Auto-generate minimal Spreed WebRTC config via Admin web interface

strukturag · Sep 27, 2016 · 361b2f1 · 361b2f1
1 parent f668070
commit 361b2f1
Show file tree

Hide file tree

Showing 8 changed files with 94 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -21,30 +21,16 @@ Your server has to be available via HTTPS. If your Nextcloud server is not using
 1. Place this app in the **apps/** folder of your Nextcloud installation. Make sure the directory of this app is named `spreedme`.
 2. Enable this Nextcloud app by browsing to **/index.php/settings/apps**
 3. Open the Nextcloud admin settings page (**/index.php/settings/admin#goto-spreed.me**) in your browser and configure this app:
-   1. Click on **Generate new shared secret**. It will output a random string which you will need in one of the next steps. Copy it to your clipboard.
+   1. Click on **Generate Spreed WebRTC config**. It will output the Spreed WebRTC configuration you will need in one of the next steps. Copy it to your clipboard.
    2. Click on **Save settings**.
 4. Set up a Spreed WebRTC server and continue with the next step.
    An easy-to-follow installation guideline can be found further below, see [Installation / Setup of a Spreed WebRTC server](#installation--setup-of-a-spreed-webrtc-server).
 5. You now should have a running Spreed WebRTC server.
-6. This app requires you to change some settings in the `server.conf` of the Spreed WebRTC server (`webrtc.conf` if you use the packaged version), namely:
-   1. In the **[http]** section:
-      - Enable (= uncomment) **basePath** and set it to **/webrtc/**  
-        (`basePath = /webrtc/`)
-   2. In the **[app]** section:
-      - Enable **authorizeRoomJoin** and set it to **true**  
-        (`authorizeRoomJoin = true`)
-      - Enable **extra** and set it to the full absolute path of the **spreedme/extra** directory in your **apps** folder of your Nextcloud installation  
-        (e.g. `extra = /absolute/path/to/nextcloud/apps/spreedme/extra`)
-      - Enable **plugin** and set it to **extra/static/owncloud.js**  
-        (`plugin = extra/static/owncloud.js`)
-   3. In the **[users]** section:
-      - Enable **enabled** and set it to **true**  
-        (`enabled = true`)
-      - Enable **mode** and set it to **sharedsecret**  
-        (`mode = sharedsecret`)
-      - Enable **sharedsecret_secret** and set it to the random string from step 1.  
-        (e.g. `sharedsecret_secret = bb04fb058e2d7fd19c5bdaa129e7883195f73a9c49414a7eXXXXXXXXXXXXXXXX`)
-   4. Restart the Spreed WebRTC server to reload its configuration
+6. This app requires you to change some settings in the `server.conf` of the Spreed WebRTC server (`webrtc.conf` if you use the packaged version):
+   1. Empty the contents of the file.
+   2. Paste in the Spreed WebRTC config from step 1 (you should have it in your clipboard).
+   3. Save the file.
+   4. Restart the Spreed WebRTC server to reload its configuration.
 7. **That's it.** You can now start communicating securely with your friends and family by opening the **Spreed.ME app** of your Nextcloud host in your browser.
 
 ## Limiting access to this app

diff --git a/appinfo/routes.php b/appinfo/routes.php
@@ -28,6 +28,7 @@
 		['name' => 'api#save_config', 'url' => '/api/v1/admin/config', 'verb' => 'PATCH'],
 		['name' => 'api#regenerate_shared_secret', 'url' => '/api/v1/admin/config/regenerate/sharedsecret', 'verb' => 'POST'],
 		['name' => 'api#regenerate_temporary_password_signing_key', 'url' => '/api/v1/admin/config/regenerate/tp-key', 'verb' => 'POST'],
+		['name' => 'api#generate_spreed_webrtc_config', 'url' => '/api/v1/admin/config/generate/spreed-webrtc-config', 'verb' => 'POST'],
 		['name' => 'api#download_file', 'url' => '/api/v1/file/download', 'verb' => 'GET'],
 	],
 ];
diff --git a/controller/apicontroller.php b/controller/apicontroller.php
@@ -192,6 +192,18 @@ public function regenerateTemporaryPasswordSigningKey() {
 		return new DataResponse($_response);
 	}
 
+	public function generateSpreedWebRTCConfig() {
+		$_response = array('success' => false);
+		try {
+			$_response['config'] = Security::generateSpreedWebRTCConfig();
+			$_response['success'] = true;
+		} catch (\Exception $e) {
+			$_response['error'] = $e->getCode();
+		}
+
+		return new DataResponse($_response);
+	}
+
 	/**
 	 * @NoAdminRequired
 	 */

diff --git a/css/settings-admin.css b/css/settings-admin.css
@@ -51,6 +51,10 @@
 #spreedme form button[type="submit"] {
 	margin-top: 15px;
 }
+#spreedme form textarea[name="SPREED_WEBRTC_CONFIG"] {
+	width: 660px;
+	height: 360px;
+}
 
 /* TODO(leon): You know.. */
 #spreedme > div:not(.show-if-php-config-file):not(.show-if-php-config-database):not(:first-of-type) {

diff --git a/doc/spreed-webrtc-minimal-config.txt b/doc/spreed-webrtc-minimal-config.txt
@@ -0,0 +1,19 @@
+; Minimal Spreed WebRTC configuration for Nextcloud
+
+[http]
+listen = 127.0.0.1:8080
+basePath = /webrtc/
+
+[app]
+sessionSecret = the-default-secret-do-not-keep-me
+encryptionSecret = the-default-encryption-block-key
+authorizeRoomJoin = true
+serverToken = i-did-not-change-the-public-token-boo
+serverRealm = local
+extra = /absolute/path/to/nextcloud/apps/spreedme/extra
+plugin = extra/static/owncloud.js
+
+[users]
+enabled = true
+mode = sharedsecret
+sharedsecret_secret = some-secret-do-not-keep
diff --git a/js/settings-admin.js b/js/settings-admin.js
@@ -80,6 +80,22 @@ $(document).ready(function() {
 			console.log(response, code);
 		});
 	};
+	var generateSpreedWebRTCConfig = function(cb_success, cb_error) {
+		$.ajax({
+			url: baseUrl + '/api/v1/admin/config/generate/spreed-webrtc-config',
+			type: 'POST',
+			data: {},
+		}).done(function (response) {
+			if (response.success === true) {
+				removeMessage();
+				cb_success(response.config);
+			} else {
+				cb_error(response.error);
+			}
+		}).fail(function (response, code) {
+			console.log(response, code);
+		});
+	};
 
 	$c.find('[name="OWNCLOUD_ORIGIN"]').val(OwnCloudConfig.OWNCLOUD_ORIGIN);
 	$c.find('.needs-confirmation').click(function(e) {
@@ -115,6 +131,16 @@ $(document).ready(function() {
 
 		});
 	});
+	$c.find('[name="GENERATE_SPREED_WEBRTC_CONFIG"]').click(function(e) {
+		generateSpreedWebRTCConfig(function(config) {
+			$c.find('.SPREED_WEBRTC_CONFIG')
+				.removeClass('hidden')
+				.find('textarea')
+				.val(config);
+		}, function(error) {
+
+		});
+	});
 
 	$c.find('form').submit(function(e) {
 		e.preventDefault();

diff --git a/security/security.php b/security/security.php
@@ -179,6 +179,22 @@ public static function regenerateTemporaryPasswordSigningKey() {
 		Helper::setDatabaseConfigValueIfEnabled('OWNCLOUD_TEMPORARY_PASSWORD_SIGNING_KEY', $key);
 	}
 
+	public static function generateSpreedWebRTCConfig() {
+		$config = file_get_contents(Helper::getOwnAppPath() . 'doc/spreed-webrtc-minimal-config.txt');
+		if (Helper::getDatabaseConfigValue('SPREED_WEBRTC_SHAREDSECRET') === '') {
+			self::regenerateSharedSecret();
+		}
+		$replace = array(
+			'/webrtc/' => Helper::getDatabaseConfigValueOrDefault('SPREED_WEBRTC_BASEPATH'),
+			'the-default-secret-do-not-keep-me' => self::getRandomHexString(256 / 4), // 256 bit
+			'the-default-encryption-block-key' => self::getRandomHexString(256 / 4), // 256 bit
+			'i-did-not-change-the-public-token-boo' => self::getRandomHexString(256 / 4), // 256 bit
+			'/absolute/path/to/nextcloud/apps/spreedme/extra' => Helper::getOwnAppPath() . 'extra',
+			'some-secret-do-not-keep' => Helper::getDatabaseConfigValue('SPREED_WEBRTC_SHAREDSECRET'),
+		);
+		return strtr($config, $replace);
+	}
+
 	public static function constantTimeEquals($a, $b) {
 		$alen = strlen($a);
 		$blen = strlen($b);

diff --git a/templates/settings-admin.php b/templates/settings-admin.php
@@ -28,13 +28,22 @@
 		<p><code>config/config.php</code> was not found. We will use the Nextcloud database to read/write config values.</p>
 		<p>You can change them here:</p>
 		<form action="#" method="POST">
+			<p class="hidden SPREED_WEBRTC_CONFIG warning">
+				<label for="SPREED_WEBRTC_CONFIG">A new SPREED_WEBRTC_CONFIG was generated.<br />Simply remove everything from your current <code>server.conf</code> and paste the new config in instead.<br />Restart Spreed WebRTC afterwards.</label>
+				<textarea id="SPREED_WEBRTC_CONFIG" name="SPREED_WEBRTC_CONFIG" readonly="readonly" class="select-on-click"></textarea>
+			</p>
+			<p>
+				<label for="GENERATE_SPREED_WEBRTC_CONFIG">SPREED_WEBRTC_CONFIG:</label>
+				<input type="button" id="GENERATE_SPREED_WEBRTC_CONFIG" name="GENERATE_SPREED_WEBRTC_CONFIG"
+					value="Generate Spreed WebRTC config" />
+			</p>
 			<p class="hidden SPREED_WEBRTC_SHAREDSECRET warning">
 				<!-- label for and input id removed intentionally. This makes it possible to copy&paste 'sharedsecret_secret' -->
 				<label>A new SPREED_WEBRTC_SHAREDSECRET was generated.<br />Use it for <code>sharedsecret_secret</code> in Spreed WebRTC's configuration.<br />Restart Spreed WebRTC afterwards.</label>
 				<input type="text" name="SPREED_WEBRTC_SHAREDSECRET" placeholder="" readonly="readonly"
 					class="select-on-click" value="" />
 			</p>
-			<p>
+			<p class="show-if-advanced-settings">
 				<label for="REGENERATE_SPREED_WEBRTC_SHAREDSECRET">SPREED_WEBRTC_SHAREDSECRET:</label>
 				<input type="button" id="REGENERATE_SPREED_WEBRTC_SHAREDSECRET" name="REGENERATE_SPREED_WEBRTC_SHAREDSECRET"
 					class="needs-confirmation" data-confirmation-message="Do you really want to generate a new shared secret?\nYou will need to change it in Spreed WebRTC's configuration, too." value="Generate new shared secret" />