mirror of
https://github.com/eworm-de/routeros-scripts
synced 2024-05-14 08:04:19 +00:00
mod/notification-matrix: introduce $SetupMatrix{Authenticate,JoinRoom} for setup
Well, now that we have a JSON parser... Let's improve the user experience a bit.
This commit is contained in:
parent
59f8f30389
commit
2d7efd8d6c
9 changed files with 120 additions and 45 deletions
BIN
doc/mod/notification-matrix.d/01-authenticate.avif
Normal file
BIN
doc/mod/notification-matrix.d/01-authenticate.avif
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
doc/mod/notification-matrix.d/02-join-room.avif
Normal file
BIN
doc/mod/notification-matrix.d/02-join-room.avif
Normal file
Binary file not shown.
Binary file not shown.
|
@ -21,8 +21,8 @@ Just install the module:
|
||||||
$ScriptInstallUpdate mod/notification-matrix;
|
$ScriptInstallUpdate mod/notification-matrix;
|
||||||
|
|
||||||
Also install a Matrix client on at least one of your mobile and/or desktop
|
Also install a Matrix client on at least one of your mobile and/or desktop
|
||||||
devices. As there is no privilege separation you should create a dedicated
|
devices. Create and setup an account there, we will reference that as
|
||||||
notification account, in addition to your general user account.
|
"*general account*" later.
|
||||||
|
|
||||||
Configuration
|
Configuration
|
||||||
-------------
|
-------------
|
||||||
|
@ -35,58 +35,53 @@ reload the configuration.
|
||||||
> [`global-config`](../../global-config.rsc) (the one without `-overlay`) to
|
> [`global-config`](../../global-config.rsc) (the one without `-overlay`) to
|
||||||
> your local `global-config-overlay` and modify it to your specific needs.
|
> your local `global-config-overlay` and modify it to your specific needs.
|
||||||
|
|
||||||
### Home server
|
The Matrix server is connected via encrypted https, and certificate
|
||||||
|
verification is applied. So make sure you have the certificate chain for
|
||||||
|
your server in device's certificate store.
|
||||||
|
|
||||||
|
> ℹ️ **Info**: The *matrix.org* server uses a Cloudflare certificate. You can
|
||||||
|
> install that with: `$CertificateAvailable "Cloudflare Inc ECC CA-3"`
|
||||||
|
|
||||||
|
### From other device
|
||||||
|
|
||||||
|
If you have setup your Matrix *notification account* before just reuse that.
|
||||||
|
Copy the relevant configuration to the device to be configured.
|
||||||
|
|
||||||
|
### Setup new account
|
||||||
|
|
||||||
|
As there is no privilege separation you should create a dedicated account
|
||||||
|
for use with these scripts, in addition to your *general account*.
|
||||||
|
We will reference that as "*notification account*" in the following steps.
|
||||||
|
|
||||||
|
#### Authenticate
|
||||||
|
|
||||||
Matrix user accounts are identified by a unique user id in the form of
|
Matrix user accounts are identified by a unique user id in the form of
|
||||||
`@localpart:domain`. The `domain` part is not necessarily your home server
|
`@localpart:domain`. Use that and your password to generate an access token
|
||||||
address, you have to resolve it with the procedure described in the
|
and write first part of the configuration:
|
||||||
[Matrix specification](https://spec.matrix.org/latest/client-server-api/#server-discovery).
|
|
||||||
|
|
||||||
Your best bet is to query the server at `domain` with the
|
$SetupMatrixAuthenticate "@example:matrix.org" "v3ry-s3cr3t";
|
||||||
[well-known uri](https://spec.matrix.org/latest/client-server-api/#well-known-uri).
|
|
||||||
For "*matrix.org*" this query is:
|
|
||||||
|
|
||||||
/tool/fetch "https://matrix.org/.well-known/matrix/client" output=user;
|
![authenticate](notification-matrix.d/01-authenticate.avif)
|
||||||
|
|
||||||
![home server](notification-matrix.d/01-home-server.avif)
|
#### Join Room
|
||||||
|
|
||||||
So the home server for "*matrix.org*" is "*matrix-client.matrix.org*".
|
Every Matix chat is a room, so we have to create one. Do that with your
|
||||||
Please strip the protocol ("*https://*") for `MatrixHomeServer` if given.
|
*general account*, this makes sure your *general account* is the room owner.
|
||||||
|
Then join the room and invite the *notification account* by its user id
|
||||||
|
"*@example:matrix.org*".
|
||||||
|
Look up the *room id* within the Matrix client, it should read like
|
||||||
|
"*!WUcxpSjKyxSGelouhA:matrix.org*" (starting with an exclamation mark and
|
||||||
|
ending with the domain).
|
||||||
|
|
||||||
### Access token
|
Finally make the *notification account* join into the room by accepting
|
||||||
|
the invite.
