view docker/prosody-e2e/prosody.cfg.lua @ 4212:5f2d496c633f

core: get rid of `pickle`: Use of `pickle` to serialise data was a technical legacy that was causing trouble to store in database, to update (if a class was serialised, a change could break update), and to security (pickle can lead to code execution). This patch remove all use of Pickle in favour in JSON, notably: - for caching data, a Pydantic model is now used instead - for SQLAlchemy model, the LegacyPickle is replaced by JSON serialisation - in XEP-0373 a class `PublicKeyMetadata` was serialised. New method `from_dict` and `to_dict` method have been implemented to do serialisation. - new methods to (de)serialise data can now be specified with Identity data types. It is notably used to (de)serialise `path` of avatars. A migration script has been created to convert data (for upgrade or downgrade), with special care for XEP-0373 case. Depending of size of database, this migration script can be long to run. rel 443
author Goffi <goffi@goffi.org>
date Fri, 23 Feb 2024 13:31:04 +0100
parents 22cd3094cd1e
children
line wrap: on
line source

-- Prosody XMPP Server Configuration
-- Adapted for SàT e2e tests

local socket = require "socket"

daemonize = false;
admins = { }

plugin_paths = { "/usr/local/share/prosody/modules" }

modules_enabled = {
	"admin_adhoc";
	"blocklist";
	"carbons";
	"csi";
	"csi_simple";
	"delegation";
	"dialback";
	"disco";
	"mam";
	"pep";
	"ping";
	"private";
	"privilege";
	"register";
	"roster";
	"saslauth";
	"smacks";
	"time";
	"tls";
	"uptime";
	"vcard4";
	"vcard_legacy";
	"version";
	"ipcheck";
}

modules_disabled = {
}

allow_registration = true
registration_whitelist = { socket.dns.toip("backend") }
whitelist_registration_only = true

c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = false

pidfile = "/var/run/prosody/prosody.pid"

authentication = "internal_hashed"

archive_expires_after = "1d"

log = {
    {levels = {min = "info"}, to = "console"};
}

certificates = "certs"

ssl = {
	key = "/usr/share/libervia/certificates/server1.test-key.pem";
	certificate = "/usr/share/libervia/certificates/server1.test.pem";
}

component_interface = "*"

VirtualHost "server1.test"
	privileged_entities = {
		["pubsub.server1.test"] = {
			roster = "get";
			message = "outgoing";
			presence = "roster";
			iq = {
				["http://jabber.org/protocol/pubsub"] = "set";
			};
		},
	}

	delegations = {
		["urn:xmpp:mam:2"] = {
			filtering = {"node"};
			jid = "pubsub.server1.test";
		},
		["http://jabber.org/protocol/pubsub"] = {
			jid = "pubsub.server1.test";
		},
		["http://jabber.org/protocol/pubsub#owner"] = {
			jid = "pubsub.server1.test";
		},
		["https://salut-a-toi/protocol/schema:0"] = {
			jid = "pubsub.server1.test";
		},
		["https://salut-a-toi.org/spec/pubsub_admin:0"] = {
			jid = "pubsub.server1.test";
		},
		["urn:xmpp:pam:0"] = {
			jid = "pubsub.server1.test";
		},
		["urn:xmpp:delegation:2:bare:disco#info:*"] = {
			jid = "pubsub.server1.test";
		},
		["urn:xmpp:delegation:2:bare:disco#items:*"] = {
			jid = "pubsub.server1.test";
		},
	}

VirtualHost "server2.test"

VirtualHost "server3.test"

Component "chat.server1.test" "muc"
 	modules_enabled = {
 		"muc_mam";
 		"vcard";
 	}

Component "pubsub.server1.test"
	component_secret = "test_e2e"
	modules_enabled = {"privilege", "delegation"}

Component "proxy.server1.test" "proxy65"

Component "files.server1.test"
	component_secret = "test_e2e"