root/F7_recording
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Вендоринг исходников nextcloud-talk-recording в opt/f7cloud-talk-recording-src и уточнение apt-установки

Browse Source
This commit is contained in:
root 2026-03-11 11:28:07 +00:00
parent f1cc04e550
commit cd2a175063
65 changed files with 6258 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
install.sh
View File

@ -34,23 +34,26 @@ if ! command -v ffmpeg >/dev/null 2>&1; then
fi fi
# Пытаемся доустановить Python 3.12, xvfb и ffmpeg через apt, если их нет # Пытаемся доустановить Python 3.12, xvfb и ffmpeg через apt, если их нет
PKGS="" if [ "$NEED_PYTHON" -eq 1 ] || [ "$NEED_XVFB" -eq 1 ] || [ "$NEED_FFMPEG" -eq 1 ]; then
if [ "$NEED_PYTHON" -eq 1 ]; then echo "Не все зависимости найдены. Попытка установки через apt-get."
PKGS="$PKGS python3.12 python3.12-venv" apt-get update -qq || echo "Предупреждение: apt-get update завершился с ошибкой, продолжаю попытку установки пакетов." >&2
fi
if [ "$NEED_XVFB" -eq 1 ]; then
PKGS="$PKGS xvfb"
fi
if [ "$NEED_FFMPEG" -eq 1 ]; then
PKGS="$PKGS ffmpeg"
fi
if [ -n "$PKGS" ]; then if [ "$NEED_PYTHON" -eq 1 ]; then
echo "Не все зависимости найдены. Попытка установки через apt-get:$PKGS" echo "Установка Python 3.12: apt-get install -y python3.12"
if apt-get update -qq && apt-get install -y $PKGS; then apt-get install -y python3.12 || echo "Не удалось установить python3.12 через apt-get." >&2
echo "apt-get успешно установил недостающие пакеты (если они были доступны)."
else echo "Установка python3.12-venv: apt-get install -y python3.12-venv"
echo "Не удалось установить часть системных пакетов через apt-get. Проверьте конфигурацию репозиториев." >&2 apt-get install -y python3.12-venv || echo "Не удалось установить python3.12-venv через apt-get." >&2
fi
if [ "$NEED_XVFB" -eq 1 ]; then
echo "Установка Xvfb: apt-get install -y xvfb"
apt-get install -y xvfb || echo "Не удалось установить xvfb через apt-get." >&2
fi
if [ "$NEED_FFMPEG" -eq 1 ]; then
echo "Установка ffmpeg: apt-get install -y ffmpeg"
apt-get install -y ffmpeg || echo "Не удалось установить ffmpeg через apt-get." >&2
fi fi
# Перепроверяем наличие после apt-get # Перепроверяем наличие после apt-get

1
opt/f7cloud-talk-recording-src

@ -1 +0,0 @@
Subproject commit e9d533c4855135c9ab3e0eb5c0a2351f564f5c97

3
opt/f7cloud-talk-recording-src/.github/CODEOWNERS vendored Normal file
View File

@ -0,0 +1,3 @@
# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
* @danxuliu

15
opt/f7cloud-talk-recording-src/.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,15 @@
# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
version: 2
updates:
# GitHub Actions
- package-ecosystem: "github-actions"
directory: ".github/workflows"
commit-message:
prefix: "ci"
include: "scope"
schedule:
interval: weekly
day: saturday
time: "03:00"
timezone: Europe/Berlin

47
opt/f7cloud-talk-recording-src/.github/workflows/lint-python.yml vendored Normal file
View File

@ -0,0 +1,47 @@
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
name: Lint
on:
pull_request:
push:
branches:
- main
permissions:
checks: write
contents: write
concurrency:
group: lint-python-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
run-python-lint:
runs-on: ubuntu-latest
strategy:
matrix:
python-versions: [ '3.8', '3.11' ]
name: run-python-lint
steps:
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Set up Python ${{ matrix.python-versions }}
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
with:
python-version: ${{ matrix.python-versions }}
- name: Install Python dependencies
run: |
python -m pip install --editable .[dev]
- name: Lint
uses: wearerequired/lint-action@548d8a7c4b04d3553d32ed5b6e91eb171e10e7bb # v2.3.0
with:
check_name: ${linter} (${{ matrix.python-versions }})
pylint: true

44
opt/f7cloud-talk-recording-src/.github/workflows/pytest.yml vendored Normal file
View File

@ -0,0 +1,44 @@
# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
name: pytest
on:
pull_request:
push:
branches:
- main
permissions:
contents: read
concurrency:
group: pytest-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
pytest:
runs-on: ubuntu-latest
strategy:
matrix:
python-versions: [ '3.8', '3.11' ]
name: pytest
steps:
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Set up Python ${{ matrix.python-versions }}
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
with:
python-version: ${{ matrix.python-versions }}
- name: Install Python dependencies
run: |
python -m pip install --editable .[dev]
- name: Test with pytest
run: |
python -m pytest tests

27
opt/f7cloud-talk-recording-src/.github/workflows/reuse.yml vendored Normal file
View File

@ -0,0 +1,27 @@
# This workflow is provided via the organization template repository
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
# SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. <https://fsfe.org>
#
# SPDX-License-Identifier: CC0-1.0
name: REUSE Compliance Check
on: [pull_request]
permissions:
contents: read
jobs:
reuse-compliance-check:
runs-on: ubuntu-latest-low
steps:
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: REUSE Compliance Check
uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6.0.0

10
opt/f7cloud-talk-recording-src/AUTHORS.md Normal file
View File

@ -0,0 +1,10 @@
<!--
- SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Authors
- Andy Scherzinger <info@andy-scherzinger.de>
- Cedric Bös <cedric.boes@online.de>
- Daniel Calviño Sánchez <danxuliu@gmail.com>
- Elmer Miroslav Mosher Golovin <miroslav@mishamosher.com>

31
opt/f7cloud-talk-recording-src/CHANGELOG.md Normal file
View File

@ -0,0 +1,31 @@
<!--
- SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Changelog
All notable changes to this project will be documented in this file.
## [0.2.1] - 2025-11-13
### Fixed
- Fix minimum required version of Selenium [#67](https://github.com/nextcloud/nextcloud-talk-recording/pull/67)
- Fix issues in packages of Selenium and requests introduced in 0.2.0 [#66](https://github.com/nextcloud/nextcloud-talk-recording/pull/66) [#69](https://github.com/nextcloud/nextcloud-talk-recording/pull/69)
## [0.2.0] - 2025-10-13
### Added
- Add trusted proxies configuration to log the "real" IP of clients [#26](https://github.com/nextcloud/nextcloud-talk-recording/pull/26)
- Add Prometheus stats [#27](https://github.com/nextcloud/nextcloud-talk-recording/pull/27) [#56](https://github.com/nextcloud/nextcloud-talk-recording/pull/56)
- Add support for specifying Selenium driver and browser executable [#33](https://github.com/nextcloud/nextcloud-talk-recording/pull/33)
- Add configuration options for ffmpeg inputs [#57](https://github.com/nextcloud/nextcloud-talk-recording/pull/57)
- Add argument to overwrite the benchmark output file [#58](https://github.com/nextcloud/nextcloud-talk-recording/pull/58)
- Show frames dropped by ffplay in benchmark summary [#59](https://github.com/nextcloud/nextcloud-talk-recording/pull/59)
### Fixed
- Remove unneeded, and sometimes problematic, visit to main Nextcloud server page [#28](https://github.com/nextcloud/nextcloud-talk-recording/pull/28)
- Fix error printed to the log when running benchmark in extra verbose mode [#61](https://github.com/nextcloud/nextcloud-talk-recording/pull/61)
## [0.1.0] - 2023-10-23
- Initial version

661
opt/f7cloud-talk-recording-src/LICENSE.txt Normal file
View File

@ -0,0 +1,661 @@
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU Affero General Public License is a free, copyleft license for
software and other kinds of works, specifically designed to ensure
cooperation with the community in the case of network server software.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
our General Public Licenses are intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
Developers that use our General Public Licenses protect your rights
with two steps: (1) assert copyright on the software, and (2) offer
you this License which gives you legal permission to copy, distribute
and/or modify the software.
A secondary benefit of defending all users' freedom is that
improvements made in alternate versions of the program, if they
receive widespread use, become available for other developers to
incorporate. Many developers of free software are heartened and
encouraged by the resulting cooperation. However, in the case of
software used on network servers, this result may fail to come about.
The GNU General Public License permits making a modified version and
letting the public access it on a server without ever releasing its
source code to the public.
The GNU Affero General Public License is designed specifically to
ensure that, in such cases, the modified source code becomes available
to the community. It requires the operator of a network server to
provide the source code of the modified version running there to the
users of that server. Therefore, public use of a modified version, on
a publicly accessible server, gives the public access to the source
code of the modified version.
An older license, called the Affero General Public License and
published by Affero, was designed to accomplish similar goals. This is
a different license, not a version of the Affero GPL, but Affero has
released a new version of the Affero GPL which permits relicensing under
this license.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU Affero General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the work with which it is combined will remain governed by version
3 of the GNU General Public License.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU Affero General Public License from time to time. Such new versions
will be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU Affero General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU Affero General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU Affero General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer
network, you should also make sure that it provides a way for users to
get its source. For example, if your program is a web application, its
interface could display a "Source" link that leads users to an archive
of the code. There are many ways you could offer source, and different
solutions will be better for different programs; see section 13 for the
specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU AGPL, see
<https://www.gnu.org/licenses/>.

235
opt/f7cloud-talk-recording-src/LICENSES/AGPL-3.0-or-later.txt Normal file
View File

@ -0,0 +1,235 @@
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Preamble
The GNU Affero General Public License is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software.
The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, our General Public Licenses are intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things.
Developers that use our General Public Licenses protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License which gives you legal permission to copy, distribute and/or modify the software.
A secondary benefit of defending all users' freedom is that improvements made in alternate versions of the program, if they receive widespread use, become available for other developers to incorporate. Many developers of free software are heartened and encouraged by the resulting cooperation. However, in the case of software used on network servers, this result may fail to come about. The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public.
The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version.
An older license, called the Affero General Public License and published by Affero, was designed to accomplish similar goals. This is a different license, not a version of the Affero GPL, but Affero has released a new version of the Affero GPL which permits relicensing under this license.
The precise terms and conditions for copying, distribution and modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU Affero General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based on the Program.
To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work.
A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source.
The Corresponding Source for a work in source code form is that same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures.
When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified it, and giving a relevant date.
b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices".
c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so.
A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways:
a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b.
d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d.
A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product.
"Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made.
If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM).
The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or authors of the material; or
e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors.
All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11).
However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.
Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party.
If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it.
A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program.
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.
Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU General Public License.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of the GNU Affero General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU Affero General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU Affero General Public License, you may choose any version ever published by the Free Software Foundation.
If the Program specifies that a proxy can decide which future versions of the GNU Affero General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program.
Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer network, you should also make sure that it provides a way for users to get its source. For example, if your program is a web application, its interface could display a "Source" link that leads users to an archive of the code. There are many ways you could offer source, and different solutions will be better for different programs; see section 13 for the specific requirements.
You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see <http://www.gnu.org/licenses/>.

73
opt/f7cloud-talk-recording-src/LICENSES/Apache-2.0.txt Normal file
View File

@ -0,0 +1,73 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

121
opt/f7cloud-talk-recording-src/LICENSES/CC0-1.0.txt Normal file
View File

@ -0,0 +1,121 @@
Creative Commons Legal Code
CC0 1.0 Universal
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
HEREUNDER.
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer
exclusive Copyright and Related Rights (defined below) upon the creator
and subsequent owner(s) (each and all, an "owner") of an original work of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for
the purpose of contributing to a commons of creative, cultural and
scientific works ("Commons") that the public can reliably and without fear
of later claims of infringement build upon, modify, incorporate in other
works, reuse and redistribute as freely as possible in any form whatsoever
and for any purposes, including without limitation commercial purposes.
These owners may contribute to the Commons to promote the ideal of a free
culture and the further production of creative, cultural and scientific
works, or to gain reputation or greater distribution for their Work in
part through the use and efforts of others.
For these and/or other purposes and motivations, and without any
expectation of additional consideration or compensation, the person
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
is an owner of Copyright and Related Rights in the Work, voluntarily
elects to apply CC0 to the Work and publicly distribute the Work under its
terms, with knowledge of his or her Copyright and Related Rights in the
Work and the meaning and intended legal effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not
limited to, the following:
i. the right to reproduce, adapt, distribute, perform, display,
communicate, and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or
likeness depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data
in a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation
thereof, including any amended or successor version of such
directive); and
vii. other similar, equivalent or corresponding rights throughout the
world based on applicable law or treaty, and any national
implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention
of, applicable law, Affirmer hereby overtly, fully, permanently,
irrevocably and unconditionally waives, abandons, and surrenders all of
Affirmer's Copyright and Related Rights and associated claims and causes
of action, whether now known or unknown (including existing as well as
future claims and causes of action), in the Work (i) in all territories
worldwide, (ii) for the maximum duration provided by applicable law or
treaty (including future time extensions), (iii) in any current or future
medium and for any number of copies, and (iv) for any purpose whatsoever,
including without limitation commercial, advertising or promotional
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
member of the public at large and to the detriment of Affirmer's heirs and
successors, fully intending that such Waiver shall not be subject to
revocation, rescission, cancellation, termination, or any other legal or
equitable action to disrupt the quiet enjoyment of the Work by the public
as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for any reason
be judged legally invalid or ineffective under applicable law, then the
Waiver shall be preserved to the maximum extent permitted taking into
account Affirmer's express Statement of Purpose. In addition, to the
extent the Waiver is so judged Affirmer hereby grants to each affected
person a royalty-free, non transferable, non sublicensable, non exclusive,
irrevocable and unconditional license to exercise Affirmer's Copyright and
Related Rights in the Work (i) in all territories worldwide, (ii) for the
maximum duration provided by applicable law or treaty (including future
time extensions), (iii) in any current or future medium and for any number
of copies, and (iv) for any purpose whatsoever, including without
limitation commercial, advertising or promotional purposes (the
"License"). The License shall be deemed effective as of the date CC0 was
applied by Affirmer to the Work. Should any part of the License for any
reason be judged legally invalid or ineffective under applicable law, such
partial invalidity or ineffectiveness shall not invalidate the remainder
of the License, and in such case Affirmer hereby affirms that he or she
will not (i) exercise any of his or her remaining Copyright and Related
Rights in the Work or (ii) assert any associated claims and causes of
action with respect to the Work, in either case contrary to Affirmer's
express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or
warranties of any kind concerning the Work, express, implied,
statutory or otherwise, including without limitation warranties of
title, merchantability, fitness for a particular purpose, non
infringement, or the absence of latent or other defects, accuracy, or
the present or absence of errors, whether or not discoverable, all to
the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without
limitation any person's Copyright and Related Rights in the Work.
Further, Affirmer disclaims responsibility for obtaining any necessary
consents, permissions or other rights required for any use of the
Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to
this CC0 or use of the Work.

13
opt/f7cloud-talk-recording-src/README.md Normal file
View File

@ -0,0 +1,13 @@
<!--
- SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Nextcloud Talk Recording Server
[![REUSE status](https://api.reuse.software/badge/github.com/nextcloud/nextcloud-talk-recording)](https://api.reuse.software/info/github.com/nextcloud/nextcloud-talk-recording)
This is the official recording server to be used with Nextcloud Talk (https://github.com/nextcloud/spreed).
It requires the standalone signaling server for Nextcloud Talk (https://github.com/strukturag/nextcloud-spreed-signaling).
The recording server only provides an HTTP API. It is expected that TLS termination will be provided by an additional component, like a reverse proxy.

24
opt/f7cloud-talk-recording-src/REUSE.toml Normal file
View File

@ -0,0 +1,24 @@
# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
version = 1
SPDX-PackageName = "nextcloud-talk-recording"
SPDX-PackageSupplier = "Nextcloud <info@nextcloud.com>"
SPDX-PackageDownloadLocation = "https://github.com/nextcloud/nextcloud-talk-recording"
[[annotations]]
path = ["packaging/selenium/debian/py3dist-overrides", "packaging/selenium/MANIFEST.in"]
precedence = "aggregate"
SPDX-FileCopyrightText = "2023 Nextcloud GmbH and Nextcloud contributors"
SPDX-License-Identifier = "AGPL-3.0-or-later"
[[annotations]]
path = ["packaging/requests/debian/py3dist-overrides", "packaging/requests/MANIFEST.in"]
precedence = "aggregate"
SPDX-FileCopyrightText = "2025 Nextcloud GmbH and Nextcloud contributors"
SPDX-License-Identifier = "AGPL-3.0-or-later"
[[annotations]]
path = ["packaging/nextcloud-talk-recording/debian/py3dist-overrides", "packaging/nextcloud-talk-recording/MANIFEST.in"]
precedence = "aggregate"
SPDX-FileCopyrightText = "2023 Nextcloud GmbH and Nextcloud contributors"
SPDX-License-Identifier = "AGPL-3.0-or-later"

51
opt/f7cloud-talk-recording-src/docker-compose/Dockerfile Normal file
View File

@ -0,0 +1,51 @@
FROM ubuntu:20.04
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get --assume-yes update
RUN apt-get --assume-yes upgrade
# Common dependencies
RUN apt-get --assume-yes install software-properties-common
# nextcloud-talk-recording dependencies
RUN apt-get --assume-yes install ffmpeg pulseaudio python3-pip xvfb
RUN pip3 install --upgrade requests
# firefox
RUN apt-get --assume-yes install firefox firefox-geckodriver
# chromium
# The phd/chromium repository for Ubuntu is used because since Ubuntu 20.04
# Chromium is provided as a snap package, and the equivalent PPA has been
# discontinued.
RUN echo "deb https://freeshell.de/phd/chromium/focal /" > /etc/apt/sources.list.d/phd-chromium.list
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 869689FE09306074
RUN apt-get update
RUN apt-get --assume-yes install chromium
COPY ./docker-compose/wrap_chromium_binary /opt/bin/wrap_chromium_binary
RUN /opt/bin/wrap_chromium_binary
# nextcloud-talk-recording config
RUN useradd --create-home recording
COPY server.conf.in /etc/nextcloud-talk-recording/server.conf
RUN sed --in-place 's/#listen =.*/listen = 0.0.0.0:8000/' /etc/nextcloud-talk-recording/server.conf
# Deploy recording server
RUN mkdir --parents /tmp/recording
COPY src /tmp/recording/
COPY pyproject.toml /tmp/recording/
RUN python3 -m pip install file:///tmp/recording/
# Cleanup
RUN apt-get clean && rm --recursive --force /var/lib/apt/lists/* /tmp/* /var/tmp/*
RUN rm --recursive --force /tmp/recording
# Switch user and start the recording server
WORKDIR "/home/recording/"
USER "recording"
CMD ["python3", "-m", "nextcloud.talk.recording", "--config", "/etc/nextcloud-talk-recording/server.conf"]

23
opt/f7cloud-talk-recording-src/docker-compose/docker-compose.yml Normal file
View File

@ -0,0 +1,23 @@
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
version: "3.9"
services:
nextcloud-talk-recording:
build:
context: ..
dockerfile: ./docker-compose/Dockerfile
init: true
shm_size: '2gb'
restart: on-failure
# By default the recording server is reachable through the network "nextcloud-talk-recording"
# Depending on your setup (if you need to reach the recording server externally for example) you might need
# to expose the used ports to the host machine, e.g.:
#ports:
# - "8000:8000"
networks:
- nextcloud-talk-recording
networks:
nextcloud-talk-recording:

37
opt/f7cloud-talk-recording-src/docker-compose/wrap_chromium_binary Executable file
View File

@ -0,0 +1,37 @@
#!/bin/bash
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-FileCopyrightText: 2023 SeleniumHQ and contributors
# SPDX-License-Identifier: Apache-2.0
# Originally adjusted from https://github.com/SeleniumHQ/docker-selenium/blob/c6df1ab8dc6a5aca05c163c429a062ada1d79c51/NodeChrome/wrap_chrome_binary
# which is licensed under the Apache license 2.0 (https://github.com/SeleniumHQ/docker-selenium/blob/c6df1ab8dc6a5aca05c163c429a062ada1d79c51/LICENSE.md)
WRAPPER_PATH=$(readlink -f /usr/bin/chromium)
BASE_PATH="$WRAPPER_PATH-base"
mv "$WRAPPER_PATH" "$BASE_PATH"
cat > "$WRAPPER_PATH" <<_EOF
#!/bin/bash
# umask 002 ensures default permissions of files are 664 (rw-rw-r--) and directories are 775 (rwxrwxr-x).
umask 002
# Debian/Ubuntu seems to not respect --lang, it instead needs to be a LANGUAGE environment var
# See: https://stackoverflow.com/a/41893197/359999
for var in "\$@"; do
if [[ \$var == --lang=* ]]; then
LANGUAGE=\${var//--lang=}
fi
done
# Set language environment variable
export LANGUAGE="\$LANGUAGE"
# Note: exec -a below is a bashism.
exec -a "\$0" "$BASE_PATH" --no-sandbox "\$@"
_EOF
chmod +x "$WRAPPER_PATH"
# Also add the executable name expected by Selenium Manager
ln --symbolic "$WRAPPER_PATH" /usr/bin/chrome

20
opt/f7cloud-talk-recording-src/docs/building.md Normal file
View File

@ -0,0 +1,20 @@
<!--
- SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Building
## Prerequisites
The main branch of the [Nextcloud Talk Recording Server repository](https://github.com/nextcloud/nextcloud-talk-recording) is needed to build packages and should be cloned. Currently the recording server in the main branch is backwards compatible with previous Talk releases, so the latest version from the main branch is expected to be used.
## System packages
Distribution packages are supported for the following GNU/Linux distributions:
- Debian 11
- Ubuntu 20.04
- Ubuntu 22.04
They can be built on those distributions by calling `make` in the _recording/packaging_ directory of the git sources. Nevertheless, the Makefile assumes that the build dependencies have been already installed in the system. Therefore it is recommended to run `build.sh` in the _recording/packaging_ directory, which will create Docker containers with the required dependencies and then run `make` inside them. Alternatively the dependencies can be checked under `Installing required build dependencies` in `build.sh` and manually installed in the system. Using `build.sh` the packages can be built for those target distributions on other distributions too.
The built packages can be found in _recording/packaging/build/{DISTRIBUTION-ID}/{PACKAGE-FORMAT}/_ (even if they were built inside the Docker containers using `build.sh`). They include the recording server itself (_nextcloud-talk-recording_) as well as the Python3 dependencies that are not included in the repositories of the distributions. Note that the built dependencies change depending on the distribution type and version.

