diff --git a/bin/quickstart.sh b/bin/quickstart.sh index d8d67d05..45cb849c 100755 --- a/bin/quickstart.sh +++ b/bin/quickstart.sh @@ -1,87 +1,87 @@ #!/bin/bash set -e function die() { echo "$1" exit 1 } rpm -qv composer >/dev/null 2>&1 || \ test ! -z "$(which composer 2>/dev/null)" || \ die "Is composer installed?" rpm -qv docker-compose >/dev/null 2>&1 || \ test ! -z "$(which docker-compose 2>/dev/null)" || \ die "Is docker-compose installed?" rpm -qv npm >/dev/null 2>&1 || \ test ! -z "$(which npm 2>/dev/null)" || \ die "Is npm installed?" rpm -qv php >/dev/null 2>&1 || \ test ! -z "$(which php 2>/dev/null)" || \ die "Is php installed?" rpm -qv php-ldap >/dev/null 2>&1 || \ test ! -z "$(php --ini | grep ldap)" || \ die "Is php-ldap installed?" rpm -qv php-mysqlnd >/dev/null 2>&1 || \ test ! -z "$(php --ini | grep mysql)" || \ die "Is php-mysqlnd installed?" base_dir=$(dirname $(dirname $0)) -bin/regen-certs - docker pull docker.io/kolab/centos7:latest docker-compose down docker-compose build pushd ${base_dir}/src/ cp .env.example .env if [ -f ".env.local" ]; then # Ensure there's a line ending echo "" >> .env cat .env.local >> .env fi popd -docker-compose up -d kolab mariadb openvidu proxy redis +bin/regen-certs + +docker-compose up -d coturn kolab mariadb openvidu proxy redis pushd ${base_dir}/src/ rm -rf vendor/ composer.lock composer install npm install find bootstrap/cache/ -type f ! -name ".gitignore" -delete ./artisan key:generate ./artisan jwt:secret -f ./artisan clear-compiled ./artisan cache:clear if [ ! -z "$(rpm -qv chromium 2>/dev/null)" ]; then chver=$(rpmquery --queryformat="%{VERSION}" chromium | awk -F'.' '{print $1}') ./artisan dusk:chrome-driver ${chver} fi if [ ! -f 'resources/countries.php' ]; then ./artisan data:countries fi npm run dev popd docker-compose up -d worker pushd ${base_dir}/src/ rm -rf database/database.sqlite ./artisan db:ping --wait php -dmemory_limit=512M ./artisan migrate:refresh --seed ./artisan serve popd diff --git a/bin/regen-certs b/bin/regen-certs index 1557a71b..ee277724 100755 --- a/bin/regen-certs +++ b/bin/regen-certs @@ -1,65 +1,72 @@ #!/bin/bash base_dir=$(dirname $(dirname $0)) -base_dir="${base_dir}/docker/certs/" +cert_dir="${base_dir}/docker/certs/" -if [ ! -d "${base_dir}" ]; then - mkdir -p ${base_dir} +if [ ! -d "${cert_dir}" ]; then + mkdir -p ${cert_dir} fi -if [ ! -f "${base_dir}/ca.key" ]; then - openssl genrsa -out ${base_dir}/ca.key 4096 +if [ ! -f "${cert_dir}/ca.key" ]; then + openssl genrsa -out ${cert_dir}/ca.key 4096 openssl req \ -new \ -x509 \ -nodes \ -days 3650 \ - -key ${base_dir}/ca.key \ - -out ${base_dir}/ca.cert \ + -key ${cert_dir}/ca.key \ + -out ${cert_dir}/ca.cert \ -subj '/O=Example CA/' fi if [ -f /etc/pki/tls/openssl.cnf ]; then openssl_cnf="/etc/pki/tls/openssl.cnf" elif [ -f /etc/ssl/openssl.cnf ]; then openssl_cnf="/etc/ssl/openssl.cnf" else echo "No openssl.cnf" exit 1 fi -for name in kolab.mgmt.com kolab.hosted.com meet.hosted.com; do - openssl genrsa -out ${base_dir}/${name}.key 4096 +export $(cat ${base_dir}/src/.env | xargs) >/dev/null 2>&1 + +for name in kolab.mgmt.com kolab.hosted.com {{admin,meet}.,}${APP_DOMAIN}; do + openssl genrsa -out ${cert_dir}/${name}.key 4096 openssl req \ -new \ - -key ${base_dir}/${name}.key \ - -out ${base_dir}/${name}.csr \ + -key ${cert_dir}/${name}.key \ + -out ${cert_dir}/${name}.csr \ -subj "/O=Example CA/CN=${name}/" \ -reqexts SAN \ -config <(cat ${openssl_cnf} \ <(printf "[SAN]\nsubjectAltName=DNS:${name}")) openssl x509 \ -req \ - -in ${base_dir}/${name}.csr \ - -CA ${base_dir}/ca.cert \ - -CAkey ${base_dir}/ca.key \ + -in ${cert_dir}/${name}.csr \ + -CA ${cert_dir}/ca.cert \ + -CAkey ${cert_dir}/ca.key \ -CAcreateserial \ - -out ${base_dir}/${name}.cert \ + -out ${cert_dir}/${name}.cert \ -days 28 \ -extfile <(cat ${openssl_cnf} \ <(printf "[SAN]\nsubjectAltName=DNS:${name}")) \ -extensions SAN # 'cause java ... openssl pkcs8 \ -topk8 \ -inform pem \ - -in ${base_dir}/${name}.key \ + -in ${cert_dir}/${name}.key \ -outform pem \ -nocrypt \ - -out ${base_dir}/${name}_p8.key + -out ${cert_dir}/${name}_p8.key + + cat ${cert_dir}/${name}.cert \ + ${cert_dir}/ca.cert > ${cert_dir}/${name}.chain.pem + + chmod 644 ${cert_dir}/*.{cert,key,pem} done diff --git a/docker-compose.yml b/docker-compose.yml index 5af829ac..ef96b09d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,143 +1,133 @@ version: '3' services: coturn: - build: - context: ./docker/coturn/ container_name: kolab-coturn environment: - DB_NAME=${OPENVIDU_COTURN_REDIS_DB} + - DB_PASSWORD=turn + - MIN_PORT=57001 + - MAX_PORT=65535 - REDIS_IP=${OPENVIDU_COTURN_REDIS_IP} - - TURN_PUBLIC_IP=${OPENVIDU_PUBLIC_IP} - - TURN_PUBLIC_POST=${OPENVIDU_PUBLIC_PORT} + - TURN_LISTEN_PORT=3478 hostname: sturn.mgmt.com - image: kolab-coturn + image: openvidu/openvidu-coturn:1.0.0 network_mode: host restart: on-failure tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro kolab: build: context: ./docker/kolab/ container_name: kolab depends_on: - mariadb extra_hosts: - "kolab.mgmt.com:127.0.0.1" healthcheck: interval: 10s test: test -f /tmp/kolab-init.done timeout: 5s retries: 30 hostname: kolab.mgmt.com image: kolab network_mode: host tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: + - /etc/letsencrypt/:/etc/letsencrypt/:ro - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro - ./docker/certs/kolab.hosted.com.cert:/etc/pki/tls/certs/kolab.hosted.com.cert - ./docker/certs/kolab.hosted.com.key:/etc/pki/tls/certs/kolab.hosted.com.key - ./docker/certs/kolab.mgmt.com.cert:/etc/pki/tls/certs/kolab.mgmt.com.cert - ./docker/certs/kolab.mgmt.com.key:/etc/pki/tls/certs/kolab.mgmt.com.key - ./docker/kolab/utils:/root/utils:ro - - /sys/fs/cgroup:/sys/fs/cgroup:ro - kurento: - build: - context: ./docker/kurento-media-server/ - container_name: kolab-kurento - environment: - - KMS_STUN_IP=${OPENVIDU_PUBLIC_IP} - - KMS_STUN_PORT=${OPENVIDU_PUBLIC_PORT} - - KMS_TURN_URL="${OPENVIDU_PUBLIC_IP}:${OPENVIDU_PUBLIC_PORT}?transport=udp" - hostname: kurento.meet.hosted.com - image: kolab-kurento - network_mode: host - tmpfs: - - /run - - /tmp - - /var/run - - /var/tmp - tty: true - volumes: + - ./src/.env:/.dockerenv:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro mariadb: container_name: kolab-mariadb environment: MYSQL_ROOT_PASSWORD: Welcome2KolabSystems healthcheck: interval: 10s test: test -e /var/run/mysqld/mysqld.sock timeout: 5s retries: 30 image: mariadb network_mode: host openvidu: - build: - context: ./docker/openvidu/ container_name: kolab-openvidu - depends_on: - - kurento environment: - #- SERVER_SSL_ENABLED=false - #- SERVER_PORT=5080 - - DOTENV_PATH - COTURN_IP=${OPENVIDU_PUBLIC_IP} - - COTURN_REDIS_CONNECT_TIMEOUT= - - COTURN_REDIS_DBNAME=1 + - COTURN_REDIS_DBNAME=2 - COTURN_REDIS_IP=127.0.0.1 - - COTURN_REDIS_PASSWORD= - - JAVA_OPTIONS=${OPENVIDU_JAVA_OPTIONS} - - KMS_URIS=[] - hostname: meet.hosted.com - image: kolab-openvidu + - HTTP_PORT=${OPENVIDU_SERVER_PORT} + - KMS_STUN_IP=${OPENVIDU_PUBLIC_IP} + - KMS_STUN_PORT=3478 + - KMS_TURN_URL=openvidu:openvidu@${OPENVIDU_PUBLIC_IP} + - KMS_URIS=["ws://localhost:8888/kurento"] + - OPENVIDU_DOMAIN_OR_PUBLIC_IP=${OPENVIDU_PUBLIC_IP} + - OPENVIDU_SECRET=${OPENVIDU_API_PASSWORD} + - SERVER_PORT=${OPENVIDU_SERVER_PORT} + - SERVER_SSL_ENABLED=false + hostname: openvidu.hosted.com + image: openvidu/openvidu-server-kms:2.13.0 + network_mode: host + tmpfs: + - /run + - /tmp + - /var/run + - /var/tmp + tty: true + proxy: + build: + context: ./docker/proxy/ + container_name: kolab-proxy + hostname: kanarip.internet-box.ch + image: kolab-proxy network_mode: host tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - #- ./docker/certs/ca.cert:etc/pki/tls/certs/ca.cert:ro - #- ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro - #- ./docker/certs/meet.hosted.com.cert:/etc/pki/tls/certs/meet.hosted.com.cert - #- ./docker/certs/meet.hosted.com.key:/etc/pki/tls/certs/meet.hosted.com.key + - ./docker/certs/:/etc/certs/:ro + - /etc/letsencrypt/:/etc/letsencrypt/:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro redis: build: context: ./docker/redis/ container_name: kolab-redis hostname: redis image: redis network_mode: host volumes: - ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro worker: build: context: ./docker/worker/ container_name: kolab-worker depends_on: - kolab hostname: worker image: kolab-worker network_mode: host tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - ./src:/home/worker/src.orig:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro diff --git a/docker/coturn/rootfs/etc/systemd/system/coturn.service.d/09_service_environmentfile.conf b/docker/coturn/rootfs/etc/systemd/system/coturn.service.d/09_service_environmentfile.conf new file mode 100644 index 00000000..754caf30 --- /dev/null +++ b/docker/coturn/rootfs/etc/systemd/system/coturn.service.d/09_service_environmentfile.conf @@ -0,0 +1,2 @@ +[Service] +EnvironmentFile=/.dockerenv diff --git a/docker/coturn/rootfs/usr/local/sbin/coturn.sh b/docker/coturn/rootfs/usr/local/sbin/coturn.sh index 1fd75625..ce73e47d 100755 --- a/docker/coturn/rootfs/usr/local/sbin/coturn.sh +++ b/docker/coturn/rootfs/usr/local/sbin/coturn.sh @@ -1,15 +1,16 @@ #!/bin/bash cat > /etc/coturn/turnserver.conf << EOF external-ip=${TURN_PUBLIC_IP:-127.0.0.1} listening-port=${TURN_LISTEN_PORT:-3478} fingerprint lt-cred-mech max-port=${MAX_PORT:-65535} min-port=${MIN_PORT:-40000} pidfile="/run/coturn/turnserver.pid" +user=openvidu:openvidu realm=openvidu simple-log redis-userdb="ip=${REDIS_IP:-127.0.0.1} dbname=${DB_NAME:-2} connect_timeout=30" verbose EOF diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile index 9b0a6aa7..915aad77 100644 --- a/docker/kolab/Dockerfile +++ b/docker/kolab/Dockerfile @@ -1,25 +1,28 @@ FROM kolab/centos7:latest RUN yum -y install rsyslog && \ yum --enablerepo=kolab-16-updates-testing -y update pykolab && \ yum clean all COPY kolab-init.service /etc/systemd/system/kolab-init.service COPY kolab-vlv.service /etc/systemd/system/kolab-vlv.service RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \ ln -s /etc/systemd/system/kolab-init.service \ /etc/systemd/system/multi-user.target.wants/kolab-init.service && \ ln -s /etc/systemd/system/kolab-vlv.service \ /etc/systemd/system/multi-user.target.wants/kolab-vlv.service RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : +RUN sed -i -r -e 's/^Listen 80$/Listen 9080/g' /etc/httpd/conf/httpd.conf +#RUN sed -i -r -e 's/^Listen 443$/Listen 9443/g' /etc/httpd/conf/httpd.conf + COPY kolab-init.sh /usr/local/sbin/ RUN chmod 750 /usr/local/sbin/kolab-init.sh COPY kolab-vlv.sh /usr/local/sbin/ RUN chmod 750 /usr/local/sbin/kolab-vlv.sh CMD ["/lib/systemd/systemd"] EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 143/tcp 389/tcp 443/tcp 465/tcp 587/tcp 993/tcp 995/tcp 5353/udp 8880/tcp 8443/tcp 8447/tcp diff --git a/docker/openvidu/rootfs/usr/lib/systemd/system/openvidu.service b/docker/openvidu/rootfs/usr/lib/systemd/system/openvidu.service index fee9121e..c042a037 100644 --- a/docker/openvidu/rootfs/usr/lib/systemd/system/openvidu.service +++ b/docker/openvidu/rootfs/usr/lib/systemd/system/openvidu.service @@ -1,11 +1,11 @@ [Unit] Description=OpenVidu Server [Service] Type=simple User=openvidu Group=openvidu -ExecStart=java -jar /home/openvidu/openvidu-server.jar +ExecStart=java -Dserver.port=4443 -jar /home/openvidu/openvidu-server.jar [Install] WantedBy=multi-user.target diff --git a/docker/proxy/Dockerfile b/docker/proxy/Dockerfile new file mode 100644 index 00000000..592e1e2a --- /dev/null +++ b/docker/proxy/Dockerfile @@ -0,0 +1,46 @@ +FROM fedora:31 + +MAINTAINER Jeroen van Meeuwen + +ENV container docker +ENV SYSTEMD_PAGER='' + +RUN dnf -y install \ + --setopt 'tsflags=nodocs' \ + bash-completion \ + bind-utils \ + certbot \ + curl \ + dhcp-client \ + git \ + iproute \ + iptraf-ng \ + iputils \ + less \ + lsof \ + mtr \ + net-tools \ + NetworkManager \ + NetworkManager-tui \ + network-scripts \ + nginx \ + nmap-ncat \ + openssh-clients \ + openssh-server \ + procps-ng \ + python3-certbot-nginx \ + strace \ + systemd-udev \ + tcpdump \ + telnet \ + traceroute \ + vim-enhanced \ + wget && \ + dnf clean all + +COPY rootfs/ / + +RUN systemctl enable nginx + +CMD ["/lib/systemd/systemd", "--system"] +ENTRYPOINT "/lib/systemd/systemd" diff --git a/docker/proxy/rootfs/etc/nginx/conf.d/ssl.conf b/docker/proxy/rootfs/etc/nginx/conf.d/ssl.conf new file mode 100644 index 00000000..7526b8e1 --- /dev/null +++ b/docker/proxy/rootfs/etc/nginx/conf.d/ssl.conf @@ -0,0 +1,9 @@ +ssl_session_cache shared:le_nginx_SSL:10m; +ssl_session_timeout 1440m; +ssl_session_tickets off; + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_prefer_server_ciphers off; + +ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; + diff --git a/docker/proxy/rootfs/etc/nginx/nginx.conf b/docker/proxy/rootfs/etc/nginx/nginx.conf new file mode 100644 index 00000000..8404b8ef --- /dev/null +++ b/docker/proxy/rootfs/etc/nginx/nginx.conf @@ -0,0 +1,97 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + + server { + listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + + ssl_certificate /etc/letsencrypt/archive/$server_name/fullchain1.pem; + ssl_certificate_key /etc/letsencrypt/archive/$server_name/privkey1.pem; + ssl_dhparam /etc/certs/ssl-dhparams.pem; + + server_name meet.kanarip.dev.kolab.io; + root /usr/share/nginx/html; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_no_cache 1; + proxy_cache_bypass 1; + } + + location /openvidu { + proxy_pass http://127.0.0.1:8080; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + } + + error_page 404 /404.html; + location = /40x.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + + } + + server { + listen 80 ; + listen [::]:80 ; + server_name meet.kanarip.dev.kolab.io; + return 404; + + if ($host = meet.kanarip.dev.kolab.io) { + return 301 https://$host$request_uri; + } + } +} diff --git a/src/.env.example b/src/.env.example index 5dc44b31..a035dd1c 100644 --- a/src/.env.example +++ b/src/.env.example @@ -1,130 +1,130 @@ APP_NAME=Kolab APP_ENV=local APP_KEY= APP_DEBUG=true APP_URL=http://127.0.0.1:8000 APP_PUBLIC_URL= APP_DOMAIN=kolabnow.com SUPPORT_URL= LOG_CHANNEL=stack DB_CONNECTION=mysql DB_DATABASE=kolabdev DB_HOST=127.0.0.1 DB_PASSWORD=kolab DB_PORT=3306 DB_USERNAME=kolabdev BROADCAST_DRIVER=log CACHE_DRIVER=redis QUEUE_CONNECTION=redis SESSION_DRIVER=file SESSION_LIFETIME=120 2FA_DSN=mysql://roundcube:Welcome2KolabSystems@127.0.0.1/roundcube 2FA_TOTP_DIGITS=6 2FA_TOTP_INTERVAL=30 2FA_TOTP_DIGEST=sha1 IMAP_URI=ssl://127.0.0.1:993 IMAP_ADMIN_LOGIN=cyrus-admin IMAP_ADMIN_PASSWORD=Welcome2KolabSystems IMAP_VERIFY_HOST=false IMAP_VERIFY_PEER=false LDAP_BASE_DN="dc=mgmt,dc=com" LDAP_DOMAIN_BASE_DN="ou=Domains,dc=mgmt,dc=com" LDAP_HOSTS=127.0.0.1 LDAP_PORT=389 LDAP_SERVICE_BIND_DN="uid=kolab-service,ou=Special Users,dc=mgmt,dc=com" LDAP_SERVICE_BIND_PW="Welcome2KolabSystems" LDAP_USE_SSL=false LDAP_USE_TLS=false # Administrative LDAP_ADMIN_BIND_DN="cn=Directory Manager" LDAP_ADMIN_BIND_PW="Welcome2KolabSystems" LDAP_ADMIN_ROOT_DN="dc=mgmt,dc=com" # Hosted (public registration) LDAP_HOSTED_BIND_DN="uid=hosted-kolab-service,ou=Special Users,dc=mgmt,dc=com" LDAP_HOSTED_BIND_PW="Welcome2KolabSystems" LDAP_HOSTED_ROOT_DN="dc=hosted,dc=com" OPENVIDU_API_PASSWORD=MY_SECRET -OPENVIDU_API_URL=https://localhost:4443/api/ +OPENVIDU_API_URL=http://localhost:8080/api/ OPENVIDU_API_USERNAME=OPENVIDUAPP OPENVIDU_API_VERIFY_TLS=true OPENVIDU_COTURN_REDIS_DB=2 OPENVIDU_COTURN_REDIS_IP=127.0.0.1 -OPENVIDU_JAVA_OPTIONS="-Xms2048m -Xmx4096m -Duser.timezone=UTC" # Used as COTURN_IP, TURN_PUBLIC_IP, for KMS_TURN_URL OPENVIDU_PUBLIC_IP=127.0.0.1 OPENVIDU_PUBLIC_PORT=3478 +OPENVIDU_SERVER_PORT=8080 OPENVIDU_WEBHOOK=true OPENVIDU_WEBHOOK_ENDPOINT=http://127.0.0.1:8000/webhooks/meet/openvidu # "CDR" events, see https://docs.openvidu.io/en/2.13.0/reference-docs/openvidu-server-cdr/ #OPENVIDU_WEBHOOK_EVENTS=[sessionCreated,sessionDestroyed,participantJoined,participantLeft,webrtcConnectionCreated,webrtcConnectionDestroyed,recordingStatusChanged,filterEventDispatched,mediaNodeStatusChanged] #OPENVIDU_WEBHOOK_HEADERS=[\"Authorization:\ Basic\ SOMETHING\"] REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 SWOOLE_HTTP_HOST=127.0.0.1 SWOOLE_HTTP_PORT=8000 PAYMENT_PROVIDER= MOLLIE_KEY= STRIPE_KEY= STRIPE_PUBLIC_KEY= STRIPE_WEBHOOK_SECRET= MAIL_DRIVER=smtp MAIL_HOST=smtp.mailtrap.io MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FROM_ADDRESS="noreply@example.com" MAIL_FROM_NAME="Example.com" MAIL_REPLYTO_ADDRESS=null MAIL_REPLYTO_NAME=null DNS_TTL=3600 DNS_SPF="v=spf1 mx -all" DNS_STATIC="%s. MX 10 ext-mx01.mykolab.com." DNS_COPY_FROM=null AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET= PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= PUSHER_APP_CLUSTER=mt1 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" JWT_SECRET= COMPANY_NAME= COMPANY_ADDRESS= COMPANY_DETAILS= COMPANY_EMAIL= COMPANY_LOGO= COMPANY_FOOTER= VAT_COUNTRIES=CH,LI VAT_RATE=7.7 KB_ACCOUNT_DELETE= KB_ACCOUNT_SUSPENDED= diff --git a/src/app/Http/Controllers/API/V4/OpenViduController.php b/src/app/Http/Controllers/API/V4/OpenViduController.php index 94aaa45c..c96f1437 100644 --- a/src/app/Http/Controllers/API/V4/OpenViduController.php +++ b/src/app/Http/Controllers/API/V4/OpenViduController.php @@ -1,121 +1,140 @@ user(); - $room = \App\OpenVidu\Room::where('session_id', $id)->first(); + $room = \App\OpenVidu\Room::where('name', $id)->first(); + + if (!$room) { + return response()->json(['status' => 'error'], 422); + } // see if room exists, return session and token $client = new \GuzzleHttp\Client( [ 'http_errors' => false, // No exceptions from Guzzle 'base_uri' => \config('openvidu.api_url'), 'verify' => \config('openvidu.api_verify_tls') ] ); $response = $client->request( 'GET', "sessions/{$id}", ['auth' => [\config('openvidu.api_username'), \config('openvidu.api_password')]] ); $sessionExists = $response->getStatusCode() == 200; if (!$sessionExists) { if ($room->user_id == $user->id) { $json = [ 'mediaMode' => 'ROUTED', 'recordingMode' => 'MANUAL', 'customSessionId' => $room->session_id ]; $response = $client->request( 'POST', 'sessions', [ 'auth' => [ \config('openvidu.api_username'), \config('openvidu.api_password') ], 'json' => [ 'mediaMode' => 'ROUTED', - 'recordingMode' => 'MANUAL', - 'customSessionId' => $room->session_id + 'recordingMode' => 'MANUAL' ] ] ); if ($response->getStatusCode() !== 200) { return response()->json(['status' => 'error'], 422); } $response = $client->request( 'POST', 'tokens', [ 'auth' => [ \config('openvidu.api_username'), \config('openvidu.api_password') ], 'json' => [ 'session' => $room->session_id, 'role' => 'MODERATOR' ] ] ); $json = json_decode($response->getBody(), true); + //$json['token'] .= '&coturnIp=' . \config('openvidu.coturn_ip', 'kanarip.internet-box.ch'); + //$json['token'] .= '&turnUsername=' . \config('openvidu.turn_username', 'openvidu'); + //$json['token'] .= '&turnCredential=' . \config('openvidu.turn_credential', 'openvidu'); + + //$json['id'] = $json['token']; + + \Log::debug("json: " . var_export($json, true)); + return response()->json($json, 200); } else { return response()->json(['status' => 'waiting'], 422); } } $response = $client->request( 'POST', 'tokens', [ 'auth' => [ \config('openvidu.api_username'), \config('openvidu.api_password') ], 'json' => [ 'session' => $room->session_id, - 'role' => 'MODERATOR' + 'role' => 'PUBLISHER' ] ] ); $json = json_decode($response->getBody(), true); + //$json['token'] .