Update sample configs and schemas, add signing key generator

matrix-org · Sep 2, 2024 · e1d35aa · e1d35aa
1 parent 10d003c
commit e1d35aa
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 9 deletions.
diff --git a/config.sample.yaml b/config.sample.yaml
@@ -5,10 +5,20 @@ bridge:
   homeserverUrl: "http://localhost:8008"
   # Prefix of all users of the bridge.
   userPrefix: "_bifrost_"
-  # If homeserverUrl is not reachable publically, the public address that media can be reached on.
-  # mediaserverUrl: "http://example.com:8008"
   # Set this to the port you want the bridge to listen on.
   appservicePort: 9555
+  # Config for the media proxy
+  # required to serve publically accessible URLs to authenticated Matrix media
+  mediaProxy:
+    # To generate a .jwk file:
+    # $ node src/generate-signing-key.js > signingkey.jwk
+    signingKeyPath: "signingkey.jwk"
+    # How long should the generated URLs be valid for
+    ttlSeconds: 3600
+    # The port for the media proxy to listen on
+    bindPort: 11111
+    # The publically accessible URL to the media proxy
+    publicUrl: "https://bifrost.bridge/media"
 
 roomRules: []
 # - room: "#badroom:example.com"

diff --git a/config/config.schema.yaml b/config/config.schema.yaml
@@ -5,18 +5,28 @@ required: ["bridge", "datastore", "purple", "portals"]
 properties:
     bridge:
         type: object
-        required: ["domain", "homeserverUrl", "userPrefix"]
+        required: ["domain", "homeserverUrl", "userPrefix", "mediaProxy"]
         properties:
           domain:
             type: string
           homeserverUrl:
             type: string
-          mediaserverUrl:
-            type: string
           userPrefix:
             type: string
           appservicePort:
             type: number
+          mediaProxy:
+            type: "object"
+            properties:
+              signingKeyPath:
+                type: "string"
+              ttlSeconds:
+                type: "integer"
+              bindPort:
+                type: "integer"
+              publicUrl:
+                type: "string"
+            required: ["signingKeyPath", "ttlSeconds", "bindPort", "publicUrl"]
     datastore:
         required: ["engine"]
         type: "object"

diff --git a/src/Config.ts b/src/Config.ts
@@ -12,7 +12,6 @@ export class Config {
     public readonly bridge: IConfigBridge = {
         domain: "",
         homeserverUrl: "",
-        mediaserverUrl: undefined,
         userPrefix: "_bifrost_",
         appservicePort: 9555,
         mediaProxy: {
@@ -108,7 +107,6 @@ export class Config {
 export interface IConfigBridge {
     domain: string;
     homeserverUrl: string;
-    mediaserverUrl?: string;
     userPrefix: string;
     appservicePort?: number;
     mediaProxy: {

diff --git a/src/MessageFormatter.ts b/src/MessageFormatter.ts
@@ -51,8 +51,6 @@ export class MessageFormatter {
             return {body: `/me ${content.body}`, formatted, id: event.event_id};
         }
         if (["m.file", "m.image", "m.video"].includes(event.content.msgtype) && event.content.url) {
-            const [domain, mediaId] = event.content.url.substr("mxc://".length).split("/");
-            const url = (config.mediaserverUrl ? config.mediaserverUrl : config.homeserverUrl).replace(/\/$/, "");
             return {
                 body: content.body,
                 id: event.event_id,

diff --git a/src/generate-signing-key.js b/src/generate-signing-key.js
@@ -0,0 +1,11 @@
+const webcrypto = require('node:crypto');
+
+async function main() {
+    const key = await webcrypto.subtle.generateKey({
+        name: 'HMAC',
+        hash: 'SHA-512',
+    }, true, ['sign', 'verify']);
+    console.log(JSON.stringify(await webcrypto.subtle.exportKey('jwk', key), undefined, 4));
+}
+
+main().then(() => process.exit(0)).catch(err => { throw err });