|
||||||
|
|
||||||
After discovering the correct home server an access token has to be created.
|
$SetupMatrixJoinRoom "!WUcxpSjKyxSGelouhA:matrix.org";
|
||||||
For this the login credentials (username and password) of the notification
|
|
||||||
account must be sent to the home server via
|
|
||||||
[client server api](https://matrix.org/docs/guides/client-server-api#login).
|
|
||||||
|
|
||||||
We use the home server discovered above, "*matrix-client.matrix.org*".
|
![join room](notification-matrix.d/02-join-room.avif)
|
||||||
The user is "*example*" and password is "*v3ry-s3cr3t*".
|
|
||||||
|
|
||||||
/tool/fetch "https://matrix-client.matrix.org/_matrix/client/r0/login" http-method=post http-data="{\"type\":\"m.login.password\", \"user\":\"example\", \"password\":\"v3ry-s3cr3t\"}" output=user;
|
The settings have been appended to `global-config-overlay`. You may want to
|
||||||
|
edit to move it to an appropriate place.
|
||||||
![access token](notification-matrix.d/02-access-token.avif)
|
|
||||||
|
|
||||||
The server replied with a JSON object containing the `access_token`, use that
|
|
||||||
for `MatrixAccessToken`.
|
|
||||||
|
|
||||||
### Room
|
|
||||||
|
|
||||||
Every Matix chat is a room, so we have to create one. Do so with your general
|
|
||||||
user, this makes sure your general user is the room owner. Then join the room
|
|
||||||
and invite the notification user by its user id "*@example:matrix.org*". Look
|
|
||||||
up the room id within the Matrix client, it should read like
|
|
||||||
"*!WUcxpSjKyxSGelouhA:matrix.org*". Use that for `MatrixRoom`.
|
|
||||||
|
|
||||||
Finally join the notification user to the room by accepting the invite. Again,
|
|
||||||
this can be done with
|
|
||||||
[client server api](https://matrix.org/docs/guides/client-server-api#joining-a-room-via-an-invite).
|
|
||||||
Make sure to replace room id ("*!*" is escaped with "*%21*") and access token
|
|
||||||
with your data.
|
|
||||||
|
|
||||||
/tool/fetch "https://matrix-client.matrix.org/_matrix/client/r0/rooms/%21WUcxpSjKyxSGelouhA:matrix.org/join?access_token=yt_ZXdvcm0tdGVzdA_NNqUyvKHRhBLZmnzVVSK_0xu6yN" http-method=post http-data="" output=user;
|
|
||||||
|
|
||||||
![join room](notification-matrix.d/03-join-room.avif)
|
|
||||||
|
|
||||||
Usage and invocation
|
Usage and invocation
|
||||||
--------------------
|
--------------------
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
:local 0 "global-functions";
|
:local 0 "global-functions";
|
||||||
|
|
||||||
# expected configuration version
|
# expected configuration version
|
||||||
:global ExpectedConfigVersion 112;
|
:global ExpectedConfigVersion 113;
|
||||||
|
|
||||||
# global variables not to be changed by user
|
# global variables not to be changed by user
|
||||||
:global GlobalFunctionsReady false;
|
:global GlobalFunctionsReady false;
|
||||||
|
|
|
@ -12,6 +12,8 @@
|
||||||
:global PurgeMatrixQueue;
|
:global PurgeMatrixQueue;
|
||||||
:global SendMatrix;
|
:global SendMatrix;
|
||||||
:global SendMatrix2;
|
:global SendMatrix2;
|
||||||
|
:global SetupMatrixAuthenticate;
|
||||||
|
:global SetupMatrixJoinRoom;
|
||||||
|
|
||||||
# flush Matrix queue
|
# flush Matrix queue
|
||||||
:set FlushMatrixQueue do={
|
:set FlushMatrixQueue do={
|
||||||
|
@ -175,3 +177,80 @@
|
||||||
|
|
||||||
($NotificationFunctions->"matrix") ("\$NotificationFunctions->\"matrix\"") $Notification;
|
($NotificationFunctions->"matrix") ("\$NotificationFunctions->\"matrix\"") $Notification;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# setup - get home server and access token
|
||||||
|
:set SetupMatrixAuthenticate do={
|
||||||
|
:local User [ :tostr $1 ];
|
||||||
|
:local Pass [ :tostr $2 ];
|
||||||
|
|
||||||
|
:global CharacterReplace;
|
||||||
|
:global LogPrintExit2;
|
||||||
|
:global ParseJson;
|
||||||
|
:global UrlEncode;
|
||||||
|
|
||||||
|
:global MatrixAccessToken;
|
||||||
|
:global MatrixHomeServer;
|
||||||
|
|
||||||
|
