Deploying with new configurable Jitsi conf

2020-10-19 12:07:05 +02:00 · 2020-10-19 12:07:05 +02:00 · a7c16654c3
commit a7c16654c3
parent ed1fbb5324
6 changed files with 24 additions and 9 deletions
--- a/.env.template
+++ b/.env.template
@ -2,5 +2,6 @@ DEBUG_MODE=false
 JITSI_URL=meet.jit.si
 # If your Jitsi environment has authentication set up, you MUST set JITSI_PRIVATE_MODE to "true" and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
 JITSI_PRIVATE_MODE=false
+JITSI_ISS=
 SECRET_JITSI_KEY=
 ADMIN_API_TOKEN=123
--- a/.github/workflows/build-and-deploy.yml
+++ b/.github/workflows/build-and-deploy.yml
@ -121,6 +121,9 @@ jobs:
        env:
          KUBE_CONFIG_FILE: ${{ secrets.KUBE_CONFIG_FILE }}
          ADMIN_API_TOKEN: ${{ secrets.ADMIN_API_TOKEN }}
+          JITSI_ISS: ${{ secrets.JITSI_ISS }}
+          JITSI_URL: ${{ secrets.JITSI_URL }}
+          SECRET_JITSI_KEY: ${{ secrets.SECRET_JITSI_KEY }}
        with:
          namespace: workadventure-${{ env.GITHUB_REF_SLUG }}

--- a/back/src/Enum/EnvironmentVariable.ts
+++ b/back/src/Enum/EnvironmentVariable.ts
@ -6,6 +6,8 @@ const ALLOW_ARTILLERY = process.env.ALLOW_ARTILLERY ? process.env.ALLOW_ARTILLER
 const ADMIN_API_URL = process.env.ADMIN_API_URL || 'http://admin';
 const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || 'myapitoken';
 const CPU_OVERHEAT_THRESHOLD = Number(process.env.CPU_OVERHEAT_THRESHOLD) || 80;
+const JITSI_URL : string|undefined = (process.env.JITSI_URL === '') ? undefined : process.env.JITSI_URL;
+const JITSI_ISS = process.env.JITSI_ISS || '';
 const SECRET_JITSI_KEY = process.env.SECRET_JITSI_KEY || '';

 export {
@ -17,5 +19,7 @@ export {
    GROUP_RADIUS,
    ALLOW_ARTILLERY,
    CPU_OVERHEAT_THRESHOLD,
+    JITSI_URL,
+    JITSI_ISS,
    SECRET_JITSI_KEY
 }
--- a/back/src/Services/SocketManager.ts
+++ b/back/src/Services/SocketManager.ts
@ -27,7 +27,7 @@ import {ProtobufUtils} from "../Model/Websocket/ProtobufUtils";
 import {Group} from "../Model/Group";
 import {cpuTracker} from "./CpuTracker";
 import {isSetPlayerDetailsMessage} from "../Model/Websocket/SetPlayerDetailsMessage";
-import {GROUP_RADIUS, MINIMUM_DISTANCE, SECRET_JITSI_KEY} from "../Enum/EnvironmentVariable";
+import {GROUP_RADIUS, JITSI_ISS, MINIMUM_DISTANCE, SECRET_JITSI_KEY} from "../Enum/EnvironmentVariable";
 import {Movable} from "../Model/Movable";
 import {PositionInterface} from "../Model/PositionInterface";
 import {adminApi} from "./AdminApi";
@ -35,6 +35,7 @@ import Direction = PositionMessage.Direction;
 import {Gauge} from "prom-client";
 import {emitError, emitInBatch} from "./IoSocketHelpers";
 import Jwt from "jsonwebtoken";
+import {JITSI_URL} from "../Enum/EnvironmentVariable";

 class SocketManager {
    private Worlds: Map<string, GameRoom> = new Map<string, GameRoom>();
@ -606,13 +607,12 @@ class SocketManager {
        // Let's see if the current client has
        const isAdmin = client.tags.includes(tag);

-        // TODO: fix this when "moderator" property is available
-
        const jwt = Jwt.sign({
            "aud": "jitsi",
-            "iss": "meetworkadventure",
-            "sub": "coremeet.workadventu.re",
-            "room": room
+            "iss": JITSI_ISS,
+            "sub": JITSI_URL,
+            "room": room,
+            "moderator": isAdmin
        }, SECRET_JITSI_KEY, {
            expiresIn: '1d',
            algorithm: "HS256",
--- a/deeployer.libsonnet
+++ b/deeployer.libsonnet
@ -16,7 +16,10 @@
       "env": {
         "SECRET_KEY": "tempSecretKeyNeedsToChange",
         "ADMIN_API_TOKEN": env.ADMIN_API_TOKEN,
-         "ADMIN_API_URL": "https://admin."+url
+         "ADMIN_API_URL": "https://admin."+url,
+         "JITSI_ISS": env.JITSI_ISS,
+         "JITSI_URL": env.JITSI_URL,
+         "SECRET_JITSI_KEY": env.SECRET_JITSI_KEY,
       }
     },
    "front": {
@ -28,10 +31,12 @@
      "ports": [80],
      "env": {
        "API_URL": "api."+url,
-        "JITSI_URL": "meet.jit.si",
+        "JITSI_URL": env.JITSI_URL,
+        "SECRET_JITSI_KEY": env.SECRET_JITSI_KEY,
        "TURN_SERVER": "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443",
        "TURN_USER": "workadventure",
-        "TURN_PASSWORD": "WorkAdventure123"
+        "TURN_PASSWORD": "WorkAdventure123",
+        "JITSI_PRIVATE_MODE": if env.SECRET_JITSI_KEY != '' then "true" else "false"
      }
    },
    "maps": {
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -76,6 +76,8 @@ services:
      SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
      ALLOW_ARTILLERY: "true"
      ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
+      JITSI_URL: $JITSI_URL
+      JITSI_ISS: $JITSI_ISS
    volumes:
      - ./back:/usr/src/app
    labels: