1 |
|
-module(mongoose_config_spec). |
2 |
|
|
3 |
|
%% entry point - returns the entire spec |
4 |
|
-export([root/0]). |
5 |
|
|
6 |
|
%% spec parts used by modules and services |
7 |
|
-export([wpool_items/0, |
8 |
|
iqdisc/0]). |
9 |
|
|
10 |
|
%% callbacks for the 'process' step |
11 |
|
-export([process_root/1, |
12 |
|
process_host/1, |
13 |
|
process_general/1, |
14 |
|
process_sm_backend/1, |
15 |
|
process_ctl_access_rule/1, |
16 |
|
process_listener/2, |
17 |
|
process_verify_peer/1, |
18 |
|
process_tls_sni/1, |
19 |
|
process_xmpp_tls/1, |
20 |
|
process_fast_tls/1, |
21 |
|
process_http_handler/2, |
22 |
|
process_sasl_external/1, |
23 |
|
process_sasl_mechanism/1, |
24 |
|
process_auth/1, |
25 |
|
process_pool/2, |
26 |
|
process_cassandra_auth/1, |
27 |
|
process_rdbms_connection/1, |
28 |
|
process_riak_tls/1, |
29 |
|
process_cassandra_server/1, |
30 |
|
process_riak_credentials/1, |
31 |
|
process_iqdisc/1, |
32 |
|
process_acl_condition/1, |
33 |
|
process_s2s_host_policy/1, |
34 |
|
process_s2s_address/1, |
35 |
|
process_domain_cert/1]). |
36 |
|
|
37 |
|
-include("mongoose_config_spec.hrl"). |
38 |
|
|
39 |
|
-type config_node() :: config_section() | config_list() | config_option(). |
40 |
|
-type config_section() :: #section{}. |
41 |
|
-type config_list() :: #list{}. |
42 |
|
-type config_option() :: #option{}. |
43 |
|
|
44 |
|
-type option_type() :: boolean | binary | string | atom | int_or_infinity |
45 |
|
| int_or_atom | integer | float. |
46 |
|
|
47 |
|
-type wrapper() :: top_level_config_wrapper() | config_part_wrapper(). |
48 |
|
|
49 |
|
%% Wrap the value in a top-level config option |
50 |
|
-type top_level_config_wrapper() :: |
51 |
|
% Config option, see the type below for details |
52 |
|
config_option_wrapper() |
53 |
|
|
54 |
|
% Config option, the key is replaced with NewKey |
55 |
|
| {config_option_wrapper(), NewKey :: atom()}. |
56 |
|
|
57 |
|
-type config_option_wrapper() :: |
58 |
|
global_config % [{Key, Value}] |
59 |
|
| host_config. % Inside host_config: [{{Key, Host}, Value}] |
60 |
|
% Otherwise: one such option for each configured host |
61 |
|
|
62 |
|
%% Wrap the value in config part - key-value pair or just a value |
63 |
|
-type config_part_wrapper() :: |
64 |
|
default % [{Key, Value}] for section items, [Value] for list items |
65 |
|
| item % [Value] |
66 |
|
| remove % [] - the item is ignored |
67 |
|
| none % just Value - injects elements of Value into the parent section/list |
68 |
|
| {kv, NewKey :: term()} % [{NewKey, Value}] - replaces the key with NewKey |
69 |
|
| prepend_key. % [{Key, V1, ..., Vn}] when Value = {V1, ..., Vn} |
70 |
|
|
71 |
|
%% This option allows to put list/section items in a map |
72 |
|
-type format_items() :: |
73 |
|
none % keep the processed items unchanged |
74 |
|
| map. % convert the processed items (which have to be a KV list) to a map |
75 |
|
|
76 |
|
-export_type([config_node/0, config_section/0, config_list/0, config_option/0, |
77 |
|
wrapper/0, format_items/0, option_type/0]). |
78 |
|
|
79 |
|
%% Config processing functions are annotated with TOML paths |
80 |
|
%% Path syntax: dotted, like TOML keys with the following additions: |
81 |
|
%% - '[]' denotes an element in a list |
82 |
|
%% - '( ... )' encloses an optional prefix |
83 |
|
%% - '*' is a wildcard for names - usually that name is passed as an argument |
84 |
|
%% If the path is the same as for the previous function, it is not repeated. |
85 |
|
%% |
86 |
|
%% Example: (host_config[].)access.* |
87 |
|
%% Meaning: either a key in the 'access' section, e.g. |
88 |
|
%% [access] |
89 |
|
%% local = ... |
90 |
|
%% or the same, but prefixed for a specific host, e.g. |
91 |
|
%% [[host_config]] |
92 |
|
%% host = "myhost" |
93 |
|
%% host_config.access |
94 |
|
%% local = ... |
95 |
|
|
96 |
|
root() -> |
97 |
82 |
General = general(), |
98 |
82 |
Listen = listen(), |
99 |
82 |
Auth = auth(), |
100 |
82 |
Modules = modules(), |
101 |
82 |
S2S = s2s(), |
102 |
82 |
#section{ |
103 |
|
items = #{<<"general">> => General#section{required = [<<"default_server_domain">>], |
104 |
|
process = fun ?MODULE:process_general/1, |
105 |
|
defaults = general_defaults()}, |
106 |
|
<<"listen">> => Listen#section{include = always}, |
107 |
|
<<"auth">> => Auth#section{include = always}, |
108 |
|
<<"outgoing_pools">> => outgoing_pools(), |
109 |
|
<<"services">> => services(), |
110 |
|
<<"modules">> => Modules#section{include = always}, |
111 |
|
<<"shaper">> => shaper(), |
112 |
|
<<"acl">> => acl(), |
113 |
|
<<"access">> => access(), |
114 |
|
<<"s2s">> => S2S#section{include = always}, |
115 |
|
<<"host_config">> => #list{items = host_config(), |
116 |
|
wrap = none} |
117 |
|
}, |
118 |
|
required = [<<"general">>], |
119 |
|
process = fun ?MODULE:process_root/1, |
120 |
|
wrap = none |
121 |
|
}. |
122 |
|
|
123 |
|
%% path: host_config[] |
124 |
|
host_config() -> |
125 |
82 |
#section{ |
126 |
|
items = #{%% Host is only validated here - it is stored in the path, |
127 |
|
%% see mongoose_config_parser_toml:item_key/1 |
128 |
|
%% |
129 |
|
%% for every configured host the host_type of the same name |
130 |
|
%% is declared automatically. As host_config section is now |
131 |
|
%% used for changing configuration of the host_type, we don't |
132 |
|
%% need host option any more. but to stay compatible with an |
133 |
|
%% old config format we keep host option as well. now it is |
134 |
|
%% just a synonym to host_type. |
135 |
|
<<"host">> => #option{type = binary, |
136 |
|
validate = non_empty, |
137 |
|
wrap = remove}, |
138 |
|
|
139 |
|
<<"host_type">> => #option{type = binary, |
140 |
|
validate = non_empty, |
141 |
|
wrap = remove}, |
142 |
|
|
143 |
|
%% Sections below are allowed in host_config, |
144 |
|
%% but only options with 'wrap = host_config' are accepted. |
145 |
|
%% Options with 'wrap = global_config' would be caught by |
146 |
|
%% mongoose_config_parser_toml:wrap/3 |
147 |
|
<<"general">> => general(), |
148 |
|
<<"auth">> => auth(), |
149 |
|
<<"modules">> => modules(), |
150 |
|
<<"acl">> => acl(), |
151 |
|
<<"access">> => access(), |
152 |
|
<<"s2s">> => s2s() |
153 |
|
}, |
154 |
|
wrap = none |
155 |
|
}. |
156 |
|
|
157 |
|
%% path: general |
158 |
|
general() -> |
159 |
164 |
#section{ |
160 |
|
items = #{<<"loglevel">> => #option{type = atom, |
161 |
|
validate = loglevel, |
162 |
|
wrap = global_config}, |
163 |
|
<<"hosts">> => #list{items = #option{type = binary, |
164 |
|
validate = non_empty, |
165 |
|
process = fun ?MODULE:process_host/1}, |
166 |
|
validate = unique, |
167 |
|
wrap = global_config}, |
168 |
|