= '&coturnIp=' . \config('openvidu.coturn_ip', 'kanarip.internet-box.ch'); + //$json['token'] .= '&turnUsername=' . \config('openvidu.turn_username', 'openvidu'); + //$json['token'] .= '&turnCredential=' . \config('openvidu.turn_credential', 'openvidu'); + + //$json['id'] = $json['token']; + + \Log::debug("json: " . var_export($json, true)); + return response()->json($json, 200); } /** * Webhook as triggered from OpenVidu server * * @param \Illuminate\Http\Request $request The API request. * * @return \Illuminate\Http\Response The response */ public function webhook(Request $request) { return response('Success', 200); } } diff --git a/src/app/Http/Controllers/MeetController.php b/src/app/Http/Controllers/MeetController.php new file mode 100644 index 00000000..5ff3b1e3 --- /dev/null +++ b/src/app/Http/Controllers/MeetController.php @@ -0,0 +1,53 @@ +with('env', \App\Utils::uiEnv()); + } + + public function room($id) + { + return view('meet.room', ['room' => $id])->with('env', \App\Utils::uiEnv()); + } + + /** + * Common error response builder for API (JSON) responses + * + * @param int $code Error code + * @param string $message Error message + * + * @return \Illuminate\Http\JsonResponse + */ + protected function errorResponse(int $code, string $message = null) + { + $errors = [ + 400 => "Bad request", + 401 => "Unauthorized", + 403 => "Access denied", + 404 => "Not found", + 422 => "Input validation error", + 405 => "Method not allowed", + 500 => "Internal server error", + ]; + + $response = [ + 'status' => 'error', + 'message' => $message ?: (isset($errors[$code]) ? $errors[$code] : "Server error"), + ]; + + return response()->json($response, $code); + } +} diff --git a/src/resources/views/meet.blade.php b/src/resources/views/meet.blade.php new file mode 100644 index 00000000..89b69fe5 --- /dev/null +++ b/src/resources/views/meet.blade.php @@ -0,0 +1,13 @@ +@extends('layouts.app') +@section('title', "Meet") +@section('content') +
+ +

This is a front page

+

+ Probably a good location to self-promote and nudge people to sign up. +

+
+ +
+@endsection diff --git a/src/resources/views/meet/room.blade.php b/src/resources/views/meet/room.blade.php new file mode 100644 index 00000000..3559b211 --- /dev/null +++ b/src/resources/views/meet/room.blade.php @@ -0,0 +1,10 @@ +@extends('layouts.app') +@section('title', "Meet") +@section('content') +
+ +

Room '{{ $room }}'

+
+ +
+@endsection diff --git a/src/resources/vue/Meet.vue b/src/resources/vue/Meet.vue index c03aa40c..129aeaa3 100644 --- a/src/resources/vue/Meet.vue +++ b/src/resources/vue/Meet.vue @@ -1,95 +1,125 @@ diff --git a/src/routes/web.php b/src/routes/web.php index 0fa1d67c..429d406b 100644 --- a/src/routes/web.php +++ b/src/routes/web.php @@ -1,19 +1,21 @@ 'meet.' . \config('app.domain'), + ], + function () { + Route::get("/", 'MeetController@index'); + Route::get("/{id}", 'MeetController@room'); + } +); // We can handle every URL with the default action because // we have client-side router (including 404 error handler). // This way we don't have to define any "deep link" routes here. -Route::fallback(function () { - return view('root')->with('env', \App\Utils::uiEnv()); -}); +Route::fallback( + function () { + return view('root')->with('env', \App\Utils::uiEnv()); + } +);