mirror of
https://github.com/nextcloud/spreed.git
synced 2025-07-21 10:37:10 +00:00
feat: Add occ command to verify/update signaling token keys
Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
This commit is contained in:
Marcel Müller
committed by
Joas Schilling
Joas Schilling
parent
4948321257
commit
6f45ccb525
@ -119,6 +119,7 @@
|
||||
<command>OCA\Talk\Command\Signaling\Add</command>
|
||||
<command>OCA\Talk\Command\Signaling\Delete</command>
|
||||
<command>OCA\Talk\Command\Signaling\ListCommand</command>
|
||||
<command>OCA\Talk\Command\Signaling\VerifyKeys</command>
|
||||
|
||||
<command>OCA\Talk\Command\Stun\Add</command>
|
||||
<command>OCA\Talk\Command\Stun\Delete</command>
|
||||
|
||||
13
docs/occ.md
13
docs/occ.md
@ -386,6 +386,19 @@ List external signaling servers.
|
||||
|---|---|---|---|---|---|
|
||||
| `--output` | Output format (plain, json or json_pretty, default is plain) | yes | no | no | `'plain'` |
|
||||
|
||||
## talk:signaling:verify-keys
|
||||
|
||||
Verify if the stored public key matches the stored private key for the signaling server
|
||||
|
||||
### Usage
|
||||
|
||||
* `talk:signaling:verify-keys [--output [OUTPUT]] [--update]`
|
||||
|
||||
| Options | Description | Accept value | Is value required | Is multiple | Default |
|
||||
|---|---|---|---|---|---|
|
||||
| `--output` | Output format (plain, json or json_pretty, default is plain) | yes | no | no | `'plain'` |
|
||||
| `--update` | Updates the stored public key to match the private key if there is a mis-match | no | no | no | `false` |
|
||||
|
||||
## talk:stun:add
|
||||
|
||||
Add a new STUN server.
|
||||
|
||||
67
lib/Command/Signaling/VerifyKeys.php
Normal file
67
lib/Command/Signaling/VerifyKeys.php
Normal file
@ -0,0 +1,67 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
|
||||
* SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
*/
|
||||
|
||||
namespace OCA\Talk\Command\Signaling;
|
||||
|
||||
use OC\Core\Command\Base;
|
||||
use OCA\Talk\Config;
|
||||
use OCP\IConfig;
|
||||
use Symfony\Component\Console\Input\InputInterface;
|
||||
use Symfony\Component\Console\Input\InputOption;
|
||||
use Symfony\Component\Console\Output\OutputInterface;
|
||||
|
||||
class VerifyKeys extends Base {
|
||||
|
||||
public function __construct(
|
||||
private IConfig $config,
|
||||
private Config $talkConfig,
|
||||
) {
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
#[\Override]
|
||||
protected function configure(): void {
|
||||
parent::configure();
|
||||
|
||||
$this
|
||||
->setName('talk:signaling:verify-keys')
|
||||
->setDescription('Verify if the stored public key matches the stored private key for the signaling server')
|
||||
->addOption('update', null, InputOption::VALUE_NONE, 'Updates the stored public key to match the private key if there is a mis-match');
|
||||
}
|
||||
|
||||
protected function execute(InputInterface $input, OutputInterface $output): int {
|
||||
$update = $input->getOption('update');
|
||||
|
||||
$alg = $this->talkConfig->getSignalingTokenAlgorithm();
|
||||
$privateKey = $this->talkConfig->getSignalingTokenPrivateKey();
|
||||
$publicKey = $this->talkConfig->getSignalingTokenPublicKey();
|
||||
$publicKeyDerived = $this->talkConfig->deriveSignalingTokenPublicKey($privateKey, $alg);
|
||||
|
||||
$output->writeln('Stored public key:');
|
||||
$output->writeln($publicKey);
|
||||
$output->writeln('Derived public key:');
|
||||
$output->writeln($publicKeyDerived);
|
||||
|
||||
if ($publicKey != $publicKeyDerived) {
|
||||
if ($update) {
|
||||
$output->writeln('<comment>Stored public key for algorithm ' . strtolower($alg) . ' did not match stored private key.</comment>');
|
||||
$output->writeln('<info>A new public key was created and stored.</info>');
|
||||
$this->config->setAppValue('spreed', 'signaling_token_pubkey_' . strtolower($alg), $publicKeyDerived);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
$output->writeln('<error>Stored public key for algorithm ' . strtolower($alg) . ' does not match stored private key</error>');
|
||||
return 1;
|
||||
}
|
||||
|
||||
$output->writeln('<info>Stored public key for algorithm ' . strtolower($alg) . ' matches stored private key</info>');
|
||||
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
@ -79,7 +79,7 @@ class HighPerformanceBackend implements ISetupCheck {
|
||||
$publicKeyDerived = $this->talkConfig->deriveSignalingTokenPublicKey($privateKey, $alg);
|
||||
|
||||
if ($publicKey != $publicKeyDerived) {
|
||||
return SetupResult::error($this->l->t('The stored public key for used algorithm %$1s does not match the stored private key. Run %$2s to fix the issue.', [$alg, '`occ talk:signaling:verify-keys --update`']));
|
||||
return SetupResult::error($this->l->t('The stored public key for used algorithm %1$s does not match the stored private key. Run %2$s to fix the issue.', [$alg, '`occ talk:signaling:verify-keys --update`']));
|
||||
}
|
||||
} catch (\Exception) {
|
||||
return SetupResult::error($this->l->t('High-performance backend not configured correctly. Run %s for details.', ['`occ talk:signaling:verify-keys`']));
|
||||
|
||||
Reference in New Issue
Block a user