<<"host_types">> => #list{items = #option{type = binary, |
169 |
|
validate = non_empty}, |
170 |
|
validate = unique, |
171 |
|
wrap = global_config}, |
172 |
|
<<"default_server_domain">> => #option{type = binary, |
173 |
|
validate = non_empty, |
174 |
|
process = fun ?MODULE:process_host/1, |
175 |
|
wrap = global_config}, |
176 |
|
<<"registration_timeout">> => #option{type = int_or_infinity, |
177 |
|
validate = positive, |
178 |
|
wrap = global_config}, |
179 |
|
<<"language">> => #option{type = binary, |
180 |
|
validate = non_empty, |
181 |
|
wrap = global_config}, |
182 |
|
<<"all_metrics_are_global">> => #option{type = boolean, |
183 |
|
wrap = global_config}, |
184 |
|
<<"sm_backend">> => #option{type = atom, |
185 |
|
validate = {module, ejabberd_sm}, |
186 |
|
process = fun ?MODULE:process_sm_backend/1, |
187 |
|
wrap = global_config}, |
188 |
|
<<"max_fsm_queue">> => #option{type = integer, |
189 |
|
validate = positive, |
190 |
|
wrap = global_config}, |
191 |
|
<<"http_server_name">> => #option{type = string, |
192 |
|
wrap = {global_config, cowboy_server_name}}, |
193 |
|
<<"rdbms_server_type">> => #option{type = atom, |
194 |
|
validate = {enum, [mssql, pgsql]}, |
195 |
|
wrap = global_config}, |
196 |
|
<<"route_subdomains">> => #option{type = atom, |
197 |
|
validate = {enum, [s2s]}, |
198 |
|
wrap = host_config}, |
199 |
|
<<"mongooseimctl_access_commands">> => #section{ |
200 |
|
items = #{default => ctl_access_rule()}, |
201 |
|
wrap = global_config}, |
202 |
|
<<"routing_modules">> => #list{items = #option{type = atom, |
203 |
|
validate = module}, |
204 |
|
wrap = global_config}, |
205 |
|
<<"replaced_wait_timeout">> => #option{type = integer, |
206 |
|
validate = positive, |
207 |
|
wrap = host_config}, |
208 |
|
<<"hide_service_name">> => #option{type = boolean, |
209 |
|
wrap = global_config}, |
210 |
|
<<"domain_certfile">> => #list{items = domain_cert(), |
211 |
|
format_items = map, |
212 |
|
wrap = global_config} |
213 |
|
}, |
214 |
|
wrap = none |
215 |
|
}. |
216 |
|
|
217 |
|
general_defaults() -> |
218 |
82 |
#{<<"loglevel">> => warning, |
219 |
|
<<"hosts">> => [], |
220 |
|
<<"host_types">> => [], |
221 |
|
<<"registration_timeout">> => 600, |
222 |
|
<<"language">> => <<"en">>, |
223 |
|
<<"all_metrics_are_global">> => false, |
224 |
|
<<"sm_backend">> => {mnesia, []}, |
225 |
|
<<"rdbms_server_type">> => generic, |
226 |
|
<<"mongooseimctl_access_commands">> => [], |
227 |
|
<<"routing_modules">> => mongoose_router:default_routing_modules(), |
228 |
|
<<"replaced_wait_timeout">> => 2000, |
229 |
|
<<"hide_service_name">> => false}. |
230 |
|
|
231 |
|
ctl_access_rule() -> |
232 |
164 |
#section{ |
233 |
|
items = #{<<"commands">> => #list{items = #option{type = string}}, |
234 |
|
<<"argument_restrictions">> => #section{ |
235 |
|
items = #{default => #option{type = string}} |
236 |
|
} |
237 |
|
}, |
238 |
|
process = fun ?MODULE:process_ctl_access_rule/1, |
239 |
|
wrap = prepend_key |
240 |
|
}. |
241 |
|
|
242 |
|
%% path: general.domain_certfile |
243 |
|
domain_cert() -> |
244 |
164 |
#section{ |
245 |
|
items = #{<<"domain">> => #option{type = binary, |
246 |
|
validate = non_empty}, |
247 |
|
<<"certfile">> => #option{type = string, |
248 |
|
validate = filename}}, |
249 |
|
required = all, |
250 |
|
format_items = map, |
251 |
|
process = fun ?MODULE:process_domain_cert/1 |
252 |
|
}. |
253 |
|
|
254 |
|
%% path: listen |
255 |
|
listen() -> |
256 |
82 |
Keys = [<<"http">>, <<"c2s">>, <<"s2s">>, <<"service">>], |
257 |
82 |
#section{ |
258 |
328 |
items = maps:from_list([{Key, #list{items = listener(Key), |
259 |
82 |
wrap = none}} || Key <- Keys]), |
260 |
|
process = fun mongoose_listener_config:verify_unique_listeners/1, |
261 |
|
wrap = global_config |
262 |
|
}. |
263 |
|
|
264 |
|
%% path: listen.*[] |
265 |
|
listener(Type) -> |
266 |
328 |
ExtraItems = listener_items(Type), |
267 |
328 |
#section{ |
268 |
|
items = ExtraItems#{<<"port">> => #option{type = integer, |
269 |
|
validate = port}, |
270 |
|
<<"ip_address">> => #option{type = string, |
271 |
|
validate = ip_address}, |
272 |
|
<<"proto">> => #option{type = atom, |
273 |
|
validate = {enum, [tcp, udp]}}, |
274 |
|
<<"ip_version">> => #option{type = integer, |
275 |
|
validate = {enum, [4, 6]}} |
276 |
|
}, |
277 |
|
format_items = map, |
278 |
|
required = [<<"port">>], |
279 |
|
defaults = #{<<"proto">> => tcp}, |
280 |
|
process = fun ?MODULE:process_listener/2 |
281 |
|
}. |
282 |
|
|
283 |
|
listener_items(<<"http">>) -> |
284 |
82 |
#{<<"tls">> => http_listener_tls(), |
285 |
|
<<"transport">> => http_transport(), |
286 |
|
<<"protocol">> => http_protocol(), |
287 |
|
<<"handlers">> => http_handlers() |
288 |
|
}; |
289 |
|
listener_items(Type) -> |
290 |
246 |
ExtraItems = xmpp_listener_items(Type), |
291 |
246 |
ExtraItems#{<<"hibernate_after">> => #option{type = integer, |
292 |
|
validate = non_negative}, |
293 |
|
<<"max_stanza_size">> => #option{type = integer, |
294 |
|
validate = positive}, |
295 |
|
<<"backlog">> => #option{type = integer, |
296 |
|
validate = non_negative}, |
297 |
|
<<"proxy_protocol">> => #option{type = boolean}, |
298 |
|
<<"num_acceptors">> => #option{type = integer, |
299 |
|
validate = positive, |
300 |
|
wrap = {kv, acceptors_num}} |
301 |
|
}. |
302 |
|
|
303 |
|
xmpp_listener_items(<<"c2s">>) -> |
304 |
82 |
#{<<"access">> => #option{type = atom, |
305 |
|
validate = non_empty}, |
306 |
|
<<"shaper">> => #option{type = atom, |
307 |
|
validate = non_empty}, |
308 |
|
<<"xml_socket">> => #option{type = boolean}, |
309 |
|
<<"zlib">> => #option{type = integer, |
310 |
|
validate = positive}, |
311 |
|
<<"max_fsm_queue">> => #option{type = integer, |
312 |
|
validate = positive}, |
313 |
|
<<"allowed_auth_methods">> => #list{items = #option{type = atom, |
314 |
|
validate = {module, ejabberd_auth}}}, |
315 |
|
<<"tls">> => c2s_tls()}; |
316 |
|
xmpp_listener_items(<<"s2s">>) -> |
317 |
82 |
#{<<"shaper">> => #option{type = atom, |
318 |
|
validate = non_empty}, |
319 |
|
<<"tls">> => s2s_tls()}; |
320 |
|
xmpp_listener_items(<<"service">>) -> |
321 |
164 |
#{<<"access">> => #option{type = atom, |
322 |
|
validate = non_empty}, |
323 |
|
<<"shaper_rule">> => #option{type = atom, |
324 |
|
validate = non_empty}, |
325 |
|
<<"check_from">> => #option{type = boolean, |
326 |
|
wrap = {kv, service_check_from}}, |
327 |
|
<<"hidden_components">> => #option{type = boolean}, |
328 |
|
<<"conflict_behaviour">> => #option{type = atom, |
329 |
|
validate = {enum, [kick_old, disconnect]}}, |
330 |
|
<<"password">> => #option{type = string, |
331 |
|
validate = non_empty}, |
332 |
|
<<"max_fsm_queue">> => #option{type = integer, |
333 |
|
validate = positive}}. |
334 |
|
|
335 |
|
%% path: listen.c2s[].tls |
336 |
|
c2s_tls() -> |
337 |
82 |
#section{ |
338 |
|
items = #{ |
339 |
|
%% common |
340 |
|
<<"module">> => #option{type = atom, |
341 |
|
validate = {enum, [fast_tls, just_tls]}}, |
342 |
|
<<"mode">> => #option{type = atom, |
343 |
|
validate = {enum, [tls, starttls, starttls_required]}}, |
344 |
|
<<"verify_peer">> => #option{type = boolean, |
345 |
|
process = fun ?MODULE:process_verify_peer/1}, |
346 |
|
<<"certfile">> => #option{type = string, |
347 |
|
validate = filename}, |
348 |
|
<<"cacertfile">> => #option{type = string, |
349 |
|
validate = filename}, |
350 |
|
<<"dhfile">> => #option{type = string, |
351 |
|
validate = filename}, |
352 |
|
<<"ciphers">> => #option{type = string}, |
353 |
|
|
354 |
|
%% fast_tls |
355 |
|
<<"protocol_options">> => #list{items = #option{type = string, |
356 |
|
validate = non_empty}}, |
357 |
|
|
358 |
|
%% just_tls |
359 |
|
<<"verify_mode">> => #option{type = atom, |
360 |
|
validate = {enum, [peer, selfsigned_peer, none]}}, |
361 |
|
<<"disconnect_on_failure">> => #option{type = boolean}, |
362 |
|
<<"crl_files">> => #list{items = #option{type = string, |
363 |
|
validate = non_empty}, |
364 |
|
wrap = {kv, crlfiles}}, |
365 |
|
<<"password">> => #option{type = string}, |
366 |
|
<<"server_name_indication">> => #option{type = boolean}, |
367 |
|
<<"versions">> => #list{items = #option{type = atom}} |
368 |
|
}, |
369 |
|
process = fun ?MODULE:process_xmpp_tls/1 |
370 |
|
}. |
371 |
|
|
372 |
|
%% path: listen.s2s[].tls |
373 |
|
s2s_tls() -> |
374 |
82 |
#section{ |
375 |
|
items = #{<<"cacertfile">> => #option{type = string, |
376 |
|
validate = filename}, |
377 |
|
<<"dhfile">> => #option{type = string, |
378 |
|
validate = filename}, |
379 |
|
<<"ciphers">> => #option{type = string}, |
380 |
|
<<"protocol_options">> => #list{items = #option{type = string, |
381 |
|
validate = non_empty}} |
382 |
|
}, |
383 |
|
process = fun ?MODULE:process_fast_tls/1 |
384 |
|
}. |
385 |
|
|
386 |
|
%% path: listen.http[].tls |
387 |
|
http_listener_tls() -> |
388 |
82 |
Items = tls_items(), |
389 |
82 |
#section{ |
390 |
|
items = Items#{<<"verify_mode">> => #option{type = atom, |
391 |
|
validate = {enum, [peer, selfsigned_peer, none]}} |
392 |
|
}, |
393 |
|
wrap = {kv, ssl}, |
394 |
|
process = fun ?MODULE:process_tls_sni/1 |
395 |
|
}. |
396 |
|
|
397 |
|
%% path: listen.http[].transport |
398 |
|
http_transport() -> |
399 |
82 |
#section{ |
400 |
|
items = #{<<"num_acceptors">> => #option{type = integer, |
401 |
|
validate = positive}, |
402 |
|
<<"max_connections">> => #option{type = int_or_infinity, |
403 |
|
validate = non_negative} |
404 |
|
}, |
405 |
|
wrap = {kv, transport_options} |
406 |
|
}. |
407 |
|
|
408 |
|
%% path: listen.http[].protocol |
409 |
|
http_protocol() -> |
410 |
82 |
#section{ |
411 |
|
items = #{<<"compress">> => #option{type = boolean}}, |
412 |
|
wrap = {kv, protocol_options} |
413 |
|
}. |
414 |
|
|
415 |
|
%% path: listen.http[].handlers |
416 |
|
http_handlers() -> |
417 |
82 |
Keys = [<<"mod_websockets">>, |
418 |
|
<<"lasse_handler">>, |
419 |
|
<<"cowboy_static">>, |
420 |
|
<<"mongoose_api">>, |
421 |
|
<<"mongoose_api_admin">>, |
422 |
|
<<"mongoose_domain_handler">>, |
423 |
|
<<"mongoose_graphql_cowboy_handler">>, |
424 |
|
default], |
425 |
82 |
#section{ |
426 |
656 |
items = maps:from_list([{Key, #list{items = http_handler(Key), |
427 |
82 |
wrap = none}} || Key <- Keys]), |
428 |
|
validate_keys = module, |
429 |
|
wrap = {kv, modules} |
430 |
|
}. |
431 |
|
|
432 |
|
%% path: listen.http[].handlers.*[] |
433 |
|
http_handler(Key) -> |
434 |
656 |
ExtraItems = http_handler_items(Key), |
435 |
656 |
RequiredKeys = case http_handler_required(Key) of |
436 |
246 |
all -> all; |
437 |
410 |
[] -> [<<"host">>, <<"path">>] |
438 |
|
end, |
439 |
656 |
#section{ |
440 |
|
items = ExtraItems#{<<"host">> => #option{type = string, |
441 |
|
validate = non_empty}, |
442 |
|
<<"path">> => #option{type = string} |
443 |
|
}, |
444 |
|
required = RequiredKeys, |
445 |
|
process = fun ?MODULE:process_http_handler/2 |
446 |
|
}. |
447 |
|
|
448 |
|
http_handler_items(<<"mod_websockets">>) -> |
449 |
82 |
#{<<"timeout">> => #option{type = int_or_infinity, |
450 |
|
validate = non_negative}, |
451 |
|
<<"ping_rate">> => #option{type = integer, |
452 |
|
validate = positive}, |
453 |
|
<<"max_stanza_size">> => #option{type = int_or_infinity, |
454 |
|
validate = positive}, |
455 |
|
<<"service">> => #section{items = xmpp_listener_items(<<"service">>), |
456 |
|
wrap = {kv, ejabberd_service}}}; |
457 |
|
http_handler_items(<<"lasse_handler">>) -> |
458 |
82 |
#{<<"module">> => #option{type = atom, |
459 |
|
validate = module}}; |
460 |
|
http_handler_items(<<"cowboy_static">>) -> |
461 |
82 |
#{<<"type">> => #option{type = atom}, |
462 |
|
<<"app">> => #option{type = atom}, |
463 |
|
<<"content_path">> => #option{type = string}}; |
464 |
|
http_handler_items(<<"mongoose_api">>) -> |
465 |
82 |
#{<<"handlers">> => #list{items = #option{type = atom, |
466 |
|
validate = module}}}; |
467 |
|
http_handler_items(<<"mongoose_api_admin">>) -> |
468 |
82 |
#{<<"username">> => #option{type = binary}, |
469 |
|
<<"password">> => #option{type = binary}}; |
470 |
|
http_handler_items(<<"mongoose_domain_handler">>) -> |
471 |
82 |
#{<<"username">> => #option{type = binary}, |
472 |
|
<<"password">> => #option{type = binary}}; |
473 |
|
http_handler_items(<<"mongoose_graphql_cowboy_handler">>) -> |
474 |
82 |
#{<<"username">> => #option{type = binary}, |
475 |
|
<<"password">> => #option{type = binary}, |
476 |
|
<<"schema_endpoint">> => #option{type = binary}}; |
477 |
|
http_handler_items(_) -> |
478 |
82 |
#{}. |
479 |
|
|
480 |
82 |
http_handler_required(<<"lasse_handler">>) -> all; |
481 |
82 |
http_handler_required(<<"cowboy_static">>) -> all; |
482 |
82 |
http_handler_required(<<"mongoose_api">>) -> all; |
483 |
410 |
http_handler_required(_) -> []. |
484 |
|
|
485 |
|
%% path: (host_config[].)auth |
486 |
|
auth() -> |
487 |
164 |
Items = maps:from_list([{a2b(Method), ejabberd_auth:config_spec(Method)} || |
488 |
164 |
Method <- all_auth_methods()]), |
489 |
164 |
#section{ |
490 |
|
items = Items#{<<"methods">> => #list{items = #option{type = atom, |
491 |
|
validate = {module, ejabberd_auth}}}, |
492 |
|
<<"password">> => auth_password(), |
493 |
|
<<"sasl_external">> => |
494 |
|
#list{items = #option{type = atom, |
495 |
|
process = fun ?MODULE:process_sasl_external/1}}, |
496 |
|
<<"sasl_mechanisms">> => |
497 |
|
#list{items = #option{type = atom, |
498 |
|
