1 |
|
-module(mongoose_config_spec). |
2 |
|
|
3 |
|
%% entry point - returns the entire spec |
4 |
|
-export([root/0]). |
5 |
|
|
6 |
|
%% spec parts used by modules and services |
7 |
|
-export([wpool_items/0, |
8 |
|
iqdisc/0]). |
9 |
|
|
10 |
|
%% callbacks for the 'process' step |
11 |
|
-export([process_root/1, |
12 |
|
process_host/1, |
13 |
|
process_general/1, |
14 |
|
process_sm_backend/1, |
15 |
|
process_ctl_access_rule/1, |
16 |
|
process_listener/2, |
17 |
|
process_verify_peer/1, |
18 |
|
process_tls_sni/1, |
19 |
|
process_xmpp_tls/1, |
20 |
|
process_fast_tls/1, |
21 |
|
process_http_handler/2, |
22 |
|
process_sasl_external/1, |
23 |
|
process_sasl_mechanism/1, |
24 |
|
process_auth/1, |
25 |
|
process_pool/2, |
26 |
|
process_cassandra_auth/1, |
27 |
|
process_rdbms_connection/1, |
28 |
|
process_riak_tls/1, |
29 |
|
process_cassandra_server/1, |
30 |
|
process_riak_credentials/1, |
31 |
|
process_iqdisc/1, |
32 |
|
process_acl_condition/1, |
33 |
|
process_s2s_host_policy/1, |
34 |
|
process_s2s_address/1, |
35 |
|
process_domain_cert/1]). |
36 |
|
|
37 |
|
-include("mongoose_config_spec.hrl"). |
38 |
|
|
39 |
|
-type config_node() :: config_section() | config_list() | config_option(). |
40 |
|
-type config_section() :: #section{}. |
41 |
|
-type config_list() :: #list{}. |
42 |
|
-type config_option() :: #option{}. |
43 |
|
|
44 |
|
-type option_type() :: boolean | binary | string | atom | int_or_infinity |
45 |
|
| int_or_atom | integer | float. |
46 |
|
|
47 |
|
-type wrapper() :: top_level_config_wrapper() | config_part_wrapper(). |
48 |
|
|
49 |
|
%% Wrap the value in a top-level config option |
50 |
|
-type top_level_config_wrapper() :: |
51 |
|
% Config option, see the type below for details |
52 |
|
config_option_wrapper() |
53 |
|
|
54 |
|
% Config option, the key is replaced with NewKey |
55 |
|
| {config_option_wrapper(), NewKey :: atom()}. |
56 |
|
|
57 |
|
-type config_option_wrapper() :: |
58 |
|
global_config % [{Key, Value}] |
59 |
|
| host_config. % Inside host_config: [{{Key, Host}, Value}] |
60 |
|
% Otherwise: one such option for each configured host |
61 |
|
|
62 |
|
%% Wrap the value in config part - key-value pair or just a value |
63 |
|
-type config_part_wrapper() :: |
64 |
|
default % [{Key, Value}] for section items, [Value] for list items |
65 |
|
| item % [Value] |
66 |
|
| remove % [] - the item is ignored |
67 |
|
| none % just Value - injects elements of Value into the parent section/list |
68 |
|
| {kv, NewKey :: term()} % [{NewKey, Value}] - replaces the key with NewKey |
69 |
|
| prepend_key. % [{Key, V1, ..., Vn}] when Value = {V1, ..., Vn} |
70 |
|
|
71 |
|
%% This option allows to put list/section items in a map |
72 |
|
-type format_items() :: |
73 |
|
none % keep the processed items unchanged |
74 |
|
| map. % convert the processed items (which have to be a KV list) to a map |
75 |
|
|
76 |
|
-export_type([config_node/0, config_section/0, config_list/0, config_option/0, |
77 |
|
wrapper/0, format_items/0, option_type/0]). |
78 |
|
|
79 |
|
%% Config processing functions are annotated with TOML paths |
80 |
|
%% Path syntax: dotted, like TOML keys with the following additions: |
81 |
|
%% - '[]' denotes an element in a list |
82 |
|
%% - '( ... )' encloses an optional prefix |
83 |
|
%% - '*' is a wildcard for names - usually that name is passed as an argument |
84 |
|
%% If the path is the same as for the previous function, it is not repeated. |
85 |
|
%% |
86 |
|
%% Example: (host_config[].)access.* |
87 |
|
%% Meaning: either a key in the 'access' section, e.g. |
88 |
|
%% [access] |
89 |
|
%% local = ... |
90 |
|
%% or the same, but prefixed for a specific host, e.g. |
91 |
|
%% [[host_config]] |
92 |
|
%% host = "myhost" |
93 |
|
%% host_config.access |
94 |
|
%% local = ... |
95 |
|
|
96 |
|
root() -> |
97 |
73 |
General = general(), |
98 |
73 |
Listen = listen(), |
99 |
73 |
Auth = auth(), |
100 |
73 |
Modules = modules(), |
101 |
73 |
#section{ |
102 |
|
items = #{<<"general">> => General#section{required = [<<"default_server_domain">>], |
103 |
|
process = fun ?MODULE:process_general/1, |
104 |
|
defaults = general_defaults()}, |
105 |
|
<<"listen">> => Listen#section{include = always}, |
106 |
|
<<"auth">> => Auth#section{include = always}, |
107 |
|
<<"outgoing_pools">> => outgoing_pools(), |
108 |
|
<<"services">> => services(), |
109 |
|
<<"modules">> => Modules#section{include = always}, |
110 |
|
<<"shaper">> => shaper(), |
111 |
|
<<"acl">> => acl(), |
112 |
|
<<"access">> => access(), |
113 |
|
<<"s2s">> => s2s(), |
114 |
|
<<"host_config">> => #list{items = host_config(), |
115 |
|
wrap = none} |
116 |
|
}, |
117 |
|
required = [<<"general">>], |
118 |
|
process = fun ?MODULE:process_root/1, |
119 |
|
wrap = none |
120 |
|
}. |
121 |
|
|
122 |
|
%% path: host_config[] |
123 |
|
host_config() -> |
124 |
73 |
#section{ |
125 |
|
items = #{%% Host is only validated here - it is stored in the path, |
126 |
|
%% see mongoose_config_parser_toml:item_key/1 |
127 |
|
%% |
128 |
|
%% for every configured host the host_type of the same name |
129 |
|
%% is declared automatically. As host_config section is now |
130 |
|
%% used for changing configuration of the host_type, we don't |
131 |
|
%% need host option any more. but to stay compatible with an |
132 |
|
%% old config format we keep host option as well. now it is |
133 |
|
%% just a synonym to host_type. |
134 |
|
<<"host">> => #option{type = binary, |
135 |
|
validate = non_empty, |
136 |
|
wrap = remove}, |
137 |
|
|
138 |
|
<<"host_type">> => #option{type = binary, |
139 |
|
validate = non_empty, |
140 |
|
wrap = remove}, |
141 |
|
|
142 |
|
%% Sections below are allowed in host_config, |
143 |
|
%% but only options with 'wrap = host_config' are accepted. |
144 |
|
%% Options with 'wrap = global_config' would be caught by |
145 |
|
%% mongoose_config_parser_toml:wrap/3 |
146 |
|
<<"general">> => general(), |
147 |
|
<<"auth">> => auth(), |
148 |
|
<<"modules">> => modules(), |
149 |
|
<<"acl">> => acl(), |
150 |
|
<<"access">> => access(), |
151 |
|
<<"s2s">> => host_s2s() |
152 |
|
}, |
153 |
|
wrap = none |
154 |
|
}. |
155 |
|
|
156 |
|
%% path: general |
157 |
|
general() -> |
158 |
146 |
#section{ |
159 |
|
items = #{<<"loglevel">> => #option{type = atom, |
160 |
|
validate = loglevel, |
161 |
|
wrap = global_config}, |
162 |
|
<<"hosts">> => #list{items = #option{type = binary, |
163 |
|
validate = non_empty, |
164 |
|
process = fun ?MODULE:process_host/1}, |
