25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00
xmpp.chapril.org-ejabberd/src/ejabberd_options.erl

821 lines
25 KiB
Erlang

%%%----------------------------------------------------------------------
%%% ejabberd, Copyright (C) 2002-2023 ProcessOne
%%%
%%% This program is free software; you can redistribute it and/or
%%% modify it under the terms of the GNU General Public License as
%%% published by the Free Software Foundation; either version 2 of the
%%% License, or (at your option) any later version.
%%%
%%% This program is distributed in the hope that it will be useful,
%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
%%% General Public License for more details.
%%%
%%% You should have received a copy of the GNU General Public License along
%%% with this program; if not, write to the Free Software Foundation, Inc.,
%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
%%%
%%%----------------------------------------------------------------------
-module(ejabberd_options).
-behaviour(ejabberd_config).
-export([opt_type/1, options/0, globals/0, doc/0]).
-ifdef(NEW_SQL_SCHEMA).
-define(USE_NEW_SQL_SCHEMA_DEFAULT, true).
-else.
-define(USE_NEW_SQL_SCHEMA_DEFAULT, false).
-endif.
-include_lib("kernel/include/inet.hrl").
%%%===================================================================
%%% API
%%%===================================================================
-spec opt_type(atom()) -> econf:validator().
opt_type(access_rules) ->
acl:validator(access_rules);
opt_type(acl) ->
acl:validator(acl);
opt_type(acme) ->
econf:options(
#{ca_url => econf:url(),
contact => econf:list_or_single(econf:binary("^[a-zA-Z]+:[^:]+$")),
auto => econf:bool(),
cert_type => econf:enum([ec, rsa])},
[unique, {return, map}]);
opt_type(allow_contrib_modules) ->
econf:bool();
opt_type(allow_multiple_connections) ->
econf:bool();
opt_type(anonymous_protocol) ->
econf:enum([sasl_anon, login_anon, both]);
opt_type(api_permissions) ->
ejabberd_access_permissions:validator();
opt_type(append_host_config) ->
opt_type(host_config);
opt_type(auth_cache_life_time) ->
econf:timeout(second, infinity);
opt_type(auth_cache_missed) ->
econf:bool();
opt_type(auth_cache_size) ->
econf:pos_int(infinity);
opt_type(auth_method) ->
econf:list_or_single(econf:db_type(ejabberd_auth));
opt_type(auth_opts) ->
fun(L) when is_list(L) ->
lists:map(
fun({host, V}) when is_binary(V) ->
{host, V};
({connection_pool_size, V}) when is_integer(V) ->
{connection_pool_size, V};
({connection_opts, V}) when is_list(V) ->
{connection_opts, V};
({basic_auth, V}) when is_binary(V) ->
{basic_auth, V};
({path_prefix, V}) when is_binary(V) ->
{path_prefix, V}
end, L)
end;
opt_type(auth_password_format) ->
econf:enum([plain, scram]);
opt_type(auth_scram_hash) ->
econf:enum([sha, sha256, sha512]);
opt_type(auth_use_cache) ->
econf:bool();
opt_type(c2s_cafile) ->
econf:file();
opt_type(c2s_ciphers) ->
fun(L) when is_list(L) ->
(econf:and_then(
econf:list(econf:binary(), [unique]),
concat_binary($:)))(L);
(B) ->
(econf:binary())(B)
end;
opt_type(c2s_dhfile) ->
econf:file();