validate = {module, cyrsasl}, |
499 |
|
process = fun ?MODULE:process_sasl_mechanism/1}} |
500 |
|
}, |
501 |
|
format_items = map, |
502 |
|
defaults = #{<<"sasl_external">> => [standard], |
503 |
|
<<"sasl_mechanisms">> => cyrsasl:default_modules()}, |
504 |
|
process = fun ?MODULE:process_auth/1, |
505 |
|
wrap = host_config |
506 |
|
}. |
507 |
|
|
508 |
|
%% path: (host_config[].)auth.password |
509 |
|
auth_password() -> |
510 |
164 |
#section{ |
511 |
|
items = #{<<"format">> => #option{type = atom, |
512 |
|
validate = {enum, [scram, plain]}}, |
513 |
|
<<"hash">> => #list{items = #option{type = atom, |
514 |
|
validate = {enum, [sha, sha224, sha256, |
515 |
|
sha384, sha512]}}, |
516 |
|
validate = unique_non_empty |
517 |
|
}, |
518 |
|
<<"scram_iterations">> => #option{type = integer, |
519 |
|
validate = positive} |
520 |
|
}, |
521 |
|
format_items = map, |
522 |
|
defaults = #{<<"format">> => scram, |
523 |
|
<<"scram_iterations">> => mongoose_scram:iterations()}, |
524 |
|
include = always |
525 |
|
}. |
526 |
|
|
527 |
|
%% path: outgoing_pools |
528 |
|
outgoing_pools() -> |
529 |
82 |
PoolTypes = [<<"cassandra">>, <<"elastic">>, <<"http">>, <<"ldap">>, |
530 |
|
<<"rabbit">>, <<"rdbms">>, <<"redis">>, <<"riak">>], |
531 |
82 |
Items = [{Type, #section{items = #{default => outgoing_pool(Type)}, |
532 |
|
validate_keys = non_empty, |
533 |
82 |
wrap = none}} || Type <- PoolTypes], |
534 |
82 |
#section{ |
535 |
|
items = maps:from_list(Items), |
536 |
|
wrap = global_config |
537 |
|
}. |
538 |
|
|
539 |
|
%% path: outgoing_pools.*.* |
540 |
|
outgoing_pool(Type) -> |
541 |
656 |
WPool = wpool_items(), |
542 |
656 |
#section{ |
543 |
|
items = WPool#{<<"scope">> => #option{type = atom, |
544 |
|
validate = {enum, [global, host, single_host]}}, |
545 |
|
<<"host">> => #option{type = binary, |
546 |
|
validate = non_empty}, |
547 |
|
<<"connection">> => outgoing_pool_connection(Type) |
548 |
|
}, |
549 |
|
process = fun ?MODULE:process_pool/2, |
550 |
|
format_items = map, |
551 |
|
wrap = item, |
552 |
|
defaults = maps:merge(#{<<"scope">> => global}, wpool_defaults(Type)) |
553 |
|
}. |
554 |
|
|
555 |
|
wpool_items() -> |
556 |
820 |
#{<<"workers">> => #option{type = integer, |
557 |
|
validate = positive}, |
558 |
|
<<"strategy">> => #option{type = atom, |
559 |
|
validate = {enum, wpool_strategy_values()}}, |
560 |
|
<<"call_timeout">> => #option{type = integer, |
561 |
|
validate = positive} |
562 |
|
}. |
563 |
|
|
564 |
|
wpool_defaults(<<"cassandra">>) -> |
565 |
82 |
maps:merge(wpool_defaults(), #{<<"workers">> => 20}); |
566 |
|
wpool_defaults(<<"rdbms">>) -> |
567 |
82 |
maps:merge(wpool_defaults(), #{<<"call_timeout">> => 60000}); |
568 |
|
wpool_defaults(_) -> |
569 |
492 |
wpool_defaults(). |
570 |
|
|
571 |
|
wpool_defaults() -> |
572 |
656 |
#{<<"workers">> => 10, |
573 |
|
<<"strategy">> => best_worker, |
574 |
|
<<"call_timeout">> => 5000}. |
575 |
|
|
576 |
|
%% path: outgoing_pools.*.*.connection |
577 |
|
outgoing_pool_connection(<<"cassandra">>) -> |
578 |
82 |
#section{ |
579 |
|
items = #{<<"servers">> => #list{items = cassandra_server()}, |
580 |
|
<<"keyspace">> => #option{type = atom, |
581 |
|
validate = non_empty}, |
582 |
|
<<"auth">> => #section{items = #{<<"plain">> => cassandra_auth_plain()}, |
583 |
|
required = all, |
584 |
|
process = fun ?MODULE:process_cassandra_auth/1}, |
585 |
|
<<"tls">> => #section{items = tls_items(), |
586 |
|
wrap = {kv, ssl}, |
587 |
|
process = fun ?MODULE:process_tls_sni/1} |
588 |
|
}, |
589 |
|
format_items = map, |
590 |
|
include = always, |
591 |
|
defaults = #{<<"servers">> => [{"localhost", 9042}], |
592 |
|
<<"keyspace">> => mongooseim} |
593 |
|
}; |
594 |
|
outgoing_pool_connection(<<"elastic">>) -> |
595 |
82 |
#section{ |
596 |
|
items = #{<<"host">> => #option{type = string, |
597 |
|
validate = non_empty}, |
598 |
|
<<"port">> => #option{type = integer, |
599 |
|
validate = port} |
600 |
|
}, |
601 |
|
format_items = map, |
602 |
|
include = always, |
603 |
|
defaults = #{<<"host">> => "localhost", |
604 |
|
<<"port">> => 9200} |
605 |
|
}; |
606 |
|
outgoing_pool_connection(<<"http">>) -> |
607 |
82 |
#section{ |
608 |
|
items = #{<<"host">> => #option{type = string, |
609 |
|
validate = non_empty, |
610 |
|
wrap = {kv, server}}, |
611 |
|
<<"path_prefix">> => #option{type = string, |
612 |
|
validate = non_empty}, |
613 |
|
<<"request_timeout">> => #option{type = integer, |
614 |
|
validate = non_negative}, |
615 |
|
<<"tls">> => #section{items = tls_items(), |
616 |
|
wrap = {kv, http_opts}, |
617 |
|
process = fun ?MODULE:process_tls_sni/1} |
618 |
|
}, |
619 |
|
format_items = map, |
620 |
|
include = always, |
621 |
|
defaults = #{<<"path_prefix">> => "/", |
622 |
|
<<"request_timeout">> => 2000} |
623 |
|
}; |
624 |
|
outgoing_pool_connection(<<"ldap">>) -> |
625 |
82 |
#section{ |
626 |
|
items = #{<<"port">> => #option{type = integer, |
627 |
|
validate = port}, |
628 |
|
<<"rootdn">> => #option{type = binary}, |
629 |
|
<<"password">> => #option{type = binary}, |
630 |
|
<<"encrypt">> => #option{type = atom, |
631 |
|
validate = {enum, [none, tls]}}, |
632 |
|
<<"servers">> => #list{items = #option{type = string}}, |
633 |
|
<<"connect_interval">> => #option{type = integer, |
634 |
|
validate = positive}, |
635 |
|
<<"tls">> => #section{items = tls_items(), |
636 |
|
wrap = {kv, tls_options}, |
637 |
|
process = fun ?MODULE:process_tls_sni/1} |
638 |
|
}, |
639 |
|
format_items = map, |
640 |
|
include = always, |
641 |
|
defaults = #{<<"rootdn">> => <<>>, |
642 |
|
<<"password">> => <<>>, |
643 |
|
<<"encrypt">> => none, |
644 |
|
<<"servers">> => ["localhost"], |
645 |
|
<<"connect_interval">> => 10000} |
646 |
|
}; |
647 |
|
outgoing_pool_connection(<<"rabbit">>) -> |
648 |
82 |
#section{ |
649 |
|
items = #{<<"amqp_host">> => #option{type = string, |
650 |
|
validate = non_empty}, |
651 |
|
<<"amqp_port">> => #option{type = integer, |
652 |
|
validate = port}, |
653 |
|
<<"amqp_username">> => #option{type = binary, |
654 |
|
validate = non_empty}, |
655 |
|
<<"amqp_password">> => #option{type = binary, |
656 |
|
validate = non_empty}, |
657 |
|
<<"confirms_enabled">> => #option{type = boolean}, |
658 |
|
<<"max_worker_queue_len">> => #option{type = int_or_infinity, |
659 |
|
validate = non_negative} |
660 |
|
}, |
661 |
|
format_items = map, |
662 |
|
include = always, |
663 |
|
defaults = #{<<"confirms_enabled">> => false, |
664 |
|
<<"max_worker_queue_len">> => 1000} |
665 |
|
}; |
666 |
|
outgoing_pool_connection(<<"rdbms">>) -> |
667 |
82 |
#section{ |
668 |
|
items = #{<<"driver">> => #option{type = atom, |
669 |
|
