Federation support

api_signaling.go

@@ -41,13 +41,31 @@ const (
 
 	// Version 2.0 validates auth params encoded as JWT.
 	HelloVersionV2 = "2.0"
+
+	ActorTypeUsers          = "users"
+	ActorTypeFederatedUsers = "federated_users"
 )
 
 var (
 	ErrNoSdp      = NewError("no_sdp", "Payload does not contain a SDP.")
 	ErrInvalidSdp = NewError("invalid_sdp", "Payload does not contain a valid SDP.")
 )
 
+func makePtr[T any](v T) *T {
+	return &v
+}
+
+func getStringMapEntry[T any](m map[string]interface{}, key string) (s T, ok bool) {
+	var defaultValue T
+	v, found := m[key]
+	if !found {
+		return defaultValue, false
+	}
+
+	s, ok = v.(T)
+	return
+}
+
 // ClientMessage is a message that is sent from a client to the server.
 type ClientMessage struct {
 	json.Marshaler
@@ -121,7 +139,7 @@ func (m *ClientMessage) CheckValid() error {
 	return nil
 }
 
-func (m *ClientMessage) String() string {
+func (m ClientMessage) String() string {
 	data, err := json.Marshal(m)
 	if err != nil {
 		return fmt.Sprintf("Could not serialize %#v: %s", m, err)
@@ -311,9 +329,21 @@ func (m *WelcomeServerMessage) RemoveFeature(feature ...string) {
 	m.Features = newFeatures
 }
 
+func (m *WelcomeServerMessage) HasFeature(feature string) bool {
+	for _, f := range m.Features {
+		f = strings.TrimSpace(f)
+		if f == feature {
+			return true
+		}
+	}
+
+	return false
+}
+
 const (
-	HelloClientTypeClient   = "client"
-	HelloClientTypeInternal = "internal"
+	HelloClientTypeClient     = "client"
+	HelloClientTypeInternal   = "internal"
+	HelloClientTypeFederation = "federation"
 
 	HelloClientTypeVirtual = "virtual"
 )
@@ -363,12 +393,53 @@ func (p *HelloV2AuthParams) CheckValid() error {
 	return nil
 }
 
+type AuthTokenClaims interface {
+	TokenSubject() string
+	TokenUserData() json.RawMessage
+
+	VerifyIssuedAt(cmp time.Time, req bool) bool
+	VerifyExpiresAt(cmp time.Time, req bool) bool
+}
+
 type HelloV2TokenClaims struct {
 	jwt.RegisteredClaims
 
 	UserData json.RawMessage `json:"userdata,omitempty"`
 }
 
+func (c *HelloV2TokenClaims) TokenSubject() string {
+	return c.Subject
+}
+
+func (c *HelloV2TokenClaims) TokenUserData() json.RawMessage {
+	return c.UserData
+}
+
+type FederationAuthParams struct {
+	Token string `json:"token"`
+}
+
+func (p *FederationAuthParams) CheckValid() error {
+	if p.Token == "" {
+		return fmt.Errorf("token missing")
+	}
+	return nil
+}
+
+type FederationTokenClaims struct {
+	jwt.RegisteredClaims
+
+	UserData json.RawMessage `json:"userdata,omitempty"`
+}
+
+func (c *FederationTokenClaims) TokenSubject() string {
+	return c.Subject
+}
+
+func (c *FederationTokenClaims) TokenUserData() json.RawMessage {
+	return c.UserData
+}
+
 type HelloClientMessageAuth struct {
 	// The client type that is connecting. Leave empty to use the default
 	// "HelloClientTypeClient"
@@ -379,8 +450,9 @@ type HelloClientMessageAuth struct {
 	Url       string `json:"url"`
 	parsedUrl *url.URL
 
-	internalParams ClientTypeInternalAuthParams
-	helloV2Params  HelloV2AuthParams
+	internalParams   ClientTypeInternalAuthParams
+	helloV2Params    HelloV2AuthParams
+	federationParams FederationAuthParams
 }
 