opt_type(c2s_protocol_options) ->
econf:and_then(
econf:list(econf:binary(), [unique]),
concat_binary($|));
opt_type(c2s_tls_compression) ->
econf:bool();
opt_type(ca_file) ->
econf:pem();
opt_type(cache_life_time) ->
econf:timeout(second, infinity);
opt_type(cache_missed) ->
econf:bool();
opt_type(cache_size) ->
econf:pos_int(infinity);
opt_type(captcha_cmd) ->
econf:and_then(
econf:binary(),
fun(V) ->
V2 = misc:expand_keyword(<<"@SEMVER@">>, V,
ejabberd_option:version()),
misc:expand_keyword(<<"@VERSION">>, V2,
misc:semver_to_xxyy(ejabberd_option:version()))
end);
opt_type(captcha_host) ->
econf:binary();
opt_type(captcha_limit) ->
econf:pos_int(infinity);
opt_type(captcha_url) ->
econf:either(
econf:url(),
econf:enum([auto, undefined]));
opt_type(certfiles) ->
econf:list(econf:binary());
opt_type(cluster_backend) ->
econf:db_type(ejabberd_cluster);
opt_type(cluster_nodes) ->
econf:list(econf:atom(), [unique]);
opt_type(default_db) ->
econf:enum([mnesia, sql]);
opt_type(default_ram_db) ->
econf:enum([mnesia, sql, redis]);
opt_type(define_macro) ->
econf:any();
opt_type(disable_sasl_mechanisms) ->
econf:list_or_single(
econf:and_then(
econf:binary(),
fun str:to_upper/1));
opt_type(domain_balancing) ->
econf:map(
econf:domain(),
econf:options(
#{component_number => econf:int(2, 1000),
type => econf:enum([random, source, destination,
bare_source, bare_destination])},
[{return, map}, unique]),
[{return, map}]);
opt_type(ext_api_path_oauth) ->
econf:binary();
opt_type(ext_api_http_pool_size) ->
econf:pos_int();
opt_type(ext_api_url) ->
econf:url();
opt_type(ext_api_headers) ->
econf:binary();
opt_type(extauth_pool_name) ->
econf:binary();
opt_type(extauth_pool_size) ->
econf:pos_int();
opt_type(extauth_program) ->
econf:string();
opt_type(fqdn) ->
econf:list_or_single(econf:domain());
opt_type(hide_sensitive_log_data) ->
econf:bool();
opt_type(host_config) ->
econf:and_then(
econf:and_then(
econf:map(econf:domain(), econf:list(econf:any())),
fun econf:group_dups/1),
econf:map(
econf:enum(ejabberd_config:get_option(hosts)),
validator(),
[unique]));
opt_type(hosts) ->
econf:non_empty(econf:list(econf:domain(), [unique]));
opt_type(include_config_file) ->
econf:any();
opt_type(language) ->
econf:lang();
opt_type(ldap_backups) ->
econf:list(econf:domain(), [unique]);
opt_type(ldap_base) ->
econf:binary();
opt_type(ldap_deref_aliases) ->
econf:enum([never, searching, finding, always]);
opt_type(ldap_dn_filter) ->
econf:and_then(
econf:non_empty(
econf:map(
econf:ldap_filter(),
econf:list(econf:binary()))),
fun hd/1);
opt_type(ldap_encrypt) ->
econf:enum([tls, starttls, none]);
opt_type(ldap_filter) ->
econf:ldap_filter();
opt_type(ldap_password) ->
econf:binary();
opt_type(ldap_port) ->
econf:port();
opt_type(ldap_rootdn) ->
econf:binary();
opt_type(ldap_servers) ->
econf:list(econf:domain(), [unique]);
opt_type(ldap_tls_cacertfile) ->
econf:pem();
opt_type(ldap_tls_certfile) ->
econf:pem();
opt_type(ldap_tls_depth) ->
econf:non_neg_int();
opt_type(ldap_tls_verify) ->
econf:enum([hard, soft, false]);
opt_type(ldap_uids) ->
econf:either(
econf:list(
econf:and_then(
econf:binary(),
fun(U) -> {U, <<"%u">>} end)),
econf:map(econf:binary(), econf:binary(), [unique]));
opt_type(listen) ->
ejabberd_listener:validator();
opt_type(log_rotate_count) ->
econf:non_neg_int();
opt_type(log_rotate_size) ->
econf:pos_int(infinity);
opt_type(log_burst_limit_window_time) ->
econf:timeout(second);
opt_type(log_burst_limit_count) ->
econf:pos_int();
opt_type(log_modules_fully) ->
econf:list(econf:atom());
opt_type(loglevel) ->
fun(N) when is_integer(N) ->
(econf:and_then(
econf:int(0, 5),
fun ejabberd_logger:convert_loglevel/1))(N);
(Level) ->
(econf:enum([none, emergency, alert, critical,
error, warning, notice, info, debug]))(Level)
end;
opt_type(max_fsm_queue) ->
econf:pos_int();
opt_type(modules) ->
econf:map(econf:atom(), econf:any());
opt_type(negotiation_timeout) ->
econf:timeout(second);
opt_type(net_ticktime) ->
econf:timeout(second);
opt_type(new_sql_schema) ->
econf:bool();
opt_type(oauth_access) ->
econf:acl();
opt_type(oauth_cache_life_time) ->
econf:timeout(second, infinity);
opt_type(oauth_cache_missed) ->
econf:bool();
opt_type(oauth_cache_rest_failure_life_time) ->
econf:timeout(second, infinity);
opt_type(oauth_cache_size) ->
econf:pos_int(infinity);
opt_type(oauth_db_type) ->
econf:db_type(ejabberd_oauth);
opt_type(oauth_expire) ->
econf:timeout(second);
opt_type(oauth_use_cache) ->
econf:bool();
opt_type(oauth_client_id_check) ->
econf:enum([allow, deny, db]);
opt_type(oom_killer) ->
econf:bool();
opt_type(oom_queue) ->
econf:pos_int();
opt_type(oom_watermark) ->
econf:int(1, 99);
opt_type(outgoing_s2s_families) ->
econf:and_then(
econf:non_empty(
econf:list(econf:enum([ipv4, ipv6]), [unique])),
fun(L) ->
lists:map(
fun(ipv4) -> inet;
(ipv6) -> inet6
end, L)
end);
opt_type(outgoing_s2s_ipv4_address) ->
econf:ipv4();
opt_type(outgoing_s2s_ipv6_address) ->
econf:ipv6();
opt_type(outgoing_s2s_port) ->
econf:port();
opt_type(outgoing_s2s_timeout) ->
econf:timeout(second, infinity);
opt_type(pam_service) ->
econf:binary();
opt_type(pam_userinfotype) ->
econf:enum([username, jid]);
opt_type(pgsql_users_number_estimate) ->
econf:bool();
opt_type(queue_dir) ->
econf:directory(write);
opt_type(queue_type) ->
econf:enum([ram, file]);
opt_type(redis_connect_timeout) ->
econf:timeout(second);
opt_type(redis_db) ->
econf:non_neg_int();
opt_type(redis_password) ->
econf:string();
opt_type(redis_pool_size) ->
econf:pos_int();
opt_type(redis_port) ->
econf:port();
opt_type(redis_queue_type) ->
econf:enum([ram, file]);
opt_type(redis_server) ->
econf:string();
opt_type(registration_timeout) ->
econf:timeout(second, infinity);
opt_type(resource_conflict) ->
econf:enum([setresource, closeold, closenew, acceptnew]);
opt_type(router_cache_life_time) ->
econf:timeout(second, infinity);
opt_type(router_cache_missed) ->
econf:bool();
opt_type(router_cache_size) ->
econf:pos_int(infinity);
opt_type(router_db_type) ->
econf:db_type(ejabberd_router);
opt_type(router_use_cache) ->
econf:bool();
opt_type(rpc_timeout) ->
econf:timeout(second);
opt_type(s2s_access) ->
econf:acl();