165 |
|
validate = unique, |
166 |
|
wrap = global_config}, |
167 |
|
<<"host_types">> => #list{items = #option{type = binary, |
168 |
|
validate = non_empty}, |
169 |
|
validate = unique, |
170 |
|
wrap = global_config}, |
171 |
|
<<"default_server_domain">> => #option{type = binary, |
172 |
|
validate = non_empty, |
173 |
|
process = fun ?MODULE:process_host/1, |
174 |
|
wrap = global_config}, |
175 |
|
<<"registration_timeout">> => #option{type = int_or_infinity, |
176 |
|
validate = positive, |
177 |
|
wrap = global_config}, |
178 |
|
<<"language">> => #option{type = binary, |
179 |
|
validate = non_empty, |
180 |
|
wrap = global_config}, |
181 |
|
<<"all_metrics_are_global">> => #option{type = boolean, |
182 |
|
wrap = global_config}, |
183 |
|
<<"sm_backend">> => #option{type = atom, |
184 |
|
validate = {module, ejabberd_sm}, |
185 |
|
process = fun ?MODULE:process_sm_backend/1, |
186 |
|
wrap = global_config}, |
187 |
|
<<"max_fsm_queue">> => #option{type = integer, |
188 |
|
validate = positive, |
189 |
|
wrap = global_config}, |
190 |
|
<<"http_server_name">> => #option{type = string, |
191 |
|
wrap = {global_config, cowboy_server_name}}, |
192 |
|
<<"rdbms_server_type">> => #option{type = atom, |
193 |
|
validate = {enum, [mssql, pgsql]}, |
194 |
|
wrap = global_config}, |
195 |
|
<<"route_subdomains">> => #option{type = atom, |
196 |
|
validate = {enum, [s2s]}, |
197 |
|
wrap = host_config}, |
198 |
|
<<"mongooseimctl_access_commands">> => #section{ |
199 |
|
items = #{default => ctl_access_rule()}, |
200 |
|
wrap = global_config}, |
201 |
|
<<"routing_modules">> => #list{items = #option{type = atom, |
202 |
|
validate = module}, |
203 |
|
wrap = global_config}, |
204 |
|
<<"replaced_wait_timeout">> => #option{type = integer, |
205 |
|
validate = positive, |
206 |
|
wrap = host_config}, |
207 |
|
<<"hide_service_name">> => #option{type = boolean, |
208 |
|
wrap = global_config}, |
209 |
|
<<"domain_certfile">> => #list{items = domain_cert(), |
210 |
|
format_items = map, |
211 |
|
wrap = global_config} |
212 |
|
}, |
213 |
|
wrap = none |
214 |
|
}. |
215 |
|
|
216 |
|
general_defaults() -> |
217 |
73 |
#{<<"loglevel">> => warning, |
218 |
|
<<"hosts">> => [], |
219 |
|
<<"host_types">> => [], |
220 |
|
<<"registration_timeout">> => 600, |
221 |
|
<<"language">> => <<"en">>, |
222 |
|
<<"all_metrics_are_global">> => false, |
223 |
|
<<"sm_backend">> => {mnesia, []}, |
224 |
|
<<"rdbms_server_type">> => generic, |
225 |
|
<<"mongooseimctl_access_commands">> => [], |
226 |
|
<<"routing_modules">> => mongoose_router:default_routing_modules(), |
227 |
|
<<"replaced_wait_timeout">> => 2000, |
228 |
|
<<"hide_service_name">> => false}. |
229 |
|
|
230 |
|
ctl_access_rule() -> |
231 |
146 |
#section{ |
232 |
|
items = #{<<"commands">> => #list{items = #option{type = string}}, |
233 |
|
<<"argument_restrictions">> => #section{ |
234 |
|
items = #{default => #option{type = string}} |
235 |
|
} |
236 |
|
}, |
237 |
|
process = fun ?MODULE:process_ctl_access_rule/1, |
238 |
|
wrap = prepend_key |
239 |
|
}. |
240 |
|
|
241 |
|
%% path: general.domain_certfile |
242 |
|
domain_cert() -> |
243 |
146 |
#section{ |
244 |
|
items = #{<<"domain">> => #option{type = binary, |
245 |
|
validate = non_empty}, |
246 |
|
<<"certfile">> => #option{type = string, |
247 |
|
validate = filename}}, |
248 |
|
required = all, |
249 |
|
format_items = map, |
250 |
|
process = fun ?MODULE:process_domain_cert/1 |
251 |
|
}. |
252 |
|
|
253 |
|
%% path: listen |
254 |
|
listen() -> |
255 |
73 |
Keys = [<<"http">>, <<"c2s">>, <<"s2s">>, <<"service">>], |
256 |
73 |
#section{ |
257 |
292 |
items = maps:from_list([{Key, #list{items = listener(Key), |
258 |
73 |
wrap = none}} || Key <- Keys]), |
259 |
|
process = fun mongoose_listener_config:verify_unique_listeners/1, |
260 |
|
wrap = global_config |
261 |
|
}. |
262 |
|
|
263 |
|
%% path: listen.*[] |
264 |
|
listener(Type) -> |
265 |
292 |
ExtraItems = listener_items(Type), |
266 |
292 |
#section{ |
267 |
|
items = ExtraItems#{<<"port">> => #option{type = integer, |
268 |
|
validate = port}, |
269 |
|
<<"ip_address">> => #option{type = string, |
270 |
|
validate = ip_address}, |
271 |
|
<<"proto">> => #option{type = atom, |
272 |
|
validate = {enum, [tcp, udp]}}, |
273 |
|
<<"ip_version">> => #option{type = integer, |
274 |
|
validate = {enum, [4, 6]}} |
275 |
|
}, |
276 |
|
format_items = map, |
277 |
|
required = [<<"port">>], |
278 |
|
defaults = #{<<"proto">> => tcp}, |
279 |
|
process = fun ?MODULE:process_listener/2 |
280 |
|
}. |
281 |
|
|
282 |
|
listener_items(<<"http">>) -> |
283 |
73 |
#{<<"tls">> => http_listener_tls(), |
284 |
|
<<"transport">> => http_transport(), |
285 |
|
<<"protocol">> => http_protocol(), |
286 |
|
<<"handlers">> => http_handlers() |
287 |
|
}; |
288 |
|
listener_items(Type) -> |
289 |
219 |
ExtraItems = xmpp_listener_items(Type), |
290 |
219 |
ExtraItems#{<<"hibernate_after">> => #option{type = integer, |
291 |
|
validate = non_negative}, |
292 |
|
<<"max_stanza_size">> => #option{type = integer, |
293 |
|
validate = positive}, |
294 |
|
<<"backlog">> => #option{type = integer, |
295 |
|
validate = non_negative}, |
296 |
|
<<"proxy_protocol">> => #option{type = boolean}, |
297 |
|
<<"num_acceptors">> => #option{type = integer, |
298 |
|
validate = positive, |
299 |
|
wrap = {kv, acceptors_num}} |
300 |
|
}. |
301 |
|
|
302 |
|
xmpp_listener_items(<<"c2s">>) -> |
303 |
73 |
#{<<"access">> => #option{type = atom, |
304 |
|
validate = non_empty}, |
305 |
|
<<"shaper">> => #option{type = atom, |
306 |
|
validate = non_empty}, |
307 |
|
<<"xml_socket">> => #option{type = boolean}, |
308 |
|
<<"zlib">> => #option{type = integer, |
309 |
|
validate = positive}, |
310 |
|
<<"max_fsm_queue">> => #option{type = integer, |
311 |
|
validate = positive}, |
312 |
|
<<"tls">> => c2s_tls()}; |
313 |
|
xmpp_listener_items(<<"s2s">>) -> |
314 |
73 |
#{<<"shaper">> => #option{type = atom, |
315 |
|
validate = non_empty}, |
316 |
|
<<"tls">> => s2s_tls()}; |
317 |
|
xmpp_listener_items(<<"service">>) -> |
318 |
146 |
#{<<"access">> => #option{type = atom, |
319 |
|
validate = non_empty}, |
320 |
|
<<"shaper_rule">> => #option{type = atom, |
321 |
|
validate = non_empty}, |
322 |
|
<<"check_from">> => #option{type = boolean, |
323 |
|
wrap = {kv, service_check_from}}, |
324 |
|
<<"hidden_components">> => #option{type = boolean}, |
325 |
|
<<"conflict_behaviour">> => #option{type = atom, |
326 |
|
validate = {enum, [kick_old, disconnect]}}, |
327 |
|
<<"password">> => #option{type = string, |
328 |
|
validate = non_empty}, |
329 |
|
<<"max_fsm_queue">> => #option{type = integer, |
330 |
|
validate = positive}}. |
331 |
|
|
332 |
|
%% path: listen.c2s[].tls |
333 |
|
c2s_tls() -> |
334 |
73 |
#section{ |
335 |
|
items = #{ |
336 |
|
%% common |
337 |
|
<<"module">> => #option{type = atom, |
338 |
|
validate = {enum, [fast_tls, just_tls]}}, |
339 |
|
<<"mode">> => #option{type = atom, |
340 |
|
validate = {enum, [tls, starttls, starttls_required]}}, |
341 |
|
<<"verify_peer">> => #option{type = boolean, |
342 |
|
process = fun ?MODULE:process_verify_peer/1}, |
343 |
|
<<"certfile">> => #option{type = string, |
344 |
|
validate = filename}, |
345 |
|
<<"cacertfile">> => #option{type = string, |
346 |
|
validate = filename}, |
347 |
|
<<"dhfile">> => #option{type = string, |
348 |
|
validate = filename}, |
349 |
|
<<"ciphers">> => #option{type = string}, |
350 |
|
|
351 |
|
%% fast_tls |
352 |
|
<<"protocol_options">> => #list{items = #option{type = string, |
353 |
|
validate = non_empty}}, |
354 |
|
|
355 |
|
%% just_tls |
356 |
|
<<"verify_mode">> => #option{type = atom, |
357 |
|
validate = {enum, [peer, selfsigned_peer, none]}}, |
358 |
|
<<"disconnect_on_failure">> => #option{type = boolean}, |
359 |
|
<<"crl_files">> => #list{items = #option{type = string, |
360 |
|
validate = non_empty}, |
361 |
|
wrap = {kv, crlfiles}}, |
362 |
|
<<"password">> => #option{type = string}, |
363 |
|
<<"server_name_indication">> => #option{type = boolean}, |
364 |
|
<<"versions">> => #list{items = #option{type = atom}} |
365 |
|
}, |
366 |
|
process = fun ?MODULE:process_xmpp_tls/1 |
367 |
|
}. |
368 |
|
|
369 |
|
%% path: listen.s2s[].tls |
370 |
|
s2s_tls() -> |
371 |
73 |
#section{ |
372 |
|
items = #{<<"cacertfile">> => #option{type = string, |
373 |
|
validate = filename}, |
374 |
|
<<"dhfile">> => #option{type = string, |
375 |
|
validate = filename}, |
376 |
|
<<"ciphers">> => #option{type = string}, |
377 |
|
<<"protocol_options">> => #list{items = #option{type = string, |
378 |
|
validate = non_empty}} |
379 |
|
}, |
380 |
|
process = fun ?MODULE:process_fast_tls/1 |
381 |
|
}. |
382 |
|
|
383 |
|
%% path: listen.http[].tls |
384 |
|
http_listener_tls() -> |
385 |
73 |
Items = tls_items(), |
386 |
73 |
#section{ |
387 |
|
items = Items#{<<"verify_mode">> => #option{type = atom, |
388 |
|
validate = {enum, [peer, selfsigned_peer, none]}} |
389 |
|
}, |
390 |
|
wrap = {kv, ssl}, |
391 |
|
process = fun ?MODULE:process_tls_sni/1 |
392 |
|
}. |
393 |
|
|
394 |
|
%% path: listen.http[].transport |
395 |
|
http_transport() -> |
396 |
73 |
#section{ |
397 |
|
items = #{<<"num_acceptors">> => #option{type = integer, |
398 |
|
validate = positive}, |
399 |
|
<<"max_connections">> => #option{type = int_or_infinity, |
400 |
|
validate = non_negative} |
401 |
|
}, |
402 |
|
wrap = {kv, transport_options} |
403 |
|
}. |
404 |
|
|
405 |
|
%% path: listen.http[].protocol |
406 |
|
http_protocol() -> |
407 |
73 |
#section{ |
408 |
|
items = #{<<"compress">> => #option{type = boolean}}, |
409 |
|
wrap = {kv, protocol_options} |
410 |
|
}. |
411 |
|
|
412 |
|
%% path: listen.http[].handlers |
413 |
|
http_handlers() -> |
414 |
73 |
Keys = [<<"mod_websockets">>, |
415 |
|
<<"lasse_handler">>, |
416 |
|
<<"cowboy_static">>, |
417 |
|
<<"mongoose_api">>, |
418 |
|
<<"mongoose_api_admin">>, |
419 |
|
<<"mongoose_domain_handler">>, |
420 |
|
<<"mongoose_graphql_cowboy_handler">>, |
421 |
|
default], |
422 |
73 |
#section{ |
423 |
584 |
items = maps:from_list([{Key, #list{items = http_handler(Key), |
424 |
73 |
wrap = none}} || Key <- Keys]), |
425 |
|
validate_keys = module, |
426 |
|
wrap = {kv, modules} |
427 |
|
}. |
428 |
|
|
429 |
|
%% path: listen.http[].handlers.*[] |
430 |
|
http_handler(Key) -> |
431 |
584 |
ExtraItems = http_handler_items(Key), |
432 |
584 |
RequiredKeys = case http_handler_required(Key) of |
433 |
219 |
all -> all; |
434 |
365 |
[] -> [<<"host">>, <<"path">>] |
435 |
|
end, |
436 |
584 |
#section{ |
437 |
|
items = ExtraItems#{<<"host">> => #option{type = string, |
438 |
|
validate = non_empty}, |
439 |
|
<<"path">> => #option{type = string} |
440 |
|
}, |
441 |
|
required = RequiredKeys, |
442 |
|
process = fun ?MODULE:process_http_handler/2 |
443 |
|
}. |
444 |
|
|
445 |
|
http_handler_items(<<"mod_websockets">>) -> |
446 |
73 |
#{<<"timeout">> => #option{type = int_or_infinity, |
447 |
|
validate = non_negative}, |
448 |
|
<<"ping_rate">> => #option{type = integer, |
449 |
|
validate = positive}, |
450 |
|
<<"max_stanza_size">> => #option{type = int_or_infinity, |
451 |
|
validate = positive}, |
452 |
|
<<"service">> => #section{items = xmpp_listener_items(<<"service">>), |
453 |
|
wrap = {kv, ejabberd_service}}}; |
454 |
|
http_handler_items(<<"lasse_handler">>) -> |
455 |
73 |
#{<<"module">> => #option{type = atom, |
456 |
|
validate = module}}; |
457 |
|
http_handler_items(<<"cowboy_static">>) -> |
458 |
73 |
#{<<"type">> => #option{type = atom}, |
459 |
|
<<"app">> => #option{type = atom}, |
460 |
|
<<"content_path">> => #option{type = string}}; |
461 |
|
http_handler_items(<<"mongoose_api">>) -> |
462 |
73 |
#{<<"handlers">> => #list{items = #option{type = atom, |
463 |
|
validate = module}}}; |
464 |
|
http_handler_items(<<"mongoose_api_admin">>) -> |
465 |
73 |
#{<<"username">> => #option{type = binary}, |
466 |
|
<<"password">> => #option{type = binary}}; |
467 |
|
http_handler_items(<<"mongoose_domain_handler">>) -> |
468 |
73 |
#{<<"username">> => #option{type = binary}, |
469 |
|
<<"password">> => #option{type = binary}}; |
470 |
|
http_handler_items(<<"mongoose_graphql_cowboy_handler">>) -> |
471 |
73 |
#{<<"username">> => #option{type = binary}, |
472 |
|
<<"password">> => #option{type = binary}, |
473 |
|
<<"schema_endpoint">> => #option{type = binary}}; |
474 |
|
http_handler_items(_) -> |
475 |
73 |
#{}. |
476 |
|
|
477 |
73 |
http_handler_required(<<"lasse_handler">>) -> all; |
478 |
73 |
http_handler_required(<<"cowboy_static">>) -> all; |
479 |
73 |
http_handler_required(<<"mongoose_api">>) -> all; |
480 |
365 |
http_handler_required(_) -> []. |
481 |
|
|
482 |
|
%% path: (host_config[].)auth |
483 |
|
auth() -> |
484 |
146 |
Items = maps:from_list([{a2b(Method), ejabberd_auth:config_spec(Method)} || |
485 |
146 |
Method <- all_auth_methods()]), |
486 |
146 |
#section{ |
487 |
|
items = Items#{<<"methods">> => #list{items = #option{type = atom, |
488 |
|
validate = {module, ejabberd_auth}}}, |
489 |