:local Domain [ :pick $User ([ :find $User ":" ] + 1) [ :len $User] ];
|
||||||
|
:do {
|
||||||
|
:local Data ([ /tool/fetch check-certificate=yes-without-crl output=user \
|
||||||
|
("https://" . $Domain . "/.well-known/matrix/client") as-value ]->"data");
|
||||||
|
:set MatrixHomeServer ([ $ParseJson ([ $ParseJson [ $CharacterReplace $Data " " "" ] ]->"m.homeserver") ]->"base_url");
|
||||||
|
$LogPrintExit2 debug $0 ("Home server is: " . $MatrixHomeServer) false;
|
||||||
|
} on-error={
|
||||||
|
$LogPrintExit2 error $0 ("Failed getting home server!") true;
|
||||||
|
}
|
||||||
|
|
||||||
|
:if ([ :pick $MatrixHomeServer 0 8 ] = "https://") do={
|
||||||
|
:set MatrixHomeServer [ :pick $MatrixHomeServer 8 [ :len $MatrixHomeServer ] ];
|
||||||
|
}
|
||||||
|
|
||||||
|
:do {
|
||||||
|
:local Data ([ /tool/fetch check-certificate=yes-without-crl output=user \
|
||||||
|
http-method=post http-data=("{\"type\":\"m.login.password\", \"user\":\"" . $User . "\", \"password\":\"" . $Pass . "\"}") \
|
||||||
|
("https://" . $MatrixHomeServer . "/_matrix/client/r0/login") as-value ]->"data");
|
||||||
|
:set MatrixAccessToken ([ $ParseJson $Data ]->"access_token");
|
||||||
|
$LogPrintExit2 debug $0 ("Access token is: " . $MatrixAccessToken) false;
|
||||||
|
} on-error={
|
||||||
|
$LogPrintExit2 error $0 ("Failed logging in (and getting access token)!") true;
|
||||||
|
}
|
||||||
|
|
||||||
|
:do {
|
||||||
|
/system/script/set global-config-overlay source=([ get global-config-overlay source ] . "\n" . \
|
||||||
|
":global MatrixHomeServer \"" . $MatrixHomeServer . "\";\n" . \
|
||||||
|
":global MatrixAccessToken \"" . $MatrixAccessToken . "\";\n");
|
||||||
|
$LogPrintExit2 info $0 ("Appended configuration to global-config-overlay. Now create and join a room, please!") false;
|
||||||
|
} on-error={
|
||||||
|
$LogPrintExit2 error $0 ("Failed appending configuration to global-config-overlay!") true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# setup - join a room
|
||||||
|
:set SetupMatrixJoinRoom do={
|
||||||
|
:global MatrixRoom [ :tostr $1 ];
|
||||||
|
|
||||||
|
:global LogPrintExit2;
|
||||||
|
:global UrlEncode;
|
||||||
|
|
||||||
|
:global MatrixAccessToken;
|
||||||
|
:global MatrixHomeServer;
|
||||||
|
:global MatrixRoom;
|
||||||
|
|
||||||
|
:do {
|
||||||
|
/tool/fetch check-certificate=yes-without-crl output=none \
|
||||||
|
http-method=post http-data="" \
|
||||||
|
("https://" . $MatrixHomeServer . "/_matrix/client/r0/rooms/" . [ $UrlEncode $MatrixRoom ] . \
|
||||||
|
"/join?access_token=" . [ $UrlEncode $MatrixAccessToken ]) as-value;
|
||||||
|
$LogPrintExit2 debug $0 ("Joined the room.") false;
|
||||||
|
} on-error={
|
||||||
|
$LogPrintExit2 error $0 ("Failed joining the room!") true;
|
||||||
|
}
|
||||||
|
|
||||||
|
:do {
|
||||||
|
/system/script/set global-config-overlay source=([ get global-config-overlay source ] . "\n" . \
|
||||||
|
":global MatrixRoom \"" . $MatrixRoom . "\";\n");
|
||||||
|
$LogPrintExit2 info $0 ("Appended configuration to global-config-overlay. Please review and cleanup!") false;
|
||||||
|
} on-error={
|
||||||
|
$LogPrintExit2 error $0 ("Failed appending configuration to global-config-overlay!") true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -26,6 +26,7 @@
|
||||||
110="Dropped support for loading scripts from local storage.";
|
110="Dropped support for loading scripts from local storage.";
|
||||||
111="Modified 'dhcp-to-dns' to allow multiple records for one mac address.";
|
111="Modified 'dhcp-to-dns' to allow multiple records for one mac address.";
|
||||||
112="Enhanced 'mod/ssh-keys-import' to record the fingerprint of keys.";
|
112="Enhanced 'mod/ssh-keys-import' to record the fingerprint of keys.";
|
||||||
|
113="Added helper functions for easier setup to Matrix notification module.";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Migration steps to be applied on script updates
|
# Migration steps to be applied on script updates
|
||||||
|
|
Loading…
Reference in a new issue