src/vector/jitsi/index.ts index 081246c0a9..47d6e24f73 100644 --- a/src/vector/jitsi/index.ts +++ b/src/vector/jitsi/index.ts @@ -19,6 +19,7 @@ require("./index.scss"); import * as qs from 'querystring'; import { Capability, WidgetApi } from "matrix-react-sdk/src/widgets/WidgetApi"; +import { KJUR } from "jsrsasign"; // Dev note: we use raw JS without many dependencies to reduce bundle size. // We do not need all of React to render a Jitsi conference. @@ -33,6 +34,8 @@ let conferenceId: string; let displayName: string; let avatarUrl: string; let userId: string; +let jitsiAuth: string; +let roomId: string; let widgetApi: WidgetApi; @@ -69,6 +72,8 @@ let widgetApi: WidgetApi; displayName = qsParam('displayName', true); avatarUrl = qsParam('avatarUrl', true); // http not mxc userId = qsParam('userId'); + jitsiAuth = qsParam('auth', true); + roomId = qsParam('roomId', true); if (widgetApi) { await widgetApi.waitReady(); @@ -91,6 +96,45 @@ function switchVisibleContainers() { document.getElementById("joinButtonContainer").style.visibility = inConference ? 'hidden' : 'unset'; } +/** + * Create a JWT token fot jitsi openidtoken-jwt auth + * + * See TODO add link + */ +function createJWTToken() { + // Header + const header = {alg: 'HS256', typ: 'JWT'}; + // Payload + const payload = { + // TODO change this to refer to spec? + iss: "app_id", + sub: jitsiDomain, + aud: `https://${jitsiDomain}`, + room: "*", + context: { + matrix: { + // TODO openid token retrieved as per MSC1960 + token: "foobar", + room_id: roomId, + }, + user: { + avatar: avatarUrl, + name: displayName, + }, + }, + }; + // Sign JWT + // The secret string here is irrelevant, we're only using the JWT + // to transport data to Prosody in the Jitsi stack. + // See TODO add link + return KJUR.jws.JWS.sign( + "HS256", + JSON.stringify(header), + JSON.stringify(payload), + "notused", + ); +} + function joinConference() { // event handler bound in HTML switchVisibleContainers(); @@ -102,7 +146,7 @@ function joinConference() { // event handler bound in HTML "they mention 'external_api' or 'jitsi' in the stack. They're just Jitsi Meet trying to parse " + "our fragment values and not recognizing the options.", ); - const meetApi = new JitsiMeetExternalAPI(jitsiDomain, { + const options = { width: "100%", height: "100%", parentNode: document.querySelector("#jitsiContainer"), @@ -113,7 +157,12 @@ function joinConference() { // event handler bound in HTML MAIN_TOOLBAR_BUTTONS: [], VIDEO_LAYOUT_FIT: "height", }, - }); + jwt: undefined, + }; + if (jitsiAuth === "openidtoken-jwt") { + options.jwt = createJWTToken(); + } + const meetApi = new JitsiMeetExternalAPI(jitsiDomain, options); if (displayName) meetApi.executeCommand("displayName", displayName); if (avatarUrl) meetApi.executeCommand("avatarUrl", avatarUrl); if (userId) meetApi.executeCommand("email", userId); diff --git a/yarn.lock b/yarn.lock index 9b1342e5e6..441250b72c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6914,6 +6914,11 @@ jsprim@^1.2.2: json-schema "0.2.3" verror "1.10.0" +jsrsasign@^9.1.5: + version "9.1.5" + resolved "https://registry.yarnpkg.com/jsrsasign/-/jsrsasign-9.1.5.tgz#fe286425d2c05b2d0865d24ded53e34b12abd2ca" + integrity sha512-iJLF8FvZHlwyQudrRtQomHj1HdPAcM8QSRTt0FJo8a6iFgaGCpKUrE7lWyELpAjrFs8jUC/Azc0vfhlj3yqHPQ== + jsx-ast-utils@^2.2.3: version "2.3.0" resolved "https://registry.yarnpkg.com/jsx-ast-utils/-/jsx-ast-utils-2.3.0.tgz#edd727794ea284d7fda575015ed1b0cde0289ab6"