|
<<"password">> => auth_password(), |
490 |
|
<<"sasl_external">> => |
491 |
|
#list{items = #option{type = atom, |
492 |
|
process = fun ?MODULE:process_sasl_external/1}}, |
493 |
|
<<"sasl_mechanisms">> => |
494 |
|
#list{items = #option{type = atom, |
495 |
|
validate = {module, cyrsasl}, |
496 |
|
process = fun ?MODULE:process_sasl_mechanism/1}} |
497 |
|
}, |
498 |
|
format_items = map, |
499 |
|
defaults = #{<<"sasl_external">> => [standard], |
500 |
|
<<"sasl_mechanisms">> => cyrsasl:default_modules()}, |
501 |
|
process = fun ?MODULE:process_auth/1, |
502 |
|
wrap = host_config |
503 |
|
}. |
504 |
|
|
505 |
|
%% path: (host_config[].)auth.password |
506 |
|
auth_password() -> |
507 |
146 |
#section{ |
508 |
|
items = #{<<"format">> => #option{type = atom, |
509 |
|
validate = {enum, [scram, plain]}}, |
510 |
|
<<"hash">> => #list{items = #option{type = atom, |
511 |
|
validate = {enum, [sha, sha224, sha256, |
512 |
|
sha384, sha512]}}, |
513 |
|
validate = unique_non_empty |
514 |
|
}, |
515 |
|
<<"scram_iterations">> => #option{type = integer, |
516 |
|
validate = positive} |
517 |
|
}, |
518 |
|
format_items = map, |
519 |
|
defaults = #{<<"format">> => scram, |
520 |
|
<<"scram_iterations">> => mongoose_scram:iterations()}, |
521 |
|
include = always |
522 |
|
}. |
523 |
|
|
524 |
|
%% path: outgoing_pools |
525 |
|
outgoing_pools() -> |
526 |
73 |
PoolTypes = [<<"cassandra">>, <<"elastic">>, <<"http">>, <<"ldap">>, |
527 |
|
<<"rabbit">>, <<"rdbms">>, <<"redis">>, <<"riak">>], |
528 |
73 |
Items = [{Type, #section{items = #{default => outgoing_pool(Type)}, |
529 |
|
validate_keys = non_empty, |
530 |
73 |
wrap = none}} || Type <- PoolTypes], |
531 |
73 |
#section{ |
532 |
|
items = maps:from_list(Items), |
533 |
|
wrap = global_config |
534 |
|
}. |
535 |
|
|
536 |
|
%% path: outgoing_pools.*.* |
537 |
|
outgoing_pool(Type) -> |
538 |
584 |
WPool = wpool_items(), |
539 |
584 |
#section{ |
540 |
|
items = WPool#{<<"scope">> => #option{type = atom, |
541 |
|
validate = {enum, [global, host, single_host]}}, |
542 |
|
<<"host">> => #option{type = binary, |
543 |
|
validate = non_empty}, |
544 |
|
<<"connection">> => outgoing_pool_connection(Type) |
545 |
|
}, |
546 |
|
process = fun ?MODULE:process_pool/2, |
547 |
|
wrap = item |
548 |
|
}. |
549 |
|
|
550 |
|
wpool_items() -> |
551 |
730 |
#{<<"workers">> => #option{type = integer, |
552 |
|
validate = positive}, |
553 |
|
<<"strategy">> => #option{type = atom, |
554 |
|
validate = {enum, wpool_strategy_values()}}, |
555 |
|
<<"call_timeout">> => #option{type = integer, |
556 |
|
validate = positive} |
557 |
|
}. |
558 |
|
|
559 |
|
%% path: outgoing_pools.*.*.connection |
560 |
|
outgoing_pool_connection(<<"cassandra">>) -> |
561 |
73 |
#section{ |
562 |
|
items = #{<<"servers">> => #list{items = cassandra_server()}, |
563 |
|
<<"keyspace">> => #option{type = string, |
564 |
|
validate = non_empty}, |
565 |
|
<<"auth">> => #section{items = #{<<"plain">> => cassandra_auth_plain()}, |
566 |
|
required = all, |
567 |
|
process = fun ?MODULE:process_cassandra_auth/1}, |
568 |
|
<<"tls">> => #section{items = tls_items(), |
569 |
|
wrap = {kv, ssl}, |
570 |
|
process = fun ?MODULE:process_tls_sni/1} |
571 |
|
} |
572 |
|
}; |
573 |
|
outgoing_pool_connection(<<"elastic">>) -> |
574 |
73 |
#section{ |
575 |
|
items = #{<<"host">> => #option{type = string, |
576 |
|
validate = non_empty}, |
577 |
|
<<"port">> => #option{type = integer, |
578 |
|
validate = port} |
579 |
|
} |
580 |
|
}; |
581 |
|
outgoing_pool_connection(<<"http">>) -> |
582 |
73 |
#section{ |
583 |
|
items = #{<<"host">> => #option{type = string, |
584 |
|
validate = non_empty, |
585 |
|
wrap = {kv, server}}, |
586 |
|
<<"path_prefix">> => #option{type = string, |
587 |
|
validate = non_empty}, |
588 |
|
<<"request_timeout">> => #option{type = integer, |
589 |
|
validate = non_negative}, |
590 |
|
<<"tls">> => #section{items = tls_items(), |
591 |
|
wrap = {kv, http_opts}, |
592 |
|
process = fun ?MODULE:process_tls_sni/1} |
593 |
|
} |
594 |
|
}; |
595 |
|
outgoing_pool_connection(<<"ldap">>) -> |
596 |
73 |
#section{ |
597 |
|
items = #{<<"host">> => #option{type = string, |
598 |
|
validate = non_empty}, |
599 |
|
<<"port">> => #option{type = integer, |
600 |
|
validate = port}, |
601 |
|
<<"rootdn">> => #option{type = string}, |
602 |
|
<<"password">> => #option{type = string}, |
603 |
|
<<"encrypt">> => #option{type = atom, |
604 |
|
validate = {enum, [none, tls]}}, |
605 |
|
<<"servers">> => #list{items = #option{type = string}}, |
606 |
|
<<"connect_interval">> => #option{type = integer, |
607 |
|
validate = positive}, |
608 |
|
<<"tls">> => #section{items = tls_items(), |
609 |
|
wrap = {kv, tls_options}, |
610 |
|
process = fun ?MODULE:process_tls_sni/1} |
611 |
|
} |
612 |
|
}; |
613 |
|
outgoing_pool_connection(<<"rabbit">>) -> |
614 |
73 |
#section{ |
615 |
|
items = #{<<"amqp_host">> => #option{type = string, |
616 |
|
validate = non_empty}, |
617 |
|
<<"amqp_port">> => #option{type = integer, |
618 |
|
validate = port}, |
619 |
|
<<"amqp_username">> => #option{type = string, |
620 |
|
validate = non_empty}, |
621 |
|
<<"amqp_password">> => #option{type = string, |
622 |
|
validate = non_empty}, |
623 |
|
<<"confirms_enabled">> => #option{type = boolean}, |
624 |
|
<<"max_worker_queue_len">> => #option{type = int_or_infinity, |
625 |
|
validate = non_negative} |
626 |
|
} |
627 |
|
}; |
628 |
|
outgoing_pool_connection(<<"rdbms">>) -> |
629 |
73 |
#section{ |
630 |
|
items = #{<<"driver">> => #option{type = atom, |
631 |
|
validate = {enum, [odbc, pgsql, mysql]}}, |
632 |
|
<<"keepalive_interval">> => #option{type = integer, |
633 |
|
validate = positive}, |
634 |
|
|
635 |
|
% odbc |
636 |
|
<<"settings">> => #option{type = string}, |
637 |
|
|
638 |
|
% mysql, pgsql |
639 |
|
<<"host">> => #option{type = string, |
640 |
|
validate = non_empty}, |
641 |
|
<<"database">> => #option{type = string, |
642 |
|
validate = non_empty}, |
643 |
|
<<"username">> => #option{type = string, |
644 |
|
validate = non_empty}, |
645 |
|
<<"password">> => #option{type = string, |
646 |
|
validate = non_empty}, |
647 |
|
<<"port">> => #option{type = integer, |
648 |
|
validate = port}, |
649 |
|
<<"tls">> => sql_tls() |
650 |
|
}, |
651 |
|
process = fun ?MODULE:process_rdbms_connection/1 |
652 |
|
}; |
653 |
|
outgoing_pool_connection(<<"redis">>) -> |
654 |
73 |
#section{ |
655 |
|
items = #{<<"host">> => #option{type = string, |
656 |
|
validate = non_empty}, |
