From fd4aa892b28a7cd402bedc87470bba0b07e0bd4e Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Wed, 24 Jan 2024 21:31:02 +0100
Subject: [PATCH] Add http-ingress config directive

Co-authored-by: delthas <delthas@dille.cc>
---
 cmd/soju/main.go | 1 +
 config/config.go | 8 ++++++++
 doc/soju.1.scd   | 5 +++++
 downstream.go    | 2 +-
 server.go        | 1 +
 5 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/cmd/soju/main.go b/cmd/soju/main.go
index 16a6506..ebb9f0e 100644
--- a/cmd/soju/main.go
+++ b/cmd/soju/main.go
@@ -104,6 +104,7 @@ func loadConfig() (*config.Server, *soju.Config, error) {
 		MsgStoreDriver:            raw.MsgStore.Driver,
 		MsgStorePath:              raw.MsgStore.Source,
 		HTTPOrigins:               raw.HTTPOrigins,
+		HTTPIngress:               raw.HTTPIngress,
 		AcceptProxyIPs:            raw.AcceptProxyIPs,
 		MaxUserNetworks:           raw.MaxUserNetworks,
 		UpstreamUserIPs:           raw.UpstreamUserIPs,
diff --git a/config/config.go b/config/config.go
index 59f67c8..5f6bee7 100644
--- a/config/config.go
+++ b/config/config.go
@@ -84,6 +84,7 @@ type Server struct {
 	FileUpload *FileUpload
 
 	HTTPOrigins    []string
+	HTTPIngress    string
 	AcceptProxyIPs IPSet
 
 	MaxUserNetworks           int
@@ -109,6 +110,7 @@ func Defaults() *Server {
 		Auth: Auth{
 			Driver: "internal",
 		},
+		HTTPIngress:     "https://" + hostname,
 		MaxUserNetworks: -1,
 	}
 }
@@ -128,6 +130,7 @@ func Load(path string) (*Server, error) {
 		Auth                []string   `scfg:"auth"`
 		FileUpload          []string   `scfg:"file-upload"`
 		HTTPOrigin          []string   `scfg:"http-origin"`
+		HTTPIngress         string     `scfg:"http-ingress"`
 		AcceptProxyIP       []string   `scfg:"accept-proxy-ip"`
 		MaxUserNetworks     int        `scfg:"max-user-networks"`
 		UpstreamUserIP      []string   `scfg:"upstream-user-ip"`
@@ -216,6 +219,11 @@ func Load(path string) (*Server, error) {
 		srv.FileUpload = &FileUpload{driver, source}
 	}
 	srv.HTTPOrigins = raw.HTTPOrigin
+	if raw.HTTPIngress != "" {
+		srv.HTTPIngress = raw.HTTPIngress
+	} else {
+		srv.HTTPIngress = "https://" + srv.Hostname
+	}
 	for _, s := range raw.AcceptProxyIP {
 		if s == "localhost" {
 			srv.AcceptProxyIPs = append(srv.AcceptProxyIPs, loopbackIPs...)
diff --git a/doc/soju.1.scd b/doc/soju.1.scd
index eea3436..f09b7d6 100644
--- a/doc/soju.1.scd
+++ b/doc/soju.1.scd
@@ -160,6 +160,11 @@ The following directives are supported:
 	By default, only the request host is authorized. Use this directive to
 	enable cross-origin WebSockets.
 
+*http-ingress* <url>
+	External URL on which HTTPS listeners are exposed.
+
+	By default, this is _https://<hostname>_.
+
 *accept-proxy-ip* <cidr...>
 	Allow the specified IPs to act as a proxy. Proxys have the ability to
 	overwrite the remote and local connection addresses (via the PROXY protocol,
diff --git a/downstream.go b/downstream.go
index e5e83f3..9a2efb4 100644
--- a/downstream.go
+++ b/downstream.go
@@ -1474,7 +1474,7 @@ func (dc *downstreamConn) welcome(ctx context.Context, user *user) error {
 		isupport = append(isupport, "VAPID="+dc.srv.webPush.VAPIDKeys.Public)
 	}
 	if dc.srv.Config().FileUploader != nil {
-		isupport = append(isupport, "soju.im/FILEHOST=https://"+dc.srv.Config().Hostname+"/upload")
+		isupport = append(isupport, "soju.im/FILEHOST="+dc.srv.Config().HTTPIngress+"/upload")
 	}
 
 	if uc := dc.upstream(); uc != nil {
diff --git a/server.go b/server.go
index 710bc39..209dd97 100644
--- a/server.go
+++ b/server.go
@@ -143,6 +143,7 @@ type Config struct {
 	MsgStoreDriver            string
 	MsgStorePath              string
 	HTTPOrigins               []string
+	HTTPIngress               string
 	AcceptProxyIPs            config.IPSet
 	MaxUserNetworks           int
 	MOTD                      string