init
This commit is contained in:
Tiara Rodney
commit
883f31932e
169 changed files with 5676 additions and 0 deletions
195
ansible/roles/conversejs/templates/index.html.j2
Normal file
195
ansible/roles/conversejs/templates/index.html.j2
Normal file
|
|
@ -0,0 +1,195 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Chat - {{ domain }}</title>
|
||||
<link rel="stylesheet" href="dist/converse.min.css">
|
||||
<script src="dist/libsignal-protocol.min.js"></script>
|
||||
{% if oauth_client_id is defined %}
|
||||
<style>
|
||||
#oauth-login {
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
align-items: center;
|
||||
height: 100vh;
|
||||
background: #2e3436;
|
||||
}
|
||||
#oauth-login a {
|
||||
padding: 16px 32px;
|
||||
background: #3584e4;
|
||||
color: white;
|
||||
text-decoration: none;
|
||||
border-radius: 8px;
|
||||
font-size: 18px;
|
||||
font-family: sans-serif;
|
||||
}
|
||||
#oauth-login a:hover { background: #1c71d8; }
|
||||
</style>
|
||||
{% endif %}
|
||||
</head>
|
||||
<body>
|
||||
{% if oauth_client_id is defined %}
|
||||
<div id="oauth-login">
|
||||
<a id="login-btn" href="#">Login with Authentik</a>
|
||||
</div>
|
||||
<script>
|
||||
(function() {
|
||||
const CLIENT_ID = '{{ oauth_client_id }}';
|
||||
const AUTHORIZE_URL = '{{ oauth_authorize_url }}';
|
||||
const TOKEN_URL = '{{ oauth_token_url }}';
|
||||
const REDIRECT_URI = window.location.origin + window.location.pathname;
|
||||
const DOMAIN = '{{ domain }}';
|
||||
|
||||
function generateCodeVerifier() {
|
||||
const arr = new Uint8Array(32);
|
||||
crypto.getRandomValues(arr);
|
||||
return btoa(String.fromCharCode(...arr))
|
||||
.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
|
||||
}
|
||||
|
||||
async function generateCodeChallenge(verifier) {
|
||||
const data = new TextEncoder().encode(verifier);
|
||||
const hash = await crypto.subtle.digest('SHA-256', data);
|
||||
return btoa(String.fromCharCode(...new Uint8Array(hash)))
|
||||
.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
|
||||
}
|
||||
|
||||
async function startOAuth() {
|
||||
const state = generateCodeVerifier();
|
||||
const codeVerifier = generateCodeVerifier();
|
||||
const codeChallenge = await generateCodeChallenge(codeVerifier);
|
||||
sessionStorage.setItem('oauth_state', state);
|
||||
sessionStorage.setItem('oauth_code_verifier', codeVerifier);
|
||||
const params = new URLSearchParams({
|
||||
response_type: 'code',
|
||||
client_id: CLIENT_ID,
|
||||
redirect_uri: REDIRECT_URI,
|
||||
scope: 'openid profile email',
|
||||
state: state,
|
||||
code_challenge: codeChallenge,
|
||||
code_challenge_method: 'S256'
|
||||
});
|
||||
window.location.href = AUTHORIZE_URL + '?' + params.toString();
|
||||
}
|
||||
|
||||
async function exchangeCode(code) {
|
||||
const codeVerifier = sessionStorage.getItem('oauth_code_verifier');
|
||||
const resp = await fetch(TOKEN_URL, {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
||||
body: new URLSearchParams({
|
||||
grant_type: 'authorization_code',
|
||||
client_id: CLIENT_ID,
|
||||
code: code,
|
||||
redirect_uri: REDIRECT_URI,
|
||||
code_verifier: codeVerifier
|
||||
})
|
||||
});
|
||||
const data = await resp.json();
|
||||
sessionStorage.removeItem('oauth_state');
|
||||
sessionStorage.removeItem('oauth_code_verifier');
|
||||
return data.access_token;
|
||||
}
|
||||
|
||||
function parseJwt(token) {
|
||||
const base64 = token.split('.')[1].replace(/-/g, '+').replace(/_/g, '/');
|
||||
return JSON.parse(atob(base64));
|
||||
}
|
||||
|
||||
function loadConverse() {
|
||||
return new Promise(function(resolve) {
|
||||
var s = document.createElement('script');
|
||||
s.src = 'dist/converse.min.js';
|
||||
s.onload = resolve;
|
||||
document.body.appendChild(s);
|
||||
});
|
||||
}
|
||||
|
||||
function isTokenExpired(token) {
|
||||
try {
|
||||
const claims = parseJwt(token);
|
||||
return claims.exp && (claims.exp * 1000) < Date.now();
|
||||