657 |
|
<<"port">> => #option{type = integer, |
658 |
|
validate = port}, |
659 |
|
<<"database">> => #option{type = integer, |
660 |
|
validate = non_negative}, |
661 |
|
<<"password">> => #option{type = string} |
662 |
|
} |
663 |
|
}; |
664 |
|
outgoing_pool_connection(<<"riak">>) -> |
665 |
73 |
#section{ |
666 |
|
items = #{<<"address">> => #option{type = string, |
667 |
|
validate = non_empty}, |
668 |
|
<<"port">> => #option{type = integer, |
669 |
|
validate = port}, |
670 |
|
<<"credentials">> => riak_credentials(), |
671 |
|
<<"tls">> => #section{items = tls_items(), |
672 |
|
process = fun ?MODULE:process_riak_tls/1, |
673 |
|
wrap = none}} |
674 |
|
}. |
675 |
|
|
676 |
|
cassandra_server() -> |
677 |
73 |
#section{ |
678 |
|
items = #{<<"ip_address">> => #option{type = string, |
679 |
|
validate = non_empty}, |
680 |
|
<<"port">> => #option{type = integer, |
681 |
|
validate = port}}, |
682 |
|
required = [<<"ip_address">>], |
683 |
|
process = fun ?MODULE:process_cassandra_server/1 |
684 |
|
}. |
685 |
|
|
686 |
|
%% path: outgoing_pools.cassandra.*.connection.auth.plain |
687 |
|
cassandra_auth_plain() -> |
688 |
73 |
#section{ |
689 |
|
items = #{<<"username">> => #option{type = binary}, |
690 |
|
<<"password">> => #option{type = binary}}, |
691 |
|
required = all |
692 |
|
}. |
693 |
|
|
694 |
|
%% path: outgoing_pools.riak.*.connection.credentials |
695 |
|
riak_credentials() -> |
696 |
73 |
#section{ |
697 |
|
items = #{<<"user">> => #option{type = string, |
698 |
|
validate = non_empty}, |
699 |
|
<<"password">> => #option{type = string, |
700 |
|
validate = non_empty}}, |
701 |
|
required = all, |
702 |
|
process = fun ?MODULE:process_riak_credentials/1, |
703 |
|
wrap = prepend_key |
704 |
|
}. |
705 |
|
|
706 |
|
%% path: outgoing_pools.rdbms.*.connection.tls |
707 |
|
sql_tls() -> |
708 |
73 |
Items = tls_items(), |
709 |
73 |
#section{ |
710 |
|
items = Items#{<<"required">> => #option{type = boolean}}, |
711 |
|
process = fun ?MODULE:process_tls_sni/1 |
712 |
|
}. |
713 |
|
|
714 |
|
tls_items() -> |
715 |
438 |
#{<<"verify_peer">> => #option{type = boolean, |
716 |
|
process = fun ?MODULE:process_verify_peer/1, |
717 |
|
wrap = {kv, verify}}, |
718 |
|
<<"certfile">> => #option{type = string, |
719 |
|
validate = non_empty}, |
720 |
|
<<"cacertfile">> => #option{type = string, |
721 |
|
validate = non_empty}, |
722 |
|
<<"dhfile">> => #option{type = string, |
723 |
|
validate = non_empty}, |
724 |
|
<<"keyfile">> => #option{type = string, |
725 |
|
validate = non_empty}, |
726 |
|
<<"password">> => #option{type = string}, |
727 |
|
<<"server_name_indication">> => #option{type = boolean}, |
728 |
|
<<"server_name_indication_host">> => #option{type = string, validate = non_empty}, |
729 |
|
<<"server_name_indication_protocol">> => #option{type = atom, |
730 |
|
validate = {enum, [default, https]}}, |
731 |
|
<<"ciphers">> => #option{type = string}, |
732 |
|
<<"versions">> => #list{items = #option{type = atom}} |
733 |
|
}. |
734 |
|
|
735 |
|
%% path: (host_config[].)services |
736 |
|
services() -> |
737 |
73 |
Services = [{a2b(Service), mongoose_service:config_spec(Service)} |
738 |
73 |
|| Service <- configurable_services()], |
739 |
73 |
#section{ |
740 |
|
items = maps:from_list(Services), |
741 |
|
wrap = global_config |
742 |
|
}. |
743 |
|
|
744 |
|
configurable_services() -> |
745 |
73 |
[service_admin_extra, |
746 |
|
service_mongoose_system_metrics, |
747 |
|
service_domain_db]. |
748 |
|
|
749 |
|
%% path: (host_config[].)modules |
750 |
|
modules() -> |
751 |
146 |
Modules = [{a2b(Module), gen_mod:config_spec(Module)} |
752 |
146 |
|| Module <- configurable_modules()], |
753 |
146 |
Items = maps:from_list(Modules), |
754 |
146 |
#section{ |
755 |
|
items = Items#{default => #section{items = #{}}}, |
756 |
|
validate_keys = module, |
757 |
|
format_items = map, |
758 |
|
wrap = host_config |
759 |
|
}. |
760 |
|
|
761 |
|
configurable_modules() -> |
762 |
146 |
[mod_adhoc, |
763 |
|
mod_auth_token, |
764 |
|
mod_bosh, |
765 |
|
mod_cache_users, |
766 |
|
mod_caps, |
767 |
|
mod_carboncopy, |
768 |
|
mod_csi, |
769 |
|
mod_disco, |
770 |
|
mod_event_pusher, |
771 |
|
mod_extdisco, |
772 |
|
mod_global_distrib, |
773 |
|
mod_http_upload, |
774 |
|
mod_inbox, |
775 |
|
mod_jingle_sip, |
776 |
|
mod_keystore, |
777 |
|
mod_last, |
778 |
|
mod_mam_meta, |
779 |
|
mod_muc, |
780 |
|
mod_muc_light, |
781 |
|
mod_muc_log, |
782 |
|
mod_offline, |
783 |
|
mod_ping, |
784 |
|
mod_privacy, |
785 |
|
mod_private, |
786 |
|
mod_pubsub, |
787 |
|
mod_push_service_mongoosepush, |
788 |
|
mod_register, |
789 |
|
mod_roster, |
790 |
|
mod_shared_roster_ldap, |
791 |
|
mod_sic, |
792 |
|
mod_stream_management, |
793 |
|
mod_time, |
794 |
|
mod_vcard, |
795 |
|
mod_version, |
796 |
|
mod_domain_isolation]. |
797 |
|
|
798 |
|
%% path: (host_config[].)modules.*.iqdisc |
799 |
|
iqdisc() -> |
800 |
2336 |
#section{ |
801 |
|
items = #{<<"type">> => #option{type = atom, |
802 |
|
validate = {enum, [no_queue, one_queue, parallel, queues]}}, |
803 |
|
<<"workers">> => #option{type = integer, |
804 |
|
validate = positive}}, |
805 |
|
required = [<<"type">>], |
806 |
|
process = fun ?MODULE:process_iqdisc/1 |
807 |
|
}. |
808 |
|
|
809 |
|
process_iqdisc(KVs) -> |
810 |
:-( |
{[[{type, Type}]], WorkersOpts} = proplists:split(KVs, [type]), |
811 |
:-( |
iqdisc(Type, WorkersOpts). |
812 |
|
|
813 |
:-( |
iqdisc(queues, [{workers, N}]) -> {queues, N}; |
814 |
:-( |
iqdisc(Type, []) -> Type. |
815 |
|
|
816 |
|
%% path: shaper |
817 |
|
shaper() -> |
818 |
73 |
#section{ |
819 |
|
items = #{default => |
820 |
|
#section{ |
821 |
|
items = #{<<"max_rate">> => #option{type = integer, |
822 |
|
validate = positive}}, |
823 |
|
required = all, |
824 |
|
format_items = map |
825 |
|
} |
826 |
|
}, |
827 |
|
validate_keys = non_empty, |
828 |
|
format_items = map, |
829 |
|
wrap = global_config |
830 |
|
}. |
831 |
|
|
832 |
|
%% path: (host_config[].)acl |
833 |
|
acl() -> |
834 |
146 |
#section{ |
835 |
|
items = #{default => #list{items = acl_item()}}, |
836 |
|
format_items = map, |
837 |
|
wrap = host_config |
838 |
|
}. |
839 |
|
|
840 |
|
%% path: (host_config[].)acl.*[] |
841 |
|
acl_item() -> |
842 |
146 |
Match = #option{type = atom, |
843 |
|
validate = {enum, [all, none, current_domain, any_hosted_domain]}}, |
844 |
146 |
Cond = #option{type = binary, |
845 |
|
process = fun ?MODULE:process_acl_condition/1}, |
846 |
146 |
#section{ |
847 |
|
items = #{<<"match">> => Match, |