validate = {enum, [odbc, pgsql, mysql]}}, |
670 |
|
<<"keepalive_interval">> => #option{type = integer, |
671 |
|
validate = positive}, |
672 |
|
|
673 |
|
% odbc |
674 |
|
<<"settings">> => #option{type = string}, |
675 |
|
|
676 |
|
% mysql, pgsql |
677 |
|
<<"host">> => #option{type = string, |
678 |
|
validate = non_empty}, |
679 |
|
<<"database">> => #option{type = string, |
680 |
|
validate = non_empty}, |
681 |
|
<<"username">> => #option{type = string, |
682 |
|
validate = non_empty}, |
683 |
|
<<"password">> => #option{type = string, |
684 |
|
validate = non_empty}, |
685 |
|
<<"port">> => #option{type = integer, |
686 |
|
validate = port}, |
687 |
|
<<"tls">> => sql_tls() |
688 |
|
}, |
689 |
|
process = fun ?MODULE:process_rdbms_connection/1, |
690 |
|
format_items = map |
691 |
|
}; |
692 |
|
outgoing_pool_connection(<<"redis">>) -> |
693 |
82 |
#section{ |
694 |
|
items = #{<<"host">> => #option{type = string, |
695 |
|
validate = non_empty}, |
696 |
|
<<"port">> => #option{type = integer, |
697 |
|
validate = port}, |
698 |
|
<<"database">> => #option{type = integer, |
699 |
|
validate = non_negative}, |
700 |
|
<<"password">> => #option{type = string} |
701 |
|
}, |
702 |
|
format_items = map, |
703 |
|
include = always, |
704 |
|
defaults = #{<<"host">> => "127.0.0.1", |
705 |
|
<<"port">> => 6379, |
706 |
|
<<"database">> => 0, |
707 |
|
<<"password">> => ""} |
708 |
|
}; |
709 |
|
outgoing_pool_connection(<<"riak">>) -> |
710 |
82 |
#section{ |
711 |
|
items = #{<<"address">> => #option{type = string, |
712 |
|
validate = non_empty}, |
713 |
|
<<"port">> => #option{type = integer, |
714 |
|
validate = port}, |
715 |
|
<<"credentials">> => riak_credentials(), |
716 |
|
<<"tls">> => #section{items = tls_items(), |
717 |
|
process = fun ?MODULE:process_riak_tls/1, |
718 |
|
wrap = none}}, |
719 |
|
format_items = map |
720 |
|
}. |
721 |
|
|
722 |
|
cassandra_server() -> |
723 |
82 |
#section{ |
724 |
|
items = #{<<"ip_address">> => #option{type = string, |
725 |
|
validate = non_empty}, |
726 |
|
<<"port">> => #option{type = integer, |
727 |
|
validate = port}}, |
728 |
|
required = [<<"ip_address">>], |
729 |
|
process = fun ?MODULE:process_cassandra_server/1 |
730 |
|
}. |
731 |
|
|
732 |
|
%% path: outgoing_pools.cassandra.*.connection.auth.plain |
733 |
|
cassandra_auth_plain() -> |
734 |
82 |
#section{ |
735 |
|
items = #{<<"username">> => #option{type = binary}, |
736 |
|
<<"password">> => #option{type = binary}}, |
737 |
|
required = all |
738 |
|
}. |
739 |
|
|
740 |
|
%% path: outgoing_pools.riak.*.connection.credentials |
741 |
|
riak_credentials() -> |
742 |
82 |
#section{ |
743 |
|
items = #{<<"user">> => #option{type = string, |
744 |
|
validate = non_empty}, |
745 |
|
<<"password">> => #option{type = string, |
746 |
|
validate = non_empty}}, |
747 |
|
required = all, |
748 |
|
process = fun ?MODULE:process_riak_credentials/1 |
749 |
|
}. |
750 |
|
|
751 |
|
%% path: outgoing_pools.rdbms.*.connection.tls |
752 |
|
sql_tls() -> |
753 |
82 |
Items = tls_items(), |
754 |
82 |
#section{ |
755 |
|
items = Items#{<<"required">> => #option{type = boolean}}, |
756 |
|
process = fun ?MODULE:process_tls_sni/1 |
757 |
|
}. |
758 |
|
|
759 |
|
tls_items() -> |
760 |
492 |
#{<<"verify_peer">> => #option{type = boolean, |
761 |
|
process = fun ?MODULE:process_verify_peer/1, |
762 |
|
wrap = {kv, verify}}, |
763 |
|
<<"certfile">> => #option{type = string, |
764 |
|
validate = non_empty}, |
765 |
|
<<"cacertfile">> => #option{type = string, |
766 |
|
validate = non_empty}, |
767 |
|
<<"dhfile">> => #option{type = string, |
768 |
|
validate = non_empty}, |
769 |
|
<<"keyfile">> => #option{type = string, |
770 |
|
validate = non_empty}, |
771 |
|
<<"password">> => #option{type = string}, |
772 |
|
<<"server_name_indication">> => #option{type = boolean}, |
773 |
|
<<"server_name_indication_host">> => #option{type = string, validate = non_empty}, |
774 |
|
<<"server_name_indication_protocol">> => #option{type = atom, |
775 |
|
validate = {enum, [default, https]}}, |
776 |
|
<<"ciphers">> => #option{type = string}, |
777 |
|
<<"versions">> => #list{items = #option{type = atom}} |
778 |
|
}. |
779 |
|
|
780 |
|
%% path: (host_config[].)services |
781 |
|
services() -> |
782 |
82 |
Services = [{a2b(Service), mongoose_service:config_spec(Service)} |
783 |
82 |
|| Service <- configurable_services()], |
784 |
82 |
#section{ |
785 |
|
items = maps:from_list(Services), |
786 |
|
wrap = global_config |
787 |
|
}. |
788 |
|
|
789 |
|
configurable_services() -> |
790 |
82 |
[service_admin_extra, |
791 |
|
service_mongoose_system_metrics, |
792 |
|
service_domain_db]. |
793 |
|
|
794 |
|
%% path: (host_config[].)modules |
795 |
|
modules() -> |
796 |
164 |
Modules = [{a2b(Module), gen_mod:config_spec(Module)} |
797 |
164 |
|| Module <- configurable_modules()], |
798 |
164 |
Items = maps:from_list(Modules), |
799 |
164 |
#section{ |
800 |
|
items = Items#{default => #section{items = #{}}}, |
801 |
|
validate_keys = module, |
802 |
|
format_items = map, |
803 |
|
wrap = host_config |
804 |
|
}. |
805 |
|
|
806 |
|
configurable_modules() -> |
807 |
164 |
[mod_adhoc, |
808 |
|
mod_auth_token, |
809 |
|
mod_blocking, |
810 |
|
mod_bosh, |
811 |
|
mod_cache_users, |
812 |
|
mod_caps, |
813 |
|
mod_carboncopy, |
814 |
|
mod_csi, |
815 |
|
mod_disco, |
816 |
|
mod_event_pusher, |
817 |
|
mod_extdisco, |
818 |
|
mod_global_distrib, |
819 |
|
mod_http_upload, |
820 |
|
mod_inbox, |
821 |
|
mod_jingle_sip, |
822 |
|
mod_keystore, |
823 |
|
mod_last, |
824 |
|
mod_mam_meta, |
825 |
|
mod_muc, |
826 |
|
mod_muc_light, |
827 |
|
mod_muc_log, |
828 |
|
mod_offline, |
829 |
|
mod_ping, |
830 |
|
mod_privacy, |
831 |
|
mod_private, |
832 |
|
mod_pubsub, |
833 |
|
mod_push_service_mongoosepush, |
834 |
|
mod_register, |
835 |
|
mod_roster, |
836 |
|
mod_shared_roster_ldap, |
837 |
|
mod_smart_markers, |
838 |
|
mod_sic, |
839 |
|
mod_stream_management, |
840 |
|
mod_time, |
841 |
|
mod_vcard, |
842 |
|
mod_version, |
843 |
|
mod_domain_isolation]. |
844 |
|
|
845 |
|
%% path: (host_config[].)modules.*.iqdisc |
846 |
|
iqdisc() -> |
847 |
2952 |
#section{ |
848 |
|
items = #{<<"type">> => #option{type = atom, |
849 |
|
validate = {enum, [no_queue, one_queue, parallel, queues]}}, |
850 |
|
<<"workers">> => #option{type = integer, |
851 |
|
validate = positive}}, |
852 |
|
required = [<<"type">>], |
853 |
|
process = fun ?MODULE:process_iqdisc/1 |
854 |
|
}. |
855 |
|
|
856 |
|
process_iqdisc(KVs) -> |
857 |
:-( |
{[[{type, Type}]], WorkersOpts} = proplists:split(KVs, [type]), |
858 |
:-( |
iqdisc(Type, WorkersOpts). |
859 |
|
|
860 |
:-( |
iqdisc(queues, [{workers, N}]) -> {queues, N}; |
861 |
:-( |
iqdisc(Type, []) -> Type. |
862 |
|
|
863 |
|
%% path: shaper |
864 |
|
shaper() -> |
865 |
82 |
#section{ |
866 |
|
items = #{default => |
867 |
|
#section{ |
868 |
|
items = #{<<"max_rate">> => #option{type = integer, |
869 |
|
validate = positive}}, |
870 |
|
required = all, |
871 |
|
format_items = map |
872 |
|
} |
873 |
|
}, |
874 |
|
validate_keys = non_empty, |
875 |
|
format_items = map, |
876 |
|
wrap = global_config |
877 |
|
}. |
878 |
|
|
879 |
|
%% path: (host_config[].)acl |
880 |
|
acl() -> |
881 |
164 |
#section{ |
882 |
|
items = #{default => #list{items = acl_item()}}, |
883 |
|
format_items = map, |
884 |
|
wrap = host_config |
885 |
|
}. |
886 |
|
|
887 |
|
%% path: (host_config[].)acl.*[] |
888 |
|
acl_item() -> |
889 |
164 |
Match = #option{type = atom, |
890 |
|
validate = {enum, [all, none, current_domain, any_hosted_domain]}}, |
891 |
164 |
Cond = #option{type = binary, |
892 |
|
process = fun ?MODULE:process_acl_condition/1}, |
893 |
164 |
#section{ |
894 |
|
items = #{<<"match">> => Match, |
895 |
|
<<"user">> => Cond, |
896 |
|
<<"server">> => Cond, |
897 |
|
<<"resource">> => Cond, |
898 |
|
<<"user_regexp">> => Cond, |
899 |
|
<<"server_regexp">> => Cond, |
900 |
|
<<"resource_regexp">> => Cond, |
901 |
|
<<"user_glob">> => Cond, |
902 |
|
<<"server_glob">> => Cond, |
903 |
|
<<"resource_glob">> => Cond |
904 |
|
}, |
905 |
|
defaults = #{<<"match">> => current_domain}, |
906 |
|
format_items = map |
907 |
|
}. |
908 |
|
|
909 |
|
%% path: (host_config[].)access |
910 |
|
access() -> |
911 |
164 |
#section{ |
912 |
|
items = #{default => #list{items = access_rule_item()}}, |
913 |
|
format_items = map, |
914 |
|
wrap = host_config |
915 |
|
}. |
916 |
|
|
917 |
|
%% path: (host_config[].)access.*[] |
918 |
|
access_rule_item() -> |
919 |
164 |
#section{ |
920 |
|
items = #{<<"acl">> => #option{type = atom, |
921 |
|
validate = non_empty}, |
922 |
|
<<"value">> => #option{type = int_or_atom} |
923 |
|
}, |
924 |
|
required = all, |
925 |
|
format_items = map |
926 |
|
}. |
927 |
|
|
928 |
|
%% path: (host_config[].)s2s |
929 |
|
s2s() -> |
930 |
164 |
#section{ |
931 |
|
items = #{<<"default_policy">> => #option{type = atom, |
932 |
|
validate = {enum, [allow, deny]}}, |
933 |
|
<<"host_policy">> => #list{items = s2s_host_policy(), |
934 |
|
format_items = map}, |
935 |
|
<<"use_starttls">> => #option{type = atom, |
936 |
|
validate = {enum, [false, optional, required, |
937 |
|
required_trusted]}}, |
938 |
|
<<"certfile">> => #option{type = string, |
939 |
|
validate = filename}, |
940 |
|
<<"shared">> => #option{type = binary, |
941 |
|
validate = non_empty}, |
942 |
|
<<"address">> => #list{items = s2s_address(), |
943 |
|
format_items = map}, |
944 |
|
<<"ciphers">> => #option{type = string}, |
945 |
|
<<"max_retry_delay">> => #option{type = integer, |
946 |
|
validate = positive}, |
947 |
|
<<"outgoing">> => s2s_outgoing(), |
948 |
|
<<"dns">> => s2s_dns()}, |
949 |
|
defaults = #{<<"default_policy">> => allow, |
950 |
|
<<"use_starttls">> => false, |
951 |
|
<<"ciphers">> => ejabberd_tls:default_ciphers(), |
952 |
|
<<"max_retry_delay">> => 300}, |
953 |
|
format_items = map, |
954 |
|
wrap = host_config |
955 |
|
}. |
956 |
|
|
957 |
|
%% path: (host_config[].)s2s.dns |
958 |
|
s2s_dns() -> |
959 |
164 |
#section{ |
960 |
|
items = #{<<"timeout">> => #option{type = integer, |
961 |
|
validate = positive}, |
962 |
|
<<"retries">> => #option{type = integer, |
963 |
|
validate = positive}}, |
964 |
|
format_items = map, |
965 |
|
include = always, |
966 |
|
defaults = #{<<"timeout">> => 10, |
967 |
|
<<"retries">> => 2} |
968 |
|
}. |
969 |
|
|
970 |
|
%% path: (host_config[].)s2s.outgoing |
971 |
|
s2s_outgoing() -> |
972 |
164 |
#section{ |
973 |
|
items = #{<<"port">> => #option{type = integer, |
974 |
|
validate = port}, |
975 |
|
<<"ip_versions">> => |
976 |
|
#list{items = #option{type = integer, |
977 |
|
validate = {enum, [4, 6]}}, |
978 |
|
validate = unique_non_empty}, |
979 |
|
<<"connection_timeout">> => #option{type = int_or_infinity, |
980 |
|
validate = positive} |
981 |
|
}, |
982 |
|
format_items = map, |
983 |
|
include = always, |
984 |
|
defaults = #{<<"port">> => 5269, |
985 |
|
<<"ip_versions">> => [4, 6], |
986 |
|
<<"connection_timeout">> => 10000} |
987 |
|
}. |
988 |
|
|
989 |
|
%% path: (host_config[].)s2s.host_policy[] |
990 |
|
s2s_host_policy() -> |
991 |
164 |
#section{ |
992 |
|
items = #{<<"host">> => #option{type = binary, |
993 |
|
validate = non_empty}, |
994 |
|
<<"policy">> => #option{type = atom, |
995 |
|
validate = {enum, [allow, deny]}} |
996 |
|
}, |
997 |
|
required = all, |
998 |
|
format_items = map, |
999 |
|
process = fun ?MODULE:process_s2s_host_policy/1 |
1000 |
|
}. |
1001 |
|
|
1002 |
|
%% path: (host_config[].)s2s.address[] |
1003 |
|
s2s_address() -> |
1004 |
164 |
#section{ |
1005 |
|
items = #{<<"host">> => #option{type = binary, |
1006 |
|
validate = non_empty}, |
1007 |
|
<<"ip_address">> => #option{type = string, |
1008 |
|
validate = ip_address}, |
1009 |
|
<<"port">> => #option{type = integer, |
1010 |
|
validate = port} |
1011 |
|
}, |
1012 |
|
required = [<<"host">>, <<"ip_address">>], |
1013 |
|
format_items = map, |
1014 |
|
process = fun ?MODULE:process_s2s_address/1 |
1015 |
|
}. |
1016 |
|
|
1017 |
|
%% Callbacks for 'process' |
1018 |
|
|
1019 |
|
%% Check that all auth methods and modules enabled for any host type support dynamic domains |
1020 |
|
process_root(Items) -> |
1021 |
82 |
case proplists:lookup(host_types, Items) of |
1022 |
|
{_, [_|_] = HostTypes} -> |
1023 |
73 |
HTItems = lists:filter(fun(Item) -> is_host_type_item(Item, HostTypes) end, Items), |
1024 |
73 |
case {unsupported_auth_methods(HTItems), unsupported_modules(HTItems)} of |
1025 |
|
{[], []} -> |
1026 |
73 |
Items; |
1027 |
|
{Methods, Modules} -> |
1028 |
:-( |
error(#{what => dynamic_domains_not_supported, |
1029 |
|
text => ("Dynamic modules not supported by the specified authentication " |
1030 |
|
"methods and/or extension modules"), |
1031 |
|
unsupported_auth_methods => Methods, |
1032 |
|
unsupported_modules => Modules}) |
1033 |
|
end; |
1034 |
|
_ -> |
1035 |
9 |
Items |
1036 |
|
end. |
1037 |
|
|
1038 |
|
unsupported_auth_methods(KVs) -> |
1039 |
73 |
[Method || Method <- extract_auth_methods(KVs), |
1040 |
178 |
not ejabberd_auth:does_method_support(Method, dynamic_domains)]. |
1041 |
|
|
1042 |
|
unsupported_modules(KVs) -> |
1043 |
73 |
[Module || Module <- extract_modules(KVs), |
1044 |
940 |
not gen_mod:does_module_support(Module, dynamic_domains)]. |
1045 |
|
|
1046 |
|