62
opt/f7cloud-talk-recording-src/docs/encoders.md Normal file
View File

@ -0,0 +1,62 @@
<!--
- SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Encoder configuration
The encoders used by the recording server can be customized in its configuration file.
By default [VP8](https://en.wikipedia.org/wiki/VP8) is used as the video codec. VP8 is an open and royalty-free video compression format widely supported. Please check https://trac.ffmpeg.org/wiki/Encode/VP8, https://www.webmproject.org/docs/encoder-parameters and https://ffmpeg.org/ffmpeg-codecs.html#libvpx for details on the configuration options.
Similarly, [Opus](https://en.wikipedia.org/wiki/Opus), another open codec, is used for audio. Please check https://ffmpeg.org/ffmpeg-codecs.html#libopus-1 for details on the configuration options.
Nevertheless, please note that VP8 and Opus are just the default ones and that the encoders can be changed to any other supported by FFmpeg if needed. In that case the default container format, [WebM](https://en.wikipedia.org/wiki/WebM), may need to be changed as well, as it is specifically designed for VP8/VP9/AV1 and Vorbis/Opus.
## Benchmark tool
A benchmark tool is provided to check the resources used by the recorder process as well as the quality of the output file using different configurations.
The benchmark tool does not record an actual call; it plays a video file and records its audio and video (or, optionally, only its audio). This makes it possible to easily compare the quality between different configurations, as they can be generated from the same input. There is no default input file, though; a specific file must be provided.
Note that playing a video file may cause a CPU usage even higher than rendering an actual call, so both the player and the recorder may "compete" for the CPU. When the benchmark ends the number of frames dropped by the player is printed; if it is higher than 0 the benchmark result may not be fully representative, as the CPU usage of the recorder could have been limited by the player, and if it is relatively high compared to the full number of frames in the video the output quality may not be representative either, as the output video may not be smooth due to how the video was played and not due to how it was encoded.
### Usage example
The different options accepted by the benchmark tool can be seen with `nextcloud-talk-recording-benchmark --help` (or, if the helper script is not available, directly with `python3 -m nextcloud.talk.recording.Benchmark --help`).
Each run of the benchmark tool records a single video (or audio) file with the given options. Using a Bash script several runs can be batched to check the result of running different options. For example:
```
#!/usr/bin/bash
# Define the output video options for ffmpeg and the filename suffix to use for each test.
TESTS=(
"-c:v libvpx -deadline:v realtime -b:v 0,rt-b0"
"-c:v libvpx -deadline:v realtime -b:v 0 -cpu-used:v 0,rt-b0-cpu0"
"-c:v libvpx -deadline:v realtime -b:v 0 -cpu-used:v 15,rt-b0-cpu15"
"-c:v libvpx -deadline:v realtime -b:v 0 -crf 4,rt-b0-crf4"
"-c:v libvpx -deadline:v realtime -b:v 0 -crf 10,rt-b0-crf10"
"-c:v libvpx -deadline:v realtime -b:v 0 -crf 32,rt-b0-crf32"
"-c:v libvpx -deadline:v realtime -b:v 0 -crf 32 -cpu-used:v 0,rt-b0-crf32-cpu0"
"-c:v libvpx -deadline:v realtime -b:v 0 -crf 32 -cpu-used:v 15,rt-b0-crf32-cpu15"
"-c:v libvpx -deadline:v realtime -b:v 500k,rt-b500k"
"-c:v libvpx -deadline:v realtime -b:v 500k -crf 4,rt-b500k-crf4"
"-c:v libvpx -deadline:v realtime -b:v 500k -crf 10,rt-b500k-crf10"
"-c:v libvpx -deadline:v realtime -b:v 500k -crf 32,rt-b500k-crf32"
"-c:v libvpx -deadline:v realtime -b:v 750k,rt-b750k"
"-c:v libvpx -deadline:v realtime -b:v 750k -crf 4,rt-b750k-crf4"
"-c:v libvpx -deadline:v realtime -b:v 750k -crf 10,rt-b750k-crf10"
"-c:v libvpx -deadline:v realtime -b:v 750k -crf 32,rt-b750k-crf32"
"-c:v libvpx -deadline:v realtime -b:v 1000k,rt-b1000k"
"-c:v libvpx -deadline:v realtime -b:v 1000k -crf 4,rt-b1000k-crf4"
"-c:v libvpx -deadline:v realtime -b:v 1000k -crf 10,rt-b1000k-crf10"
"-c:v libvpx -deadline:v realtime -b:v 1000k -crf 32,rt-b1000k-crf32"
)
for TEST in "${TESTS[@]}"
do
# Split the input tuple on ","
IFS="," read FFMPEG_OUTPUT_VIDEO FILENAME_SUFFIX <<< "${TEST}"
# Run the test
nextcloud-talk-recording-benchmark --length 300 --ffmpeg-output-video "${FFMPEG_OUTPUT_VIDEO}" /tmp/recording/files/example.mkv /tmp/recording/files/test-"${FILENAME_SUFFIX}".webm
done
```

22
opt/f7cloud-talk-recording-src/docs/index.md Normal file
View File

@ -0,0 +1,22 @@
<!--
- SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Nextcloud Talk Recording Server Documentation
## Setup
* [Building](building.md)
* [Installation](installation.md)
### Configuration
* [Encoders](encoders.md)
## API
* [Recording API](recording-api.md)
## Other
* [Prometheus metrics](prometheus-metrics.md)

257
opt/f7cloud-talk-recording-src/docs/installation.md Normal file
View File

@ -0,0 +1,257 @@
<!--
- SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Installation
The recording server requires an HPB (High Performance Backend for Talk) to be setup. However, it is recommended to setup the recording server in a different machine than the HPB to prevent their load to interfere with each other. Moreover, as the recording server requires some dependencies that are not typically found in server machines, like Firefox, it is recommended to use its own "isolated" machine (either a real machine or a virtual machine). A container would also work, although it might require a special configuration to start the server when the container is started.
In practice the recording server acts just as another Talk client, so it could be located anywhere as long as it can connect to the Nextcloud server and to the HPB, in the later case either directly or through the TURN server. Nevertheless, for simplicity and reliability, it is recommended for the recording server to have direct access to the HPB (so if the HPB is running in an internal network the recording server should be setup in that same internal network as the HPB).
## Hardware requirements
As a quick reference, with the default settings, in an AMD Ryzen 7 3700X 8-Core Processor (so 16 threads, theoretically a maximum usage of 1600% CPU) recording a single call uses 200% CPU (mostly to encode the video). The recording server provides [a benchmark tool](encoders.md) that can be used to check the load with different encoding settings and find out an approximation of the load that will occur when recording a call. Nevertheless in a real recording there is an additional load from the WebRTC connections, the rendering of the browser and so on, but in general the encoding uses the most CPU.
Regarding RAM memory the encoding does not use much, and it should be calculated based on how many simultaneous recordings and therefore browsers are expected. For a single browser 2 GiB should be enough, although it would be recommended to play safe and have more if possible due to the increasing memory requirements of browsers (and also if the calls to be recorded include a lot of participants).
Finally disk size will also depend on the number of simultaneous recordings, as well as the quality and codec used, which directly affect the size of the recording. In general the recorded videos will stay on the recording server only while being recorded and they will be removed as soon as they are uploaded to the Nextcloud server. However, if the upload fails the recorded video will be kept in the recording server until manually removed.
## Installation type
* For customers pre-built packages are available, please refer to [the Nextcloud Talk Recording Server section of the portal](https://portal.nextcloud.com/article/Installation/Installation---Nextcloud-Talk-Recording-Server).
* For some GNU/Linux distributions the installation can be done through packages. Please see the [instructions to build packages](https://github.com/nextcloud/nextcloud-talk-recording/blob/main/docs/building.md).
* A ["manual" installation](https://github.com/nextcloud/nextcloud-talk-recording/blob/main/docs/installation.md#manual-installation) is required in all other cases.
### Prerequisites
Before packages can be installed using the package managers of the distributions, some distributions have additional requirements that need to be fulfilled first.
#### Debian 11
In Debian 11 there is no _geckodriver_ package, which is required to control Firefox from the recording server. Therefore the [PPA from Mozilla](https://launchpad.net/~mozillateam/+archive/ubuntu/ppa) needs to be setup instead before installing the packages. Although `add-apt-repository` is available in Debian 11 the PPA does not provide packages for _bullseye_, so the PPA needs to be manually added to use the packages for _focal_ (Ubuntu 20.04):
```
apt-key adv --keyserver hkps://keyserver.ubuntu.com --recv-keys 0AB215679C571D1C8325275B9BDB3D89CE49EC21
echo 'deb https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu focal main' > /etc/apt/sources.list.d/mozillateam-ubuntu-ppa.list
```
Besides that the Firefox ESR package from the PPA needs to be configured to take precedence over the one in the Debian repositories:
```
echo '
Package: *
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001
' | sudo tee /etc/apt/preferences.d/mozilla-firefox
```
#### Ubuntu 22.04
In Ubuntu 22.04 the normal Firefox package was replaced by a Snap. Unfortunately the Snap package can not be used with the default packages, so the [PPA from Mozilla](https://launchpad.net/~mozillateam/+archive/ubuntu/ppa) needs to be setup instead before installing the packages (`add-apt-repository` is included in the package `software-properties-common`):
```
add-apt-repository ppa:mozillateam/ppa
```
Besides that the Firefox package from the PPA needs to be configured to take precedence over the Snap one with:
```
echo '
Package: *
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001
' | sudo tee /etc/apt/preferences.d/mozilla-firefox
```
### Built packages installation
**Note:** This only applies to manually build packages!
In Debian and Ubuntu the built packages can be installed by first changing to the _recording/packaging/build/{DISTRIBUTION-ID}/deb/_ directory and then running:
```
apt install ./*.deb
```
Note that given that the packages do not belong to a repository it is not possible to just install `nextcloud-talk-recording`, as the other deb packages would not be taken into account if not explicitly given.
Besides installing the recording server and its dependencies a _nextcloud-talk-recording_ user is created to run the recording server, and a systemd service is created to start the recording server when the machine boots.
Although it is possible to configure the recording server to use Chromium/Chrome instead of Firefox only Firefox is officially supported, so only Firefox is a dependency of the `nextcloud-talk-recording` package. In order to use Chromium/Chrome it needs to be manually installed.
### Manual installation
Please make sure you cloned the main branch of the [Nextcloud Talk Recording Server repository](https://github.com/nextcloud/nextcloud-talk-recording). Currently the recording server in the main branch is backwards compatible with previous Talk releases, so the latest version from the main branch is expected to be used.
The recording server has the following non-Python dependencies:
- FFmpeg
- Firefox*
- [geckodriver](https://github.com/mozilla/geckodriver/releases) (on a [version compatible with the Firefox version](https://firefox-source-docs.mozilla.org/testing/geckodriver/Support.html))
- PulseAudio
- Xvfb
*Chromium/Chrome can be used too, but only Firefox is officially supported and therefore used by default.
Those dependencies must be installed, typically using the package manager of the distribution, in the system running the recording server.
Then, the recording server and all its Python dependencies can be installed using Python pip. Note that the recording server is not available in the Python Package Index (PyPI); you need to manually clone the git repository and then install it from there:
```
git clone https://github.com/nextcloud/nextcloud-talk-recording
python3 -m pip install "file://$(pwd)/nextcloud-talk-recording"
```
The recording server does not need to be run as root (and it should not be run as root). It can be started as a regular user with `nextcloud-talk-recording --config {PATH_TO_THE_CONFIGURATION_FILE)` (or, if the helper script is not available, directly with `python3 -m nextcloud.talk.recording --config {PATH_TO_THE_CONFIGURATION_FILE)`. Nevertheless, please note that the user needs to have a home directory.
You might want to configure a systemd service (or any equivalent service) to automatically start the recording server when the machine boots. The sources for the _.deb_ packages include a service file in _recording/packaging/nextcloud-talk-recording/debian/nextcloud-talk-recording.service_ that could be used as inspiration.
## System setup
Independently of how it was installed the recording server needs to be configured. Depending on the setup additional components like a firewall might also need to be setup or adjusted.
### Recording server configuration
When the recording server is started through its systemd service the configuration will be loaded from `/etc/nextcloud-talk-recording/server.conf`. If `nextcloud-talk-recording` is directly invoked the configuration file to use can be set with `--config XXX`.
The configuration file must be edited to set the Nextcloud servers that are allowed to use the recording server, as well as the credentials for the recording server to use the signaling servers of those Nextcloud servers. Please refer to the sections below for the details.
The temporary directory where the videos are stored while being recorded (and if they fail to be uploaded to the Nextcloud server) is `/tmp/`. That directory is typically a temporary file system stored in RAM, so depending on the available RAM and the number of simultaneous recordings it could affect the system or cause some recordings to suddenly fail due to running out of space. This can be customized in `backend->directory` to use a more suitable directory (for example, a directory under the home directory of the user running the recording server).
As described in a section below it is recommended to set up a TLS termination proxy in front of the recording server. In that case (or if there is any other additional proxy) the proxy or proxies should add, comma-separated, the remote IP address of the requests they receive to the `X-Forwarded-For` header (so if a request passes through several proxies their addresses will be "chained" in the final header reaching the recording server), and in the recording server configuration the IP address (or CIDR networks) of the proxies should be added to `app->trustedproxies`. This will make possible for the recording server to know the "real" remote IP address of a request, rather than just seeing it as coming from the proxy. Note that the trusted proxies should be set only once it has been checked that the remote IP address of the requests is added to the `X-Forwarded-For` header as expected, as otherwise remote clients could spoof the IP address of a request by providing their own `X-Forwarded-For` header.
Besides that the configuration file can be used to customize other things, like the log level, the resolution of the recorded video, the ffmpeg options to use by the encoder or the browser to perform the recording from. The encoder options have [their own documentation page](encoders.md). For the rest please refer to the comments in the configuration file itself.
### Talk configuration
Any Nextcloud server that will use the recording server must be explicitly allowed in the recording server configuration (except if `allowall = true` is set, but that should not be used in production).
Each Nextcloud server needs to be configured in its own section. Any section name can be used, except the reserved names for built-in sections, like `logs`, `backend`, `signaling`... The section names must be added to `backend->backends`.
Each backend section requires at least a `url` and a `secret`. The `url` must be set to the URL of the Nextcloud server, including the webroot, if any. The `secret` is a shared value between the Nextcloud server and the recording server used to authenticate the requests between them. You can use any string, but it is recommended to generate a random key with something like `openssl rand -hex 32`.
Additionally other backend properties can be optionally overriden for each backend (please refer to the comments for the `backend` properties in the configuration file itself). For example, the default video resolution for the backends could be 1920x1080, but videos recorded on a specific backend could have a lower resolution of 960x540.
In the example below comments were stripped for briefness, but it is recommended to keep them in the configuration file:
```
[backend]
...
backends = production-cloud, experiments
...
[production-cloud]
url = https://cloud.mydomain.com
secret = d21e7fba706c5757e25bf0419a18dfaf3bb2c89b9554b5bec138a07d20ad5bb5
[experiments]
url = https://testing.mydomain.com/cloud
secret = 123456
videowidth = 960
videoheight = 540
```
The recording server to be used by a Nextcloud server must be set as well in Talk Administration settings.
Log in the Nextcloud server as an administrator, open the Administration settings, open Talk section and under `Recording backend` set the URL of the recording server. If you are using a self-signed certificate for development purposes you will need to uncheck `Validate SSL certificate`. Besides the URL the same secret set in the recording server must be set in Talk.
Once the URL is set it will be checked if the Nextcloud server can access the recording server, and if everything is correct you should see a valid checkmark with the text `OK: Running version XXX` (where XXX will be the recording server version). Note, however, that currently it is only checked that the recording server can be accessed, but it is not verified if the shared secret matches.
Besides the Talk Administration settings [`upload_max_filesize`](https://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize) and [`post_max_size`](https://www.php.net/manual/en/ini.core.php#ini.post-max-size) may need to be set in the PHP settings, as the maximum size of the videos uploaded to the Nextcloud server by the recording server is limited by those values.
### Signaling server configuration
The recording server must be allowed to access any signaling server used by the configured Nextcloud servers. Setting a signaling server in the recording server configuration does not mean that the recording server will use that signaling server, the signaling server to be used will be provided by the Nextcloud server.
Each signaling server needs to be configured in its own section. Any section name can be used, except the reserved names for built-in sections, like `logs`, `backend`, `signaling`... The section names must be added to `signaling->signalings`.
Each signaling section requires a `url` and an `internalsecret` (unless a common `internalsecret` is set in `signaling->internalsecret`). The `url` must be set to the URL of the signaling server (the same signaling server URL set in Talk Administration settings). The `internalsecret` is a shared value between the signaling server and the recording server used to allow the recording server to access the signaling server. This secret is unrelated to the secret used in the Talk administration settings and shared between the Nextcloud server and the recording server. This value must match the value of `clients->internalsecret` in `/etc/nextcloud-spreed-signaling/server.conf`, which may have been automatically generated or may need to be explicitly set, depending on how the signaling server was installed. Nevertheless, even if it was automatically generated, a custom value can be set as long as it matches in both the signaling server and the recording server.
In the example below comments were stripped for briefness, but it is recommended to keep them in the configuration file:
```
[signaling]
...
signalings = main-signaling, development
...
[main-signaling]
url = https://hpb.mydomain.com/standalone-signaling
internalsecret = 0005b57434a23bf05a50dab2cddd555b532e76ffa1fb1d9904bfe513b23855bf
[development]
url = https://192.168.57.21:18443
internalsecret = the-internal-secret
```
### TLS termination proxy
The recording server only listens for HTTP requests (the address and port is set in `http->listen` in the configuration file). It is recommended to set up a TLS termination proxy (which can be just a webserver) to add support for HTTPS connections (similar to what is done [for the signaling server](https://github.com/strukturag/nextcloud-spreed-signaling#setup-of-frontend-webserver)).
### Firewall
Independently of the installation method, the recording server requires some dependencies that are not typically found in server machines, like Firefox. It is highly recommended to setup a firewall that prevents any access from the outside to the machine, except those strictly needed by the recording server (and, of course, any additional service that might be needed in the machine, like SSH).
This is specially relevant when the recording server runs in a machine directly connected to the Internet, although it is of less concern when running in an internal network or in a virtual machine with a bridged network, as in those cases the external access would be already limited.
The recording server acts similar to a regular participant in the call, so the firewall needs to allow access to the Nextcloud server and the HPB. Independently of whether the firewall is set in the recording server machine itself or somewhere else these are the connections that need to be allowed from the recording server:
- Nextcloud server using HTTPS (TCP on port 443 of the Nextcloud server).
- HPB using HTTPS (TCP on port 443 of the signaling server).
The HTTPS connection must be upgradeable to a WebSocket connection.
- HPB using UDP.
The recording server connects to a port in the range 20000-40000 (or whatever range is configured in Janus, the WebRTC gateway), while the WebRTC gateway may connect on any port of the recording server.
Depending on the setup the recording server might also need to access the STUN server and/or the TURN server, although typically it will not be needed (especially if both the HPB and the recording server can directly access each other):
- STUN server using UDP (port depends on the STUN server configuration).
- TURN server using UDP or TCP (protocol and port depend on the TURN server configuration).
## Testing and troubleshooting
Once the configuration is done it is recommended to record a call to verify that everything works as expected. Recording server log level should be preferably set to `10` (debug) during the verification to have the most information if something fails:
- Start a call as a moderator (only moderators can record a call)
- Start the call recording
- Once the recording has started speak for some seconds, preferably with video enabled
- Stop the recording
- Eventually you will receive a notification that the recording is available
- Check the recording
If something did not work as expected please check below for some possible causes.
If the recording worked as expected note that there could still be a subtle issue. When a recording is started the Selenium Manager will try to find the browser to use for recordings as well as its corresponding Selenium driver. If the Selenium Manager is not able to find them (for example, the ESR version of Firefox from the Mozilla PPA is installed to `/usr/bin/firefox-esr`, which may not be recognized by the Selenium Manager) they may be automatically downloaded by the Selenium Manager (depending on the Selenium version). Despite that it is highly recommended to explicitly install the browser and the Selenium driver instead, preferably from system packages, to have a better control of them and their updates. Therefore, even if the recording worked as expected, the recording server logs should be checked to verify that the Selenium Manager did not download the Selenium driver or the browser but used the ones from the system. This requires the log level to have been set to `10` (debug) so messages from `selenium.webdriver.common.selenium_manager` like `Browser path: /the/path/to/the/browser`, `Driver path: /the/path/to/the/driver` or `Using driver at: /the/path/to/the/driver` are shown. If the Selenium Manager downloaded the Selenium driver and/or the browser (which can be inferred from the paths in those messages) it is recommended to remove them and the path to the system ones should be set in the recording server configuration in `recording->driverPath` and/or `recording->browserPath`.
### The Selenium driver or the browser can not be found
If the Selenium Manager is not available (for example, when running Linux on arm64/aarch64) when a recording is started Selenium will not be able to find the driver and the recording will fail. When the Selenium Manager is not available the path to the Selenium driver must be explicitly set in the recording server configuration in `recording->driverPath`. In that case the path to the browser may also need to be set in `recording->browserPath` if the Selenium driver is not able to find it.
Independently of that, even if the Selenium Manager is available, the recording could also fail if `recording->driverPath` or `recording->browserPath` are set to an invalid value. However, in some Selenium versions setting the paths does not fully override the automated handling of Selenium Manager, so if the paths are set to an invalid value the recording could also work due to Selenium Manager still falling back to downloading the driver or the browser.
Note that in some cases the error `Unable to obtain driver for firefox/chrome` might be thrown even if the driver could be found but not the browser. This could happen, for example, if the browser is not found and Selenium Manager tries to download it, but the format of the URL to download the browser changed and an old Selenium Manager version that has not been adjusted yet is still used (Selenium < 4.28 trying to download Firefox >= 135). It is recommended to check the previous messages to verify the source of the problem.
### No configured signaling secret for `signaling-server-url`
This error will be logged when a recording was started, but the recording server is unable to determine the secret for the signaling server. In this case:
- Verify that the `url` parameter of the signaling configuration is correct
- Check that you're using the same URL scheme (`https://` vs. `wss://`) for the signaling server in your nextcloud instance and the recording server
### The recording is stuck in _Starting_ but never starts nor fails
It is very likely that the recording server could not send the request to mark the recording as started or failed. It is typically one of the cases below:
- The shared secret between the Nextcloud server and the recording server (`secret` in backend sections) is not the same (`Checksum verification failed` is shown in the logs of the recording server).
- The Nextcloud server is using a self-signed certificate (`certificate verify failed: self signed certificate` is shown in the logs of the recording server). The recording server can be configured to skip verification of the Nextcloud server certificate with the `skipverify` setting in `server.conf`. However, please note that this should be used only for development and a proper certificate should be used in production.
### The recording fails to be started
It is typically one of the cases below:
- The shared secret between the signaling server and the recording server (`internalsecret` in signaling sections) is not the same (`Authentication failed for signaling server` is shown in the logs of the recording server).
- If the shared secret is not set to any value in the signaling server configuration file (`clients->internalsecret` in `/etc/nextcloud-spreed-signaling/server.conf`) the authentication is not even tried and the recording server is just rejected by the signaling server (`Internal clients are not supported by the signaling server, is \'internalsecret\' set in the signaling server configuration file?` is shown in the logs of the recording server). Note that if Talk < 22.0.0, < 21.1.0 or < 20.1.7 is used rather than that message a `selenium.common.exceptions.TimeoutException` is shown instead in the logs, but a timeout does not necessarily mean that the shared secret is not set.
- The recording server was not able to connect to the signaling server. Both the logs of the recording server and the signaling server may provide some hints, although the problem is typically related to the firewall.
- The ffmpeg configuration is invalid (`recorder ended unexpectedly` is shown in the logs of the recording server; note that this error could appear in other (strange) cases too, like if ffmpeg crashes). The specific cause can be seen in the messages tagged as `nextcloud.talk.recording.Service.recorder`.
### The recording fails to be uploaded
In this case the explanation is probably found in the Nextcloud server logs. Typically the problem is that the recording size exceeded the values configured for `upload_max_filesize` (`The uploaded file exceeds the upload_max_filesize directive in php.ini` is shown in the logs of the Nextcloud server) or `post_max_size` (`OCA\\Talk\\Controller\\RecordingController::store(): Argument #1 ($owner) must be of type string, null given` is shown in the logs of the Nextcloud server).
If a video could not be uploaded it will be still kept in the recording server under `/{TEMPORARY-DIRECTORY-FOR-RECORDINGS}/{SANITIZED-BACKEND-URL}/{CONVERSATION-TOKEN}`. Note that the default temporary directory for recordings is `/tmp/`, so a recorded video that could not be uploaded may be removed if the machine is restarted. The sanitized backend URL is the URL of the backend, but including only its alphanumeric characters. The conversation token is the part after `/call/` in the URL of the conversation.
### The recording was uploaded, but the recording shows that the connection could not be established with other participants
The recording server was not able to connect to Janus, the WebRTC gateway (or, if direct access to Janus is not possible, to the TURN server). Both the logs of the recording server and the HPB (signaling server and Janus) may provide some hints, although the problem is typically related to the firewall.
In some rare cases it can be related as well to the network topology and how the browsers handle WebRTC connections; in those cases changing the browser used to do the recordings may solve the issue.
To diagnose this problem and check which WebRTC candidates are being tried to establish the connection between the recording server and Janus it is possible to access the browser window being used to do a recording using `x11vnc`. It must be launched as the same user that started the X server, `nextcloud-talk-recording`. As that user does not have a login shell it needs to be specified when running `su`: `su - nextcloud-talk-recording --shell /bin/bash --command "x11vnc -rfbport 5900 -display :XXX"`, where `XXX` is the display number used by the X server used for the recording. Each recording has its own X server, so for simplicity it is recommended to test this when there is a single recording; in that case `-display :0` will typically connect to the expected X server. For extra security it would be recommended to tunnel the VNC connection through SSH. Please refer to `x11vnc` help.
Once `x11vnc` is running a VNC viewer can be started in a different machine that has a graphic server and access to the recording server machine to see and interact with the browser window. The browser will be running in kiosk mode, so there will be no address bar nor menu. However, in the case of Firefox, the WebRTC candidates can be checked by first opening a new tab with `Ctrl+T` and then, in the new tab, "opening" the address bar with `Ctrl+L` and then typing `about:webrtc` to load the helper page with the WebRTC connections.
If `x11vnc` is not started with `-forever` or `-shared` the server should be automatically closed once the viewer is closed. Nevertheless, it is highly recommended to verify that it was indeed the case.

