Add transcriber authentication to hidden domain

docker-compose.yml

@@ -211,6 +211,8 @@ services:
             - JICOFO_COMPONENT_SECRET
             - JIGASI_XMPP_USER
             - JIGASI_XMPP_PASSWORD
+            - JIGASI_TRANSCRIBER_USER
+            - JIGASI_TRANSCRIBER_PASSWORD
             - JVB_AUTH_USER
             - JVB_AUTH_PASSWORD
             - JWT_APP_ID

env.example

@@ -116,6 +116,10 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
 # Enable guest access
 #ENABLE_GUESTS=1
 
+# Enable auth for Transcriber in Jigasi
+# This can only be enabled if the other auth options above are not used
+#JIGASI_TRANSCRIBER_AUTHENTICATION=1
+
 # Select authentication type: internal, jwt, ldap or matrix
 #AUTH_TYPE=internal
 
@@ -205,6 +209,9 @@ JIBRI_RECORDER_PASSWORD=
 # XMPP password for Jibri client connections
 JIBRI_XMPP_PASSWORD=
 
+# Transcriber password to authenticate to the hidden (recorder) domain 
+JIGASI_TRANSCRIBER_PASSWORD=
+
 #
 # Docker Compose options
 #

gen-passwords.sh

@@ -9,11 +9,13 @@ JVB_AUTH_PASSWORD=$(generatePassword)
 JIGASI_XMPP_PASSWORD=$(generatePassword)
 JIBRI_RECORDER_PASSWORD=$(generatePassword)
 JIBRI_XMPP_PASSWORD=$(generatePassword)
+JIGASI_TRANSCRIBER_PASSWORD=$(generatePassword)
 
 sed -i.bak \
     -e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
     -e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
     -e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \
     -e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \
     -e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \
+    -e "s#JIGASI_TRANSCRIBER_PASSWORD=.*#JIGASI_TRANSCRIBER_PASSWORD=${JIGASI_TRANSCRIBER_PASSWORD}#g" \
     "$(dirname "$0")/.env"

jigasi.yml

@@ -20,6 +20,7 @@ services:
             - XMPP_SERVER
             - XMPP_PORT
             - XMPP_DOMAIN
+            - XMPP_RECORDER_DOMAIN
             - PUBLIC_URL
             - JIGASI_DISABLE_SIP
             - JIGASI_SIP_URI
@@ -30,6 +31,9 @@ services:
             - JIGASI_SIP_DEFAULT_ROOM
             - JIGASI_XMPP_USER
             - JIGASI_XMPP_PASSWORD
+            - JIGASI_TRANSCRIBER_AUTHENTICATION
+            - JIGASI_TRANSCRIBER_USER
+            - JIGASI_TRANSCRIBER_PASSWORD
             - JIGASI_BREWERY_MUC
             - JIGASI_PORT_MIN
             - JIGASI_PORT_MAX

jigasi/rootfs/defaults/sip-communicator.properties

@@ -170,7 +170,14 @@ org.jitsi.jigasi.transcription.SAVE_TXT=true
 org.jitsi.jigasi.transcription.SEND_TXT={{ .Env.JIGASI_TRANSCRIBER_SEND_TXT | default "false"}}
 org.jitsi.jigasi.transcription.RECORD_AUDIO={{ .Env.JIGASI_TRANSCRIBER_RECORD_AUDIO | default "false"}}
 org.jitsi.jigasi.transcription.RECORD_AUDIO_FORMAT=wav
-{{end}}
+{{ if .Env.JIGASI_TRANSCRIBER_AUTHENTICATION | default "0" | toBool }}
+# authenticate transcriber to make it a hidden participant
+org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}
+org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
+org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_TRANSCRIBER_PASSWORD }}
+org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
+{{ end }}
+{{ end }}
 
 {{ if .Env.JIGASI_SIP_DEFAULT_ROOM }}
 org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME={{ .Env.JIGASI_SIP_DEFAULT_ROOM }}

jigasi/rootfs/etc/cont-init.d/10-config

@@ -51,3 +51,10 @@ if [[ $ENABLE_TRANSCRIPTIONS -eq 1 || $ENABLE_TRANSCRIPTIONS == "true" ]]; then
         }' \
         > /config/key.json
 fi
+
+# check that no conflicting authentications are configured
+if [[ $ENABLE_AUTH -eq 1 && $JIGASI_TRANSCRIBER_AUTHENTICATION -eq 1 ]]; then
+    echo 'Conflicting authentications specified!'
+    exit 1
+fi
+

prosody/rootfs/etc/cont-init.d/10-config

@@ -53,6 +53,7 @@ fi
 [ -z "${JIBRI_RECORDER_USER}" ] && export JIBRI_RECORDER_USER=recorder
 [ -z "${JIBRI_XMPP_USER}" ] && export JIBRI_XMPP_USER=jibri
 [ -z "${JIGASI_XMPP_USER}" ] && export JIGASI_XMPP_USER=jigasi
+[ -z "${JIGASI_TRANSCRIBER_USER}" ] && export JIGASI_TRANSCRIBER_USER=transcriber
 [ -z "${JVB_AUTH_USER}" ] && export JVB_AUTH_USER=jvb
 [ -z "${XMPP_DOMAIN}" ] && export XMPP_DOMAIN=meet.jitsi
 [ -z "${XMPP_AUTH_DOMAIN}" ] && export XMPP_AUTH_DOMAIN=auth.meet.jitsi
@@ -104,6 +105,15 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
     prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD
 fi
 
+if [[ ! -z $JIGASI_TRANSCRIBER_PASSWORD ]]; then
+    OLD_JIGASI_TRANSCRIBER_PASSWORD=passw0rd
+    if [[ "$JIGASI_TRANSCRIBER_PASSWORD" == "$OLD_JIGASI_TRANSCRIBER_PASSWORD" ]]; then
+        echo 'FATAL ERROR: Jigasi transcriber password must be changed, check the README'
+        exit 1
+    fi
+    prosodyctl --config $PROSODY_CFG register $JIGASI_TRANSCRIBER_USER $XMPP_RECORDER_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD
+fi
+
 if [[ "$PROSODY_MODE" == "visitors" ]]; then
     [ -z "$VISITORS_XMPP_DOMAIN" ] && VISITORS_XMPP_DOMAIN="meet.jitsi"
     [ -z "$PROSODY_VISITOR_INDEX" ] && PROSODY_VISITOR_INDEX=0