 // Type "hello"
@@ -409,6 +481,8 @@ func (m *HelloClientMessage) CheckValid() error {
 		}
 		switch m.Auth.Type {
 		case HelloClientTypeClient:
+			fallthrough
+		case HelloClientTypeFederation:
 			if m.Auth.Url == "" {
 				return fmt.Errorf("url missing")
 			} else if u, err := url.ParseRequestURI(m.Auth.Url); err != nil {
@@ -425,10 +499,19 @@ func (m *HelloClientMessage) CheckValid() error {
 			case HelloVersionV1:
 				// No additional validation necessary.
 			case HelloVersionV2:
-				if err := json.Unmarshal(m.Auth.Params, &m.Auth.helloV2Params); err != nil {
-					return err
-				} else if err := m.Auth.helloV2Params.CheckValid(); err != nil {
-					return err
+				switch m.Auth.Type {
+				case HelloClientTypeClient:
+					if err := json.Unmarshal(m.Auth.Params, &m.Auth.helloV2Params); err != nil {
+						return err
+					} else if err := m.Auth.helloV2Params.CheckValid(); err != nil {
+						return err
+					}
+				case HelloClientTypeFederation:
+					if err := json.Unmarshal(m.Auth.Params, &m.Auth.federationParams); err != nil {
+						return err
+					} else if err := m.Auth.federationParams.CheckValid(); err != nil {
+						return err
+					}
 				}
 			}
 		case HelloClientTypeInternal:
@@ -456,6 +539,7 @@ const (
 	ServerFeatureHelloV2               = "hello-v2"
 	ServerFeatureSwitchTo              = "switchto"
 	ServerFeatureDialout               = "dialout"
+	ServerFeatureFederation            = "federation"
 
 	// Features to send to internal clients only.
 	ServerFeatureInternalVirtualSessions = "virtual-sessions"
@@ -474,6 +558,7 @@ var (
 		ServerFeatureHelloV2,
 		ServerFeatureSwitchTo,
 		ServerFeatureDialout,
+		ServerFeatureFederation,
 	}
 	DefaultFeaturesInternal = []string{
 		ServerFeatureInternalVirtualSessions,
@@ -483,6 +568,7 @@ var (
 		ServerFeatureHelloV2,
 		ServerFeatureSwitchTo,
 		ServerFeatureDialout,
+		ServerFeatureFederation,
 	}
 	DefaultWelcomeFeatures = []string{
 		ServerFeatureAudioVideoPermissions,
@@ -493,6 +579,7 @@ var (
 		ServerFeatureHelloV2,
 		ServerFeatureSwitchTo,
 		ServerFeatureDialout,
+		ServerFeatureFederation,
 	}
 )
 
@@ -526,10 +613,56 @@ type ByeServerMessage struct {
 type RoomClientMessage struct {
 	RoomId    string `json:"roomid"`
 	SessionId string `json:"sessionid,omitempty"`
+
+	Federation *RoomFederationMessage `json:"federation,omitempty"`
 }
 
 func (m *RoomClientMessage) CheckValid() error {
 	// No additional validation required.
+	if m.Federation != nil {
+		if err := m.Federation.CheckValid(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+type RoomFederationMessage struct {
+	SignalingUrl       string `json:"signaling"`
+	parsedSignalingUrl *url.URL
+
+	NextcloudUrl       string `json:"url"`
+	parsedNextcloudUrl *url.URL
+
+	RoomId string `json:"roomid,omitempty"`
+	Token  string `json:"token"`
+}
+
+func (m *RoomFederationMessage) CheckValid() error {
+	if m.SignalingUrl == "" {
+		return errors.New("signaling url missing")
+	}
+
+	if m.SignalingUrl[len(m.SignalingUrl)-1] != '/' {
+		m.SignalingUrl += "/"
+	}
+	if u, err := url.Parse(m.SignalingUrl); err != nil {
+		return fmt.Errorf("invalid signaling url: %w", err)
+	} else {
+		m.parsedSignalingUrl = u
+	}
+	if m.NextcloudUrl == "" {
+		return errors.New("nextcloud url missing")
+	} else if u, err := url.Parse(m.NextcloudUrl); err != nil {
+		return fmt.Errorf("invalid nextcloud url: %w", err)
+	} else {
+		m.parsedNextcloudUrl = u
+	}
+	if m.Token == "" {
+		return errors.New("token missing")
+	}
+
 	return nil
 }
 
@@ -909,6 +1042,7 @@ type EventServerMessage struct {
 	Leave    []string                          `json:"leave,omitempty"`
 	Change   []*EventServerMessageSessionEntry `json:"change,omitempty"`
 	SwitchTo *EventServerMessageSwitchTo       `json:"switchto,omitempty"`
+	Resumed  *bool                             `json:"resumed,omitempty"`
 
 	// Used for target "roomlist" / "participants"
 	Invite    *RoomEventServerMessage          `json:"invite,omitempty"`
@@ -933,6 +1067,7 @@ type EventServerMessageSessionEntry struct {
 	UserId        string          `json:"userid"`
 	User          json.RawMessage `json:"user,omitempty"`
 	RoomSessionId string          `json:"roomsessionid,omitempty"`
+	Federated     bool            `json:"federated,omitempty"`
 }
 
 func (e *EventServerMessageSessionEntry) Clone() *EventServerMessageSessionEntry {
@@ -941,6 +1076,7 @@ func (e *EventServerMessageSessionEntry) Clone() *EventServerMessageSessionEntry
 		UserId:        e.UserId,
 		User:          e.User,
 		RoomSessionId: e.RoomSessionId,
+		Federated:     e.Federated,
 	}
 }