38
opt/f7cloud-talk-recording-src/docs/prometheus-metrics.md Normal file
View File

@ -0,0 +1,38 @@
<!--
- SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Prometheus metrics
The recording server exposes various metrics that can be queried by a [Prometheus](https://prometheus.io/) server from the `/metrics` endpoint.
Only clients connecting from an IP that is included in the `allowed_ips` value of the `[stats]` entry in the configuration file are allowed to query the metrics.
## Available metrics
The following metrics are available:
| Metric | Type | Since | Description | Labels |
| :------------------------------------------------ | :-------- | --------: | :----------------------------------------------------------------------------------------------------- | :-------------------------------- |
| `recording_recordings_current` | Gauge | 0.2.0 | The current number of recordings | `backend` |
| `recording_recordings_failed_total` | Counter | 0.2.0 | The total number of failed recordings, see [notes](#recording_recordings_failed_total) | `backend` |
| `recording_recordings_uploads_failed_total` | Counter | 0.2.0 | The total number of failed uploads, see [notes](#recording_recordings_uploads_failed_total) | `backend` |
| `recording_recordings_total` | Counter | 0.2.0 | The total number of recordings | `backend` |
| `recording_recordings_duration_seconds` | Counter | 0.2.0 | The total duration of all recordings, see [notes](#recording_recordings_duration_seconds) | `backend` |
### Notes
#### `recording_recordings_failed_total`
- Recordings that were successful but that failed to be uploaded are not included. That is, `recording_recordings_failed_total` and `recording_recordings_uploads_failed_total` have no elements in common.
#### `recording_recordings_uploads_failed_total`
- Recordings that were already in the temporary directory when the recording server was started are not included. That is, the value always starts at 0 when the recording server is started, even if in the temporary directory there are recordings that failed to be uploaded in a previous execution.
- An alert can be set whenever the value changes to know that there is a recording file that could not be uploaded and will need manual handling.
#### `recording_recordings_duration_seconds`
- The value is increased once a recording finishes, but it is not updated during the recording itself.
- Failed recordings are not taken into account. However, successful recordings that could not be uploaded are.
- The reported duration might have a difference of a few seconds with the actual duration of the recordings.

80
opt/f7cloud-talk-recording-src/docs/recording-api.md Normal file
View File

@ -0,0 +1,80 @@
<!--
- SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
- SPDX-License-Identifier: AGPL-3.0-or-later
-->
# Nextcloud Talk Recording Server API
* API v1: Base endpoint `/api/v1`
## Get welcome message
* Method: `GET`
* Endpoint: `/welcome`
* Response:
- Status code:
+ `200 OK`
## Requests from the Nextcloud server
* Method: `POST`
* Endpoint: `/room/{token}`
* Header:
| field | type | Description |
| ------------------------- | ------ | ----------------------------------------------------------------------------------------------------------------------------------- |
| `TALK_RECORDING_BACKEND` | string | The base URL of the Nextcloud server sending the request. |
| `TALK_RECORDING_RANDOM` | string | Random string that needs to be concatenated with request body to generate the checksum using the secret configured for the backend. |
| `TALK_RECORDING_CHECKSUM` | string | The checksum generated with `TALK_RECORDING_RANDOM`. |
* Data:
- Body as a JSON encoded string; format depends on the request type, see below.
* Response:
- Status code:
+ `200 OK`
+ `400 Bad Request`: When the body size exceeds the maximum allowed message size.
+ `400 Bad Request`: When the body data does not match the expected format.
+ `403 Forbidden`: When the request validation failed.
### Start call recording
* Data format:
```json
{
"type": "start",
"start": {
"status": "the-type-of-recording (1 for audio and video, 2 for audio only)",
"owner": "the-user-to-upload-the-resulting-file-as",
"actor": {
"type": "the-type-of-the-actor",
"id": "the-id-of-the-actor",
},
}
}
```
### Stop call recording
* Data format:
```json
{
"type": "stop",
"stop": {
"actor": {
"type": "the-type-of-the-actor",
"id": "the-id-of-the-actor",
},
},
}
```
- `actor` is optional
* Response:
- (Additional) Status code:
+ `404 Not Found`: When there is no recording for the token.

195
opt/f7cloud-talk-recording-src/packaging/Makefile Normal file
View File

@ -0,0 +1,195 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
OS_VERSION ?= $(shell . /etc/os-release 2> /dev/null && echo $$ID$$VERSION_ID)
RELEASE ?= 1
DEBIAN_VERSION ?= $(RELEASE)~$(OS_VERSION)
BUILD_DIR ?= build/$(OS_VERSION)
NEXTCLOUD_TALK_RECORDING_VERSION := $(shell cd ../src && python3 -c "from nextcloud.talk.recording import __version__; print(__version__)")
PULSECTL_VERSION := 22.3.2
PYVIRTUALDISPLAY_VERSION := 3.0
REQUESTS_VERSION := 2.32.4
SELENIUM_VERSION := 4.14.0
CHARSET_NORMALIZER_VERSION := 3.4.4
CERTIFI_VERSION := 2024.7.4
TRIO_VERSION := 0.21.0
TRIO_WEBSOCKET_VERSION := 0.9.2
URLLIB3_VERSION := 1.26.19
timestamp-from-git = git log -1 --pretty=%ct $(1)
timestamp-from-source-python-package = tar --list --verbose --full-time --gzip --file $(1) | head --lines 1 | sed 's/ \+/ /g' | cut --delimiter " " --fields 4-5 | date --file - +%s
build-source-python-package = python3 -m build --sdist --outdir $(1) $(2)
download-source-python-package = python3 -m pip download --dest $(BUILD_DIR) --no-binary :all: --no-deps "$(1) == $(2)"
extract-source-python-package = cd $(BUILD_DIR) && tar --extract --gzip --file $(1)-$(2).tar.gz
# Since the 60.0.0 release, Setuptools includes a local, vendored copy of
# distutils; this copy does not seem to work with stdeb, so it needs to be
# disabled with "SETUPTOOLS_USE_DISTUTILS=stdlib".
build-deb-package = cd $(BUILD_DIR)/$(1)-$(2)/ && SOURCE_DATE_EPOCH=$(3) SETUPTOOLS_USE_DISTUTILS=stdlib python3 setup.py --command-packages=stdeb.command sdist_dsc --debian-version $(DEBIAN_VERSION) bdist_deb
copy-binary-deb-package = cp $(BUILD_DIR)/$(1)-$(2)/deb_dist/$(3)_$(2)-$(DEBIAN_VERSION)_all.deb $(BUILD_DIR)/deb/
define build-deb-python-package-full
$(call download-source-python-package,$(1),$(2))
$(call extract-source-python-package,$(1),$(2))
$(call build-deb-package,$(1),$(2),$$($(call timestamp-from-source-python-package,../$(1)-$(2).tar.gz)))
$(call copy-binary-deb-package,$(1),$(2),python3-$(3))
endef
build-packages-deb: build-packages-deb-nextcloud-talk-recording build-packages-deb-nextcloud-talk-recording-dependencies
$(BUILD_DIR)/deb:
mkdir --parents $(BUILD_DIR)/deb
build-packages-deb-nextcloud-talk-recording: $(BUILD_DIR)/deb/nextcloud-talk-recording_$(NEXTCLOUD_TALK_RECORDING_VERSION)-$(DEBIAN_VERSION)_all.deb
$(BUILD_DIR)/deb/nextcloud-talk-recording_$(NEXTCLOUD_TALK_RECORDING_VERSION)-$(DEBIAN_VERSION)_all.deb: | $(BUILD_DIR)/deb
$(call build-source-python-package,$(BUILD_DIR),../)
# Starting with setup tools 69.3 the name of the generated Python source
# package is canonicalized based on PEP 625, so it becomes
# "nextcloud_talk_recording". The name of the Debian binary package is
# not affected, so it is still matches the project name,
# "nextcloud-talk-recording".
$(call extract-source-python-package,nextcloud_talk_recording,$(NEXTCLOUD_TALK_RECORDING_VERSION))
# Add extra files needed to create Debian packages:
# - debian/py3dist-overrides: Python dependencies to Debian dependencies for
# dh_python3 (also needed in the regenerated Python package, as it is
# needed in the Debian package).
# - MANIFEST.in: the source package is regenerated to include the extra
# files needed for the Debian package; MANIFEST.in explicitly adds those
# files not included by default in a Python package (so setup.py does not
# need to be included in MANIFEST.in, but debian/py3dist-overrides does).
# - setup.py: legacy setup file needed for stdeb (also needed in the
# regenerated Python package, as stdeb is invoked through it to create the
# source Debian package).
# - stdeb.cfg: additional configuration for stdeb (not needed in the
# regenerated Python package, as stdeb loads it before changing to the
# uncompressed source Python package).
cp --recursive nextcloud-talk-recording/. $(BUILD_DIR)/nextcloud_talk_recording-$(NEXTCLOUD_TALK_RECORDING_VERSION)/
cp ../server.conf.in $(BUILD_DIR)/nextcloud_talk_recording-$(NEXTCLOUD_TALK_RECORDING_VERSION)/
# Build a source Debian package (with the systemd addon for dh) and then,
# from it, a binary Debian package.
cd $(BUILD_DIR)/nextcloud_talk_recording-$(NEXTCLOUD_TALK_RECORDING_VERSION)/ && SOURCE_DATE_EPOCH=$$($(call timestamp-from-git,../../../../)) SETUPTOOLS_USE_DISTUTILS=stdlib python3 setup.py --command-packages=stdeb.command sdist_dsc --with-dh-systemd --debian-version $(DEBIAN_VERSION) bdist_deb
$(call copy-binary-deb-package,nextcloud_talk_recording,$(NEXTCLOUD_TALK_RECORDING_VERSION),nextcloud-talk-recording)
# Builds the Python dependencies that are not included in at least one of the
# Ubuntu supported releases:
# - Debian 11 (bullseye): pulsectl, pyvirtualdisplay >= 2.0, selenium >= 4.11.0
# - Ubuntu 20.04 (focal): pulsectl, pyvirtualdisplay >= 2.0, requests >= 2.25, selenium >= 4.11.0
# - Ubuntu 22.04 (jammy): pulsectl, selenium >= 4.11.0
#
# requests < 2.25 is not compatible with urllib3 >= 1.26, which is required by
# selenium.
build-packages-deb-nextcloud-talk-recording-dependencies: build-packages-deb-nextcloud-talk-recording-dependencies-$(OS_VERSION)
build-packages-deb-nextcloud-talk-recording-dependencies-debian11: build-packages-deb-pulsectl build-packages-deb-pyvirtualdisplay build-packages-deb-selenium build-packages-deb-selenium-dependencies
build-packages-deb-nextcloud-talk-recording-dependencies-ubuntu20.04: build-packages-deb-pulsectl build-packages-deb-pyvirtualdisplay build-packages-deb-requests build-packages-deb-requests-dependencies build-packages-deb-selenium build-packages-deb-selenium-dependencies
build-packages-deb-nextcloud-talk-recording-dependencies-ubuntu22.04: build-packages-deb-pulsectl build-packages-deb-selenium build-packages-deb-selenium-dependencies
build-packages-deb-pulsectl: $(BUILD_DIR)/deb/python3-pulsectl_$(PULSECTL_VERSION)-$(DEBIAN_VERSION)_all.deb
$(BUILD_DIR)/deb/python3-pulsectl_$(PULSECTL_VERSION)-$(DEBIAN_VERSION)_all.deb: | $(BUILD_DIR)/deb
$(call build-deb-python-package-full,pulsectl,$(PULSECTL_VERSION),pulsectl)
build-packages-deb-pyvirtualdisplay: $(BUILD_DIR)/deb/python3-pyvirtualdisplay_$(PYVIRTUALDISPLAY_VERSION)-$(DEBIAN_VERSION)_all.deb
$(BUILD_DIR)/deb/python3-pyvirtualdisplay_$(PYVIRTUALDISPLAY_VERSION)-$(DEBIAN_VERSION)_all.deb: | $(BUILD_DIR)/deb
$(call build-deb-python-package-full,PyVirtualDisplay,$(PYVIRTUALDISPLAY_VERSION),pyvirtualdisplay)
build-packages-deb-requests: $(BUILD_DIR)/deb/python3-requests_$(REQUESTS_VERSION)-$(DEBIAN_VERSION)_all.deb
$(BUILD_DIR)/deb/python3-requests_$(REQUESTS_VERSION)-$(DEBIAN_VERSION)_all.deb: | $(BUILD_DIR)/deb
$(call download-source-python-package,requests,$(REQUESTS_VERSION))
$(call extract-source-python-package,requests,$(REQUESTS_VERSION))
# The Python dependencies are added automatically to the .deb
# dependencies, but they do not include those for which a package does
# not exist, like "charset_normalizer". Due to that
# "debian/py3dist-overrides" is used to explicitly set the dependencies.
cp --recursive requests/debian $(BUILD_DIR)/requests-$(REQUESTS_VERSION)/
# The package provides its own MANIFEST.in, so the contents need to be
# appended rather than just copied.
cat requests/MANIFEST.in >> $(BUILD_DIR)/requests-$(REQUESTS_VERSION)/MANIFEST.in
$(call build-deb-package,requests,$(REQUESTS_VERSION),$$($(call timestamp-from-source-python-package,../requests-$(REQUESTS_VERSION).tar.gz)))
$(call copy-binary-deb-package,requests,$(REQUESTS_VERSION),python3-requests)
# Builds the Python dependencies that are not included in at least one of the
# Ubuntu supported releases:
# - Debian 11 (bullseye): unneeded, uses requests package from distribution
# - Ubuntu 20.04 (focal): charset-normalizer >= 2, < 4
# - Ubuntu 22.04 (jammy): unneeded, uses requests package from distribution
build-packages-deb-requests-dependencies: build-packages-deb-requests-dependencies-$(OS_VERSION)
build-packages-deb-requests-dependencies-debian11:
build-packages-deb-requests-dependencies-ubuntu20.04: build-packages-deb-charset-normalizer
build-packages-deb-requests-dependencies-ubuntu22.04:
build-packages-deb-charset-normalizer: $(BUILD_DIR)/deb/python3-charset-normalizer_$(CHARSET_NORMALIZER_VERSION)-$(DEBIAN_VERSION)_all.deb
$(BUILD_DIR)/deb/python3-charset-normalizer_$(CHARSET_NORMALIZER_VERSION)-$(DEBIAN_VERSION)_all.deb: | $(BUILD_DIR)/deb
$(call build-deb-python-package-full,charset_normalizer,$(CHARSET_NORMALIZER_VERSION),charset-normalizer)
build-packages-deb-selenium: $(BUILD_DIR)/deb/python3-selenium_$(SELENIUM_VERSION)-$(DEBIAN_VERSION)_all.deb
$(BUILD_DIR)/deb/python3-selenium_$(SELENIUM_VERSION)-$(DEBIAN_VERSION)_all.deb: | $(BUILD_DIR)/deb
$(call download-source-python-package,selenium,$(SELENIUM_VERSION))
$(call extract-source-python-package,selenium,$(SELENIUM_VERSION))
# The Python dependencies are added automatically to the .deb dependencies,
# but they do not include the version. The supported distributions provide
# an incompatible version for some of the dependencies, so
# "debian/py3dist-overrides" is used to explicitly set the version in the
# .deb packages and ensure that the right dependency is installed.
cp --recursive selenium/debian $(BUILD_DIR)/selenium-$(SELENIUM_VERSION)/
# The package provides its own MANIFEST.in, so the contents need to be
# appended rather than just copied.
cat selenium/MANIFEST.in >> $(BUILD_DIR)/selenium-$(SELENIUM_VERSION)/MANIFEST.in
# The source Python package includes a pre-built Selenium manager, but
# without execute permissions, so they need to be explicitly set.
chmod a+x $(BUILD_DIR)/selenium-$(SELENIUM_VERSION)/selenium/webdriver/common/linux/selenium-manager
$(call build-deb-package,selenium,$(SELENIUM_VERSION),$$($(call timestamp-from-source-python-package,../selenium-$(SELENIUM_VERSION).tar.gz)))
$(call copy-binary-deb-package,selenium,$(SELENIUM_VERSION),python3-selenium)
# Builds the Python dependencies that are not included in at least one of the
# Ubuntu supported releases:
# - Debian 11 (bullseye): python3-certifi >= 2021.10.8, python3-trio ~= 0.17, python3-trio-websocket ~= 0.9
# - Ubuntu 20.04 (focal): python3-certifi >= 2021.10.8, python3-trio ~= 0.17, python3-trio-websocket ~= 0.9, python3-urllib3 >= 1.26, < 3
# - Ubuntu 22.04 (jammy): python3-certifi >= 2021.10.8, python3-trio-websocket ~= 0.9
build-packages-deb-selenium-dependencies: build-packages-deb-selenium-dependencies-$(OS_VERSION)
build-packages-deb-selenium-dependencies-debian11: build-packages-deb-certifi build-packages-deb-trio build-packages-deb-trio-websocket
build-packages-deb-selenium-dependencies-ubuntu20.04: build-packages-deb-certifi build-packages-deb-trio build-packages-deb-trio-websocket build-packages-deb-urllib
build-packages-deb-selenium-dependencies-ubuntu22.04: build-packages-deb-certifi build-packages-deb-trio-websocket
build-packages-deb-certifi: $(BUILD_DIR)/deb/python3-certifi_$(CERTIFI_VERSION)-$(DEBIAN_VERSION)_all.deb
$(BUILD_DIR)/deb/python3-certifi_$(CERTIFI_VERSION)-$(DEBIAN_VERSION)_all.deb: | $(BUILD_DIR)/deb
$(call build-deb-python-package-full,certifi,$(CERTIFI_VERSION),certifi)
build-packages-deb-trio: $(BUILD_DIR)/deb/python3-trio_$(TRIO_VERSION)-$(DEBIAN_VERSION)_all.deb
$(BUILD_DIR)/deb/python3-trio_$(TRIO_VERSION)-$(DEBIAN_VERSION)_all.deb: | $(BUILD_DIR)/deb
$(call build-deb-python-package-full,trio,$(TRIO_VERSION),trio)
build-packages-deb-trio-websocket: $(BUILD_DIR)/deb/python3-trio-websocket_$(TRIO_WEBSOCKET_VERSION)-$(DEBIAN_VERSION)_all.deb
$(BUILD_DIR)/deb/python3-trio-websocket_$(TRIO_WEBSOCKET_VERSION)-$(DEBIAN_VERSION)_all.deb: | $(BUILD_DIR)/deb
$(call build-deb-python-package-full,trio-websocket,$(TRIO_WEBSOCKET_VERSION),trio-websocket)
build-packages-deb-urllib: $(BUILD_DIR)/deb/python3-urllib3_$(URLLIB3_VERSION)-$(DEBIAN_VERSION)_all.deb
$(BUILD_DIR)/deb/python3-urllib3_$(URLLIB3_VERSION)-$(DEBIAN_VERSION)_all.deb: | $(BUILD_DIR)/deb
$(call build-deb-python-package-full,urllib3,$(URLLIB3_VERSION),urllib3)