848 |
|
<<"user">> => Cond, |
849 |
|
<<"server">> => Cond, |
850 |
|
<<"resource">> => Cond, |
851 |
|
<<"user_regexp">> => Cond, |
852 |
|
<<"server_regexp">> => Cond, |
853 |
|
<<"resource_regexp">> => Cond, |
854 |
|
<<"user_glob">> => Cond, |
855 |
|
<<"server_glob">> => Cond, |
856 |
|
<<"resource_glob">> => Cond |
857 |
|
}, |
858 |
|
defaults = #{<<"match">> => current_domain}, |
859 |
|
format_items = map |
860 |
|
}. |
861 |
|
|
862 |
|
%% path: (host_config[].)access |
863 |
|
access() -> |
864 |
146 |
#section{ |
865 |
|
items = #{default => #list{items = access_rule_item()}}, |
866 |
|
format_items = map, |
867 |
|
wrap = host_config |
868 |
|
}. |
869 |
|
|
870 |
|
%% path: (host_config[].)access.*[] |
871 |
|
access_rule_item() -> |
872 |
146 |
#section{ |
873 |
|
items = #{<<"acl">> => #option{type = atom, |
874 |
|
validate = non_empty}, |
875 |
|
<<"value">> => #option{type = int_or_atom} |
876 |
|
}, |
877 |
|
required = all, |
878 |
|
format_items = map |
879 |
|
}. |
880 |
|
|
881 |
|
%% path: s2s |
882 |
|
s2s() -> |
883 |
73 |
#section{ |
884 |
|
items = maps:merge(s2s_global_items(), s2s_host_items()), |
885 |
|
defaults = #{<<"address">> => #{}}, |
886 |
|
include = always, |
887 |
|
wrap = none |
888 |
|
}. |
889 |
|
|
890 |
|
%% path: host_config[].s2s |
891 |
|
host_s2s() -> |
892 |
73 |
#section{ |
893 |
|
items = s2s_host_items(), |
894 |
|
wrap = none |
895 |
|
}. |
896 |
|
|
897 |
|
s2s_host_items() -> |
898 |
146 |
#{<<"default_policy">> => #option{type = atom, |
899 |
|
validate = {enum, [allow, deny]}, |
900 |
|
wrap = {host_config, s2s_default_policy}}, |
901 |
|
<<"host_policy">> => #list{items = s2s_host_policy(), |
902 |
|
format_items = map, |
903 |
|
wrap = {host_config, s2s_host_policy}}, |
904 |
|
<<"shared">> => #option{type = binary, |
905 |
|
validate = non_empty, |
906 |
|
wrap = {host_config, s2s_shared}}, |
907 |
|
<<"max_retry_delay">> => #option{type = integer, |
908 |
|
validate = positive, |
909 |
|
wrap = {host_config, s2s_max_retry_delay}} |
910 |
|
}. |
911 |
|
|
912 |
|
s2s_global_items() -> |
913 |
73 |
#{<<"dns">> => s2s_dns(), |
914 |
|
<<"outgoing">> => s2s_outgoing(), |
915 |
|
<<"use_starttls">> => #option{type = atom, |
916 |
|
validate = {enum, [false, optional, required, |
917 |
|
required_trusted]}, |
918 |
|
wrap = {global_config, s2s_use_starttls}}, |
919 |
|
<<"certfile">> => #option{type = string, |
920 |
|
validate = non_empty, |
921 |
|
wrap = {global_config, s2s_certfile}}, |
922 |
|
<<"address">> => #list{items = s2s_address(), |
923 |
|
format_items = map, |
924 |
|
wrap = {global_config, s2s_address}}, |
925 |
|
<<"ciphers">> => #option{type = string, |
926 |
|
wrap = {global_config, s2s_ciphers}} |
927 |
|
}. |
928 |
|
|
929 |
|
%% path: (host_config[].)s2s.dns |
930 |
|
s2s_dns() -> |
931 |
73 |
#section{ |
932 |
|
items = #{<<"timeout">> => #option{type = integer, |
933 |
|
validate = positive}, |
934 |
|
<<"retries">> => #option{type = integer, |
935 |
|
validate = positive}}, |
936 |
|
format_items = map, |
937 |
|
include = always, |
938 |
|
defaults = #{<<"timeout">> => 10, |
939 |
|
<<"retries">> => 2}, |
940 |
|
wrap = {global_config, s2s_dns} |
941 |
|
}. |
942 |
|
|
943 |
|
%% path: (host_config[].)s2s.outgoing |
944 |
|
s2s_outgoing() -> |
945 |
73 |
#section{ |
946 |
|
items = #{<<"port">> => #option{type = integer, |
947 |
|
validate = port}, |
948 |
|
<<"ip_versions">> => |
949 |
|
#list{items = #option{type = integer, |
950 |
|
validate = {enum, [4, 6]}}, |
951 |
|
validate = unique_non_empty}, |
952 |
|
<<"connection_timeout">> => #option{type = int_or_infinity, |
953 |
|
validate = positive} |
954 |
|
}, |
955 |
|
format_items = map, |
956 |
|
include = always, |
957 |
|
defaults = #{<<"port">> => 5269, |
958 |
|
<<"ip_versions">> => [4, 6], |
959 |
|
<<"connection_timeout">> => 10000}, |
960 |
|
wrap = {global_config, s2s_outgoing} |
961 |
|
}. |
962 |
|
|
963 |
|
%% path: (host_config[].)s2s.host_policy[] |
964 |
|
s2s_host_policy() -> |
965 |
146 |
#section{ |
966 |
|
items = #{<<"host">> => #option{type = binary, |
967 |
|
validate = non_empty}, |
968 |
|
<<"policy">> => #option{type = atom, |
969 |
|
validate = {enum, [allow, deny]}} |
970 |
|
}, |
971 |
|
required = all, |
972 |
|
format_items = map, |
973 |
|
process = fun ?MODULE:process_s2s_host_policy/1 |
974 |
|
}. |
975 |
|
|
976 |
|
%% path: (host_config[].)s2s.address[] |
977 |
|
s2s_address() -> |
978 |
73 |
#section{ |
979 |
|
items = #{<<"host">> => #option{type = binary, |
980 |
|
validate = non_empty}, |
981 |
|
<<"ip_address">> => #option{type = string, |
982 |
|
validate = ip_address}, |
983 |
|
<<"port">> => #option{type = integer, |
984 |
|
validate = port} |
985 |
|
}, |
986 |
|
required = [<<"host">>, <<"ip_address">>], |
987 |
|
format_items = map, |
988 |
|
process = fun ?MODULE:process_s2s_address/1 |
989 |
|
}. |
990 |
|
|
991 |
|
%% Callbacks for 'process' |
992 |
|
|
993 |
|
%% Check that all auth methods and modules enabled for any host type support dynamic domains |
994 |
|
process_root(Items) -> |
995 |
73 |
case proplists:lookup(host_types, Items) of |
996 |
|
{_, [_|_] = HostTypes} -> |
997 |
66 |
HTItems = lists:filter(fun(Item) -> is_host_type_item(Item, HostTypes) end, Items), |
998 |
66 |
case {unsupported_auth_methods(HTItems), unsupported_modules(HTItems)} of |
999 |
|
{[], []} -> |
1000 |
66 |
Items; |
1001 |
|
{Methods, Modules} -> |
1002 |
:-( |
error(#{what => dynamic_domains_not_supported, |
1003 |
|
text => ("Dynamic modules not supported by the specified authentication " |
1004 |
|
"methods and/or extension modules"), |
1005 |
|
unsupported_auth_methods => Methods, |
1006 |
|
unsupported_modules => Modules}) |
1007 |
|
end; |
1008 |
|
_ -> |
1009 |
7 |
Items |
1010 |
|
end. |
1011 |
|
|
1012 |
|
unsupported_auth_methods(KVs) -> |
1013 |
66 |
[Method || Method <- extract_auth_methods(KVs), |
1014 |
163 |
not ejabberd_auth:does_method_support(Method, dynamic_domains)]. |
1015 |
|
|
1016 |
|
unsupported_modules(KVs) -> |
1017 |
66 |
[Module || Module <- extract_modules(KVs), |
1018 |
854 |
not gen_mod:does_module_support(Module, dynamic_domains)]. |
1019 |
|
|
1020 |
|
extract_auth_methods(KVs) -> |
1021 |
66 |
lists:usort(lists:flatmap(fun({{auth, _}, Auth}) -> maps:get(methods, Auth); |
1022 |
427 |
(_) -> [] |
1023 |
|
end, KVs)). |
1024 |
|
|
1025 |
|
extract_modules(KVs) -> |
1026 |
66 |
lists:usort(lists:flatmap(fun({{modules, _}, Modules}) -> maps:keys(Modules); |
1027 |
427 |
(_) -> [] |
1028 |
|
end, KVs)). |
1029 |
|
|
1030 |
|
is_host_type_item({{_, HostType}, _}, HostTypes) -> |
1031 |
621 |
HostType =:= global orelse lists:member(HostType, HostTypes); |
1032 |
|
is_host_type_item(_, _) -> |
1033 |
1487 |
false. |
1034 |
|
|
1035 |
|
process_ctl_access_rule(KVs) -> |
1036 |
:-( |
Commands = proplists:get_value(commands, KVs, all), |
1037 |
:-( |
ArgRestrictions = proplists:get_value(argument_restrictions, KVs, []), |
1038 |
:-( |
{Commands, ArgRestrictions}. |
1039 |
|
|
1040 |
|
process_sm_backend(Backend) -> |
1041 |
73 |
{Backend, []}. |
1042 |
|
|
1043 |
|
process_host(Host) -> |
1044 |
292 |
Node = jid:nodeprep(Host), |
1045 |
292 |
true = Node =/= error, |
1046 |
292 |
Node. |
1047 |
|
|
1048 |
|
process_general(General) -> |
1049 |
73 |
hosts_and_host_types_are_unique_and_non_empty(General), |
1050 |
73 |
General. |
1051 |
|
|
1052 |
|
hosts_and_host_types_are_unique_and_non_empty(General) -> |
1053 |
73 |
AllHostTypes = get_all_hosts_and_host_types(General), |
1054 |
73 |
true = lists:sort(AllHostTypes) =:= lists:usort(AllHostTypes), |
1055 |
73 |
true = [] =/= AllHostTypes. |
1056 |
|
|
1057 |
|
get_all_hosts_and_host_types(General) -> |
1058 |
73 |
lists:flatmap(fun({Key, Value}) when Key =:= hosts; |
1059 |
|
Key =:= host_types -> |
1060 |
146 |
Value; |
1061 |
|
(_) -> |
1062 |
911 |
[] |
1063 |
|
end, General). |
1064 |
|
|
1065 |
:-( |
process_verify_peer(false) -> verify_none; |
1066 |
54 |
process_verify_peer(true) -> verify_peer. |
1067 |
|
|
1068 |
|
process_xmpp_tls(KVs) -> |
1069 |
115 |
Module = proplists:get_value(module, KVs, fast_tls), |
1070 |
115 |
case proplists:get_keys(KVs) -- (tls_keys(Module) ++ common_tls_keys()) of |
1071 |
115 |
[] -> strip_tls_keys(process_xmpp_tls(Module, proplists:delete(module, KVs))); |
1072 |
:-( |
ExcessKeys -> error(#{what => {unexpected_tls_options, Module, ExcessKeys}}) |
1073 |
|
end. |
1074 |
|
|
1075 |
|
tls_keys(just_tls) -> |
1076 |
19 |
[verify_mode, disconnect_on_failure, crlfiles, password, versions, |
1077 |
|
server_name_indication, server_name_indication_host, server_name_indication_protocol]; |
1078 |
|
tls_keys(fast_tls) -> |
1079 |
96 |
[protocol_options]. |
1080 |
|
|
1081 |
|
common_tls_keys() -> |
1082 |
115 |
[module, mode, verify_peer, certfile, cacertfile, dhfile, ciphers]. |
1083 |
|
|
1084 |
|
process_xmpp_tls(just_tls, KVs) -> |
1085 |
19 |
KVsWithSNI = process_tls_sni(KVs), |
1086 |
19 |
{[VM, DoF], Opts} = proplists:split(KVsWithSNI, [verify_mode, disconnect_on_failure]), |
1087 |
19 |
{External, Internal} = lists:partition(fun is_external_tls_opt/1, Opts), |
1088 |
19 |
SSLOpts = ssl_opts(verify_fun(VM, DoF) ++ Internal), |
1089 |
19 |
[{tls_module, just_tls}] ++ SSLOpts ++ External; |
1090 |
|
process_xmpp_tls(fast_tls, KVs) -> |
1091 |
96 |
process_fast_tls(KVs). |
1092 |
|
|
1093 |
|
process_fast_tls(KVs) -> |
1094 |
169 |
proplists:substitute_aliases([{cacertfile, cafile}], KVs). |
1095 |
|
|
1096 |
|
strip_tls_keys(Opts) -> |
1097 |
115 |
lists:map(fun strip_tls_key/1, Opts). |
1098 |
|
|
1099 |
115 |
strip_tls_key({mode, V}) -> V; |
1100 |
18 |
strip_tls_key({verify_peer, V}) -> V; |
1101 |
278 |
strip_tls_key(KV) -> KV. |
1102 |
|
|
1103 |
7 |
verify_fun([], []) -> []; |
1104 |
6 |
verify_fun([{verify_mode, VM}], []) -> [{verify_fun, {VM, true}}]; |
1105 |
6 |
verify_fun([{verify_mode, VM}], [{disconnect_on_failure, DoF}]) -> [{verify_fun, {VM, DoF}}]. |
1106 |
|
|
1107 |
19 |
is_external_tls_opt({mode, _}) -> true; |
1108 |
12 |
is_external_tls_opt({verify_peer, _}) -> true; |
1109 |
:-( |
is_external_tls_opt({crlfiles, _}) -> true; |
1110 |
50 |
is_external_tls_opt({_, _}) -> false. |
1111 |
|
|
1112 |
:-( |
ssl_opts([]) -> []; |
1113 |
19 |
ssl_opts(Opts) -> [{ssl_options, Opts}]. |
1114 |
|
|
1115 |
|
process_listener([item, Type | _], Opts) -> |
1116 |
858 |
mongoose_listener_config:ensure_ip_options(Opts#{module => listener_module(Type)}). |
1117 |
|
|
1118 |
511 |
listener_module(<<"http">>) -> ejabberd_cowboy; |
1119 |
146 |
listener_module(<<"c2s">>) -> ejabberd_c2s; |
1120 |
73 |
listener_module(<<"s2s">>) -> ejabberd_s2s_in; |
1121 |
128 |
listener_module(<<"service">>) -> ejabberd_service. |
1122 |
|
|
1123 |
|
process_http_handler([item, Type | _], KVs) -> |
1124 |
1387 |
{[[{host, Host}], [{path, Path}]], Opts} = proplists:split(KVs, [host, path]), |
1125 |
1387 |
HandlerOpts = process_http_handler_opts(Type, Opts), |
1126 |
1387 |
{Host, Path, binary_to_atom(Type, utf8), HandlerOpts}. |
1127 |
|
|
1128 |
|
process_http_handler_opts(<<"lasse_handler">>, [{module, Module}]) -> |
1129 |
73 |
[Module]; |
1130 |
|
process_http_handler_opts(<<"cowboy_static">>, Opts) -> |
1131 |
73 |
{[[{type, Type}], [{app, App}], [{content_path, Path}]], []} = |
1132 |
|
proplists:split(Opts, [type, app, content_path]), |
1133 |
73 |
{Type, App, Path, [{mimetypes, cow_mimetypes, all}]}; |
1134 |
|
process_http_handler_opts(<<"mongoose_api_admin">>, Opts) -> |
1135 |
73 |
{[UserOpts, PassOpts], []} = proplists:split(Opts, [username, password]), |
1136 |
73 |
case {UserOpts, PassOpts} of |
1137 |
73 |
{[], []} -> []; |
1138 |
:-( |
{[{username, User}], [{password, Pass}]} -> [{auth, {User, Pass}}] |
1139 |
|
end; |
1140 |
|
process_http_handler_opts(<<"mongoose_domain_handler">>, Opts) -> |
1141 |
73 |
{[UserOpts, PassOpts], []} = proplists:split(Opts, [username, password]), |
1142 |
73 |
case {UserOpts, PassOpts} of |
1143 |
73 |
{[], []} -> ok; |
1144 |
:-( |
{[{username, _User}], [{password, _Pass}]} -> ok; |
1145 |
:-( |
_ -> error(#{what => both_username_and_password_required, |
1146 |
|
handler => mongoose_domain_handler, opts => Opts}) |
1147 |
|
end, |
1148 |
73 |
Opts; |
1149 |
|
process_http_handler_opts(<<"mongoose_graphql_cowboy_handler">>, Opts) -> |
1150 |
146 |
{[UserOpts, PassOpts, SchemaOpts], []} = proplists:split(Opts, [username, password, schema_endpoint]), |
1151 |
146 |
case SchemaOpts of |
1152 |
:-( |
[] -> error(#{what => schema_endpoint_required, |
1153 |
|
handler => mongoose_graphql_cowboy_handler, opts => Opts}); |
1154 |
146 |
_ -> ok |
1155 |
|
end, |
1156 |
146 |
case {UserOpts, PassOpts} of |
1157 |
73 |
{[], []} -> ok; |
1158 |
73 |
{[{username, _User}], [{password, _Pass}]} -> ok; |
1159 |
:-( |
_ -> error(#{what => both_username_and_password_required, |
1160 |
|
handler => mongoose_graphql_cowboy_handler, opts => Opts}) |
1161 |
|
end, |
1162 |
146 |
Opts; |
1163 |
73 |
process_http_handler_opts(<<"cowboy_swagger_redirect_handler">>, []) -> #{}; |