} catch (e) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
function initConverse(token) {
|
||||
if (isTokenExpired(token)) {
|
||||
sessionStorage.removeItem('oauth_token');
|
||||
startOAuth();
|
||||
return;
|
||||
}
|
||||
document.getElementById('oauth-login').style.display = 'none';
|
||||
const claims = parseJwt(token);
|
||||
const jid = claims.preferred_username + '@' + DOMAIN;
|
||||
loadConverse().then(function() {
|
||||
converse.initialize({
|
||||
bosh_service_url: 'https://' + DOMAIN + '/http-bind',
|
||||
websocket_url: 'wss://' + DOMAIN + '/xmpp-websocket',
|
||||
view_mode: 'fullscreen',
|
||||
authentication: 'login',
|
||||
locked_domain: DOMAIN,
|
||||
muc_domain: 'conference.' + DOMAIN,
|
||||
locked_muc_domain: 'hidden',
|
||||
muc_instant_rooms: true,
|
||||
muc_show_logs_before_join: true,
|
||||
visible_toolbar_buttons: { toggle_occupants: true },
|
||||
jid: jid,
|
||||
password: token,
|
||||
auto_login: true,
|
||||
keepalive: true,
|
||||
omemo_default: true
|
||||
});
|
||||
converse.listen.on('logout', function() {
|
||||
sessionStorage.removeItem('oauth_token');
|
||||
window.location.reload();
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
const params = new URLSearchParams(window.location.search);
|
||||
const code = params.get('code');
|
||||
const state = params.get('state');
|
||||
|
||||
if (code && state === sessionStorage.getItem('oauth_state')) {
|
||||
history.replaceState(null, '', window.location.pathname);
|
||||
exchangeCode(code).then(function(token) {
|
||||
if (token) {
|
||||
sessionStorage.setItem('oauth_token', token);
|
||||
initConverse(token);
|
||||
}
|
||||
});
|
||||
} else if (sessionStorage.getItem('oauth_token')) {
|
||||
initConverse(sessionStorage.getItem('oauth_token'));
|
||||
} else {
|
||||
document.getElementById('login-btn').addEventListener('click', function(e) {
|
||||
e.preventDefault();
|
||||
startOAuth();
|
||||
});
|
||||
}
|
||||
})();
|
||||
</script>
|
||||
{% else %}
|
||||
<script src="dist/converse.min.js"></script>
|
||||
<script>
|
||||
converse.initialize({
|
||||
bosh_service_url: 'https://{{ domain }}/http-bind',
|
||||
websocket_url: 'wss://{{ domain }}/xmpp-websocket',
|
||||
view_mode: 'fullscreen',
|
||||
authentication: 'login',
|
||||
locked_domain: '{{ domain }}',
|
||||
muc_domain: 'conference.{{ domain }}',
|
||||
locked_muc_domain: 'hidden',
|
||||
muc_instant_rooms: false,
|
||||
muc_show_logs_before_join: true,
|
||||
visible_toolbar_buttons: {
|
||||
toggle_occupants: true
|
||||
},
|
||||
omemo_default: true
|
||||
});
|
||||
</script>
|
||||
{% endif %}
|
||||
</body>
|
||||
</html>
|
||||
31
ansible/roles/conversejs/templates/vhost.conf.j2
Normal file
31
ansible/roles/conversejs/templates/vhost.conf.j2
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
<VirtualHost *:80>
|
||||
ServerName {{ domain }}
|
||||
Redirect permanent / https://{{ domain }}/
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerName {{ domain }}
|
||||
SSLEngine on
|
||||
SSLCertificateFile {{ ssl_cert }}
|
||||
SSLCertificateKeyFile {{ ssl_key }}
|
||||
|
||||
DocumentRoot {{ install_dir }}
|
||||
<Directory {{ install_dir }}>
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
# Proxy BOSH requests to Prosody
|
||||
ProxyPreserveHost on
|
||||
ProxyPass /http-bind http://127.0.0.1:{{ prosody_port }}/http-bind
|
||||
ProxyPassReverse /http-bind http://127.0.0.1:{{ prosody_port }}/http-bind
|
||||
|
||||
# Proxy WebSocket requests to Prosody
|
||||
RewriteEngine on
|
||||
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
||||
RewriteCond %{HTTP:Connection} upgrade [NC]
|
||||
RewriteRule ^/xmpp-websocket(.*) ws://127.0.0.1:{{ prosody_port }}/xmpp-websocket$1 [P,L]
|
||||
ProxyPass /xmpp-websocket http://127.0.0.1:{{ prosody_port }}/xmpp-websocket
|
||||
ProxyPassReverse /xmpp-websocket http://127.0.0.1:{{ prosody_port }}/xmpp-websocket
|
||||
</VirtualHost>
|
||||
Loading…
Add table
Add a link
Reference in a new issue