201
opt/f7cloud-talk-recording-src/packaging/build.sh Executable file
View File

@ -0,0 +1,201 @@
#!/usr/bin/env bash
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
# Helper script to build the recording backend packages for Nextcloud Talk.
#
# This script creates containers with the supported operating systems, installs
# all the needed dependencies in them and builds the packages for the recording
# backend inside the container. If the container exists already the previous
# container will be reused and this script will simply build the recording
# backend in it. The packages will be created in the
# "build/{DISTRIBUTION-ID}/{PACKAGE-FORMAT}/" directory under "packaging" with
# the same user that owns the "packaging" directory.
#
# Due to that the Docker container will not be stopped nor removed when the
# script exits (except when the container was created but it could not be
# started); that must be explicitly done once the container is no longer needed.
#
#
#
# DOCKER AND PERMISSIONS
#
# To perform its job, this script requires the "docker" command to be available.
#
# The Docker Command Line Interface (the "docker" command) requires special
# permissions to talk to the Docker daemon, and those permissions are typically
# available only to the root user. Please see the Docker documentation to find
# out how to give access to a regular user to the Docker daemon:
# https://docs.docker.com/engine/installation/linux/linux-postinstall/
#
# Note, however, that being able to communicate with the Docker daemon is the
# same as being able to get root privileges for the system. Therefore, you must
# give access to the Docker daemon (and thus run this script as) ONLY to trusted
# and secure users:
# https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
# Sets the variables that abstract the differences in command names and options
# between operating systems.
#
# Switches between timeout on GNU/Linux and gtimeout on macOS (same for mktemp
# and gmktemp).
function setOperatingSystemAbstractionVariables() {
case "$OSTYPE" in
darwin*)
if [ "$(which gtimeout)" == "" ]; then
echo "Please install coreutils (brew install coreutils)"
exit 1
fi
MKTEMP=gmktemp
TIMEOUT=gtimeout
DOCKER_OPTIONS="-e no_proxy=localhost "
;;
linux*)
MKTEMP=mktemp
TIMEOUT=timeout
DOCKER_OPTIONS=" "
;;
*)
echo "Operating system ($OSTYPE) not supported"
exit 1
;;
esac
}
# Removes Docker container if it was created but failed to start.
function cleanUp() {
# Disable (yes, "+" disables) exiting immediately on errors to ensure that
# all the cleanup commands are executed (well, no errors should occur during
# the cleanup anyway, but just in case).
set +o errexit
# The name filter must be specified as "^/XXX$" to get an exact match; using
# just "XXX" would match every name that contained "XXX".
if [ -n "$(docker ps --all --quiet --filter status=created --filter name="^/$CONTAINER-debian11$")" ]; then
echo "Removing Docker container $CONTAINER-debian11"
docker rm --volumes --force $CONTAINER-debian11
fi
if [ -n "$(docker ps --all --quiet --filter status=created --filter name="^/$CONTAINER-ubuntu20.04$")" ]; then
echo "Removing Docker container $CONTAINER-ubuntu20.04"
docker rm --volumes --force $CONTAINER-ubuntu20.04
fi
if [ -n "$(docker ps --all --quiet --filter status=created --filter name="^/$CONTAINER-ubuntu22.04$")" ]; then
echo "Removing Docker container $CONTAINER-ubuntu22.04"
docker rm --volumes --force $CONTAINER-ubuntu22.04
fi
}
# Exit immediately on errors.
set -o errexit
# Execute cleanUp when the script exits, either normally or due to an error.
trap cleanUp EXIT
# Ensure working directory is script directory, as some actions (like mounting
# the volumes in the container) expect that.
cd "$(dirname $0)"
HELP="Usage: $(basename $0) [OPTION]...
Options (all options can be omitted, but when present they must appear in the
following order):
--help prints this help and exits.
--container CONTAINER_NAME the name (prefix) to assign to the containers.
Defaults to nextcloud-talk-recording-packages-builder."
if [ "$1" = "--help" ]; then
echo "$HELP"
exit 0
fi
CONTAINER="nextcloud-talk-recording-packages-builder"
if [ "$1" = "--container" ]; then
CONTAINER="$2"
shift 2
fi
if [ -n "$1" ]; then
echo "Invalid option (or at invalid position): $1
$HELP"
exit 1
fi
setOperatingSystemAbstractionVariables
# If the containers are not found new ones are prepared. Otherwise the existing
# containers are used.
#
# The name filter must be specified as "^/XXX$" to get an exact match; using
# just "XXX" would match every name that contained "XXX".
if [ -z "$(docker ps --all --quiet --filter name="^/$CONTAINER-debian11$")" ]; then
echo "Creating Nextcloud Talk recording packages builder container for Debian 11"
docker run --detach --tty --volume "$(realpath ../)":/nextcloud-talk-recording/ --name=$CONTAINER-debian11 $DOCKER_OPTIONS debian:11 bash
echo "Installing required build dependencies"
# "noninteractive" is used to provide default settings instead of asking for
# them (for example, for tzdata).
docker exec $CONTAINER-debian11 bash -c "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes make python3 python3-pip python3-venv python3-all debhelper dh-python git dh-exec"
docker exec $CONTAINER-debian11 bash -c "python3 -m pip install 'stdeb < 0.11.0' build 'setuptools >= 61.0'"
fi
if [ -z "$(docker ps --all --quiet --filter name="^/$CONTAINER-ubuntu20.04$")" ]; then
echo "Creating Nextcloud Talk recording packages builder container for Ubuntu 20.04"
docker run --detach --tty --volume "$(realpath ../)":/nextcloud-talk-recording/ --name=$CONTAINER-ubuntu20.04 $DOCKER_OPTIONS ubuntu:20.04 bash
echo "Installing required build dependencies"
# "noninteractive" is used to provide default settings instead of asking for
# them (for example, for tzdata).
docker exec $CONTAINER-ubuntu20.04 bash -c "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes make python3 python3-pip python3-venv python3-all debhelper dh-python git dh-exec"
docker exec $CONTAINER-ubuntu20.04 bash -c "python3 -m pip install 'stdeb < 0.11.0' build 'setuptools >= 61.0'"
fi
if [ -z "$(docker ps --all --quiet --filter name="^/$CONTAINER-ubuntu22.04$")" ]; then
echo "Creating Nextcloud Talk recording packages builder container for Ubuntu 22.04"
docker run --detach --tty --volume "$(realpath ../)":/nextcloud-talk-recording/ --name=$CONTAINER-ubuntu22.04 $DOCKER_OPTIONS ubuntu:22.04 bash
echo "Installing required build dependencies"
# "noninteractive" is used to provide default settings instead of asking for
# them (for example, for tzdata).
# Due to a bug in python3-build in Ubuntu 22.04 python3-virtualenv needs to
# be used instead of python3-venv:
# https://bugs.launchpad.net/ubuntu/+source/python-build/+bug/1992108
# Even with virtualenv there is no proper virtual environment, so the build
# dependencies specified in pyproject.toml need to be installed system wide.
# setuptools >= 71.0.0 prefers installed dependencies over vendored ones,
# but as it requires packaging >= 22 and the installed python3-packaging is
# 21.3 it can not be used.
# https://github.com/pypa/setuptools/issues/4483
docker exec $CONTAINER-ubuntu22.04 bash -c "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes make python3 python3-pip python3-virtualenv python3-build python3-stdeb python3-all debhelper dh-python git dh-exec"
docker exec $CONTAINER-ubuntu22.04 bash -c "python3 -m pip install 'setuptools >= 69.3, < 71.0.0'"
# Some packages need to be installed so the unit tests can be run in the
# packages being built.
docker exec $CONTAINER-ubuntu22.04 bash -c "apt-get install --assume-yes pulseaudio python3-async-generator python3-trio python3-wsproto"
fi
# Start existing containers if they are stopped.
if [ -n "$(docker ps --all --quiet --filter status=exited --filter name="^/$CONTAINER-debian11$")" ]; then
echo "Starting Talk recording packages builder container for Debian 11"
docker start $CONTAINER-debian11
fi
if [ -n "$(docker ps --all --quiet --filter status=exited --filter name="^/$CONTAINER-ubuntu20.04$")" ]; then
echo "Starting Talk recording packages builder container for Ubuntu 20.04"
docker start $CONTAINER-ubuntu20.04
fi
if [ -n "$(docker ps --all --quiet --filter status=exited --filter name="^/$CONTAINER-ubuntu22.04$")" ]; then
echo "Starting Talk recording packages builder container for Ubuntu 22.04"
docker start $CONTAINER-ubuntu22.04
fi
USER=$(ls -l --numeric-uid-gid --directory . | sed 's/ \+/ /g' | cut --delimiter " " --fields 3)
echo "Building recording backend packages for Debian 11"
docker exec --tty --interactive --user $USER --workdir /nextcloud-talk-recording/packaging $CONTAINER-debian11 make
echo "Building recording backend packages for Ubuntu 20.04"
docker exec --tty --interactive --user $USER --workdir /nextcloud-talk-recording/packaging $CONTAINER-ubuntu20.04 make
echo "Building recording backend packages for Ubuntu 22.04"
docker exec --tty --interactive --user $USER --workdir /nextcloud-talk-recording/packaging $CONTAINER-ubuntu22.04 make

2
opt/f7cloud-talk-recording-src/packaging/nextcloud-talk-recording/MANIFEST.in Normal file
View File

@ -0,0 +1,2 @@
graft debian
include server.conf.in

6
opt/f7cloud-talk-recording-src/packaging/nextcloud-talk-recording/debian/nextcloud-talk-recording.install Executable file
View File

@ -0,0 +1,6 @@
#!/usr/bin/dh-exec
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
server.conf.in => /etc/nextcloud-talk-recording/server.conf

14
opt/f7cloud-talk-recording-src/packaging/nextcloud-talk-recording/debian/nextcloud-talk-recording.postinst Normal file
View File

@ -0,0 +1,14 @@
#!/bin/sh
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
set -e
# The user running nextcloud-talk-recording needs a home directory for
# geckodriver and PulseAudio related files.
# The user will not be automatically removed if the package is uninstalled or
# purged to avoid leaving behind files owned by the user/group.
adduser --system nextcloud-talk-recording
#DEBHELPER#

14
opt/f7cloud-talk-recording-src/packaging/nextcloud-talk-recording/debian/nextcloud-talk-recording.service Normal file
View File

@ -0,0 +1,14 @@
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
[Unit]
Description=Recording server for Nextcloud Talk
After=network.target
[Service]
User=nextcloud-talk-recording
WorkingDirectory=~
ExecStart=/usr/bin/nextcloud-talk-recording --config /etc/nextcloud-talk-recording/server.conf
Restart=on-failure
[Install]
WantedBy=multi-user.target

3
opt/f7cloud-talk-recording-src/packaging/nextcloud-talk-recording/debian/py3dist-overrides Normal file
View File

@ -0,0 +1,3 @@
pulsectl python3-pulsectl
pyvirtualdisplay python3-pyvirtualdisplay (>= 2.0)
selenium python3-selenium (>= 4.11.0)

18
opt/f7cloud-talk-recording-src/packaging/nextcloud-talk-recording/setup.py Normal file
View File

@ -0,0 +1,18 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Dummy setup.py file to be used by stdeb; setuptools >= 61.0 must be used to
# get the proper configuration from the pyproject.toml file.
from setuptools import setup
setup(
# pyproject.toml uses different keywords that are not properly converted to
# the old ones, so they need to be explicitly set here to be used by stdeb.
# "author" can not be set without "author_email". Moreover, if the email was
# also set in pyproject.toml it could not be set here either, as due to how
# the parameters are internally handled by stdeb it would end mixing the
# author set here with the author and email set in pyproject.toml.
url = "https://github.com/nextcloud/nextcloud-talk-recording",
)

6
opt/f7cloud-talk-recording-src/packaging/nextcloud-talk-recording/stdeb.cfg Normal file
View File

@ -0,0 +1,6 @@
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
[DEFAULT]
Package3: nextcloud-talk-recording
Build-Depends: dh-exec
Depends3: adduser, ffmpeg, firefox, firefox-geckodriver, pulseaudio, xvfb

1
opt/f7cloud-talk-recording-src/packaging/requests/MANIFEST.in Normal file
View File

@ -0,0 +1 @@
graft debian

4
opt/f7cloud-talk-recording-src/packaging/requests/debian/py3dist-overrides Normal file
View File

@ -0,0 +1,4 @@
certifi python3-certifi (>=2017.4.17)
charset_normalizer python3-charset-normalizer (>=2), python3-charset-normalizer (<<4)
idna python3-idna (>=2.5), python3-idna (<<4)
urllib3 python3-urllib3 (>=1.21.1), python3-urllib3 (<<3)

3
opt/f7cloud-talk-recording-src/packaging/selenium/MANIFEST.in Normal file
View File

@ -0,0 +1,3 @@
graft debian
include selenium/types.py
include selenium/webdriver/common/linux/selenium-manager

4
opt/f7cloud-talk-recording-src/packaging/selenium/debian/py3dist-overrides Normal file
View File

@ -0,0 +1,4 @@
urllib3 python3-urllib3 (>=1.26), python3-urllib3 (<<2.0)
trio python3-trio (>=0.17), python3-trio (<<1.0)
trio-websocket python3-trio-websocket (>=0.9), python3-trio-websocket (<<1.0)
certifi python3-certifi (>=2021.10.8)

77
opt/f7cloud-talk-recording-src/pyproject.toml Normal file
View File

@ -0,0 +1,77 @@
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
[project]
name = "nextcloud-talk-recording"
description = "Recording server for Nextcloud Talk"
authors = [
{ name = "Nextcloud Talk Team" },
]
license = {text = "GNU AGPLv3+"}
classifiers = [
"License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)",
]
dependencies = [
"flask",
"prometheus-client",
"psutil",
"pulsectl",
"pyvirtualdisplay>=2.0",
"requests",
"requests-toolbelt",
"selenium>=4.11.0",
"websocket-client",
]
dynamic = ["version"]
[build-system]
requires = ["setuptools >= 69.3"]
build-backend = "setuptools.build_meta"
[project.optional-dependencies]
dev = [
"pylint>=2.9",
"pytest>=6.0.1",
]
[project.urls]
repository = "https://github.com/nextcloud/nextcloud-talk-recording"
[project.scripts]
nextcloud-talk-recording = "nextcloud.talk.recording.__main__:main"
nextcloud-talk-recording-benchmark = "nextcloud.talk.recording.Benchmark:main"
[tool.setuptools.dynamic]
version = {attr = "nextcloud.talk.recording.__version__"}
[tool.pylint.basic]
argument-naming-style = 'camelCase'
attr-naming-style = 'camelCase'
function-naming-style = 'camelCase'
method-naming-style = 'camelCase'
module-naming-style = 'PascalCase'
variable-naming-style = 'camelCase'
ignore-paths = 'packaging/*'
disable = [
"line-too-long",
"too-few-public-methods",
"too-many-arguments",
"too-many-instance-attributes",
"too-many-locals",
"too-many-positional-arguments",
"too-many-public-methods",
"too-many-statements",
# FIXME: these messages should be fixed rather than disabled
"bare-except",
"broad-exception-caught",
"broad-exception-raised",
]
[tool.pytest.ini_options]
addopts = [
"--import-mode=importlib",
]
python_files = "*Test.py"
python_classes = "*Test"
python_functions = "test*"

169
opt/f7cloud-talk-recording-src/server.conf.in Normal file
View File

@ -0,0 +1,169 @@
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
[logs]
# Log level based on numeric values of Python logging levels:
# - Critical: 50
# - Error: 40
# - Warning: 30
# - Info: 20
# - Debug: 10
# - Not set: 0
#level = 20
[http]
# IP and port to listen on for HTTP requests.
#listen = 127.0.0.1:8000
[app]
# Comma separated list of trusted proxies (IPs or CIDR networks) that may set
# the "X-Forwarded-For" header.
#trustedproxies =
[backend]
# Allow any hostname as backend endpoint. This is extremely insecure and should
# only be used during development.
#allowall = false
# Common shared secret for requests from and to the backend servers if
# "allowall" is enabled. This must be the same value as configured in the
# Nextcloud admin ui.
#secret = the-shared-secret
# Comma-separated list of backend ids allowed to connect.
#backends = backend-id, another-backend
# If set to "true", certificate validation of backend endpoints will be skipped.
# This should only be enabled during development, e.g. to work with self-signed
# certificates.
# Overridable by backend.
#skipverify = false
# Maximum allowed size in bytes for messages sent by the backend.
# Overridable by backend.
#maxmessagesize = 1024
# Width for recorded videos.
# Overridable by backend.
#videowidth = 1920
# Height for recorded videos.
# Overridable by backend.
#videoheight = 1080
# Temporary directory used to store recordings until uploaded. It must be
# writable by the user running the recording server.
# Overridable by backend.
#directory = /tmp
# Backend configurations as defined in the "[backend]" section above. The
# section names must match the ids used in "backends" above.
#[backend-id]
# URL of the Nextcloud instance
#url = https://cloud.domain.invalid
# Shared secret for requests from and to the backend servers. This must be the
# same value as configured in the Nextcloud admin ui.
#secret = the-shared-secret
#[another-backend]
# URL of the Nextcloud instance
#url = https://cloud.otherdomain.invalid
# Shared secret for requests from and to the backend servers. This must be the
# same value as configured in the Nextcloud admin ui.
#secret = the-shared-secret
[signaling]
# Common shared secret for authenticating as an internal client of signaling
# servers if a specific secret is not set for a signaling server. This must be
# the same value as configured in the signaling server configuration file.
#internalsecret = the-shared-secret-for-internal-clients
# Comma-separated list of signaling servers with specific internal secrets.
#signalings = signaling-id, another-signaling
# Signaling server configurations as defined in the "[signaling]" section above.
# The section names must match the ids used in "signalings" above.
#[signaling-id]
# URL of the signaling server
#url = https://signaling.domain.invalid
# Shared secret for authenticating as an internal client of signaling servers.
# This must be the same value as configured in the signaling server
# configuration file.
#internalsecret = the-shared-secret-for-internal-clients
#[another-signaling]
# URL of the signaling server
#url = https://signaling.otherdomain.invalid
# Shared secret for authenticating as an internal client of signaling servers.
# This must be the same value as configured in the signaling server
# configuration file.
#internalsecret = the-shared-secret-for-internal-clients
[ffmpeg]
# The ffmpeg executable (name or full path) and the global options given to
# ffmpeg. The options given here fully override the default global options.
#common = ffmpeg -loglevel level+warning -n
# The (additional) options given to ffmpeg for the audio input. The options
# given here extend the default options for the audio input, although they do
# not override them.
# Default options: '-f pulse -i {AUDIO_SOURCE}'
#inputaudio =
# The (additional) options given to ffmpeg for the video input. The options
# given here extend the default options for the video input, although they do
# not override them.
# Default options: '-f x11grab -draw_mouse 0 -video_size {WIDTH}x{HEIGHT} -i {VIDEO_SOURCE}'
#inputvideo =
# The options given to ffmpeg to encode the audio output. The options given here
# fully override the default options for the audio output.
#outputaudio = -c:a libopus
# The options given to ffmpeg to encode the video output. The options given here
# fully override the default options for the video output.
#outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
# The extension of the file for audio only recordings.
#extensionaudio = .ogg
# The extension of the file for audio and video recordings.
#extensionvideo = .webm
[recording]
# Browser to use for recordings. Please note that the "chrome" value does not
# refer to the web browser, but to the Selenium WebDriver. In practice, "chrome"
# will use Google Chrome, or Chromium if Google Chrome is not installed.
# Allowed values: firefox, chrome
# Defaults to firefox
#browser = firefox
# Path to the Selenium driver to use for recordings.
# If set the driver must match the browser being used (for example,
# "/usr/bin/geckodriver" for "firefox"). If no driver is explicitly set Selenium
# Manager will try to find the right one in $PATH, downloading it as a fallback.
# Note that Selenium Manager does not work in some architectures (for example,
# Linux on arm64/aarch64), so in those architectures the driver must be
# explicitly set.
#driverPath =
# Path to the browser executable to use for recordings.
# If set the executable must match the browser being used (for example,
# "/usr/bin/firefox-esr" for "firefox"). If no executable is explicitly set
# Selenium Manager will try to find the right one in $PATH. Depending on the
# installed Selenium version if the executable is not found Selenium Manager may
# also download the browser as a fallback.
# Note that Selenium Manager does not work in some architectures (for example,
# Linux on arm64/aarch64); in those architectures the Selenium driver will try
# to find the executable, but the executable may need to be explicitly set if
# not found by the driver.
#browserPath =
[stats]
# Comma-separated list of IP addresses (or CIDR networks) that are allowed to
# access the stats endpoint.
# Leave commented to only allow access from "127.0.0.1".
#allowed_ips =

198
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/BackendNotifier.py Normal file
View File

@ -0,0 +1,198 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
"""
Module to send requests to the Nextcloud server.
"""
import hashlib
import hmac
import json
import logging
import os
from secrets import token_urlsafe
from requests import Request, Session
from requests_toolbelt import MultipartEncoder
from nextcloud.talk import recording
from .Config import config
logger = logging.getLogger(__name__)
def getRandomAndChecksum(backend, data):
"""
Returns a random string and the checksum of the given data with that random.
:param backend: the backend to send the data to.
:param data: the data, as bytes.
"""
secret = config.getBackendSecret(backend).encode()
random = token_urlsafe(64)
hmacValue = hmac.new(secret, random.encode() + data, hashlib.sha256)
return random, hmacValue.hexdigest()
def doRequest(backend, request, retries=3):
"""
Send the request to the backend.
SSL verification will be skipped if configured.
:param backend: the backend to send the request to.
:param request: the request to send.
:param retries: the number of times to retry in case of failure.
"""
backendSkipVerify = config.getBackendSkipVerify(backend)
try:
session = Session()
preparedRequest = session.prepare_request(request)
response = session.send(preparedRequest, verify=not backendSkipVerify)
response.raise_for_status()
except Exception:
if retries > 1:
logger.exception("Failed to send message to backend, %d retries left!", retries)
doRequest(backend, request, retries - 1)
else:
logger.exception("Failed to send message to backend, giving up!")
raise
def backendRequest(backend, data):
"""
Sends the data to the backend on the endpoint to receive notifications from
the recording server.
The data is automatically wrapped in a request for the appropriate URL and
with the needed headers.
:param backend: the backend to send the data to.
:param data: the data to send.
"""
url = backend.rstrip('/') + '/ocs/v2.php/apps/spreed/api/v1/recording/backend'
data = json.dumps(data).encode()
random, checksum = getRandomAndChecksum(backend, data)
headers = {
'Content-Type': 'application/json',
'OCS-ApiRequest': 'true',
'Talk-Recording-Random': random,
'Talk-Recording-Checksum': checksum,
'User-Agent': recording.USER_AGENT,
}
request = Request('POST', url, headers, data=data)
doRequest(backend, request)
def started(backend, token, status, actorType, actorId):
"""
Notifies the backend that the recording was started.
:param backend: the backend of the conversation.
:param token: the token of the conversation.
:param actorType: the actor type of the Talk participant that started the
recording.
:param actorId: the actor id of the Talk participant that started the
recording.
"""
backendRequest(backend, {
'type': 'started',
'started': {
'token': token,
'status': status,
'actor': {
'type': actorType,
'id': actorId,
},
},
})
def stopped(backend, token, actorType, actorId):
"""
Notifies the backend that the recording was stopped.
:param backend: the backend of the conversation.
:param token: the token of the conversation.
:param actorType: the actor type of the Talk participant that stopped the
recording.
:param actorId: the actor id of the Talk participant that stopped the
recording.
"""
data = {
'type': 'stopped',
'stopped': {
'token': token,
},
}
if actorType is not None and actorId is not None:
data['stopped']['actor'] = {
'type': actorType,
'id': actorId,
}
backendRequest(backend, data)
def failed(backend, token):
"""
Notifies the backend that the recording failed.
:param backend: the backend of the conversation.
:param token: the token of the conversation.
"""
data = {
'type': 'failed',
'failed': {
'token': token,
},
}
backendRequest(backend, data)
def uploadRecording(backend, token, fileName, owner):
"""
Upload the recording specified by fileName.
The name of the uploaded file is the basename of the original file.
:param backend: the backend to upload the file to.
:param token: the token of the conversation that was recorded.
:param fileName: the recording file name.
:param owner: the owner of the uploaded file.
"""
logger.info("Upload recording %s to %s in %s as %s", fileName, backend, token, owner)
url = backend.rstrip('/') + '/ocs/v2.php/apps/spreed/api/v1/recording/' + token + '/store'
# Plain values become arguments, while tuples become files; the body used to
# calculate the checksum is empty.
data = {
'owner': owner,
# pylint: disable=consider-using-with
'file': (os.path.basename(fileName), open(fileName, 'rb')),
}
multipartEncoder = MultipartEncoder(data)
random, checksum = getRandomAndChecksum(backend, token.encode())
headers = {
'Content-Type': multipartEncoder.content_type,
'OCS-ApiRequest': 'true',
'Talk-Recording-Random': random,
'Talk-Recording-Checksum': checksum,
'User-Agent': recording.USER_AGENT,
}
uploadRequest = Request('POST', url, headers, data=multipartEncoder)
doRequest(backend, uploadRequest)

395
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/Benchmark.py Normal file
View File

@ -0,0 +1,395 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
"""
Module to provide the command line interface for the benchmark.
"""
import argparse
import atexit
import logging
import os
import re
import subprocess
from threading import Event, Thread
from time import sleep, time
import psutil
import pulsectl
from pyvirtualdisplay import Display
from nextcloud.talk.recording import RECORDING_STATUS_AUDIO_AND_VIDEO, RECORDING_STATUS_AUDIO_ONLY
from .Config import Config
from .RecorderArgumentsBuilder import RecorderArgumentsBuilder
from .Service import newAudioSink, processLog
class ResourcesTracker:
"""
Class to track the resources used by the recorder and to stop it once the
benchmark ends.
The ResourcesTracker runs in a different thread to the one that started it,
as that thread needs to block until the recorder process ends.
"""
def __init__(self):
self.logger = logging.getLogger("stats")
self.cpuPercents = []
self.memoryInfos = []
self.memoryPercents = []
def start(self, pid, length, stopResourcesTrackerThread):
"""
Starts tracking the resources used by the given PID.
The tracker will automatically end after the given length in seconds.
The tracker can be aborted earlier by setting the given
stopResourcesTrackerThread event.
"""
Thread(target=self._track, args=[pid, length, stopResourcesTrackerThread], daemon=True).start()
def _track(self, pid, length, stopResourcesTrackerThread):
# Wait a little for the values to stabilize.
sleep(5)
if stopResourcesTrackerThread.is_set():
return
process = psutil.Process(pid)
# Get first percent value before the real loop, as the first time it can
# be 0.
process.cpu_percent()
startTime = time()
count = 0
while time() - startTime < length:
sleep(1)
count += 1
if stopResourcesTrackerThread.is_set():
return
self.logger.info(count)
cpuPercent = process.cpu_percent()
self.logger.info("CPU percent: %f", cpuPercent)
self.cpuPercents.append(cpuPercent)
memoryInfo = process.memory_info()
self.logger.info("Memory info: %s", memoryInfo)
self.memoryInfos.append(memoryInfo)
memoryPercent = process.memory_percent()
self.logger.info("Memory percent: %f", memoryPercent)
self.memoryPercents.append(memoryPercent)
process.terminate()
class BenchmarkService:
"""
Class to set up and tear down the needed elements to benchmark the recorder.
To benchmark the recorder a virtual display server and an audio sink are
created. Then a video is played in the virtual display server, and its audio
is routed to the audio sink. This ensures that the benchmark will not
interfere with other processes that could be running on the machine. Then an
FFMPEG process to record the virtual display driver and the audio sink is
started, and finally a helper object to track the resources used by the
recorder as well as to stop it once the benchmark ends is also started.
Once the recorder process is stopped the helper elements are automatically
stopped too.
"""
def __init__(self):
self._logger = logging.getLogger()
self._resourcesTracker = ResourcesTracker()
self._display = None
self._audioModuleIndex = None
self._playerProcess = None
self._recorderProcess = None
self._droppedFrames = None
self._recorderArguments = None
self._averageCpuPercents = None
self._averageMemoryInfos = None
self._averageMemoryPercents = None
def __del__(self):
self._stopHelpers()
def run(self, args):
"""
Runs the benchmark.
This method blocks until the recording ends.
:param args: the parsed arguments given in the command line.
"""
directory = os.path.dirname(args.output)
stopResourcesTrackerThread = Event()
if not os.path.exists(args.input):
raise Exception("Input file does not exist")
try:
# Ensure that PulseAudio is running.
# A "long" timeout is used to prevent it from exiting before the
# player starts.
subprocess.run(['pulseaudio', '--start', '--exit-idle-time=120'], check=True)
# Ensure that the directory to store the recording exists.
os.makedirs(directory, exist_ok=True)
self._display = Display(size=(args.width, args.height), manage_global_env=False)
self._display.start()
# Start new audio sink for the audio output of the player.
self._audioModuleIndex, audioSinkIndex, audioSourceIndex = newAudioSink("nextcloud-talk-recording-benchmark")
audioSinkIndex = str(audioSinkIndex)
audioSourceIndex = str(audioSourceIndex)
env = self._display.env()
env['PULSE_SINK'] = audioSinkIndex
self._logger.debug("Playing video")
playerArgs = ["ffplay", "-x", str(args.width), "-y", str(args.height), args.input]
# pylint: disable=consider-using-with
self._playerProcess = subprocess.Popen(playerArgs, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True, env=env)
# Log player output and track dropped frames.
Thread(target=self._handleFfplayOutput, args=[self._playerProcess.stdout], daemon=True).start()
extensionlessFileName, extension = args.output.rsplit(".", 1)
status = RECORDING_STATUS_AUDIO_ONLY if args.audio_only else RECORDING_STATUS_AUDIO_AND_VIDEO
recorderArgumentsBuilder = RecorderArgumentsBuilder()
recorderArgumentsBuilder.setFfmpegCommon(args.ffmpeg_common.split())
recorderArgumentsBuilder.setFfmpegInputAudio(args.ffmpeg_input_audio.split())
recorderArgumentsBuilder.setFfmpegInputVideo(args.ffmpeg_input_video.split())
recorderArgumentsBuilder.setFfmpegOutputAudio(args.ffmpeg_output_audio.split())
recorderArgumentsBuilder.setFfmpegOutputVideo(args.ffmpeg_output_video.split())
recorderArgumentsBuilder.setExtension(f".{extension}")
self._recorderArguments = recorderArgumentsBuilder.getRecorderArguments(status, self._display.new_display_var, audioSourceIndex, args.width, args.height, extensionlessFileName)
fileName = self._recorderArguments[-1]
if os.path.exists(fileName):
if args.force:
os.remove(fileName)
else:
raise Exception("File exists")
self._logger.debug("Starting recorder")
# pylint: disable=consider-using-with
self._recorderProcess = subprocess.Popen(self._recorderArguments, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)
self._resourcesTracker.start(self._recorderProcess.pid, args.length, stopResourcesTrackerThread)
# Log recorder output.
Thread(target=processLog, args=["recorder", self._recorderProcess.stdout], daemon=True).start()
returnCode = self._recorderProcess.wait()
# recorder process will be explicitly terminated by ResourcesTracker
# when needed, which returns with 255; any other return code means that
# it ended without an expected reason.
if returnCode != 255:
raise Exception("recorder ended unexpectedly")
finally:
stopResourcesTrackerThread.set()
self._stopHelpers()
if len(self._resourcesTracker.cpuPercents) > 0:
self._averageCpuPercents = 0
for cpuPercents in self._resourcesTracker.cpuPercents:
self._averageCpuPercents += cpuPercents
self._averageCpuPercents /= len(self._resourcesTracker.cpuPercents)
if len(self._resourcesTracker.memoryInfos) > 0:
self._averageMemoryInfos = {}
self._averageMemoryInfos["rss"] = 0
self._averageMemoryInfos["vms"] = 0
for memoryInfos in self._resourcesTracker.memoryInfos:
self._averageMemoryInfos["rss"] += memoryInfos.rss
self._averageMemoryInfos["vms"] += memoryInfos.vms
self._averageMemoryInfos["rss"] /= len(self._resourcesTracker.memoryInfos)
self._averageMemoryInfos["vms"] /= len(self._resourcesTracker.memoryInfos)
if len(self._resourcesTracker.memoryPercents) > 0:
self._averageMemoryPercents = 0
for memoryPercents in self._resourcesTracker.memoryPercents:
self._averageMemoryPercents += memoryPercents
self._averageMemoryPercents /= len(self._resourcesTracker.memoryPercents)
def getDroppedFrames(self):
"""
Returns the dropped frames parsed from ffplay output.
"""
return self._droppedFrames
def getRecorderArguments(self):
"""
Returns the arguments used to start the recorder process.
"""
return self._recorderArguments
def getAverageCpuPercents(self):
"""
Returns the average CPU percent used by the recorder process.
The value is available only once the recorder process has finished.
"""
return self._averageCpuPercents
def getAverageMemoryInfos(self):
"""
Returns the average memory values used by the recorder process.
The returned value is a dictionary with "rss" ("Resident set size", the
RAM memory currently used by the process) and "vms" ("Virtual memory
size", the maximum memory that could be used by the process) keys.
The values are available only once the recorder process has finished.
"""
return self._averageMemoryInfos
def getAverageMemoryPercents(self):
"""
Returns the average memory percent used by the recorder process.
The value is available only once the recorder process has finished.
"""
return self._averageMemoryPercents
def _handleFfplayOutput(self, ffplayOutput):
"""
Logs the ffplay output and tracks the dropped frames.
ffplay output is logged with the "player" logger with DEBUG level.
:param ffplayOutput: TextIOWrapper with ffplay output.
"""
logger = logging.getLogger("player")
ffplayFdRegExp = re.compile("fd=\\s*(\\d+)")
with ffplayOutput:
for line in ffplayOutput:
# Lines captured from the player have a trailing new line, so it
# needs to be removed.
logger.log(logging.DEBUG, line.rstrip('\n'))
fdMatch = ffplayFdRegExp.search(line)
if fdMatch:
self._droppedFrames = fdMatch.group(1)
def _stopHelpers(self):
if self._recorderProcess:
self._logger.debug("Stopping recorder")
try:
self._recorderProcess.terminate()
self._recorderProcess.wait()
except:
self._logger.exception("Error when terminating recorder")
finally:
self._recorderProcess = None
if self._playerProcess:
self._logger.debug("Stopping player")
try:
self._playerProcess.terminate()
self._playerProcess.wait()
except:
self._logger.exception("Error when terminating player")
finally:
self._playerProcess = None
# pylint: disable=duplicate-code
if self._audioModuleIndex:
self._logger.debug("Unloading audio module")
try:
with pulsectl.Pulse(f"audio-module-{self._audioModuleIndex}-unloader") as pacmd:
pacmd.module_unload(self._audioModuleIndex)
except:
self._logger.exception("Error when unloading audio module")
finally:
self._audioModuleIndex = None
if self._display:
self._logger.debug("Stopping display")
try:
self._display.stop()
except:
self._logger.exception("Error when stopping display")
finally:
self._display = None
# pylint: disable=invalid-name
benchmarkService = None
def main():
"""
Runs the benchmark with the arguments given in the command line.
"""
defaultConfig = Config()
parser = argparse.ArgumentParser()
parser.add_argument("-f", "--force", help="overwrite output file if it exists", action="store_true")
parser.add_argument("-l", "--length", help="benchmark duration (in seconds)", default=180, type=int)
parser.add_argument("--width", help="output width", default=defaultConfig.getBackendVideoWidth(""), type=int)
parser.add_argument("--height", help="output height", default=defaultConfig.getBackendVideoHeight(""), type=int)
parser.add_argument("--ffmpeg-common", help="ffmpeg executable and global options", default=" ".join(defaultConfig.getFfmpegCommon()), type=str)
parser.add_argument("--ffmpeg-input-audio", help="(additional) input audio options for ffmpeg", default=" ".join(defaultConfig.getFfmpegInputAudio()), type=str)
parser.add_argument("--ffmpeg-input-video", help="(additional) input video options for ffmpeg", default=" ".join(defaultConfig.getFfmpegInputVideo()), type=str)
parser.add_argument("--ffmpeg-output-audio", help="output audio options for ffmpeg", default=" ".join(defaultConfig.getFfmpegOutputAudio()), type=str)
parser.add_argument("--ffmpeg-output-video", help="output video options for ffmpeg", default=" ".join(defaultConfig.getFfmpegOutputVideo()), type=str)
parser.add_argument("--audio-only", help="audio only recording", action="store_true")
parser.add_argument("-v", "--verbose", help="verbose mode", action="store_true")
parser.add_argument("--verbose-extra", help="extra verbose mode", action="store_true")
parser.add_argument("input", help="input filename")
parser.add_argument("output", help="output filename")
args = parser.parse_args()
if args.verbose:
logging.basicConfig(level=logging.INFO)
if args.verbose_extra:
logging.basicConfig(level=logging.DEBUG)
# pylint: disable=global-statement
global benchmarkService
benchmarkService = BenchmarkService()
benchmarkService.run(args)
output = benchmarkService.getRecorderArguments()[-1]
if benchmarkService.getDroppedFrames() is None:
droppedFrames = "ffplay output could not be parsed"
else:
droppedFrames = benchmarkService.getDroppedFrames()
print(f"Player dropped frames: {droppedFrames}")
print(f"Recorder arguments: {' '.join(benchmarkService.getRecorderArguments())}")
print(f"File size: {os.stat(output).st_size}")
print(f"Average CPU percents: {benchmarkService.getAverageCpuPercents()}")
print(f"Average memory infos: {benchmarkService.getAverageMemoryInfos()}")
print(f"Average memory percents: {benchmarkService.getAverageMemoryPercents()}")
def _stopServiceOnExit():
# pylint: disable=global-statement
global benchmarkService
if benchmarkService:
del benchmarkService
# The service should be explicitly deleted before exiting, as if it is
# implicitly deleted while exiting the helpers may not cleanly quit.
atexit.register(_stopServiceOnExit)
if __name__ == '__main__':
main()

358
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/Config.py Normal file
View File

@ -0,0 +1,358 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
"""
Module for getting the configuration.
Other modules are expected to import the shared "config" object, which will be
loaded with the configuration file at startup.
"""
import logging
import os
from ipaddress import ip_network
from configparser import ConfigParser
class Config:
"""
Class for the configuration.
The configuration values are loaded from a configuration file, but all the
properties have a default value if the value is not explicitly set in the
loaded configuration file.
There is a getter method for each of the configuration values. If the value
can be overriden by a backend the URL of the backend needs to be given to
get the value.
"""
def __init__(self):
self._logger = logging.getLogger(__name__)
self._configParser = ConfigParser()
self._trustedProxies = []
self._backendIdsByBackendUrl = {}
self._signalingIdsBySignalingUrl = {}
self._statsAllowedIps = []
def load(self, fileName):
"""
Loads the configuration from the given file name.
:param fileName: the absolute or relative (to the current working
directory) path to the configuration file.
"""
fileName = os.path.abspath(fileName)
if not os.path.exists(fileName):
self._logger.warning("Configuration file not found: %s", fileName)
else:
self._logger.info("Loading %s", fileName)
self._configParser.read(fileName)
self._loadTrustedProxies()
self._loadBackends()
self._loadSignalings()
self._loadStatsAllowedIps()
def _loadTrustedProxies(self):
self._trustedProxies = []
if 'app' not in self._configParser or 'trustedproxies' not in self._configParser['app']:
return
trustedProxies = self._configParser.get('app', 'trustedproxies')
trustedProxies = [trustedProxy.strip() for trustedProxy in trustedProxies.split(',')]
for trustedProxy in trustedProxies:
try:
trustedProxy = ip_network(trustedProxy)
self._trustedProxies.append(trustedProxy)
except ValueError as valueError:
self._logger.error("Invalid trusted proxy: %s", valueError)
def _loadBackends(self):
self._backendIdsByBackendUrl = {}
if 'backend' not in self._configParser or 'backends' not in self._configParser['backend']:
self._logger.warning("No configured backends")
return
backendIds = self._configParser.get('backend', 'backends')
backendIds = [backendId.strip() for backendId in backendIds.split(',')]
for backendId in backendIds:
if 'url' not in self._configParser[backendId]:
self._logger.error("Missing 'url' property for backend %s", backendId)
continue
if 'secret' not in self._configParser[backendId]:
self._logger.error("Missing 'secret' property for backend %s", backendId)
continue
backendUrl = self._configParser[backendId]['url'].rstrip('/')
self._backendIdsByBackendUrl[backendUrl] = backendId
def _loadSignalings(self):
self._signalingIdsBySignalingUrl = {}
if 'signaling' not in self._configParser:
self._logger.warning("No configured signalings")
return
if 'signalings' not in self._configParser['signaling']:
if 'internalsecret' not in self._configParser['signaling']:
self._logger.warning("No configured signalings")
return
signalingIds = self._configParser.get('signaling', 'signalings')
signalingIds = [signalingId.strip() for signalingId in signalingIds.split(',')]
for signalingId in signalingIds:
if 'url' not in self._configParser[signalingId]:
self._logger.error("Missing 'url' property for signaling %s", signalingId)
continue
if 'internalsecret' not in self._configParser[signalingId]:
self._logger.error("Missing 'internalsecret' property for signaling %s", signalingId)
continue
signalingUrl = self._configParser[signalingId]['url'].rstrip('/')
self._signalingIdsBySignalingUrl[signalingUrl] = signalingId
def _loadStatsAllowedIps(self):
self._statsAllowedIps = []
if 'stats' not in self._configParser or 'allowed_ips' not in self._configParser['stats']:
self._statsAllowedIps.append(ip_network('127.0.0.1'))
return
allowedIps = self._configParser.get('stats', 'allowed_ips')
allowedIps = [allowedIp.strip() for allowedIp in allowedIps.split(',')]
for allowedIp in allowedIps:
try:
allowedIp = ip_network(allowedIp)
self._statsAllowedIps.append(allowedIp)
except ValueError as valueError:
self._logger.error("Invalid allowed IP %s", valueError)
def getLogLevel(self):
"""
Returns the log level.
Defaults to INFO (20).
"""
return int(self._configParser.get('logs', 'level', fallback=logging.INFO))
def getListen(self):
"""
Returns the IP and port to listen on for HTTP requests.
Defaults to "127.0.0.1:8000".
"""
return self._configParser.get('http', 'listen', fallback='127.0.0.1:8000')
def getTrustedProxies(self):
"""
Returns the list of trusted proxies.
All proxies are returned as an IPv4Network or IPv6Network, even if they
are a single IP address.
Defaults to an empty list.
"""
return self._trustedProxies
def getBackendSecret(self, backendUrl):
"""
Returns the shared secret for requests from and to the backend servers.
Defaults to None.
"""
if self._configParser.get('backend', 'allowall', fallback=None) == 'true':
return self._configParser.get('backend', 'secret')
backendUrl = backendUrl.rstrip('/')
if backendUrl in self._backendIdsByBackendUrl:
backendId = self._backendIdsByBackendUrl[backendUrl]
return self._configParser.get(backendId, 'secret', fallback=None)
return None
def getBackendSkipVerify(self, backendUrl):
"""
Returns whether the certificate validation of backend endpoints should
be skipped or not.
Defaults to False.
"""
return self._getBackendValue(backendUrl, 'skipverify', False) == 'true'
def getBackendMaximumMessageSize(self, backendUrl):
"""
Returns the maximum allowed size in bytes for messages sent by the
backend.
Defaults to 1024.
"""
return int(self._getBackendValue(backendUrl, 'maxmessagesize', 1024))
def getBackendVideoWidth(self, backendUrl):
"""
Returns the width for recorded videos.
Defaults to 1920.
"""
return int(self._getBackendValue(backendUrl, 'videowidth', 1920))
def getBackendVideoHeight(self, backendUrl):
"""
Returns the height for recorded videos.
Defaults to 1080.
"""
return int(self._getBackendValue(backendUrl, 'videoheight', 1080))
def getBackendDirectory(self, backendUrl):
"""
Returns the temporary directory used to store recordings until uploaded.
Defaults to False.
"""
return self._getBackendValue(backendUrl, 'directory', '/tmp')
def _getBackendValue(self, backendUrl, key, default):
backendUrl = backendUrl.rstrip('/')
if backendUrl in self._backendIdsByBackendUrl:
backendId = self._backendIdsByBackendUrl[backendUrl]
if self._configParser.get(backendId, key, fallback=None):
return self._configParser.get(backendId, key)
return self._configParser.get('backend', key, fallback=default)
def getSignalingSecret(self, signalingUrl):
"""
Returns the shared secret for authenticating as an internal client of
signaling servers.
Defaults to None.
"""
signalingUrl = signalingUrl.rstrip('/')
if signalingUrl in self._signalingIdsBySignalingUrl:
signalingId = self._signalingIdsBySignalingUrl[signalingUrl]
if self._configParser.get(signalingId, 'internalsecret', fallback=None):
return self._configParser.get(signalingId, 'internalsecret')
return self._configParser.get('signaling', 'internalsecret', fallback=None)
def getFfmpegCommon(self):
"""
Returns the ffmpeg executable (name or full path) and the global options
given to ffmpeg.
Defaults to ['ffmpeg', '-loglevel', 'level+warning', '-n'].
"""
return self._configParser.get('ffmpeg', 'common', fallback='ffmpeg -loglevel level+warning -n').split()
def getFfmpegInputAudio(self):
"""
Returns the (additional) options given to ffmpeg for the audio input.
Defaults to [].
"""
return self._configParser.get('ffmpeg', 'inputaudio', fallback='').split()
def getFfmpegInputVideo(self):
"""
Returns the (additional) options given to ffmpeg for the video input.
Defaults to [].
"""
return self._configParser.get('ffmpeg', 'inputvideo', fallback='').split()
def getFfmpegOutputAudio(self):
"""
Returns the options given to ffmpeg to encode the audio output.
Defaults to ['-c:a', 'libopus'].
"""
return self._configParser.get('ffmpeg', 'outputaudio', fallback='-c:a libopus').split()
def getFfmpegOutputVideo(self):
"""
Returns the options given to ffmpeg to encode the video output.
Defaults to ['-c:v', 'libvpx', '-deadline:v', 'realtime', '-crf', '10', '-b:v', '1M'].
"""
return self._configParser.get('ffmpeg', 'outputvideo', fallback='-c:v libvpx -deadline:v realtime -crf 10 -b:v 1M').split()
def getFfmpegExtensionAudio(self):
"""
Returns the extension of the output file for audio recordings.
Defaults to ".ogg".
"""
return self._configParser.get('ffmpeg', 'extensionaudio', fallback='.ogg')
def getFfmpegExtensionVideo(self):
"""
Returns the extension of the output file for video recordings.
Defaults to ".webm".
"""
return self._configParser.get('ffmpeg', 'extensionvideo', fallback='.webm')
def getBrowserForRecording(self):
"""
Returns the browser identifier that will be used for recordings.
Defaults to "firefox".
"""
return self._configParser.get('recording', 'browser', fallback='firefox')
def getDriverPathForRecording(self):
"""
Returns the path to override the Selenium driver that will be used for
recordings.
Defaults to None.
"""
return self._configParser.get('recording', 'driverPath', fallback=None)
def getBrowserPathForRecording(self):
"""
Returns the path to override the browser executable that will be used
for recordings.
Defaults to None.
"""
return self._configParser.get('recording', 'browserPath', fallback=None)
def getStatsAllowedIps(self):
"""
Returns the list of IPs allowed to query the stats.
All IPs are returned as an IPv4Network or IPv6Network, even if they are
a single IP address.
Defaults to ['127.0.0.1'].
"""
return self._statsAllowedIps
config = Config()

539
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/Participant.py Normal file
View File

@ -0,0 +1,539 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
"""
Module to join a call with a browser.
"""
import hashlib
import hmac
import json
import re
import threading
from datetime import datetime
from secrets import token_urlsafe
from shutil import disk_usage
from time import sleep
import websocket
from selenium.webdriver.chrome.options import Options as ChromeOptions
from selenium.webdriver.chrome.service import Service as ChromeService
from selenium.webdriver.chrome.webdriver import WebDriver as ChromeDriver
from selenium.webdriver.firefox.options import Options as FirefoxOptions
from selenium.webdriver.firefox.service import Service as FirefoxService
from selenium.webdriver.firefox.webdriver import WebDriver as FirefoxDriver
from .Config import config
class BiDiLogsHelper:
"""
Helper class to get browser logs using the BiDi protocol.
A new thread is started by each object to receive the logs, so they can be
printed in real time even if the main thread is waiting for some script to
finish.
"""
def __init__(self, driver, parentLogger):
if not 'webSocketUrl' in driver.capabilities:
raise Exception('webSocketUrl not found in capabilities')
self._logger = parentLogger.getChild('BiDiLogsHelper')
self.realtimeLogsEnabled = False
self.pendingLogs = []
self.logsLock = threading.Lock()
# Web socket connection is rejected by Firefox with "Bad request" if
# "Origin" header is present; logs show:
# "The handshake request has incorrect Origin header".
self.websocket = websocket.create_connection(driver.capabilities['webSocketUrl'], suppress_origin=True)
self.websocket.send(json.dumps({
'id': 1,
'method': 'session.subscribe',
'params': {
'events': ['log.entryAdded'],
},
}))
self.initialLogsLock = threading.Lock()
# pylint: disable=consider-using-with
self.initialLogsLock.acquire()
self.loggingThread = threading.Thread(target=self._processLogEvents, daemon=True)
self.loggingThread.start()
# Do not return until the existing logs were fetched, except if it is
# taking too long.
# pylint: disable=consider-using-with
self.initialLogsLock.acquire(timeout=10)
def __del__(self):
if self.websocket:
self.websocket.close()
if self.loggingThread:
self.loggingThread.join()
def _messageFromEvent(self, event):
if not 'params' in event:
return '???'
method = ''
if 'method' in event['params']:
method = event['params']['method']
elif 'level' in event['params']:
method = event['params']['level'] if event['params']['level'] != 'warning' else 'warn'
text = ''
if 'text' in event['params']:
text = event['params']['text']
time = '??:??:??'
if 'timestamp' in event['params']:
timestamp = event['params']['timestamp']
# JavaScript timestamps are millisecond based, Python timestamps
# are second based.
time = datetime.fromtimestamp(timestamp / 1000).strftime('%H:%M:%S')
methodShort = '?'
if method == 'error':
methodShort = 'E'
elif method == 'warn':
methodShort = 'W'
elif method == 'log':
methodShort = 'L'
elif method == 'info':
methodShort = 'I'
elif method == 'debug':
methodShort = 'D'
return time + ' ' + methodShort + ' ' + text
def _processLogEvents(self):
while True:
try:
event = json.loads(self.websocket.recv())
except:
self._logger.debug('BiDi WebSocket closed')
return
if 'id' in event and event['id'] == 1:
self.initialLogsLock.release()
continue
if not 'method' in event or event['method'] != 'log.entryAdded':
continue
message = self._messageFromEvent(event)
with self.logsLock:
if self.realtimeLogsEnabled:
self._logger.debug(message)
else:
self.pendingLogs.append(message)
def clearLogs(self):
"""
Clears, without printing, the logs received while realtime logs were not
enabled.
"""
with self.logsLock:
self.pendingLogs = []
def printLogs(self):
"""
Prints the logs received while realtime logs were not enabled.
The logs are cleared after printing them.
"""
with self.logsLock:
for log in self.pendingLogs:
self._logger.debug(log)
self.pendingLogs = []
def setRealtimeLogsEnabled(self, realtimeLogsEnabled):
"""
Enable or disable realtime logs.
If logs are received while realtime logs are not enabled they can be
printed using "printLogs()".
"""
with self.logsLock:
self.realtimeLogsEnabled = realtimeLogsEnabled
class SeleniumHelper:
"""
Helper class to start a browser and execute scripts in it using WebDriver.
The browser is expected to be available in the local system.
"""
def __init__(self, parentLogger, acceptInsecureCerts):
self._parentLogger = parentLogger
self._logger = parentLogger.getChild('SeleniumHelper')
self._acceptInsecureCerts = acceptInsecureCerts
self.driver = None
self.bidiLogsHelper = None
def __del__(self):
if self.driver:
# The session must be explicitly quit to remove the temporary files
# created in "/tmp".
self.driver.quit()
def startChrome(self, width, height, env, driverPath, browserPath):
"""
Starts a Chrome instance.
Will use Chromium if Google Chrome is not installed.
:param width: the width of the browser window.
:param height: the height of the browser window.
:param env: the environment variables, including the display to start
the browser in.
:param driverPath: the path to override the default chromedriver.
:param browserPath: the path to override the default Google Chrome or
Chromium executable.
"""
options = ChromeOptions()
options.set_capability('acceptInsecureCerts', self._acceptInsecureCerts)
# "webSocketUrl" is needed for BiDi.
options.set_capability('webSocketUrl', True)
options.add_argument('--use-fake-ui-for-media-stream')
# Allow to play media without user interaction.
options.add_argument('--autoplay-policy=no-user-gesture-required')
options.add_argument('--kiosk')
options.add_argument(f'--window-size={width},{height}')
options.add_argument('--disable-infobars')
options.add_experimental_option("excludeSwitches", ["enable-automation"])
if disk_usage('/dev/shm').free < 2147483648:
self._logger.info('Less than 2 GiB available in "/dev/shm", usage disabled')
options.add_argument("--disable-dev-shm-usage")
if disk_usage('/tmp').free < 134217728:
self._logger.warning('Less than 128 MiB available in "/tmp", strange failures may occur')
service = ChromeService(
env=env,
executable_path=driverPath,
)
if browserPath:
options.binary_location = browserPath
self.driver = ChromeDriver(
options=options,
service=service,
)
self.bidiLogsHelper = BiDiLogsHelper(self.driver, self._parentLogger)
def startFirefox(self, width, height, env, driverPath, browserPath):
"""
Starts a Firefox instance.
:param width: the width of the browser window.
:param height: the height of the browser window.
:param env: the environment variables, including the display to start
the browser in.
:param driverPath: the path to override the default geckodriver.
:param browserPath: the path to override the default Firefox executable.
"""
options = FirefoxOptions()
options.set_capability('acceptInsecureCerts', self._acceptInsecureCerts)
# "webSocketUrl" is needed for BiDi; this should be set already by
# default, but just in case.
options.set_capability('webSocketUrl', True)
# In Firefox < 101 BiDi protocol was not enabled by default, although it
# works fine for getting the logs with Firefox 99, so it is explicitly
# enabled.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1753997
options.set_preference('remote.active-protocols', 3)
options.set_preference('media.navigator.permission.disabled', True)
# Allow to play media without user interaction.
options.set_preference('media.autoplay.default', 0)
options.add_argument('--kiosk')
options.add_argument(f'--width={width}')
options.add_argument(f'--height={height}')
if disk_usage('/tmp').free < 134217728:
self._logger.warning('Less than 128 MiB available in "/tmp", strange failures may occur')
service = FirefoxService(
env=env,
executable_path=driverPath,
)
if browserPath:
options.binary_location = browserPath
self.driver = FirefoxDriver(
options=options,
service=service,
)
self.bidiLogsHelper = BiDiLogsHelper(self.driver, self._parentLogger)
def clearLogs(self):
"""
Clears browser logs not printed yet.
This does not affect the logs in the browser itself, only the ones
received by the SeleniumHelper.
"""
if self.bidiLogsHelper:
self.bidiLogsHelper.clearLogs()
return
self.driver.get_log('browser')
def printLogs(self):
"""
Prints browser logs received since last print.
These logs do not include realtime logs, as they are printed as soon as
they are received.
"""
if self.bidiLogsHelper:
self.bidiLogsHelper.printLogs()
return
for log in self.driver.get_log('browser'):
self._logger.debug(log['message'])
def execute(self, script):
"""
Executes the given script.
If the script contains asynchronous code "executeAsync()" should be used
instead to properly wait until the asynchronous code finished before
returning.
Technically Chrome (unlike Firefox) works as expected with something
like "execute('await someFunctionCall(); await anotherFunctionCall()'",
but "executeAsync" has to be used instead for something like
"someFunctionReturningAPromise().then(() => { more code })").
If realtime logs are available logs are printed as soon as they are
received. Otherwise they will be printed once the script has finished.
The value returned by the script will be in turn returned by this
function; the type will be respected and adjusted as needed (so a
JavaScript string is returned as a Python string, but a JavaScript
object is returned as a Python dict). If nothing is returned by the
script None will be returned.
:return: the value returned by the script, or None
"""
# Real time logs are enabled while the command is being executed.
if self.bidiLogsHelper:
self.printLogs()
self.bidiLogsHelper.setRealtimeLogsEnabled(True)
result = self.driver.execute_script(script)
if self.bidiLogsHelper:
# Give it some time to receive the last real time logs before
# disabling them again.
sleep(0.5)
self.bidiLogsHelper.setRealtimeLogsEnabled(False)
self.printLogs()
return result
def executeAsync(self, script):
"""
Executes the given script asynchronously.
This function should be used to execute JavaScript code that needs to
wait for a promise to be fulfilled, either explicitly or through "await"
calls.
The script needs to explicitly signal that the execution has finished by
calling "returnResolve()" (with or without a parameter). If
"returnResolve()" is not called (no matter if with or without a
parameter) the function will automatically return once all the root
statements of the script were executed (which works as expected if using
"await" calls, but not if the script includes something like
"someFunctionReturningAPromise().then(() => { more code })"; in that
case the script should be written as
"someFunctionReturningAPromise().then(() => { more code; returnResolve() })").
Similarly, exceptions thrown by a root statement (including "await"
calls) will be propagated to the Python function. However, this does not
work if the script includes something like
"someFunctionReturningAPromise().catch(exception => { more code; throw exception })";
in that case the script should be written as
"someFunctionReturningAPromise().catch(exception => { more code; returnReject(exception) })".
If realtime logs are available logs are printed as soon as they are
received. Otherwise they will be printed once the script has finished.
The value returned by the script will be in turn returned by this
function; the type will be respected and adjusted as needed (so a
JavaScript string is returned as a Python string, but a JavaScript
object is returned as a Python dict). If nothing is returned by the
script None will be returned.
Note that the value returned by the script must be explicitly specified
by calling "returnResolve(XXX)"; it is not possible to use "return XXX".
:return: the value returned by the script, or None
"""
# Real time logs are enabled while the command is being executed.
if self.bidiLogsHelper:
self.printLogs()
self.bidiLogsHelper.setRealtimeLogsEnabled(True)
# Add an explicit return point at the end of the script if none is
# given.
if re.search('returnResolve\\(.*\\)', script) is None:
script += '; returnResolve()'
# await is not valid in the root context in Firefox, so the script to be
# executed needs to be wrapped in an async function.
# Asynchronous scripts need to explicitly signal that they are finished
# by invoking the callback injected as the last argument with a promise
# and resolving or rejecting the promise.
# https://w3c.github.io/webdriver/#dfn-execute-async-script
script = 'promise = new Promise(async(returnResolve, returnReject) => { try { ' + script + ' } catch (exception) { returnReject(exception) } }); arguments[arguments.length - 1](promise)'
result = self.driver.execute_async_script(script)
if self.bidiLogsHelper:
# Give it some time to receive the last real time logs before
# disabling them again.
sleep(0.5)
self.bidiLogsHelper.setRealtimeLogsEnabled(False)
self.printLogs()
return result
class Participant():
"""
Wrapper for a real participant in Talk.
This wrapper exposes functions to use a real participant in a browser.
"""
def __init__(self, browser, nextcloudUrl, width, height, env, driverPath, browserPath, parentLogger):
"""
Starts a real participant in the given Nextcloud URL using the given
browser.
:param browser: currently only "firefox" is supported.
:param nextcloudUrl: the URL of the Nextcloud instance to start the real
participant in.
:param width: the width of the browser window.
:param height: the height of the browser window.
:param env: the environment variables, including the display to start
the browser in.
:param driverPath: the path to override the default Selenium driver.
:param browserPath: the path to override the default browser executable.
:param parentLogger: the parent logger to get a child from.
"""
# URL should not contain a trailing '/', as that could lead to a double
# '/' which may prevent Talk UI from loading as expected.
self.nextcloudUrl = nextcloudUrl.rstrip('/')
acceptInsecureCerts = config.getBackendSkipVerify(self.nextcloudUrl)
self.seleniumHelper = SeleniumHelper(parentLogger, acceptInsecureCerts)
if browser == 'chrome':
self.seleniumHelper.startChrome(width, height, env, driverPath, browserPath)
elif browser == 'firefox':
self.seleniumHelper.startFirefox(width, height, env, driverPath, browserPath)
else:
raise Exception('Invalid browser: ' + browser)
def joinCall(self, token):
"""
Joins the call in the room with the given token.
The participant will join as an internal client of the signaling server.
:param token: the token of the room to join.
"""
self.seleniumHelper.driver.get(self.nextcloudUrl + '/index.php/call/' + token + '/recording')
secret = config.getBackendSecret(self.nextcloudUrl)
if secret is None:
raise Exception(f"No configured backend secret for {self.nextcloudUrl}")
random = token_urlsafe(64)
hmacValue = hmac.new(secret.encode(), random.encode(), hashlib.sha256)
# If there are several signaling servers configured in Nextcloud the
# signaling settings can change between different calls, so they need to
# be got just once. The scripts are executed in their own scope, so
# values have to be stored in the window object to be able to use them
# later in another script.
settings = self.seleniumHelper.executeAsync(f'''
window.signalingSettings = await OCA.Talk.signalingGetSettingsForRecording('{token}', '{random}', '{hmacValue.hexdigest()}')
returnResolve(window.signalingSettings)
''')
secret = config.getSignalingSecret(settings['server'])
if secret is None:
raise Exception(f"No configured signaling secret for {settings['server']}")
random = token_urlsafe(64)
hmacValue = hmac.new(secret.encode(), random.encode(), hashlib.sha256)
self.seleniumHelper.executeAsync(f'''
await OCA.Talk.signalingJoinCallForRecording(
'{token}',
window.signalingSettings,
{{
random: '{random}',
token: '{hmacValue.hexdigest()}',
backend: '{self.nextcloudUrl}',
}}
)
''')
def disconnect(self):
"""
Disconnects from the signaling server.
"""
self.seleniumHelper.execute('''
OCA.Talk.signalingKill()
''')

173
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/RecorderArgumentsBuilder.py Normal file
View File

@ -0,0 +1,173 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
"""
Module to get the arguments to start the recorder process.
"""
from nextcloud.talk.recording import RECORDING_STATUS_AUDIO_AND_VIDEO
from .Config import config
class RecorderArgumentsBuilder:
"""
Helper class to get the arguments to start the recorder process.
Some of the recorder arguments, like the arguments for the output video
codec, can be customized. By default they are got from the configuration,
either a specific value set in the configuration file or a default value,
but the configuration value can be extended or fully overriden, depending on
the case, by explicitly setting it in RecorderArgumentsBuilder.
"""
def __init__(self):
self._ffmpegCommon = None
self._ffmpegInputAudio = None
self._ffmpegInputVideo = None
self._ffmpegOutputAudio = None
self._ffmpegOutputVideo = None
self._extension = None
def getRecorderArguments(self, status, displayId, audioSourceIndex, width, height, extensionlessOutputFileName):
"""
Returns the list of arguments to start the recorder process.
:param status: whether to record audio and video or only audio.
:param displayId: the ID of the display that the browser is running in.
:param audioSourceIndex: the index of the source for the browser audio
output.
:param width: the width of the display and the recording.
:param height: the height of the display and the recording.
:param extensionlessOutputFileName: the file name for the recording, without
extension.
:returns: the file name for the recording, with extension.
"""
ffmpegCommon = self.getFfmpegCommon()
ffmpegInputAudio = self.getFfmpegInputAudio(audioSourceIndex)
ffmpegInputVideo = self.getFfmpegInputVideo(width, height, displayId)
ffmpegOutputAudio = self.getFfmpegOutputAudio()
ffmpegOutputVideo = self.getFfmpegOutputVideo()
extension = self.getExtension(status)
outputFileName = extensionlessOutputFileName + extension
ffmpegArguments = ffmpegCommon
ffmpegArguments += ffmpegInputAudio
if status == RECORDING_STATUS_AUDIO_AND_VIDEO:
ffmpegArguments += ffmpegInputVideo
ffmpegArguments += ffmpegOutputAudio
if status == RECORDING_STATUS_AUDIO_AND_VIDEO:
ffmpegArguments += ffmpegOutputVideo
return ffmpegArguments + [outputFileName]
def getFfmpegCommon(self):
"""
Returns the ffmpeg executable (name or full path) and the global options
given to ffmpeg.
"""
if self._ffmpegCommon is not None:
return self._ffmpegCommon
return config.getFfmpegCommon()
def getFfmpegInputAudio(self, audioSourceIndex):
"""
Returns the options given to ffmpeg for the audio input.
"""
ffmpegInputAudio = config.getFfmpegInputAudio()
if self._ffmpegInputAudio is not None:
ffmpegInputAudio = self._ffmpegInputAudio
return ffmpegInputAudio + \
['-f', 'pulse', '-i', audioSourceIndex]
def getFfmpegInputVideo(self, width, height, displayId):
"""
Returns the options given to ffmpeg for the video input.
"""
ffmpegInputVideo = config.getFfmpegInputVideo()
if self._ffmpegInputVideo is not None:
ffmpegInputVideo = self._ffmpegInputVideo
return ffmpegInputVideo + \
['-f', 'x11grab', '-draw_mouse', '0', '-video_size', f'{width}x{height}', '-i', displayId]
def getFfmpegOutputAudio(self):
"""
Returns the options given to ffmpeg to encode the audio output.
"""
if self._ffmpegOutputAudio is not None:
return self._ffmpegOutputAudio
return config.getFfmpegOutputAudio()
def getFfmpegOutputVideo(self):
"""
Returns the options given to ffmpeg to encode the video output.
"""
if self._ffmpegOutputVideo is not None:
return self._ffmpegOutputVideo
return config.getFfmpegOutputVideo()
def getExtension(self, status):
"""
Returns the extension of the output file.
If no extension was explicitly set the status defines whether the
extension will be the one configured for audio recordings or the one
configured for video recordings.
"""
if self._extension:
return self._extension
if status == RECORDING_STATUS_AUDIO_AND_VIDEO:
return config.getFfmpegExtensionVideo()
return config.getFfmpegExtensionAudio()
def setFfmpegCommon(self, ffmpegCommon):
"""
Sets the ffmpeg executable (name or full path) and the global options
given to ffmpeg.
"""
self._ffmpegCommon = ffmpegCommon
def setFfmpegInputAudio(self, ffmpegInputAudio):
"""
Sets the (additional) options given to ffmpeg for the audio input.
"""
self._ffmpegInputAudio = ffmpegInputAudio
def setFfmpegInputVideo(self, ffmpegInputVideo):
"""
Sets the (additional) options given to ffmpeg for the video input.
"""
self._ffmpegInputVideo = ffmpegInputVideo
def setFfmpegOutputAudio(self, ffmpegOutputAudio):
"""
Sets the options given to ffmpeg to encode the audio output.
"""
self._ffmpegOutputAudio = ffmpegOutputAudio
def setFfmpegOutputVideo(self, ffmpegOutputVideo):
"""
Sets the options given to ffmpeg to encode the video output.
"""
self._ffmpegOutputVideo = ffmpegOutputVideo
def setExtension(self, extension):
"""
Sets the extension of the output file.
"""
self._extension = extension

486
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/Server.py Normal file
View File

@ -0,0 +1,486 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
"""
Module to handle incoming requests.
"""
import atexit
import json
import hashlib
import hmac
import logging
import re
from ipaddress import ip_address
from threading import Lock, Thread
from flask import Flask, jsonify, request
from prometheus_client import Counter, Gauge, make_wsgi_app
from werkzeug.exceptions import BadRequest, Forbidden, NotFound
from werkzeug.middleware.dispatcher import DispatcherMiddleware
from nextcloud.talk import recording
from nextcloud.talk.recording import RECORDING_STATUS_AUDIO_AND_VIDEO
from .Config import config
from .Service import Service
# prometheus_client removes "_total" from the counter name, so "_current" needs
# to be added to the gauge to prevent a duplicated name.
metricsRecordingsCurrent = Gauge('recording_recordings_current', 'The current number of recordings', ['backend'])
metricsRecordingsFailedTotal = Counter('recording_recordings_failed_total', 'The total number of failed recordings', ['backend'])
metricsRecordingsUploadsFailedTotal = Counter('recording_recordings_uploads_failed_total', 'The total number of failed uploads', ['backend'])
metricsRecordingsTotal = Counter('recording_recordings_total', 'The total number of recordings', ['backend'])
metricsRecordingsDurationSeconds = Counter('recording_recordings_duration_seconds', 'The total duration of all recordings', ['backend'])
def isAddressInNetworks(address, networks):
"""
Returns whether the given IP address belongs to any of the given IP
networks.
:param address: the IPv4Address or IPv6Address.
:param networks: a list of IPv4Network and/or IPv6Network.
:return: True if the address is in any network of the list, False otherwise.
"""
for network in networks:
if address in network:
return True
return False
class TrustedProxiesFix:
"""
Middleware to adjust the remote address in the WSGI environment based on the
configured trusted proxies.
"""
# pylint: disable=redefined-outer-name
def __init__(self, app, config):
self._app = app
self._config = config
def __call__(self, environment, startResponse):
"""
Modifies REMOTE_ADDR in the WSGI environment based on the
"Forwarded-For" header before calling the wrapped application.
"""
try:
environment['REMOTE_ADDR'] = self.getRemoteAddress(environment)
except ValueError as valueError:
logging.getLogger(__name__).error("The remote address of the request could not be got: %s", valueError)
return self._app(environment, startResponse)
def getRemoteAddress(self, environment):
"""
Returns the "real" remote address based on the environment and the
configured trusted proxies.
If the original remote address comes from a trusted proxy, the "real"
remote address is the right-most entry in the "X-Forwarded-For" header
that does not belong to a trusted proxy (or the last one belonging to a
trusted proxy if the entry to its left is invalid or there are no more
entries).
Only IP addresses are taken into account in the "X-Forwarded-For" header
(optionally with a port, which will be ignored); hostnames or other ids
will be treated as an invalid entry.
It is expected that if several "X-Forwarded-For" headers were included
in the request the "X-Forwarded-For" entry in the environment includes
all of them separated by commas and in the same order.
ValueError is raised if REMOTE_ADDR is not included in the environment,
or if it is empty; none of that should happen, though.
:return: the "real" remote address.
:raises ValueError: if there is no REMOTE_ADDR in the given environment.
"""
if 'REMOTE_ADDR' not in environment:
raise ValueError('No REMOTE_ADDR in environment')
remoteAddress = environment['REMOTE_ADDR']
remoteAddress = self._getAddressWithoutPort(remoteAddress)
remoteAddress = ip_address(remoteAddress)
if 'HTTP_X_FORWARDED_FOR' not in environment:
return environment['REMOTE_ADDR']
trustedProxies = self._config.getTrustedProxies()
if not isAddressInNetworks(remoteAddress, trustedProxies):
return environment['REMOTE_ADDR']
forwardedFor = environment['HTTP_X_FORWARDED_FOR']
forwardedFor = [forwarded.strip() for forwarded in forwardedFor.split(',')]
forwardedFor.reverse()
candidateAddress = remoteAddress.compressed
for forwarded in forwardedFor:
forwarded = self._getAddressWithoutPort(forwarded)
try:
forwarded = ip_address(forwarded)
except ValueError:
return candidateAddress
if not isAddressInNetworks(forwarded, trustedProxies):
return forwarded.compressed
candidateAddress = forwarded.compressed
return candidateAddress
def _getAddressWithoutPort(self, address):
"""
Returns the address stripping the trailing port, if any.
"[]" are also stripped from IPv6 addresses, even if there was no port.
No validation is performed on the input address, the port is removed
assuming a valid input. Due to that the returned address is not
guaranteed to be a valid address.
:param address: the address as a string.
:return: the address without port.
"""
colons = address.count(':')
if colons > 1:
# IPv6, might or might not have brackets and/or port, but we are
# only interested in the content between brackets, if any.
addressInBracketsMatch = re.match('\\[(.*)\\]', address)
if addressInBracketsMatch and len(addressInBracketsMatch.groups()) == 1:
return addressInBracketsMatch.group(1)
elif colons == 1:
# IPv4 with trailing ":port"
return address[:address.find(':')]
return address
class ProtectedMetrics:
"""
Middleware to serve the metrics only if the remote address is allowed to
access them.
"""
# pylint: disable=redefined-outer-name
def __init__(self, config):
self.config = config
self.metrics = make_wsgi_app()
def __call__(self, environment, startResponse):
"""
Returns the metrics if the remote address is allowed to access them, or
an error 403 if not.
"""
remoteAddress = environment['REMOTE_ADDR']
remoteAddress = ip_address(remoteAddress)
if not isAddressInNetworks(remoteAddress, config.getStatsAllowedIps()):
startResponse('403 FORBIDDEN', [])
return []
return self.metrics(environment, startResponse)
app = Flask(__name__)
app.wsgi_app = TrustedProxiesFix(app.wsgi_app, config)
app.wsgi_app = DispatcherMiddleware(app.wsgi_app, {
'/metrics': TrustedProxiesFix(ProtectedMetrics(config), config)
})
services = {}
servicesStopping = {}
servicesLock = Lock()
@app.route("/api/v1/welcome", methods=["GET"])
def welcome():
"""
Handles welcome requests.
"""
return jsonify(version=recording.__version__)
@app.route("/api/v1/room/<token>", methods=["POST"])
def handleBackendRequest(token):
"""
Handles backend requests.
"""
backend, data = _validateRequest()
if 'type' not in data:
raise BadRequest()
if data['type'] == 'start':
return startRecording(backend, token, data)
if data['type'] == 'stop':
return stopRecording(backend, token, data)
raise BadRequest()
def _validateRequest():
"""
Validates the current request.
:return: the backend that sent the request and the object representation of
the body.
"""
if 'Talk-Recording-Backend' not in request.headers:
app.logger.warning("Missing Talk-Recording-Backend header")
raise Forbidden()
backend = request.headers['Talk-Recording-Backend']
secret = config.getBackendSecret(backend)
if not secret:
app.logger.warning("No secret configured for backend %s", backend)
raise Forbidden()
if 'Talk-Recording-Random' not in request.headers:
app.logger.warning("Missing Talk-Recording-Random header")
raise Forbidden()
random = request.headers['Talk-Recording-Random']
if 'Talk-Recording-Checksum' not in request.headers:
app.logger.warning("Missing Talk-Recording-Checksum header")
raise Forbidden()
checksum = request.headers['Talk-Recording-Checksum']
maximumMessageSize = config.getBackendMaximumMessageSize(backend)
if not request.content_length or request.content_length > maximumMessageSize:
app.logger.warning("Message size above limit: %d %d", request.content_length, maximumMessageSize)
raise BadRequest()
body = request.get_data()
expectedChecksum = _calculateChecksum(secret, random, body)
if not hmac.compare_digest(checksum, expectedChecksum):
app.logger.warning("Checksum verification failed: %s %s", checksum, expectedChecksum)
raise Forbidden()
return backend, json.loads(body)
def _calculateChecksum(secret, random, body):
secret = secret.encode()
message = random.encode() + body
hmacValue = hmac.new(secret, message, hashlib.sha256)
return hmacValue.hexdigest()
def startRecording(backend, token, data):
"""
Starts the recording in the given backend and room (identified by its
token).
The data must provide the id of the user that will own the recording once
uploaded. The data must also provide the type and id of the actor that
started the recording, which will be passed back to the backend when sending
the request to confirm that the recording was started.
By default the recording will be a video recording, but an audio recording
can be started instead if provided in the data.
Expected data format:
data = {
'type' = 'start',
'start' = {
'owner' = #STRING#,
'actor' = {
'type' = #STRING#,
'id' = #STRING#,
},
'status' = #INTEGER#, // Optional
}
}
:param backend: the backend that send the request.
:param token: the token of the room to start the recording in.
:param data: the data used to start the recording.
"""
serviceId = f'{backend}-{token}'
if 'start' not in data:
raise BadRequest()
if 'owner' not in data['start']:
raise BadRequest()
if 'actor' not in data['start']:
raise BadRequest()
if 'type' not in data['start']['actor']:
raise BadRequest()
if 'id' not in data['start']['actor']:
raise BadRequest()
status = RECORDING_STATUS_AUDIO_AND_VIDEO
if 'status' in data['start']:
status = data['start']['status']
owner = data['start']['owner']
actorType = data['start']['actor']['type']
actorId = data['start']['actor']['id']
service = None
with servicesLock:
if serviceId in services:
app.logger.warning("Trying to start recording again: %s %s", backend, token)
return {}
service = Service(backend, token, status, owner)
services[serviceId] = service
app.logger.info("Start recording: %s %s", backend, token)
serviceStartThread = Thread(target=_startRecordingService, args=[service, actorType, actorId], daemon=True)
serviceStartThread.start()
return {}
def _startRecordingService(service, actorType, actorId):
"""
Helper function to start a recording service.
The recording service will be removed from the list of services if it can
not be started.
:param service: the Service to start.
"""
serviceId = f'{service.backend}-{service.token}'
metricsRecordingsCurrent.labels(service.backend).inc()
metricsRecordingsTotal.labels(service.backend).inc()
try:
service.start(actorType, actorId)
except Exception as exception:
with servicesLock:
if serviceId not in services:
# Service was already stopped, exception should have been caused
# by stopping the helpers even before the recorder started.
app.logger.info("Recording stopped before starting: %s %s", service.backend, service.token, exc_info=exception)
return
app.logger.exception("Failed to start recording: %s %s", service.backend, service.token)
services.pop(serviceId)
metricsRecordingsCurrent.labels(service.backend).dec()
metricsRecordingsFailedTotal.labels(service.backend).inc()
def stopRecording(backend, token, data):
"""
Stops the recording in the given backend and room (identified by its token).
If the data provides the type and id of the actor that stopped the recording
this will be passed back to the backend when sending the request to confirm
that the recording was stopped.
Expected data format:
data = {
'type' = 'stop',
'stop' = {
'actor' = { // Optional
'type' = #STRING#,
'id' = #STRING#,
},
}
}
:param backend: the backend that send the request.
:param token: the token of the room to stop the recording in.
:param data: the data used to stop the recording.
"""
serviceId = f'{backend}-{token}'
if 'stop' not in data:
raise BadRequest()
actorType = None
actorId = None
if 'actor' in data['stop'] and 'type' in data['stop']['actor'] and 'id' in data['stop']['actor']:
actorType = data['stop']['actor']['type']
actorId = data['stop']['actor']['id']
service = None
with servicesLock:
if serviceId not in services and serviceId in servicesStopping:
app.logger.info("Trying to stop recording again: %s %s", backend, token)
return {}
if serviceId not in services:
app.logger.warning("Trying to stop unknown recording: %s %s", backend, token)
raise NotFound()
service = services[serviceId]
services.pop(serviceId)
servicesStopping[serviceId] = service
app.logger.info("Stop recording: %s %s", backend, token)
serviceStopThread = Thread(target=_stopRecordingService, args=[service, actorType, actorId], daemon=True)
serviceStopThread.start()
return {}
def _stopRecordingService(service, actorType, actorId):
"""
Helper function to stop a recording service.
The recording service will be removed from the list of services being
stopped once it is fully stopped.
:param service: the Service to stop.
"""
serviceId = f'{service.backend}-{service.token}'
try:
service.stop(actorType, actorId)
except Exception:
app.logger.exception("Failed to stop recording: %s %s", service.backend, service.token)
# Besides explicit failures to upload the recording, failures to stop
# the recording (or, rather, to notify the Nextcloud server that the
# recording was stopped) are implicitly failures to upload the
# recording, as the upload will not be even tried.
metricsRecordingsUploadsFailedTotal.labels(service.backend).inc()
finally:
with servicesLock:
if serviceId not in servicesStopping:
# This should never happen.
app.logger.error("Recording stopped when not in the list of stopping services: %s %s", service.backend, service.token)
else:
servicesStopping.pop(serviceId)
metricsRecordingsCurrent.labels(service.backend).dec()
metricsRecordingsDurationSeconds.labels(service.backend).inc(service.getRecordingDuration())
# Despite this handler it seems that in some cases the geckodriver could have
# been killed already when it is executed, which unfortunately prevents a proper
# cleanup of the temporary files opened by the browser.
def _stopServicesOnExit():
with servicesLock:
serviceIds = list(services.keys())
for serviceId in serviceIds:
service = services.pop(serviceId)
del service
# Services should be explicitly deleted before exiting, as if they are
# implicitly deleted while exiting the Selenium driver may not cleanly quit.
atexit.register(_stopServicesOnExit)

354
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/Service.py Normal file
View File

@ -0,0 +1,354 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
"""
Module to start and stop the recording for a specific call.
"""
import logging
import os
import subprocess
import time
from datetime import datetime
from secrets import token_urlsafe
from threading import Event, Thread
import pulsectl
from pyvirtualdisplay import Display
from . import BackendNotifier
from .Config import config
from .Participant import Participant
from .RecorderArgumentsBuilder import RecorderArgumentsBuilder
def newAudioSink(baseSinkName):
"""
Start new audio sink for the audio output of the browser.
Each browser instance uses its own sink that will then be captured by the
recorder (using the monitor of that sink as the source). Otherwise several
browsers would use the same default sink, and their audio output would be
mixed.
The sink is created by loading a null sink module. This module needs to be
unloaded once the sink is no longer needed to remove it (which also removes
the monitor of that sink).
:param baseSinkName: the base name for the sink; it is expected to have been
sanitized and to contain only alpha-numeric characters.
:return: a tuple with the module index, the sink index and the source index
(the monitor of the sink), all as ints.
"""
# A random value is appended to the base sink name to "ensure" that there
# will be no name clashes if a previous sink with that base name was not
# unloaded yet.
sinkName = f"{baseSinkName}-{token_urlsafe(32)}"
# Module names can be, at most, 127 characters, so the name is truncated if
# needed.
sinkName = sinkName[:127]
with pulsectl.Pulse(f"{sinkName}-loader") as pacmd:
pacmd.module_load("module-null-sink", f"sink_name={sinkName}")
moduleIndex = None
moduleList = pacmd.module_list()
for module in moduleList:
if module.argument == f"sink_name={sinkName}":
moduleIndex = module.index
if not moduleIndex:
raise Exception(f"New audio module for sink {sinkName} not found ({moduleList})")
sinkIndex = None
sinkList = pacmd.sink_list()
for sink in sinkList:
if sink.name == sinkName:
sinkIndex = sink.index
if not sinkIndex:
raise Exception(f"New audio sink {sinkName} not found ({sinkList})")
sourceIndex = None
sourceList = pacmd.source_list()
for source in sourceList:
if source.monitor_of_sink == sinkIndex:
sourceIndex = source.index
if not sourceIndex:
raise Exception(f"Audio source (monitor) of sink {sinkName} not found ({sourceList})")
return moduleIndex, sinkIndex, sourceIndex
def processLog(loggerName, textIoWrapper, level = logging.INFO):
"""
Logs the process output.
:param loggerName: the name of the logger.
:param textIoWrapper: TextIOWrapper with the process output.
:param level: log level, INFO by default.
"""
logger = logging.getLogger(loggerName)
with textIoWrapper:
for line in textIoWrapper:
# Lines captured from the recorder have a trailing new line, so it
# needs to be removed.
logger.log(level, line.rstrip('\n'))
class Service:
"""
Class to set up and tear down the needed elements to record a call.
To record a call a virtual display server and an audio sink are created.
Then a browser is launched in kiosk mode inside the virtual display server,
and its audio is routed to the audio sink. This ensures that several
Services / browsers can be running at the same time without interfering with
each other, and that the virtual display driver will only show the browser
contents, without any browser UI. Then the call is joined in the browser,
and an FFMPEG process to record the virtual display driver and the audio
sink is started.
Once the recording is stopped the helper elements are also stopped and the
recording is uploaded to the Nextcloud server.
"start()" blocks until the recording ends, so "start()" and "stop()" are
expected to be called from different threads.
"""
def __init__(self, backend, token, status, owner):
self._logger = logging.getLogger(f"{__name__}-{backend}-{token}")
self.backend = backend
self.token = token
self.status = status
self.owner = owner
self._started = Event()
self._stopped = Event()
self._display = None
self._audioModuleIndex = None
self._participant = None
self._process = None
self._fileName = None
self._recordingTimeStart = 0
self._recordingTimeStop = 0
def __del__(self):
self._stopHelpers()
def start(self, actorType, actorId):
"""
Starts the recording.
This method blocks until the recording ends.
:param actorType: the actor type of the Talk participant that started
the recording.
:param actorId: the actor id of the Talk participant that started the
recording.
:raise Exception: if the recording ends unexpectedly (including if it
could not be started).
"""
width = config.getBackendVideoWidth(self.backend)
height = config.getBackendVideoHeight(self.backend)
directory = config.getBackendDirectory(self.backend).rstrip('/')
sanitizedBackend = ''.join([character for character in self.backend if character.isalnum()])
fullDirectory = f'{directory}/{sanitizedBackend}/{self.token}'
try:
# Ensure that PulseAudio is running.
# A "long" timeout is used to prevent it from exiting before the
# call was joined.
subprocess.run(['pulseaudio', '--start', '--exit-idle-time=120'], check=True)
# Ensure that the directory to start the recordings exists.
os.makedirs(fullDirectory, exist_ok=True)
self._display = Display(size=(width, height), manage_global_env=False)
self._display.start()
if self._stopped.is_set():
raise Exception("Display started after recording was stopped")
# Start new audio sink for the audio output of the browser.
self._audioModuleIndex, audioSinkIndex, audioSourceIndex = newAudioSink(f"{sanitizedBackend}-{self.token}")
audioSinkIndex = str(audioSinkIndex)
audioSourceIndex = str(audioSourceIndex)
if self._stopped.is_set():
raise Exception("Audio sink started after recording was stopped")
env = self._display.env()
env['PULSE_SINK'] = audioSinkIndex
browser = config.getBrowserForRecording()
driverPath = config.getDriverPathForRecording()
browserPath = config.getBrowserPathForRecording()
self._logger.debug("Starting participant")
self._participant = Participant(browser, self.backend, width, height, env, driverPath, browserPath, self._logger)
self._logger.debug("Joining call")
self._participant.joinCall(self.token)
if self._stopped.is_set():
# Not strictly needed, as if the participant is started or the
# call is joined after the recording was stopped there will be
# no display and it will automatically fail, but just in case.
raise Exception("Call joined after recording was stopped")
self._started.set()
BackendNotifier.started(self.backend, self.token, self.status, actorType, actorId)
extensionlessFileName = f'{fullDirectory}/Recording {datetime.now().strftime("%Y-%m-%d %H-%M-%S")}'
recorderArgumentsBuilder = RecorderArgumentsBuilder()
recorderArguments = recorderArgumentsBuilder.getRecorderArguments(self.status, self._display.new_display_var, audioSourceIndex, width, height, extensionlessFileName)
self._fileName = recorderArguments[-1]
self._logger.debug("Starting recorder")
# pylint: disable=consider-using-with
self._process = subprocess.Popen(recorderArguments, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)
# Log recorder output.
Thread(target=processLog, args=[f"{__name__}.recorder-{self.backend}-{self.token}", self._process.stdout], daemon=True).start()
if self._stopped.is_set():
# Not strictly needed, as if the recorder is started after the
# recording was stopped there will be no display and it will
# automatically fail, but just in case.
raise Exception("Call joined after recording was stopped")
self._recordingTimeStart = time.monotonic()
returnCode = self._process.wait()
# recorder process will be explicitly terminated when needed, which
# returns with 255; any other return code means that it ended
# without an expected reason.
if returnCode != 255:
raise Exception("recorder ended unexpectedly")
except Exception:
self._stopHelpers()
if self._stopped.is_set() and not self._started.is_set():
# If the service fails before being started but it was already
# stopped the error does not need to be notified; the error was
# probably caused by stopping the helpers, and even if it was
# something else it does not need to be notified either given
# that the recording was not started yet.
raise
try:
BackendNotifier.failed(self.backend, self.token)
except:
pass
raise
def stop(self, actorType, actorId):
"""
Stops the recording and uploads it.
The recording is removed from the temporary directory once uploaded,
although it is kept if the upload fails.
:param actorType: the actor type of the Talk participant that stopped
the recording.
:param actorId: the actor id of the Talk participant that stopped the
recording.
:raise Exception: if the file could not be uploaded.
"""
self._stopped.set()
self._stopHelpers()
BackendNotifier.stopped(self.backend, self.token, actorType, actorId)
if not self._fileName:
self._logger.error("Recording stopping before starting, nothing to upload")
return
if not os.path.exists(self._fileName):
self._logger.error("Recording can not be uploaded, %s does not exist", self._fileName)
return
BackendNotifier.uploadRecording(self.backend, self.token, self._fileName, self.owner)
os.remove(self._fileName)
def _stopHelpers(self):
self._recordingTimeStop = time.monotonic()
if self._process:
self._logger.debug("Stopping recorder")
try:
self._process.terminate()
self._process.wait()
except:
self._logger.exception("Error when terminating recorder")
finally:
self._process = None
if self._participant:
self._logger.debug("Disconnecting from signaling server")
try:
self._participant.disconnect()
except:
self._logger.exception("Error when disconnecting from signaling server")
finally:
self._participant = None
if self._audioModuleIndex:
self._logger.debug("Unloading audio module")
try:
with pulsectl.Pulse(f"audio-module-{self._audioModuleIndex}-unloader") as pacmd:
pacmd.module_unload(self._audioModuleIndex)
except:
self._logger.exception("Error when unloading audio module")
finally:
self._audioModuleIndex = None
if self._display:
self._logger.debug("Stopping display")
try:
self._display.stop()
except:
self._logger.exception("Error when stopping display")
finally:
self._display = None
def getRecordingDuration(self):
"""
Returns the duration of the recording in seconds.
The duration is calculated from the start and stop of the service itself
and not directly from the file of the recording, so there might be a
small difference with the actual duration of the file.
:return: The duration of the recording in seconds.
"""
if self._recordingTimeStart == 0:
return 0
if self._recordingTimeStop == 0:
return round(time.monotonic() - self._recordingTimeStart)
return round(self._recordingTimeStop - self._recordingTimeStart)

19
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/__init__.py Normal file
View File

@ -0,0 +1,19 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Disable message for the module but enable it again for the rest of the file.
# pylint: disable=invalid-name
# pylint: enable=invalid-name
"""
Module to initialize the package.
"""
__version__ = '0.2.1'
RECORDING_STATUS_AUDIO_AND_VIDEO = 1
RECORDING_STATUS_AUDIO_ONLY = 2
USER_AGENT = f'Nextcloud-Talk-Recording/{__version__}'

46
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/__main__.py Normal file
View File

@ -0,0 +1,46 @@
#
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Disable message for the module but enable it again for the rest of the file.
# pylint: disable=invalid-name
# pylint: enable=invalid-name
"""
Module to provide the command line interface for the recorder.
"""
import argparse
import logging
from nextcloud.talk import recording
from .Config import config
from .Server import app
def main():
"""
Runs the recorder with the arguments given in the command line.
"""
parser = argparse.ArgumentParser()
parser.add_argument("-c", "--config", help="path to configuration file", default="server.conf")
parser.add_argument("-v", "--version", help="show version and quit", action="store_true")
args = parser.parse_args()
if args.version:
print(recording.__version__)
return
config.load(args.config)
logging.basicConfig(level=config.getLogLevel())
logging.getLogger('werkzeug').setLevel(config.getLogLevel())
listen = config.getListen()
host, port = listen.split(':')
app.run(host, port, threaded=True)
if __name__ == '__main__':
main()

BIN
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/__pycache__/BackendNotifier.cpython-312.pyc Normal file
View File

Binary file not shown.

BIN
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/__pycache__/Config.cpython-312.pyc Normal file
View File

Binary file not shown.

BIN
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/__pycache__/Participant.cpython-312.pyc Normal file
View File

Binary file not shown.

BIN
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/__pycache__/RecorderArgumentsBuilder.cpython-312.pyc Normal file
View File

Binary file not shown.

BIN
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/__pycache__/Server.cpython-312.pyc Normal file
View File

Binary file not shown.

BIN
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/__pycache__/Service.cpython-312.pyc Normal file
View File

Binary file not shown.

BIN
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/__pycache__/__init__.cpython-312.pyc Normal file
View File

Binary file not shown.

BIN
opt/f7cloud-talk-recording-src/src/nextcloud/talk/recording/__pycache__/__main__.cpython-312.pyc Normal file
View File

Binary file not shown.

23
opt/f7cloud-talk-recording-src/src/nextcloud_talk_recording.egg-info/PKG-INFO Normal file
View File

@ -0,0 +1,23 @@
Metadata-Version: 2.4
Name: nextcloud-talk-recording
Version: 0.2.1
Summary: Recording server for Nextcloud Talk
Author: Nextcloud Talk Team
License: GNU AGPLv3+
Project-URL: repository, https://github.com/nextcloud/nextcloud-talk-recording
Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)
License-File: LICENSE.txt
License-File: AUTHORS.md
Requires-Dist: flask
Requires-Dist: prometheus-client
Requires-Dist: psutil
Requires-Dist: pulsectl
Requires-Dist: pyvirtualdisplay>=2.0
Requires-Dist: requests
Requires-Dist: requests-toolbelt
Requires-Dist: selenium>=4.11.0
Requires-Dist: websocket-client
Provides-Extra: dev
Requires-Dist: pylint>=2.9; extra == "dev"
Requires-Dist: pytest>=6.0.1; extra == "dev"
Dynamic: license-file

19
opt/f7cloud-talk-recording-src/src/nextcloud_talk_recording.egg-info/SOURCES.txt Normal file
View File

@ -0,0 +1,19 @@
AUTHORS.md
LICENSE.txt
README.md
pyproject.toml
src/nextcloud/talk/recording/BackendNotifier.py
src/nextcloud/talk/recording/Benchmark.py
src/nextcloud/talk/recording/Config.py
src/nextcloud/talk/recording/Participant.py
src/nextcloud/talk/recording/RecorderArgumentsBuilder.py
src/nextcloud/talk/recording/Server.py
src/nextcloud/talk/recording/Service.py
src/nextcloud/talk/recording/__init__.py
src/nextcloud/talk/recording/__main__.py
src/nextcloud_talk_recording.egg-info/PKG-INFO
src/nextcloud_talk_recording.egg-info/SOURCES.txt
src/nextcloud_talk_recording.egg-info/dependency_links.txt
src/nextcloud_talk_recording.egg-info/entry_points.txt
src/nextcloud_talk_recording.egg-info/requires.txt
src/nextcloud_talk_recording.egg-info/top_level.txt

1
opt/f7cloud-talk-recording-src/src/nextcloud_talk_recording.egg-info/dependency_links.txt Normal file
View File

@ -0,0 +1 @@

3
opt/f7cloud-talk-recording-src/src/nextcloud_talk_recording.egg-info/entry_points.txt Normal file
View File

@ -0,0 +1,3 @@
[console_scripts]
nextcloud-talk-recording = nextcloud.talk.recording.__main__:main
nextcloud-talk-recording-benchmark = nextcloud.talk.recording.Benchmark:main

13
opt/f7cloud-talk-recording-src/src/nextcloud_talk_recording.egg-info/requires.txt Normal file
View File

@ -0,0 +1,13 @@
flask
prometheus-client
psutil
pulsectl
pyvirtualdisplay>=2.0
requests
requests-toolbelt
selenium>=4.11.0
websocket-client
[dev]
pylint>=2.9
pytest>=6.0.1

1
opt/f7cloud-talk-recording-src/src/nextcloud_talk_recording.egg-info/top_level.txt Normal file
View File

@ -0,0 +1 @@
nextcloud

196
opt/f7cloud-talk-recording-src/start-container.sh Executable file
View File

@ -0,0 +1,196 @@
#!/usr/bin/env bash
# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
# Helper script to run the recording backend for Nextcloud Talk.
#
# The recording backend is implemented in several Python files. This Bash script
# is provided to set up a Docker container with Selenium, a web browser and all
# the needed Python dependencies for the recording backend.
#
# This script creates an Ubuntu container, installs all the needed dependencies
# in it and executes the recording backend inside the container. If the
# container exists already the previous container will be reused and this script
# will simply execute the recording backend in it.
#
# Due to that the Docker container will not be stopped nor removed when the
# script exits (except when the container was created but it could not be
# started); that must be explicitly done once the container is no longer needed.
#
#
#
# DOCKER AND PERMISSIONS
#
# To perform its job, this script requires the "docker" command to be available.
#
# The Docker Command Line Interface (the "docker" command) requires special
# permissions to talk to the Docker daemon, and those permissions are typically
# available only to the root user. Please see the Docker documentation to find
# out how to give access to a regular user to the Docker daemon:
# https://docs.docker.com/engine/installation/linux/linux-postinstall/
#
# Note, however, that being able to communicate with the Docker daemon is the
# same as being able to get root privileges for the system. Therefore, you must
# give access to the Docker daemon (and thus run this script as) ONLY to trusted
# and secure users:
# https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
# Sets the variables that abstract the differences in command names and options
# between operating systems.
#
# Switches between timeout on GNU/Linux and gtimeout on macOS (same for mktemp
# and gmktemp).
function setOperatingSystemAbstractionVariables() {
case "$OSTYPE" in
darwin*)
if [ "$(which gtimeout)" == "" ]; then
echo "Please install coreutils (brew install coreutils)"
exit 1
fi
MKTEMP=gmktemp
TIMEOUT=gtimeout
DOCKER_OPTIONS="-e no_proxy=localhost "
;;
linux*)
MKTEMP=mktemp
TIMEOUT=timeout
DOCKER_OPTIONS=" "
;;
*)
echo "Operating system ($OSTYPE) not supported"
exit 1
;;
esac
}
# Removes Docker container if it was created but failed to start.
function cleanUp() {
# Disable (yes, "+" disables) exiting immediately on errors to ensure that
# all the cleanup commands are executed (well, no errors should occur during
# the cleanup anyway, but just in case).
set +o errexit
# The name filter must be specified as "^/XXX$" to get an exact match; using
# just "XXX" would match every name that contained "XXX".
if [ -n "$(docker ps --all --quiet --filter status=created --filter name="^/$CONTAINER$")" ]; then
echo "Removing Docker container $CONTAINER"
docker rm --volumes --force $CONTAINER
fi
}
# Exit immediately on errors.
set -o errexit
# Execute cleanUp when the script exits, either normally or due to an error.
trap cleanUp EXIT
# Ensure working directory is script directory, as some actions (like copying
# the files to the container) expect that.
cd "$(dirname $0)"
HELP="Usage: $(basename $0) [OPTION]...
Options (all options can be omitted, but when present they must appear in the
following order):
--help prints this help and exits.
--container CONTAINER_NAME the name to assign to the container. Defaults to
talk-recording.
--time-zone TIME_ZONE the time zone to use inside the container. Defaults to
UTC. The recording backend can be started again later with a different time
zone (although other commands executed in the container with 'docker exec'
will still use the time zone specified during creation).
--dev-shm-size SIZE the size to assign to /dev/shm in the Docker container.
Defaults to 2g"
if [ "$1" = "--help" ]; then
echo "$HELP"
exit 0
fi
CONTAINER="talk-recording"
if [ "$1" = "--container" ]; then
CONTAINER="$2"
shift 2
fi
if [ "$1" = "--time-zone" ]; then
TIME_ZONE="$2"
shift 2
fi
CUSTOM_CONTAINER_OPTIONS=false
# 2g is the default value recommended in the documentation of the Docker images
# for Selenium:
# https://github.com/SeleniumHQ/docker-selenium#--shm-size2g
DEV_SHM_SIZE="2g"
if [ "$1" = "--dev-shm-size" ]; then
DEV_SHM_SIZE="$2"
CUSTOM_CONTAINER_OPTIONS=true
shift 2
fi
if [ -n "$1" ]; then
echo "Invalid option (or at invalid position): $1
$HELP"
exit 1
fi
ENVIRONMENT_VARIABLES=""
if [ -n "$TIME_ZONE" ]; then
ENVIRONMENT_VARIABLES="--env TZ=$TIME_ZONE"
fi
setOperatingSystemAbstractionVariables
# If the container is not found a new one is prepared. Otherwise the existing
# container is used.
#
# The name filter must be specified as "^/XXX$" to get an exact match; using
# just "XXX" would match every name that contained "XXX".
if [ -z "$(docker ps --all --quiet --filter name="^/$CONTAINER$")" ]; then
echo "Creating Talk recording container"
# In Ubuntu 22.04 and later Firefox is installed as a snap package, which
# does not work out of the box in a container. Therefore, for now Ubuntu
# 20.04 is used instead.
docker run --detach --tty --name=$CONTAINER --shm-size=$DEV_SHM_SIZE $ENVIRONMENT_VARIABLES $DOCKER_OPTIONS ubuntu:20.04 bash
echo "Installing required Python modules"
# "noninteractive" is used to provide default settings instead of asking for
# them (for example, for tzdata).
# Additional Python dependencies may be installed by pip if needed.
docker exec $CONTAINER bash -c "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes ffmpeg firefox pulseaudio python3-pip xvfb"
echo "Adding user to run the recording backend"
docker exec $CONTAINER useradd --create-home recording
echo "Copying recording backend to the container"
docker exec $CONTAINER mkdir --parent /tmp/recording/
docker cp . $CONTAINER:/tmp/recording/
echo "Installing recording backend inside container"
docker exec $CONTAINER python3 -m pip install file:///tmp/recording/
echo "Copying configuration from server.conf.in to /etc/nextcloud-talk-recording/server.conf"
docker exec $CONTAINER mkdir --parent /etc/nextcloud-talk-recording/
docker cp server.conf.in $CONTAINER:/etc/nextcloud-talk-recording/server.conf
elif $CUSTOM_CONTAINER_OPTIONS; then
# Environment variables are excluded from this warning.
echo "WARNING: Using existing container, custom container options ignored"
fi
# Start existing container if it is stopped.
if [ -n "$(docker ps --all --quiet --filter status=exited --filter name="^/$CONTAINER$")" ]; then
echo "Starting Talk recording container"
docker start $CONTAINER
fi
echo "Starting recording backend"
docker exec --tty --interactive --user recording $ENVIRONMENT_VARIABLES --workdir /home/recording $CONTAINER python3 -m nextcloud.talk.recording --config /etc/nextcloud-talk-recording/server.conf

