1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-14 20:55:57 +01:00

Documentation improvements.

Document the new perimssion "caption".
This commit is contained in:
Juliusz Chroboczek 2024-11-12 14:02:09 +01:00
parent b103342626
commit 010228b188

90
README
View file

@ -10,7 +10,7 @@ Quick start:
cd galene cd galene
CGO_ENABLED=0 go build -ldflags='-s -w' CGO_ENABLED=0 go build -ldflags='-s -w'
mkdir groups mkdir groups
echo '{"users": {"bob": {"password":"secret", "permissions":"op"}}}' > \ echo '{"users": {"bob": {"password":"1234", "permissions":"op"}}}' > \
groups/example.json groups/example.json
./galene & ./galene &
@ -88,21 +88,37 @@ file may look as follows:
"canonicalHost": "galene.example.org" "canonicalHost": "galene.example.org"
} }
or, better, with a hashed password:
{
"users": {
"root": {
"password":{"type":"bcrypt","key":"$2a$10$bTWW..."},
"permissions": "admin"
}
},
"canonicalHost": "galene.example.org"
}
The fields are as follows: The fields are as follows:
- `users` defines the users allowed to administer the server, and has the - `users` defines the users allowed to administer the server, and has the
same syntax as user definitions in groups (see below), except that the same syntax as user definitions in groups (see below), except that the
only meaningful permission is `"admin"`; only meaningful permission is `"admin"`;
- `writableGroups`: if true, then the API can modify group description
files; by default, group files are treated as read-only; - `writableGroups`: if true, then the API can modify group description
- `publicServer`: if true, then cross-origin access to the server is files; by default, group files are treated as read-only;
allowed. This is safe if the server is on the public Internet, but not
necessarily so if it is on a private network. - `publicServer`: if true, then cross-origin access to the server is
- `proxyURL`: if running behind a reverse proxy, this specifies the allowed. This is safe if the server is on the public Internet, but not
root URL that will be visible outside the proxy. necessarily so if it is on a private network.
- `canonicalHost`: the canonical name of the host running the server; this
will cause clients to be redirected if they use a different hostname to - `proxyURL`: if running behind a reverse proxy, this specifies the root
access the server. URL that will be visible outside the proxy.
- `canonicalHost`: the canonical name of the host running the server;
this will cause clients to be redirected if they use a different
hostname to access the server.
# Group definitions # Group definitions
@ -175,49 +191,81 @@ specify at least one user definition (`op`, `presenter`, or `other`),
nobody will be able to join the group. The following fields are allowed: nobody will be able to join the group. The following fields are allowed:
- `users`: is a dictionary that maps user names to dictionaries with - `users`: is a dictionary that maps user names to dictionaries with
entries `password` and `permissions`; `permissions` should be one of entries `password` and `permissions`; see below for a description of
`op`, `present`, `message` or `observe`. possible permissions;
- `wildcard-user` is a dictionaries with entries `password` and `permissions` - `wildcard-user` is a dictionaries with entries `password` and `permissions`
that will be used for usernames with no matching entry in the `users` that will be used for usernames with no matching entry in the `users`
dictionary; dictionary;
- `authKeys`, `authServer` and `authPortal`: see *Authorisation* below; - `authKeys`, `authServer` and `authPortal`: see *Authorisation* below;
- `public`: if true, then the group is listed on the landing page; - `public`: if true, then the group is listed on the landing page;
- `displayName`: a human-friendly version of the group name; - `displayName`: a human-friendly version of the group name;
- `description`: a human-readable description of the group; this is - `description`: a human-readable description of the group; this is
displayed on the landing page for public groups; displayed on the landing page for public groups;
- `contact`: a human-readable contact for this group, such as an e-mail - `contact`: a human-readable contact for this group, such as an e-mail
address; address, ignored by the server;
- `comment`: a human-readable string;
- `comment`: a human-readable string, ignored by the server;
- `max-clients`: the maximum number of clients that may join the group at - `max-clients`: the maximum number of clients that may join the group at
a time; a time;
- `max-history-age`: the time, in seconds, during which chat history is - `max-history-age`: the time, in seconds, during which chat history is
kept (default 14400, i.e. 4 hours); kept (default 14400, i.e. 4 hours);
- `not-before` and `expires`: the times (in ISO 8601 or RFC 3339 format) - `not-before` and `expires`: the times (in ISO 8601 or RFC 3339 format)
between which joining the group is allowed; between which joining the group is allowed;
- `allow-recording`: if true, then recording is allowed in this group; - `allow-recording`: if true, then recording is allowed in this group;
- `unrestricted-tokens`: if true, then ordinary users (without the "op" - `unrestricted-tokens`: if true, then ordinary users (without the "op"
privilege) are allowed to create tokens; privilege) are allowed to create tokens;
- `allow-anonymous`: if true, then users may connect with an empty username; - `allow-anonymous`: if true, then users may connect with an empty username;
- `auto-subgroups`: if true, then subgroups of the form `group/subgroup` - `auto-subgroups`: if true, then subgroups of the form `group/subgroup`
are automatically created when first accessed; are automatically created when first accessed;
- `autolock`: if true, the group will start locked and become locked - `autolock`: if true, the group will start locked and become locked
whenever there are no clients with operator privileges; whenever there are no clients with operator privileges;
- `autokick`: if true, all clients will be kicked out whenever there are - `autokick`: if true, all clients will be kicked out whenever there are
no clients with operator privileges; this is not recommended, prefer no clients with operator privileges; this is not recommended, prefer
the `autolock` option instead; the `autolock` option instead;
- `redirect`: if set, then attempts to join the group will be redirected - `redirect`: if set, then attempts to join the group will be redirected
to the given URL; most other fields are ignored in this case; to the given URL; most other fields are ignored in this case;
- `codecs`: this is a list of codecs allowed in this group. The default - `codecs`: this is a list of codecs allowed in this group. The default
is `["vp8", "opus"]`. is `["vp8", "opus"]`.
The value of the `permissions` entry in a user definition can either be an
array of individual permissions, as carried by the protocol, or one of
the following strings:
- `op`, a group operator with all rights except administering the group;
- `present`, an ordinary user with the right to publish audio and video
streams and send chat messages;
- `message`, a user with the right to send chat messages;
- `observe`, a user that receives media streams and chat messages, but
is not allowed to send them;
- `caption`, a user with the right to display captions (only);
- `admin`, a user with the right to administer the group (only).
Supported video codecs include: Supported video codecs include:
- `"vp8"` (compatible with all supported browsers); - `"vp8"` (compatible with all supported browsers);
- `"vp9"` (better video quality, but incompatible with Safari); - `"vp9"` (better video quality, but incompatible with Safari; buggy in
Firefox);
- `"av1"` (even better video quality, only supported by some browsers, - `"av1"` (even better video quality, only supported by some browsers,
recording is not supported, SVC is not supported); recording is not supported, SVC is not supported);
- `"h264"` (incompatible with Debian and with some Android devices, SVC - `"h264"` (incompatible with Debian and with some older Android devices,
is not supported). - SVC is not supported).
Supported audio codecs include `"opus"`, `"g722"`, `"pcmu"` and `"pcma"`. Supported audio codecs include `"opus"`, `"g722"`, `"pcmu"` and `"pcma"`.
Only Opus can be recorded to disk. There is no good reason to use Only Opus can be recorded to disk. There is no good reason to use