1164 |
73 |
process_http_handler_opts(<<"cowboy_swagger_json_handler">>, []) -> #{}; |
1165 |
803 |
process_http_handler_opts(_, Opts) -> Opts. |
1166 |
|
|
1167 |
|
process_sasl_external(V) when V =:= standard; |
1168 |
|
V =:= common_name; |
1169 |
|
V =:= auth_id -> |
1170 |
21 |
V; |
1171 |
|
process_sasl_external(M) -> |
1172 |
3 |
mongoose_config_validator:validate(M, atom, module), |
1173 |
3 |
{mod, M}. |
1174 |
|
|
1175 |
|
process_sasl_mechanism(V) -> |
1176 |
18 |
list_to_atom("cyrsasl_" ++ atom_to_list(V)). |
1177 |
|
|
1178 |
|
process_auth(Opts = #{methods := Methods}) -> |
1179 |
:-( |
[check_auth_method(Method, Opts) || Method <- Methods], |
1180 |
:-( |
Opts; |
1181 |
|
process_auth(Opts) -> |
1182 |
201 |
MethodsFromSections = lists:filter(fun(K) -> maps:is_key(K, Opts) end, all_auth_methods()), |
1183 |
201 |
Opts#{methods => MethodsFromSections}. |
1184 |
|
|
1185 |
|
all_auth_methods() -> |
1186 |
347 |
[anonymous, dummy, external, http, internal, jwt, ldap, pki, rdbms, riak]. |
1187 |
|
|
1188 |
|
check_auth_method(Method, Opts) -> |
1189 |
:-( |
case maps:is_key(Method, Opts) of |
1190 |
:-( |
true -> ok; |
1191 |
:-( |
false -> error(#{what => missing_section_for_auth_method, auth_method => Method}) |
1192 |
|
end. |
1193 |
|
|
1194 |
|
process_pool([Tag, Type|_], KVs) -> |
1195 |
146 |
{[ScopeOpts, HostOpts, ConnOpts], Opts} = proplists:split(KVs, [scope, host, connection]), |
1196 |
146 |
Scope = pool_scope(ScopeOpts, HostOpts), |
1197 |
146 |
Connection = pool_connection(ConnOpts), |
1198 |
146 |
{b2a(Type), Scope, b2a(Tag), Opts, Connection}. |
1199 |
|
|
1200 |
:-( |
pool_scope([{scope, single_host}], [{host, Host}]) -> Host; |
1201 |
:-( |
pool_scope([{scope, host}], []) -> host; |
1202 |
146 |
pool_scope([{scope, global}], []) -> global; |
1203 |
:-( |
pool_scope([], []) -> global. |
1204 |
|
|
1205 |
73 |
pool_connection([{connection, Opts}]) -> Opts; |
1206 |
73 |
pool_connection([]) -> []. |
1207 |
|
|
1208 |
|
process_cassandra_server(KVs) -> |
1209 |
:-( |
{[[{ip_address, IPAddr}]], Opts} = proplists:split(KVs, [ip_address]), |
1210 |
:-( |
case Opts of |
1211 |
:-( |
[] -> IPAddr; |
1212 |
:-( |
[{port, Port}] -> {IPAddr, Port} |
1213 |
|
end. |
1214 |
|
|
1215 |
|
process_cassandra_auth([{plain, KVs}]) -> |
1216 |
:-( |
{[[{username, User}], [{password, Pass}]], []} = proplists:split(KVs, [username, password]), |
1217 |
:-( |
{cqerl_auth_plain_handler, [{User, Pass}]}. |
1218 |
|
|
1219 |
|
process_rdbms_connection(KVs) -> |
1220 |
73 |
{[[{driver, Driver}], KeepaliveIntervalOpts], Opts} = |
1221 |
|
proplists:split(KVs, [driver, keepalive_interval]), |
1222 |
73 |
[{server, rdbms_server(Driver, Opts)} | KeepaliveIntervalOpts]. |
1223 |
|
|
1224 |
|
rdbms_server(odbc, Opts) -> |
1225 |
73 |
[{settings, Settings}] = Opts, |
1226 |
73 |
Settings; |
1227 |
|
rdbms_server(Driver, Opts) -> |
1228 |
:-( |
{[[{host, Host}], [{database, DB}], [{username, User}], [{password, Pass}], |
1229 |
|
PortOpts, TLSOpts], []} = |
1230 |
|
proplists:split(Opts, [host, database, username, password, port, tls]), |
1231 |
:-( |
list_to_tuple([Driver, Host] ++ db_port(PortOpts) ++ |
1232 |
|
[DB, User, Pass] ++ db_tls(Driver, TLSOpts)). |
1233 |
|
|
1234 |
:-( |
db_port([{port, Port}]) -> [Port]; |
1235 |
:-( |
db_port([]) -> []. |
1236 |
|
|
1237 |
|
db_tls(Driver, [{tls, KVs}]) -> |
1238 |
:-( |
{[ModeOpts], Opts} = proplists:split(KVs, [required]), |
1239 |
:-( |
[ssl_mode(Driver, ModeOpts) ++ ssl_opts(Driver, Opts)]; |
1240 |
:-( |
db_tls(_, []) -> []. |
1241 |
|
|
1242 |
:-( |
ssl_mode(pgsql, [{required, true}]) -> [{ssl, required}]; |
1243 |
:-( |
ssl_mode(pgsql, [{required, false}]) -> [{ssl, true}]; |
1244 |
:-( |
ssl_mode(pgsql, []) -> [{ssl, true}]; |
1245 |
:-( |
ssl_mode(mysql, []) -> []. |
1246 |
|
|
1247 |
:-( |
ssl_opts(pgsql, []) -> []; |
1248 |
:-( |
ssl_opts(pgsql, Opts) -> [{ssl_opts, Opts}]; |
1249 |
:-( |
ssl_opts(mysql, Opts) -> Opts. |
1250 |
|
|
1251 |
|
process_riak_tls(KVs) -> |
1252 |
:-( |
KVsWithSNI = process_tls_sni(KVs), |
1253 |
:-( |
{[CACertFileOpts], SSLOpts} = proplists:split(KVsWithSNI, [cacertfile]), |
1254 |
:-( |
riak_ssl(SSLOpts) ++ CACertFileOpts. |
1255 |
|
|
1256 |
:-( |
riak_ssl([]) -> []; |
1257 |
:-( |
riak_ssl(Opts) -> [{ssl_opts, Opts}]. |
1258 |
|
|
1259 |
|
process_tls_sni(KVs) -> |
1260 |
|
% the SSL library expects either the atom `disable` or a string with the SNI host |
1261 |
|
% as value for `server_name_indication` |
1262 |
165 |
SNIKeys = [server_name_indication, server_name_indication_host, server_name_indication_protocol], |
1263 |
165 |
{[SNIOpt, SNIHostOpt, SNIProtocol], SSLOpts} = proplists:split(KVs, SNIKeys), |
1264 |
165 |
case {SNIOpt, SNIHostOpt, SNIProtocol} of |
1265 |
|
{[], [], []} -> |
1266 |
165 |
SSLOpts; |
1267 |
|
{[{server_name_indication, false}], _, _} -> |
1268 |
:-( |
[{server_name_indication, disable} | SSLOpts]; |
1269 |
|
{[{server_name_indication, true}], |
1270 |
|
[{server_name_indication_host, SNIHost}], |
1271 |
|
[{server_name_indication_protocol, https}]} -> |
1272 |
:-( |
[{server_name_indication, SNIHost}, |
1273 |
|
{customize_hostname_check, [{match_fun, public_key:pkix_verify_hostname_match_fun(https)}]} |
1274 |
|
| SSLOpts]; |
1275 |
|
{[{server_name_indication, true}], |
1276 |
|
[{server_name_indication_host, SNIHost}], |
1277 |
|
_} -> |
1278 |
:-( |
[{server_name_indication, SNIHost} | SSLOpts] |
1279 |
|
end. |
1280 |
|
|
1281 |
|
process_riak_credentials(KVs) -> |
1282 |
:-( |
{[[{user, User}], [{password, Pass}]], []} = proplists:split(KVs, [user, password]), |
1283 |
:-( |
{User, Pass}. |
1284 |
|
|
1285 |
292 |
b2a(B) -> binary_to_atom(B, utf8). |
1286 |
|
|
1287 |
6789 |
a2b(A) -> atom_to_binary(A, utf8). |
1288 |
|
|
1289 |
|
wpool_strategy_values() -> |
1290 |
730 |
[best_worker, random_worker, next_worker, available_worker, next_available_worker]. |
1291 |
|
|
1292 |
|
process_acl_condition(Value) -> |
1293 |
:-( |
case jid:nodeprep(Value) of |
1294 |
:-( |
error -> error(#{what => incorrect_acl_condition_value, |
1295 |
|
text => <<"Value could not be parsed as a JID node part">>}); |
1296 |
:-( |
Node -> Node |
1297 |
|
end. |
1298 |
|
|
1299 |
|
process_s2s_host_policy(#{host := S2SHost, policy := Policy}) -> |
1300 |
:-( |
{S2SHost, Policy}. |
1301 |
|
|
1302 |
|
process_s2s_address(M) -> |
1303 |
73 |
maps:take(host, M). |
1304 |
|
|
1305 |
|
process_domain_cert(#{domain := Domain, certfile := Certfile}) -> |
1306 |
:-( |
{Domain, Certfile}. |