From e1d35aaf8917eaf3f5ef519f642953987d7be077 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tadeusz=20=E2=80=9Etadzik=E2=80=9D=20So=C5=9Bnierz?= Date: Mon, 2 Sep 2024 11:20:32 +0200 Subject: [PATCH] Update sample configs and schemas, add signing key generator --- config.sample.yaml | 14 ++++++++++++-- config/config.schema.yaml | 16 +++++++++++++--- src/Config.ts | 2 -- src/MessageFormatter.ts | 2 -- src/generate-signing-key.js | 11 +++++++++++ 5 files changed, 36 insertions(+), 9 deletions(-) create mode 100644 src/generate-signing-key.js diff --git a/config.sample.yaml b/config.sample.yaml index aa67af82..e56516d9 100644 --- a/config.sample.yaml +++ b/config.sample.yaml @@ -5,10 +5,20 @@ bridge: homeserverUrl: "http://localhost:8008" # Prefix of all users of the bridge. userPrefix: "_bifrost_" - # If homeserverUrl is not reachable publically, the public address that media can be reached on. - # mediaserverUrl: "http://example.com:8008" # Set this to the port you want the bridge to listen on. appservicePort: 9555 + # Config for the media proxy + # required to serve publically accessible URLs to authenticated Matrix media + mediaProxy: + # To generate a .jwk file: + # $ node src/generate-signing-key.js > signingkey.jwk + signingKeyPath: "signingkey.jwk" + # How long should the generated URLs be valid for + ttlSeconds: 3600 + # The port for the media proxy to listen on + bindPort: 11111 + # The publically accessible URL to the media proxy + publicUrl: "https://bifrost.bridge/media" roomRules: [] # - room: "#badroom:example.com" diff --git a/config/config.schema.yaml b/config/config.schema.yaml index 0cb821a4..e3aa53a1 100644 --- a/config/config.schema.yaml +++ b/config/config.schema.yaml @@ -5,18 +5,28 @@ required: ["bridge", "datastore", "purple", "portals"] properties: bridge: type: object - required: ["domain", "homeserverUrl", "userPrefix"] + required: ["domain", "homeserverUrl", "userPrefix", "mediaProxy"] properties: domain: type: string homeserverUrl: type: string - mediaserverUrl: - type: string userPrefix: type: string appservicePort: type: number + mediaProxy: + type: "object" + properties: + signingKeyPath: + type: "string" + ttlSeconds: + type: "integer" + bindPort: + type: "integer" + publicUrl: + type: "string" + required: ["signingKeyPath", "ttlSeconds", "bindPort", "publicUrl"] datastore: required: ["engine"] type: "object" diff --git a/src/Config.ts b/src/Config.ts index 6b32f971..1f98f3e5 100644 --- a/src/Config.ts +++ b/src/Config.ts @@ -12,7 +12,6 @@ export class Config { public readonly bridge: IConfigBridge = { domain: "", homeserverUrl: "", - mediaserverUrl: undefined, userPrefix: "_bifrost_", appservicePort: 9555, mediaProxy: { @@ -108,7 +107,6 @@ export class Config { export interface IConfigBridge { domain: string; homeserverUrl: string; - mediaserverUrl?: string; userPrefix: string; appservicePort?: number; mediaProxy: { diff --git a/src/MessageFormatter.ts b/src/MessageFormatter.ts index e8a454b9..038812cf 100644 --- a/src/MessageFormatter.ts +++ b/src/MessageFormatter.ts @@ -51,8 +51,6 @@ export class MessageFormatter { return {body: `/me ${content.body}`, formatted, id: event.event_id}; } if (["m.file", "m.image", "m.video"].includes(event.content.msgtype) && event.content.url) { - const [domain, mediaId] = event.content.url.substr("mxc://".length).split("/"); - const url = (config.mediaserverUrl ? config.mediaserverUrl : config.homeserverUrl).replace(/\/$/, ""); return { body: content.body, id: event.event_id, diff --git a/src/generate-signing-key.js b/src/generate-signing-key.js new file mode 100644 index 00000000..cb032b43 --- /dev/null +++ b/src/generate-signing-key.js @@ -0,0 +1,11 @@ +const webcrypto = require('node:crypto'); + +async function main() { + const key = await webcrypto.subtle.generateKey({ + name: 'HMAC', + hash: 'SHA-512', + }, true, ['sign', 'verify']); + console.log(JSON.stringify(await webcrypto.subtle.exportKey('jwk', key), undefined, 4)); +} + +main().then(() => process.exit(0)).catch(err => { throw err });