390
opt/f7cloud-talk-recording-src/tests/ConfigTest.py Normal file
View File

@ -0,0 +1,390 @@
#
# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# pylint: disable=missing-docstring
from ipaddress import ip_network
import pytest
from nextcloud.talk.recording.Config import Config
class ConfigTest:
@pytest.fixture
def configLoadedFromString(self, monkeypatch):
# pylint: disable=protected-access
config = Config()
# pylint: disable=unused-argument
def mockRead(fileName):
# pylint: disable=no-member
config._configParser.read_string(config.configString)
monkeypatch.setattr(config._configParser, 'read', mockRead)
return config
def testGetTrustedProxies(self, configLoadedFromString):
configLoadedFromString.configString = """
[app]
trustedproxies = 127.0.0.1, 2001:db8::0, not-an-ip, 192.168.0.0/16, 2001:db8::1234:0/112
"""
configLoadedFromString.load('fake-file-name')
assert configLoadedFromString.getTrustedProxies() == [
ip_network('127.0.0.1'),
ip_network('2001:db8::0'),
ip_network('192.168.0.0/16'),
ip_network('2001:db8::1234:0/112')
]
def testGetTrustedProxiesWhenCommented(self, configLoadedFromString):
configLoadedFromString.configString = """
[app]
#trustedproxies =
"""
configLoadedFromString.load('fake-file-name')
assert configLoadedFromString.getTrustedProxies() == []
def testGetTrustedProxiesWhenEmpty(self, configLoadedFromString):
configLoadedFromString.configString = """
[app]
trustedproxies =
"""
configLoadedFromString.load('fake-file-name')
assert configLoadedFromString.getTrustedProxies() == []
def testGetBackendValuesWhenNotSet(self, configLoadedFromString):
configLoadedFromString.configString = """
[backend]
"""
configLoadedFromString.load('fake-file-name')
backendUrl = 'https://cloud.unknown.com'
assert configLoadedFromString.getBackendSecret(backendUrl) is None
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is False
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 1024
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 1920
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 1080
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/tmp'
def testGetBackendValuesWhenSet(self, configLoadedFromString):
configLoadedFromString.configString = """
[backend]
backends = backend1
skipverify = true
maxmessagesize = 512
videowidth = 960
videoheight = 540
directory = /srv/recording
[backend1]
url = https://cloud.server.com
secret = the-shared-secret
"""
configLoadedFromString.load('fake-file-name')
backendUrl = 'https://cloud.unknown.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) is None
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is True
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 512
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 960
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 540
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/srv/recording'
backendUrl = 'https://cloud.server.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) == 'the-shared-secret'
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is True
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 512
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 960
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 540
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/srv/recording'
def testGetBackendValuesWhenSetByBackend(self, configLoadedFromString):
configLoadedFromString.configString = """
[backend]
backends = backend1
skipverify = false
maxmessagesize = 256
videowidth = 480
videoheight = 270
directory = /tmp/files
[backend1]
url = https://cloud.server.com
secret = the-shared-secret
skipverify = true
maxmessagesize = 512
videowidth = 960
videoheight = 540
directory = /srv/recording
"""
configLoadedFromString.load('fake-file-name')
backendUrl = 'https://cloud.unknown.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) is None
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is False
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 256
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 480
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 270
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/tmp/files'
backendUrl = 'https://cloud.server.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) == 'the-shared-secret'
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is True
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 512
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 960
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 540
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/srv/recording'
def testGetBackendValuesWhenAllowingAll(self, configLoadedFromString):
configLoadedFromString.configString = """
[backend]
allowall = true
secret = the-shared-secret-common
backends = backend1
[backend1]
url = https://cloud.server.com
secret = the-shared-secret
skipverify = true
maxmessagesize = 512
videowidth = 960
videoheight = 540
directory = /srv/recording
"""
configLoadedFromString.load('fake-file-name')
backendUrl = 'https://cloud.unknown.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) == 'the-shared-secret-common'
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is False
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 1024
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 1920
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 1080
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/tmp'
backendUrl = 'https://cloud.server.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) == 'the-shared-secret-common'
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is True
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 512
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 960
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 540
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/srv/recording'
def testGetBackendValuesWhenExplicitlyDisallowingAll(self, configLoadedFromString):
configLoadedFromString.configString = """
[backend]
allowall = false
secret = the-shared-secret-common
backends = backend1
[backend1]
url = https://cloud.server.com
secret = the-shared-secret
skipverify = true
maxmessagesize = 512
videowidth = 960
videoheight = 540
directory = /srv/recording
"""
configLoadedFromString.load('fake-file-name')
backendUrl = 'https://cloud.unknown.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) is None
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is False
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 1024
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 1920
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 1080
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/tmp'
backendUrl = 'https://cloud.server.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) == 'the-shared-secret'
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is True
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 512
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 960
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 540
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/srv/recording'
def testGetBackendValuesWhenExplicitlyDisallowingAllWithoutCommonSecret(self, configLoadedFromString):
configLoadedFromString.configString = """
[backend]
allowall = false
backends = backend1
[backend1]
url = https://cloud.server.com
secret = the-shared-secret
skipverify = true
maxmessagesize = 512
videowidth = 960
videoheight = 540
directory = /srv/recording
"""
configLoadedFromString.load('fake-file-name')
backendUrl = 'https://cloud.unknown.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) is None
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is False
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 1024
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 1920
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 1080
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/tmp'
backendUrl = 'https://cloud.server.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) == 'the-shared-secret'
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is True
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 512
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 960
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 540
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/srv/recording'
def testGetBackendValuesWhenSeveralBackends(self, configLoadedFromString):
configLoadedFromString.configString = """
[backend]
backends = first-backend, second-backend
maxmessagesize = 2048
[first-backend]
url = https://cloud.server1.com
secret = the-shared-secret1
maxmessagesize = 512
videowidth = 960
videoheight = 540
[second-backend]
url = https://cloud.server2.com
secret = the-shared-secret2
directory = /srv/recording
"""
configLoadedFromString.load('fake-file-name')
backendUrl = 'https://cloud.unknown.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) is None
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is False
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 2048
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 1920
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 1080
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/tmp'
backendUrl = 'https://cloud.server1.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) == 'the-shared-secret1'
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is False
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 512
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 960
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 540
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/tmp'
backendUrl = 'https://cloud.server2.com/'
assert configLoadedFromString.getBackendSecret(backendUrl) == 'the-shared-secret2'
assert configLoadedFromString.getBackendSkipVerify(backendUrl) is False
assert configLoadedFromString.getBackendMaximumMessageSize(backendUrl) == 2048
assert configLoadedFromString.getBackendVideoWidth(backendUrl) == 1920
assert configLoadedFromString.getBackendVideoHeight(backendUrl) == 1080
assert configLoadedFromString.getBackendDirectory(backendUrl) == '/srv/recording'
def testGetSignalingSecretWhenNotSet(self, configLoadedFromString):
configLoadedFromString.configString = """
[signaling]
"""
configLoadedFromString.load('fake-file-name')
signalingUrl = 'https://signaling.unknown.com'
assert configLoadedFromString.getSignalingSecret(signalingUrl) is None
def testGetSignalingSecretWhenSet(self, configLoadedFromString):
configLoadedFromString.configString = """
[signaling]
internalsecret = the-internal-secret-common
signalings = signaling1
[signaling1]
url = https://signaling.server.com
"""
configLoadedFromString.load('fake-file-name')
signalingUrl = 'https://signaling.unknown.com'
assert configLoadedFromString.getSignalingSecret(signalingUrl) == 'the-internal-secret-common'
signalingUrl = 'https://signaling.server.com'
assert configLoadedFromString.getSignalingSecret(signalingUrl) == 'the-internal-secret-common'
def testGetSignalingSecretWhenSetBySignaling(self, configLoadedFromString):
configLoadedFromString.configString = """
[signaling]
signalings = signaling1
[signaling1]
url = https://signaling.server.com
internalsecret = the-internal-secret
"""
configLoadedFromString.load('fake-file-name')
signalingUrl = 'https://signaling.unknown.com'
assert configLoadedFromString.getSignalingSecret(signalingUrl) is None
signalingUrl = 'https://signaling.server.com'
assert configLoadedFromString.getSignalingSecret(signalingUrl) == 'the-internal-secret'
def testGetSignalingSecretWhenSeveralSignalings(self, configLoadedFromString):
configLoadedFromString.configString = """
[signaling]
internalsecret = the-internal-secret-common
signalings = signaling1, signaling2
[signaling1]
url = https://signaling.server1.com
internalsecret = the-internal-secret1
[signaling2]
url = https://signaling.server2.com
internalsecret = the-internal-secret2
"""
configLoadedFromString.load('fake-file-name')
signalingUrl = 'https://signaling.unknown.com'
assert configLoadedFromString.getSignalingSecret(signalingUrl) == 'the-internal-secret-common'
signalingUrl = 'https://signaling.server1.com'
assert configLoadedFromString.getSignalingSecret(signalingUrl) == 'the-internal-secret1'
signalingUrl = 'https://signaling.server2.com'
assert configLoadedFromString.getSignalingSecret(signalingUrl) == 'the-internal-secret2'
def testGetStatsAllowedIps(self, configLoadedFromString):
configLoadedFromString.configString = """
[stats]
allowed_ips = 127.0.0.1, 2001:db8::0, not-an-ip, 192.168.0.0/16, 2001:db8::1234:0/112
"""
configLoadedFromString.load('fake-file-name')
assert configLoadedFromString.getStatsAllowedIps() == [
ip_network('127.0.0.1'),
ip_network('2001:db8::0'),
ip_network('192.168.0.0/16'),
ip_network('2001:db8::1234:0/112')
]
def testGetStatsAllowedIpsWhenCommented(self, configLoadedFromString):
configLoadedFromString.configString = """
[stats]
#allowed_ips =
"""
configLoadedFromString.load('fake-file-name')
assert configLoadedFromString.getStatsAllowedIps() == [
ip_network('127.0.0.1')
]
def testGetStatsAllowedIpsWhenEmpty(self, configLoadedFromString):
configLoadedFromString.configString = """
[stats]
allowed_ips =
"""
configLoadedFromString.load('fake-file-name')
assert configLoadedFromString.getStatsAllowedIps() == []

414
opt/f7cloud-talk-recording-src/tests/ServerTest.py Normal file
View File

@ -0,0 +1,414 @@
#
# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# pylint: disable=missing-docstring
import sys
from ipaddress import ip_address, ip_network
import pytest
# pulsectl tries to load the PulseAudio library on initialization, so a fake
# module is set instead to prevent a failure when (indirectly) importing it if
# the library is not installed in the system.
sys.modules['pulsectl'] = {}
# pylint: disable=wrong-import-position
from nextcloud.talk.recording.Server import isAddressInNetworks, TrustedProxiesFix
@pytest.mark.parametrize('address, networks, expectedResult', [
('192.168.57.42', [], False),
('192.168.57.42', ['192.168.58.0/24'], False),
('192.168.57.42', ['192.168.57.0/24'], True),
('2001:db8::abc', [], False),
('2001:db8::abc', ['2001:db8::b00/120'], False),
('2001:db8::abc', ['2001:db8::a00/120'], True),
('192.168.57.42', ['192.168.58.0/24', '2001:db8::a00/120', '192.168.57.42', '2001:db8::b00/120'], True),
('192.168.59.42', ['192.168.58.0/24', '2001:db8::a00/120', '192.168.57.42', '2001:db8::b00/120'], False),
('2001:db8::abc', ['192.168.58.0/24', '2001:db8::a00/120', '192.168.57.42', '2001:db8::b00/120'], True),
('2001:db8::cbc', ['192.168.58.0/24', '2001:db8::a00/120', '192.168.57.42', '2001:db8::b00/120'], False),
])
def testIsAddressInNetworks(address, networks, expectedResult):
address = ip_address(address)
networks = [ip_network(network) for network in networks]
assert isAddressInNetworks(address, networks) == expectedResult
class TrustedProxiesFixTest:
@pytest.fixture
def fakeConfig(self):
class FakeConfig:
def __init__(self):
self.trustedProxies = []
def getTrustedProxies(self):
return self.trustedProxies
return FakeConfig()
@pytest.mark.parametrize('remoteAddress, xForwardedFor, trustedProxies, expectedRemoteAddress', [
# No trusted proxy
(
'4.8.15.16',
'',
'',
'4.8.15.16'
),
(
'4.8.15.16',
'23.42.108.0',
'',
'4.8.15.16'
),
(
'4.8.15.16',
'23.42.108.0, 10.11.12.13',
'',
'4.8.15.16'
),
(
'4.8.15.16:12345',
'',
'',
'4.8.15.16:12345'
),
(
'2001:db8:4815::16',
'',
'',
'2001:db8:4815::16'
),
(
'2001:db8:4815::16',
'2001:db8:2342::108',
'',
'2001:db8:4815::16'
),
(
'2001:db8:4815::16',
'2001:db8:2342::108, 2001:db8:1011::1213',
'',
'2001:db8:4815::16'
),
(
'[2001:db8:4815::16]:12345',
'',
'',
'[2001:db8:4815::16]:12345'
),
(
'4.8.15.16',
'2001:db8:2342::108',
'',
'4.8.15.16'
),
(
'2001:db8:4815::16',
'23.42.108.0',
'',
'2001:db8:4815::16'
),
# Trusted proxy not matching remote address
(
'4.8.15.16',
'',
'10.11.12.13',
'4.8.15.16'
),
(
'4.8.15.16',
'10.11.12.13',
'10.11.12.13',
'4.8.15.16'
),
(
'4.8.15.16',
'23.42.108.0',
'10.11.12.13',
'4.8.15.16'
),
(
'4.8.15.16',
'23.42.108.0, 10.11.12.13',
'10.11.12.13',
'4.8.15.16'
),
(
'4.8.15.16',
'23.42.108.0, 10.11.12.13',
'4.8.16.0/24, 10.11.12.13',
'4.8.15.16'
),
(
'4.8.15.16:12345',
'',
'10.11.12.13',
'4.8.15.16:12345'
),
(
'2001:db8:4815::16',
'2001:db8:1011::1213',
'2001:db8:1011::1213',
'2001:db8:4815::16'
),
(
'2001:db8:4815::16',
'2001:db8:2342::108, 2001:db8:1011::1213',
'2001:db8:4816::0/48, 2001:db8:1011::1213',
'2001:db8:4815::16'
),
(
'[2001:db8:4815::16]:12345',
'2001:db8:1011::1213',
'2001:db8:1011::1213',
'[2001:db8:4815::16]:12345'
),
(
'4.8.15.16',
'23.42.108.0, 2001:db8:1011::1213',
'2001:db8:1011::1213',
'4.8.15.16'
),
(
'2001:db8:4815::16',
'2001:db8:2342::108, 10.11.12.13',
'10.11.12.13',
'2001:db8:4815::16'
),
# Trusted proxy matching remote address
(
'4.8.15.16',
'',
'4.8.15.16',
'4.8.15.16'
),
(
'4.8.15.16',
'23.42.108.0',
'4.8.15.16',
'23.42.108.0'
),
(
'4.8.15.16',
'23.42.108.0',
'4.8.15.0/24',
'23.42.108.0'
),
(
'4.8.15.16',
'23.42.108.0',
'10.11.12.13, 4.8.15.0/24',
'23.42.108.0'
),
(
'4.8.15.16',
'23.42.108.0',
'10.11.12.13, 4.8.15.0/24, 10.11.12.14',
'23.42.108.0'
),
(
'4.8.15.16',
'10.11.12.13, 23.42.108.0',
'4.8.15.16',
'23.42.108.0'
),
(
'2001:db8:4815::16',
'2001:db8:2342::108',
'2001:db8:4815::16',
'2001:db8:2342::108'
),
(
'4.8.15.16',
'2001:db8:2342::108',
'4.8.15.0/24',
'2001:db8:2342::108'
),
(
'2001:db8:4815::16',
'23.42.108.0',
'2001:db8:4815::0/112',
'23.42.108.0'
),
# Trusted proxy matching remote address and forwarded header
(
'4.8.15.16',
'23.42.108.0',
'4.8.15.16, 23.42.108.0',
'23.42.108.0'
),
(
'4.8.15.16',
'23.42.108.0, 4.8.15.108',
'4.8.15.0/24',
'23.42.108.0'
),
(
'4.8.15.16',
'23.42.108.0, 10.11.12.13',
'4.8.15.16, 10.11.12.13',
'23.42.108.0'
),
(
'4.8.15.16',
'23.42.108.0, 10.11.12.13',
'10.11.12.13, 4.8.15.16',
'23.42.108.0'
),
(
'4.8.15.16',
'10.11.12.13, 23.42.108.0',
'4.8.15.16, 10.11.12.13',
'23.42.108.0'
),
(
'4.8.15.16',
'23.42.108.0, 10.11.12.13',
'4.8.15.16, 10.11.12.0/24',
'23.42.108.0'
),
(
'4.8.15.16',
'10.11.12.15, 23.42.108.0, 10.11.12.14, 10.11.12.13',
'4.8.15.16, 10.11.12.0/24',
'23.42.108.0'
),
(
'4.8.15.16',
'10.11.12.15, 23.42.108.0, 10.11.12.14, 10.11.12.13',
'4.8.15.16, 10.11.12.13, 10.11.12.14, 10.11.12.15',
'23.42.108.0'
),
(
'4.8.15.16:12345',
'10.11.12.15:23456, 23.42.108.0:34567, 10.11.12.14:45678, 10.11.12.13:56789',
'4.8.15.16, 10.11.12.13, 10.11.12.14, 10.11.12.15',
'23.42.108.0'
),
(
'2001:db8:4815::16',
'2001:db8:2342::108',
'2001:db8:4815::16, 2001:db8:2342::108',
'2001:db8:2342::108'
),
(
'2001:db8:4815::16',
'2001:db8:1011::1215, 2001:db8:2342::108, 2001:db8:1011::1214, 2001:db8:1011::1213',
'2001:db8:1011::0/48, 2001:db8:4815::16',
'2001:db8:2342::108'
),
(
'4.8.15.16',
'10.11.12.15, 2001:db8:2342::108, 10.11.12.14, 2001:db8:1011::1213',
'2001:db8:1011::0/48, 4.8.15.16, 10.11.12.14',
'2001:db8:2342::108'
),
(
'2001:db8:4815::16',
'10.11.12.15, 23.42.108.0, 2001:db8:1011::1214, 10.11.12.13',
'10.11.12.13, 2001:db8::0/32',
'23.42.108.0'
),
(
'[2001:db8:4815::16]:12345',
'10.11.12.15:23456, 23.42.108.0:34567, [2001:db8:1112::1314], [2001:db8:1011::1214]:45678, 10.11.12.13:56789',
'10.11.12.13, 2001:db8::0/32',
'23.42.108.0'
),
# Invalid IP in forwarded header
(
'4.8.15.16',
'not-an-ip',
'4.8.15.0/24',
'4.8.15.16'
),
(
'4.8.15.16',
'23.42.108.0, not-an-ip',
'4.8.15.0/24',
'4.8.15.16'
),
(
'4.8.15.16',
'23.42.108.0, not-an-ip, 4.8.15.108',
'4.8.15.0/24',
'4.8.15.108'
),
(
'2001:db8:4815::16',
'2001:db8:2342::108, not-an-ip, 2001:db8:4815::108',
'2001:db8:4815::0/112',
'2001:db8:4815::108'
),
(
'4.8.15.16',
'23.42.108.0, not-an-ip, 2001:db8:4815::108',
'4.8.15.16, 2001:db8:4815::108',
'2001:db8:4815::108'
),
(
'2001:db8:4815::16',
'2001:db8:2342::108, not-an-ip, 4.8.15.108',
'2001:db8:4815::16, 4.8.15.108',
'4.8.15.108'
),
(
'2001:db8:4815::16',
',,not-an-ip,,2001:db8:2342::108,,, , 4.8.15.108 ',
'2001:db8:4815::16, 4.8.15.108',
'4.8.15.108'
),
])
def testGetRemoteAddress(self, fakeConfig, remoteAddress, xForwardedFor, trustedProxies, expectedRemoteAddress):
environment = {
'REMOTE_ADDR': remoteAddress,
}
if xForwardedFor:
environment['HTTP_X_FORWARDED_FOR'] = xForwardedFor
trustedProxies = [ip_network(trustedProxy.strip()) for trustedProxy in trustedProxies.split(',') if trustedProxy]
fakeConfig.trustedProxies = trustedProxies
trustedProxiesFix = TrustedProxiesFix(None, fakeConfig)
assert trustedProxiesFix.getRemoteAddress(environment) == expectedRemoteAddress
def testGetRemoteAddressWithoutOriginalRemoteAddress(self, fakeConfig):
trustedProxiesFix = TrustedProxiesFix(None, fakeConfig)
with pytest.raises(ValueError):
trustedProxiesFix.getRemoteAddress({})
def testGetRemoteAddressWithEmptyOriginalRemoteAddress(self, fakeConfig):
trustedProxiesFix = TrustedProxiesFix(None, fakeConfig)
with pytest.raises(ValueError):
trustedProxiesFix.getRemoteAddress({
'REMOTE_ADDR': '',
})
@pytest.mark.parametrize('address, expectedAddress', [
('192.168.0.42', '192.168.0.42'),
('192.168.0.42:12345', '192.168.0.42'),
('::1', '::1'),
('2001:db8::0', '2001:db8::0'),
('2001:0db8:1234:5678:90ab:cdef:1234:5678', '2001:0db8:1234:5678:90ab:cdef:1234:5678'),
('[::1]', '::1'),
('[2001:db8::0]', '2001:db8::0'),
('[2001:0db8:1234:5678:90ab:cdef:1234:5678]', '2001:0db8:1234:5678:90ab:cdef:1234:5678'),
('[::1]:12345', '::1'),
('[2001:db8::0]:12345', '2001:db8::0'),
('[2001:0db8:1234:5678:90ab:cdef:1234:5678]:12345', '2001:0db8:1234:5678:90ab:cdef:1234:5678'),
('not-an-ip', 'not-an-ip'),
('not-an-ip:at-all', 'not-an-ip'),
('not:an:ip::at-all', 'not:an:ip::at-all'),
('[not:an:ip][very][::weird]', 'not:an:ip][very][::weird'),
])
def testGetAddressWithoutPort(self, fakeConfig, address, expectedAddress):
trustedProxiesFix = TrustedProxiesFix(None, fakeConfig)
# pylint: disable=protected-access
assert trustedProxiesFix._getAddressWithoutPort(address) == expectedAddress