extract_auth_methods(KVs) -> |
1047 |
73 |
lists:usort(lists:flatmap(fun({{auth, _}, Auth}) -> maps:get(methods, Auth); |
1048 |
470 |
(_) -> [] |
1049 |
|
end, KVs)). |
1050 |
|
|
1051 |
|
extract_modules(KVs) -> |
1052 |
73 |
lists:usort(lists:flatmap(fun({{modules, _}, Modules}) -> maps:keys(Modules); |
1053 |
470 |
(_) -> [] |
1054 |
|
end, KVs)). |
1055 |
|
|
1056 |
|
is_host_type_item({{_, HostType}, _}, HostTypes) -> |
1057 |
680 |
HostType =:= global orelse lists:member(HostType, HostTypes); |
1058 |
|
is_host_type_item(_, _) -> |
1059 |
1282 |
false. |
1060 |
|
|
1061 |
|
process_ctl_access_rule(KVs) -> |
1062 |
:-( |
Commands = proplists:get_value(commands, KVs, all), |
1063 |
:-( |
ArgRestrictions = proplists:get_value(argument_restrictions, KVs, []), |
1064 |
:-( |
{Commands, ArgRestrictions}. |
1065 |
|
|
1066 |
|
process_sm_backend(Backend) -> |
1067 |
82 |
{Backend, []}. |
1068 |
|
|
1069 |
|
process_host(Host) -> |
1070 |
325 |
Node = jid:nodeprep(Host), |
1071 |
325 |
true = Node =/= error, |
1072 |
325 |
Node. |
1073 |
|
|
1074 |
|
process_general(General) -> |
1075 |
82 |
hosts_and_host_types_are_unique_and_non_empty(General), |
1076 |
82 |
General. |
1077 |
|
|
1078 |
|
hosts_and_host_types_are_unique_and_non_empty(General) -> |
1079 |
82 |
AllHostTypes = get_all_hosts_and_host_types(General), |
1080 |
82 |
true = lists:sort(AllHostTypes) =:= lists:usort(AllHostTypes), |
1081 |
82 |
true = [] =/= AllHostTypes. |
1082 |
|
|
1083 |
|
get_all_hosts_and_host_types(General) -> |
1084 |
82 |
lists:flatmap(fun({Key, Value}) when Key =:= hosts; |
1085 |
|
Key =:= host_types -> |
1086 |
164 |
Value; |
1087 |
|
(_) -> |
1088 |
1025 |
[] |
1089 |
|
end, General). |
1090 |
|
|
1091 |
:-( |
process_verify_peer(false) -> verify_none; |
1092 |
218 |
process_verify_peer(true) -> verify_peer. |
1093 |
|
|
1094 |
|
process_xmpp_tls(KVs) -> |
1095 |
130 |
Module = proplists:get_value(module, KVs, fast_tls), |
1096 |
130 |
case proplists:get_keys(KVs) -- (tls_keys(Module) ++ common_tls_keys()) of |
1097 |
130 |
[] -> strip_tls_keys(process_xmpp_tls(Module, proplists:delete(module, KVs))); |
1098 |
:-( |
ExcessKeys -> error(#{what => {unexpected_tls_options, Module, ExcessKeys}}) |
1099 |
|
end. |
1100 |
|
|
1101 |
|
tls_keys(just_tls) -> |
1102 |
19 |
[verify_mode, disconnect_on_failure, crlfiles, password, versions, |
1103 |
|
server_name_indication, server_name_indication_host, server_name_indication_protocol]; |
1104 |
|
tls_keys(fast_tls) -> |
1105 |
111 |
[protocol_options]. |
1106 |
|
|
1107 |
|
common_tls_keys() -> |
1108 |
130 |
[module, mode, verify_peer, certfile, cacertfile, dhfile, ciphers]. |
1109 |
|
|
1110 |
|
process_xmpp_tls(just_tls, KVs) -> |
1111 |
19 |
KVsWithSNI = process_tls_sni(KVs), |
1112 |
19 |
{[VM, DoF], Opts} = proplists:split(KVsWithSNI, [verify_mode, disconnect_on_failure]), |
1113 |
19 |
{External, Internal} = lists:partition(fun is_external_tls_opt/1, Opts), |
1114 |
19 |
SSLOpts = ssl_opts(verify_fun(VM, DoF) ++ Internal), |
1115 |
19 |
[{tls_module, just_tls}] ++ SSLOpts ++ External; |
1116 |
|
process_xmpp_tls(fast_tls, KVs) -> |
1117 |
111 |
process_fast_tls(KVs). |
1118 |
|
|
1119 |
|
process_fast_tls(KVs) -> |
1120 |
193 |
proplists:substitute_aliases([{cacertfile, cafile}], KVs). |
1121 |
|
|
1122 |
|
strip_tls_keys(Opts) -> |
1123 |
130 |
lists:map(fun strip_tls_key/1, Opts). |
1124 |
|
|
1125 |
130 |
strip_tls_key({mode, V}) -> V; |
1126 |
18 |
strip_tls_key({verify_peer, V}) -> V; |
1127 |
316 |
strip_tls_key(KV) -> KV. |
1128 |
|
|
1129 |
7 |
verify_fun([], []) -> []; |
1130 |
6 |
verify_fun([{verify_mode, VM}], []) -> [{verify_fun, {VM, true}}]; |
1131 |
6 |
verify_fun([{verify_mode, VM}], [{disconnect_on_failure, DoF}]) -> [{verify_fun, {VM, DoF}}]. |
1132 |
|
|
1133 |
19 |
is_external_tls_opt({mode, _}) -> true; |
1134 |
12 |
is_external_tls_opt({verify_peer, _}) -> true; |
1135 |
:-( |
is_external_tls_opt({crlfiles, _}) -> true; |
1136 |
50 |
is_external_tls_opt({_, _}) -> false. |
1137 |
|
|
1138 |
:-( |
ssl_opts([]) -> []; |
1139 |
19 |
ssl_opts(Opts) -> [{ssl_options, Opts}]. |
1140 |
|
|
1141 |
|
process_listener([item, Type | _], Opts) -> |
1142 |
957 |
mongoose_listener_config:ensure_ip_options(Opts#{module => listener_module(Type)}). |
1143 |
|
|
1144 |
574 |
listener_module(<<"http">>) -> ejabberd_cowboy; |
1145 |
162 |
listener_module(<<"c2s">>) -> ejabberd_c2s; |
1146 |
82 |
listener_module(<<"s2s">>) -> ejabberd_s2s_in; |
1147 |
139 |
listener_module(<<"service">>) -> ejabberd_service. |
1148 |
|
|
1149 |
|
process_http_handler([item, Type | _], KVs) -> |
1150 |
1558 |
{[[{host, Host}], [{path, Path}]], Opts} = proplists:split(KVs, [host, path]), |
1151 |
1558 |
HandlerOpts = process_http_handler_opts(Type, Opts), |
1152 |
1558 |
{Host, Path, binary_to_atom(Type, utf8), HandlerOpts}. |
1153 |
|
|
1154 |
|
process_http_handler_opts(<<"lasse_handler">>, [{module, Module}]) -> |
1155 |
82 |
[Module]; |
1156 |
|
process_http_handler_opts(<<"cowboy_static">>, Opts) -> |
1157 |
82 |
{[[{type, Type}], [{app, App}], [{content_path, Path}]], []} = |
1158 |
|
proplists:split(Opts, [type, app, content_path]), |
1159 |
82 |
{Type, App, Path, [{mimetypes, cow_mimetypes, all}]}; |
1160 |
|
process_http_handler_opts(<<"mongoose_api_admin">>, Opts) -> |
1161 |
82 |
{[UserOpts, PassOpts], []} = proplists:split(Opts, [username, password]), |
1162 |
82 |
case {UserOpts, PassOpts} of |
1163 |
82 |
{[], []} -> []; |
1164 |
:-( |
{[{username, User}], [{password, Pass}]} -> [{auth, {User, Pass}}] |
1165 |
|
end; |
1166 |
|
process_http_handler_opts(<<"mongoose_domain_handler">>, Opts) -> |
1167 |
82 |
{[UserOpts, PassOpts], []} = proplists:split(Opts, [username, password]), |
1168 |
82 |
case {UserOpts, PassOpts} of |
1169 |
82 |
{[], []} -> ok; |
1170 |
:-( |
{[{username, _User}], [{password, _Pass}]} -> ok; |
1171 |
:-( |
_ -> error(#{what => both_username_and_password_required, |
1172 |
|
handler => mongoose_domain_handler, opts => Opts}) |
1173 |
|
end, |
1174 |
82 |
Opts; |
1175 |
|
process_http_handler_opts(<<"mongoose_graphql_cowboy_handler">>, Opts) -> |
1176 |
164 |
{[UserOpts, PassOpts, SchemaOpts], []} = proplists:split(Opts, [username, password, schema_endpoint]), |
1177 |
164 |
case SchemaOpts of |
1178 |
:-( |
[] -> error(#{what => schema_endpoint_required, |
1179 |
|
handler => mongoose_graphql_cowboy_handler, opts => Opts}); |
1180 |
164 |
_ -> ok |
1181 |
|
end, |
1182 |
164 |
case {UserOpts, PassOpts} of |
1183 |
82 |
{[], []} -> ok; |
1184 |
82 |
{[{username, _User}], [{password, _Pass}]} -> ok; |
1185 |
:-( |
_ -> error(#{what => both_username_and_password_required, |
1186 |
|
handler => mongoose_graphql_cowboy_handler, opts => Opts}) |
1187 |
|
end, |
1188 |
164 |
Opts; |
1189 |
82 |
process_http_handler_opts(<<"cowboy_swagger_redirect_handler">>, []) -> #{}; |
1190 |
82 |
process_http_handler_opts(<<"cowboy_swagger_json_handler">>, []) -> #{}; |
1191 |
902 |
process_http_handler_opts(_, Opts) -> Opts. |
1192 |
|
|
1193 |
|
process_sasl_external(V) when V =:= standard; |
1194 |
|
V =:= common_name; |
1195 |
|
V =:= auth_id -> |
1196 |
21 |
V; |
1197 |
|
process_sasl_external(M) -> |
1198 |
3 |
mongoose_config_validator:validate(M, atom, module), |
1199 |
3 |
{mod, M}. |
1200 |
|
|
1201 |
|
process_sasl_mechanism(V) -> |
1202 |
18 |
list_to_atom("cyrsasl_" ++ atom_to_list(V)). |
1203 |
|
|
1204 |
|
process_auth(Opts = #{methods := Methods}) -> |
1205 |
:-( |
[check_auth_method(Method, Opts) || Method <- Methods], |
1206 |
:-( |
Opts; |
1207 |
|
process_auth(Opts) -> |
1208 |
219 |
MethodsFromSections = lists:filter(fun(K) -> maps:is_key(K, Opts) end, all_auth_methods()), |
1209 |
219 |
Opts#{methods => MethodsFromSections}. |
1210 |
|
|
1211 |
|
all_auth_methods() -> |
1212 |
383 |
[anonymous, dummy, external, http, internal, jwt, ldap, pki, rdbms, riak]. |
1213 |
|
|
1214 |
|
check_auth_method(Method, Opts) -> |
1215 |
:-( |
case maps:is_key(Method, Opts) of |
1216 |
:-( |
true -> ok; |
1217 |
:-( |
false -> error(#{what => missing_section_for_auth_method, auth_method => Method}) |
1218 |
|
end. |
1219 |
|
|
1220 |
|
process_pool([Tag, Type|_], AllOpts = #{scope := ScopeIn}) -> |
1221 |
246 |
Scope = pool_scope(ScopeIn, maps:get(host, AllOpts, none)), |
1222 |
246 |
Connection = maps:get(connection, AllOpts, #{}), |
1223 |
246 |
Opts = maps:without([scope, host, connection], AllOpts), |
1224 |
246 |
#{type => b2a(Type), |
1225 |
|
scope => Scope, |
1226 |
|
tag => b2a(Tag), |
1227 |
|
opts => Opts, |
1228 |
|
conn_opts => Connection}. |
1229 |
|
|
1230 |
|
pool_scope(single_host, none) -> |
1231 |
:-( |
error(#{what => pool_single_host_not_specified, |
1232 |
|
text => <<"\"host\" option is required if \"single_host\" is used.">>}); |
1233 |
:-( |
pool_scope(single_host, Host) -> Host; |
1234 |
:-( |
pool_scope(host, none) -> host; |
1235 |
246 |
pool_scope(global, none) -> global. |
1236 |
|
|
1237 |
|
process_cassandra_server(KVs) -> |
1238 |
:-( |
{[[{ip_address, IPAddr}]], Opts} = proplists:split(KVs, [ip_address]), |
1239 |
:-( |
case Opts of |
1240 |
:-( |
[] -> IPAddr; |
1241 |
:-( |
[{port, Port}] -> {IPAddr, Port} |
1242 |
|
end. |
1243 |
|
|
1244 |
|
process_cassandra_auth([{plain, KVs}]) -> |
1245 |
:-( |
{[[{username, User}], [{password, Pass}]], []} = proplists:split(KVs, [username, password]), |
1246 |
:-( |
{cqerl_auth_plain_handler, [{User, Pass}]}. |
1247 |
|
|
1248 |
|
process_rdbms_connection(Map) -> |
1249 |
:-( |
KIMap = maps:with([keepalive_interval], Map), |
1250 |
:-( |
maps:merge(KIMap, #{server => rdbms_server(Map)}). |
1251 |
|
|
1252 |
|
rdbms_server(Opts = #{driver := odbc}) -> |
1253 |
:-( |
maps:get(settings, Opts); |
1254 |
|
rdbms_server(Opts = #{host := Host, database := DB, username := User, password := Pass, driver := Driver}) -> |
1255 |
:-( |
PortOpts = maps:get(port, Opts, none), |
1256 |
:-( |
TLSOpts = maps:get(tls, Opts, none), |
1257 |
:-( |
list_to_tuple([Driver, Host] ++ db_port(PortOpts) ++ |
1258 |
|
[DB, User, Pass] ++ db_tls(Driver, TLSOpts)). |
1259 |
|
|
1260 |
:-( |
db_port(none) -> []; |
1261 |
:-( |
db_port(Port) -> [Port]. |
1262 |
|
|
1263 |
:-( |
db_tls(_, none) -> []; |
1264 |
|
db_tls(Driver, KVs) -> |
1265 |
:-( |
{[ModeOpts], Opts} = proplists:split(KVs, [required]), |
1266 |
:-( |
[ssl_mode(Driver, ModeOpts) ++ ssl_opts(Driver, Opts)]. |
1267 |
|
|
1268 |
:-( |
ssl_mode(pgsql, [{required, true}]) -> [{ssl, required}]; |
1269 |
:-( |
ssl_mode(pgsql, [{required, false}]) -> [{ssl, true}]; |
1270 |
:-( |
ssl_mode(pgsql, []) -> [{ssl, true}]; |
1271 |
:-( |
ssl_mode(mysql, []) -> []. |
1272 |
|
|
1273 |
:-( |
ssl_opts(pgsql, []) -> []; |
1274 |
:-( |
ssl_opts(pgsql, Opts) -> [{ssl_opts, Opts}]; |
1275 |
:-( |
ssl_opts(mysql, Opts) -> Opts. |
1276 |
|
|
1277 |
|
process_riak_tls(KVs) -> |
1278 |
:-( |
KVsWithSNI = process_tls_sni(KVs), |
1279 |
:-( |
{[CACertFileOpts], SSLOpts} = proplists:split(KVsWithSNI, [cacertfile]), |
1280 |
:-( |
riak_ssl(SSLOpts) ++ CACertFileOpts. |
1281 |
|
|
1282 |
:-( |
riak_ssl([]) -> []; |
1283 |
:-( |
riak_ssl(Opts) -> [{ssl_opts, Opts}]. |
1284 |
|
|
1285 |
|
process_tls_sni(KVs) -> |
1286 |
|
% the SSL library expects either the atom `disable` or a string with the SNI host |
1287 |
|
% as value for `server_name_indication` |
1288 |
347 |
SNIKeys = [server_name_indication, server_name_indication_host, server_name_indication_protocol], |
1289 |
347 |
{[SNIOpt, SNIHostOpt, SNIProtocol], SSLOpts} = proplists:split(KVs, SNIKeys), |
1290 |
347 |
case {SNIOpt, SNIHostOpt, SNIProtocol} of |
1291 |
|
{[], [], []} -> |
1292 |
347 |
SSLOpts; |
1293 |
|
{[{server_name_indication, false}], _, _} -> |
1294 |
:-( |
[{server_name_indication, disable} | SSLOpts]; |
1295 |
|
{[{server_name_indication, true}], |
1296 |
|
[{server_name_indication_host, SNIHost}], |
1297 |
|
[{server_name_indication_protocol, https}]} -> |
1298 |
:-( |
[{server_name_indication, SNIHost}, |
1299 |
|
{customize_hostname_check, [{match_fun, public_key:pkix_verify_hostname_match_fun(https)}]} |
1300 |
|
| SSLOpts]; |
1301 |
|
{[{server_name_indication, true}], |
1302 |
|
[{server_name_indication_host, SNIHost}], |
1303 |
|
_} -> |
1304 |
:-( |
[{server_name_indication, SNIHost} | SSLOpts] |
1305 |
|
end. |
1306 |
|
|
1307 |
|
process_riak_credentials(KVs) -> |
1308 |
:-( |
{[[{user, User}], [{password, Pass}]], []} = proplists:split(KVs, [user, password]), |
1309 |
:-( |
{User, Pass}. |
1310 |
|
|
1311 |
492 |
b2a(B) -> binary_to_atom(B, utf8). |
1312 |
|
|
1313 |
7954 |
a2b(A) -> atom_to_binary(A, utf8). |
1314 |
|
|
1315 |
|
wpool_strategy_values() -> |
1316 |
820 |
[best_worker, random_worker, next_worker, available_worker, next_available_worker]. |
1317 |
|
|
1318 |
|
process_acl_condition(Value) -> |
1319 |
:-( |
case jid:nodeprep(Value) of |
1320 |
:-( |
error -> error(#{what => incorrect_acl_condition_value, |
1321 |
|
text => <<"Value could not be parsed as a JID node part">>}); |
1322 |
:-( |
Node -> Node |
1323 |
|
end. |
1324 |
|
|
1325 |
|
process_s2s_host_policy(#{host := S2SHost, policy := Policy}) -> |
1326 |
:-( |
{S2SHost, Policy}. |
1327 |
|
|
1328 |
|
process_s2s_address(M) -> |
1329 |
84 |
maps:take(host, M). |
1330 |
|
|
1331 |
|
process_domain_cert(#{domain := Domain, certfile := Certfile}) -> |
1332 |
:-( |
{Domain, Certfile}. |