opt_type(s2s_cafile) ->
econf:pem();
opt_type(s2s_ciphers) ->
opt_type(c2s_ciphers);
opt_type(s2s_dhfile) ->
econf:file();
opt_type(s2s_dns_retries) ->
econf:non_neg_int();
opt_type(s2s_dns_timeout) ->
econf:timeout(second, infinity);
opt_type(s2s_max_retry_delay) ->
econf:timeout(second);
opt_type(s2s_protocol_options) ->
opt_type(c2s_protocol_options);
opt_type(s2s_queue_type) ->
econf:enum([ram, file]);
opt_type(s2s_timeout) ->
econf:timeout(second, infinity);
opt_type(s2s_tls_compression) ->
econf:bool();
opt_type(s2s_use_starttls) ->
econf:either(
econf:bool(),
econf:enum([optional, required]));
opt_type(s2s_zlib) ->
econf:and_then(
econf:bool(),
fun(false) -> false;
(true) ->
ejabberd:start_app(ezlib),
true
end);
opt_type(shaper) ->
ejabberd_shaper:validator(shaper);
opt_type(shaper_rules) ->
ejabberd_shaper:validator(shaper_rules);
opt_type(sm_cache_life_time) ->
econf:timeout(second, infinity);
opt_type(sm_cache_missed) ->
econf:bool();
opt_type(sm_cache_size) ->
econf:pos_int(infinity);
opt_type(sm_db_type) ->
econf:db_type(ejabberd_sm);
opt_type(sm_use_cache) ->
econf:bool();
opt_type(sql_connect_timeout) ->
econf:timeout(second);
opt_type(sql_database) ->
econf:binary();
opt_type(sql_keepalive_interval) ->
econf:timeout(second);
opt_type(sql_password) ->
econf:binary();
opt_type(sql_odbc_driver) ->
econf:binary();
opt_type(sql_pool_size) ->
econf:pos_int();
opt_type(sql_port) ->
econf:port();
opt_type(sql_query_timeout) ->
econf:timeout(second);
opt_type(sql_queue_type) ->
econf:enum([ram, file]);
opt_type(sql_server) ->
econf:binary();
opt_type(sql_ssl) ->
econf:bool();
opt_type(sql_ssl_cafile) ->
econf:pem();
opt_type(sql_ssl_certfile) ->
econf:pem();
opt_type(sql_ssl_verify) ->
econf:bool();
opt_type(sql_start_interval) ->
econf:timeout(second);
opt_type(sql_type) ->
econf:enum([mysql, pgsql, sqlite, mssql, odbc]);
opt_type(sql_username) ->
econf:binary();
opt_type(sql_prepared_statements) ->
econf:bool();
opt_type(trusted_proxies) ->
econf:either(all, econf:list(econf:ip_mask()));
opt_type(use_cache) ->
econf:bool();
opt_type(validate_stream) ->
econf:bool();
opt_type(version) ->
econf:binary();
opt_type(websocket_origin) ->
econf:list(
econf:and_then(
econf:and_then(
econf:binary_sep("\\s+"),
econf:list(econf:url(), [unique])),
fun(L) -> str:join(L, <<" ">>) end),
[unique]);
opt_type(websocket_ping_interval) ->
econf:timeout(second);
opt_type(websocket_timeout) ->
econf:timeout(second);
opt_type(jwt_key) ->
econf:and_then(
econf:path(),
fun(Path) ->
case file:read_file(Path) of
{ok, Data} ->
try jose_jwk:from_binary(Data) of
{error, _} -> econf:fail({bad_jwt_key, Path});
JWK ->
case jose_jwk:to_map(JWK) of
{_, #{<<"keys">> := [Key]}} ->
jose_jwk:from_map(Key);
{_, #{<<"keys">> := [_|_]}} ->
econf:fail({bad_jwt_key_set, Path});
{_, #{<<"keys">> := _}} ->
econf:fail({bad_jwt_key, Path});
_ ->
JWK
end
catch _:_ ->
econf:fail({bad_jwt_key, Path})
end;
{error, Reason} ->
econf:fail({read_file, Reason, Path})
end
end);
opt_type(jwt_jid_field) ->
econf:binary();
opt_type(jwt_auth_only_rule) ->
econf:atom().
%% We only define the types of options that cannot be derived
%% automatically by tools/opt_type.sh script
-spec options() -> [{s2s_protocol_options, undefined | binary()} |
{c2s_protocol_options, undefined | binary()} |
{s2s_ciphers, undefined | binary()} |
{c2s_ciphers, undefined | binary()} |
{websocket_origin, [binary()]} |
{disable_sasl_mechanisms, [binary()]} |
{s2s_zlib, boolean()} |
{loglevel, ejabberd_logger:loglevel()} |
{auth_opts, [{any(), any()}]} |
{listen, [ejabberd_listener:listener()]} |
{modules, [{module(), gen_mod:opts(), integer()}]} |
{ldap_uids, [{binary(), binary()}]} |
{ldap_dn_filter, {binary(), [binary()]}} |
{outgoing_s2s_families, [inet | inet6, ...]} |
{acl, [{atom(), [acl:acl_rule()]}]} |
{access_rules, [{atom(), acl:access()}]} |
{shaper, #{atom() => ejabberd_shaper:shaper_rate()}} |
{shaper_rules, [{atom(), [ejabberd_shaper:shaper_rule()]}]} |
{api_permissions, [ejabberd_access_permissions:permission()]} |
{jwt_key, jose_jwk:key() | undefined} |
{append_host_config, [{binary(), any()}]} |
{host_config, [{binary(), any()}]} |
{define_macro, any()} |
{include_config_file, any()} |
{atom(), any()}].
options() ->
[%% Top-priority options
hosts,
{loglevel, info},
{cache_life_time, timer:seconds(3600)},
{cache_missed, true},
{cache_size, 1000},
{use_cache, true},
{default_db, mnesia},
{default_ram_db, mnesia},
{queue_type, ram},
{version, ejabberd_config:version()},
%% Other options
{acl, []},
{access_rules, []},
{acme, #{}},
{allow_contrib_modules, true},
{allow_multiple_connections, false},
{anonymous_protocol, sasl_anon},
{api_permissions,
[{<<"admin access">>,
{[],
[{acl, admin},
{oauth, {[<<"ejabberd:admin">>], [{acl, admin}]}}],
{all, [start, stop]}}}]},
{append_host_config, []},
{auth_cache_life_time,
fun(Host) -> ejabberd_config:get_option({cache_life_time, Host}) end},
{auth_cache_missed,
fun(Host) -> ejabberd_config:get_option({cache_missed, Host}) end},
{auth_cache_size,
fun(Host) -> ejabberd_config:get_option({cache_size, Host}) end},
{auth_method,
fun(Host) -> [ejabberd_config:default_db(Host, ejabberd_auth)] end},
{auth_opts, []},
{auth_password_format, plain},
{auth_scram_hash, sha},
{auth_use_cache,
fun(Host) -> ejabberd_config:get_option({use_cache, Host}) end},
{c2s_cafile, undefined},
{c2s_ciphers, undefined},
{c2s_dhfile, undefined},
{c2s_protocol_options, undefined},
{c2s_tls_compression, undefined},
{ca_file, iolist_to_binary(pkix:get_cafile())},
{captcha_cmd, undefined},
{captcha_host, <<"">>},
{captcha_limit, infinity},
{captcha_url, auto},
{certfiles, undefined},
{cluster_backend, mnesia},
{cluster_nodes, []},
{define_macro, []},
{disable_sasl_mechanisms, []},
{domain_balancing, #{}},
{ext_api_headers, <<>>},
{ext_api_http_pool_size, 100},
{ext_api_path_oauth, <<"/oauth">>},
{ext_api_url, <<"http://localhost/api">>},
{extauth_pool_name, undefined},
{extauth_pool_size, undefined},
{extauth_program, undefined},
{fqdn, fun fqdn/1},
{hide_sensitive_log_data, false},
{host_config, []},
{include_config_file, []},
{language, <<"en">>},
{ldap_backups, []},
{ldap_base, <<"">>},
{ldap_deref_aliases, never},
{ldap_dn_filter, {undefined, []}},
{ldap_encrypt, none},
{ldap_filter, <<"">>},
{ldap_password, <<"">>},
{ldap_port,
fun(Host) ->
case ejabberd_config:get_option({ldap_encrypt, Host}) of
tls -> 636;
_ -> 389
end
end},
{ldap_rootdn, <<"">>},
{ldap_servers, [<<"localhost">>]},
{ldap_tls_cacertfile, undefined},
{ldap_tls_certfile, undefined},
{ldap_tls_depth, undefined},
{ldap_tls_verify, false},
{ldap_uids, [{<<"uid">>, <<"%u">>}]},
{listen, []},
{log_rotate_count, 1},
{log_rotate_size, 10*1024*1024},
{log_burst_limit_window_time, timer:seconds(1)},
{log_burst_limit_count, 500},
{log_modules_fully, []},
{max_fsm_queue, undefined},
{modules, []},
{negotiation_timeout, timer:seconds(30)},
{net_ticktime, timer:seconds(60)},
{new_sql_schema, ?USE_NEW_SQL_SCHEMA_DEFAULT},
{oauth_access, none},
{oauth_cache_life_time,
fun(Host) -> ejabberd_config:get_option({cache_life_time, Host}) end},
{oauth_cache_missed,
fun(Host) -> ejabberd_config:get_option({cache_missed, Host}) end},
{oauth_cache_size,
fun(Host) -> ejabberd_config:get_option({cache_size, Host}) end},
{oauth_cache_rest_failure_life_time, infinity},
{oauth_db_type,
fun(Host) -> ejabberd_config:default_db(Host, ejabberd_oauth) end},
{oauth_expire, 4294967},
{oauth_use_cache,
fun(Host) -> ejabberd_config:get_option({use_cache, Host}) end},
{oauth_client_id_check, allow},
{oom_killer, true},
{oom_queue, 10000},
{oom_watermark, 80},
{outgoing_s2s_families, [inet6, inet]},
{outgoing_s2s_ipv4_address, undefined},
{outgoing_s2s_ipv6_address, undefined},
{outgoing_s2s_port, 5269},
{outgoing_s2s_timeout, timer:seconds(10)},
{pam_service, <<"ejabberd">>},
{pam_userinfotype, username},
{pgsql_users_number_estimate, false},
{queue_dir, undefined},
{redis_connect_timeout, timer:seconds(1)},
{redis_db, 0},
{redis_password, ""},
{redis_pool_size, 10},
{redis_port, 6379},
{redis_queue_type,
fun(Host) -> ejabberd_config:get_option({queue_type, Host}) end},
{redis_server, "localhost"},
{registration_timeout, timer:seconds(600)},
{resource_conflict, acceptnew},
{router_cache_life_time,
fun(Host) -> ejabberd_config:get_option({cache_life_time, Host}) end},
{router_cache_missed,
fun(Host) -> ejabberd_config:get_option({cache_missed, Host}) end},
{router_cache_size,
fun(Host) -> ejabberd_config:get_option({cache_size, Host}) end},
{router_db_type,
fun(Host) -> ejabberd_config:default_ram_db(Host, ejabberd_router) end},
{router_use_cache,
fun(Host) -> ejabberd_config:get_option({use_cache, Host}) end},
{rpc_timeout, timer:seconds(5)},
{s2s_access, all},
{s2s_cafile, undefined},
{s2s_ciphers, undefined},
{s2s_dhfile, undefined},
{s2s_dns_retries, 2},
{s2s_dns_timeout, timer:seconds(10)},
{s2s_max_retry_delay, timer:seconds(300)},
{s2s_protocol_options, undefined},
{s2s_queue_type,
fun(Host) -> ejabberd_config:get_option({queue_type, Host}) end},
{s2s_timeout, timer:hours(1)},
{s2s_tls_compression, undefined},
{s2s_use_starttls, false},
{s2s_zlib, false},
{shaper, #{}},
{shaper_rules, []},
{sm_cache_life_time,
fun(Host) -> ejabberd_config:get_option({cache_life_time, Host}) end},
{sm_cache_missed,
fun(Host) -> ejabberd_config:get_option({cache_missed, Host}) end},
{sm_cache_size,
fun(Host) -> ejabberd_config:get_option({cache_size, Host}) end},
{sm_db_type,
fun(Host) -> ejabberd_config:default_ram_db(Host, ejabberd_sm) end},
{sm_use_cache,
fun(Host) -> ejabberd_config:get_option({use_cache, Host}) end},
{sql_type, odbc},
{sql_connect_timeout, timer:seconds(5)},
{sql_database, undefined},
{sql_keepalive_interval, undefined},
{sql_password, <<"">>},
{sql_odbc_driver, <<"libtdsodbc.so">>}, % default is FreeTDS driver
{sql_pool_size,
fun(Host) ->
case ejabberd_config:get_option({sql_type, Host}) of
sqlite -> 1;
_ -> 10
end
end},
{sql_port,
fun(Host) ->
case ejabberd_config:get_option({sql_type, Host}) of
mssql -> 1433;
mysql -> 3306;
pgsql -> 5432;
_ -> undefined
end
end},
{sql_query_timeout, timer:seconds(60)},
{sql_queue_type,
fun(Host) -> ejabberd_config:get_option({queue_type, Host}) end},
{sql_server, <<"localhost">>},
{sql_ssl, false},
{sql_ssl_cafile, undefined},
{sql_ssl_certfile, undefined},
{sql_ssl_verify, false},
{sql_start_interval, timer:seconds(30)},
{sql_username, <<"ejabberd">>},
{sql_prepared_statements, true},
{trusted_proxies, []},
{validate_stream, false},
{websocket_origin, []},
{websocket_ping_interval, timer:seconds(60)},
{websocket_timeout, timer:minutes(5)},
{jwt_key, undefined},
{jwt_jid_field, <<"jid">>},
{jwt_auth_only_rule, none}].
-spec globals() -> [atom()].
globals() ->
[acme,
allow_contrib_modules,
api_permissions,
append_host_config,
auth_cache_life_time,
auth_cache_missed,
auth_cache_size,
ca_file,
captcha_cmd,
captcha_host,
captcha_limit,
captcha_url,
certfiles,
cluster_backend,
cluster_nodes,
domain_balancing,
ext_api_path_oauth,
fqdn,
hosts,
host_config,
listen,
loglevel,
log_rotate_count,
log_rotate_size,
log_burst_limit_count,
log_burst_limit_window_time,
log_modules_fully,
negotiation_timeout,
net_ticktime,
new_sql_schema,
node_start,
oauth_cache_life_time,
oauth_cache_missed,
oauth_cache_size,
oauth_cache_rest_failure_life_time,
oauth_db_type,
oauth_expire,
oauth_use_cache,
oom_killer,
oom_queue,
oom_watermark,
queue_dir,
redis_connect_timeout,
redis_db,
redis_password,
redis_pool_size,
redis_port,
redis_queue_type,
redis_server,
registration_timeout,
router_cache_life_time,
router_cache_missed,
router_cache_size,
router_db_type,
router_use_cache,
rpc_timeout,
s2s_max_retry_delay,
shaper,
sm_cache_life_time,
sm_cache_missed,
sm_cache_size,
trusted_proxies,
validate_stream,
version,
websocket_origin,
websocket_ping_interval,
websocket_timeout].
doc() ->
ejabberd_options_doc:doc().
%%%===================================================================
%%% Internal functions
%%%===================================================================
-spec validator() -> econf:validator().
validator() ->
Disallowed = ejabberd_config:globals(),
{Validators, Required} = ejabberd_config:validators(Disallowed),
econf:and_then(
fun econf:group_dups/1,
econf:options(
Validators,
[{disallowed, Required ++ Disallowed}, unique])).
-spec fqdn(global | binary()) -> [binary()].
fqdn(global) ->
{ok, Hostname} = inet:gethostname(),
case inet:gethostbyname(Hostname) of
{ok, #hostent{h_name = FQDN}} ->
case jid:nameprep(iolist_to_binary(FQDN)) of
error -> [];
Domain -> [Domain]
end;
{error, _} ->
[]
end;
fqdn(_) ->
ejabberd_config:get_option(fqdn).
-spec concat_binary(char()) -> fun(([binary()]) -> binary()).
concat_binary(C) ->
fun(Opts) -> str:join(Opts, <<C>>) end.