Add config file handling
This commit is contained in:
parent
413a6cad83
commit
ce4891af79
4 changed files with 42 additions and 15 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -1 +1,4 @@
|
|||
.vscode/*
|
||||
.venv
|
||||
log/*
|
||||
auth-mastodon.ini
|
||||
|
|
18
README.md
18
README.md
|
@ -8,11 +8,14 @@ It is used on [Chinwag Social](https://social.chinwag.org) to provide XMPP messa
|
|||
Discussion, questions and/or just saying hi in the [Chinwag Social Beergarden](xmpp:beergarden@rooms.chinwag.org?join) MUC is welcomed!
|
||||
|
||||
## Setup
|
||||
Edit the `auth-mastodon.py` file and add database connection credentials at the top. Moving this to a config file is next on the TODO list, as this makes updates an awful process. Sorry.
|
||||
Edit the `auth-mastodon.ini.default` file and add database connection credentials, and a location for the log files if desired. Rename it and place it somewhere the ejabberd user can read it.
|
||||
|
||||
I recommend not using your main Mastodon database user account for this, and instead granting SELECT privileges on the Mastodon *accounts* and *users* tables to your ejabberd user instead.
|
||||
I recommend not using your main Mastodon database user account for this, and instead granting SELECT privileges on the Mastodon *accounts* and *users* tables to your ejabberd user instead. The code here does not attempt any modification to the Mastodon tables at any point, so there's no reason to give it more than read-only rights.
|
||||
|
||||
The code here does not attempt any modification to the Mastodon tables at any point, so there's no reason to give it more than read-only rights.
|
||||
The default locaction for the ini file is `/etc/ejabberd/auth-mastodon.ini` and can be changed with a command line option if desired:
|
||||
```bash
|
||||
$ auth-mastodon.py -c /usr/local/etc/auth-mastodon.ini
|
||||
```
|
||||
|
||||
Then configure ejabberd to use `auth-mastodon.py` as an external authentication provider, as described in the [ejabberd docs](https://docs.ejabberd.im/admin/configuration/#external-script):
|
||||
|
||||
|
@ -20,9 +23,10 @@ Then configure ejabberd to use `auth-mastodon.py` as an external authentication
|
|||
auth_method: external
|
||||
extauth_program: "/path/to/auth-mastodon.py"
|
||||
```
|
||||
Startup and shutdown is handled by the ejabberd process, there's no need to handle this separately via systemd or similar. If the process is killed, ejabberd will restart it.
|
||||
|
||||
## To Do
|
||||
1. Move all database and config elements to a simple file to be stored in /etc/ejabberd or similar
|
||||
2. Verify domain part of request somehow. Maybe define a canonical domain to be used in config? Does this gain us anything at all?
|
||||
3. Better error handling. Would be good to be more descriptive in the logs, perhaps.
|
||||
4. Setup documentation is very brief, maybe include how to grant minimal permissions via pgsql.
|
||||
1. Verify domain part of request somehow. Maybe define a canonical domain to be used in config? Does this gain us anything at all?
|
||||
2. Better error handling. Would be good to be more descriptive in the logs, perhaps.
|
||||
3. Setup documentation is very brief, maybe include how to grant minimal permissions via pgsql.
|
||||
4. Reconnection handling, exiting if a query fails would be a simple way to reload if a DB upgrade occurs but we should check if we're in a restart loop or something.
|
9
auth-mastodon.ini.default
Normal file
9
auth-mastodon.ini.default
Normal file
|
@ -0,0 +1,9 @@
|
|||
[database]
|
||||
db_host = localhost
|
||||
db_port = 5432
|
||||
db_user = ejabberd
|
||||
db_pass =
|
||||
db_name = mastodon
|
||||
|
||||
[log]
|
||||
log_dir = /var/log/ejabberd/
|
|
@ -6,20 +6,30 @@ import struct
|
|||
import sys
|
||||
import time
|
||||
|
||||
import argparse
|
||||
import configparser
|
||||
import bcrypt
|
||||
import psycopg2
|
||||
|
||||
# Get config file location from command line, or default to /etc/ejabberd
|
||||
config_args = argparse.ArgumentParser()
|
||||
config_args.add_argument("-c", "--config_file", help="Config file location", type=str, default="/etc/ejabberd/auth-mastodon.ini")
|
||||
args = config_args.parse_args()
|
||||
|
||||
# Load database config from file, this is currently the only configurable item
|
||||
config_ini = configparser.ConfigParser()
|
||||
config_ini.read(args.config_file)
|
||||
|
||||
# Database connection details. The credentials here need access to the
|
||||
# Mastodon database, which "ejabberd" is unlikely to have on your system
|
||||
# by default. You shoud grant SELECT privileges to ejabberd on the
|
||||
# "accounts" and "users" tables, to play it safe, or include the
|
||||
# Mastodon DB user credentials here (don't).
|
||||
db_host = "localhost"
|
||||
db_port = 5432
|
||||
db_user = "ejabberd"
|
||||
db_pass = ""
|
||||
db_name = "mastodon"
|
||||
db_host = config_ini.get('database', 'db_host', fallback='localhost')
|
||||
db_port = config_ini.get('database', 'db_port', fallback=5432)
|
||||
db_user = config_ini.get('database', 'db_user', fallback='ejabberd')
|
||||
db_pass = config_ini.get('database', 'db_pass', fallback='')
|
||||
db_name = config_ini.get('database', 'db_name', fallback='mastodon_production')
|
||||
|
||||
# This is the query that pulls the password hash for the given user.
|
||||
# Mastodon doesn't store the domain for local accounts in the database,
|
||||
|
@ -39,11 +49,12 @@ db_query_getpass = """
|
|||
# Setup
|
||||
########################################################################
|
||||
|
||||
sys.stderr = open('/var/log/ejabberd/extauth_err.log', 'a')
|
||||
log_dir = config_ini.get('log', 'log_dir', fallback='/var/log/ejabberd')
|
||||
sys.stderr = open('%s/extauth_err.log' % log_dir, 'a')
|
||||
logging.basicConfig(
|
||||
level=logging.INFO,
|
||||
format='%(asctime)s %(levelname)s %(message)s',
|
||||
filename='/var/log/ejabberd/extauth.log',
|
||||
filename='%s/extauth.log' % log_dir,
|
||||
filemode='a',
|
||||
)
|
||||
|
||||
|
@ -62,7 +73,7 @@ try:
|
|||
database.set_session(readonly=True, autocommit=True)
|
||||
logging.debug(database.get_dsn_parameters())
|
||||
except Exception:
|
||||
logging.error("Unable to initialize database, check settings!")
|
||||
logging.error("Unable to connect to %s as %s, check configuration" % (db_name, db_user))
|
||||
time.sleep(10)
|
||||
sys.exit(1)
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue