From 57d093d16825d20a349e3b8c646fb4204d2286da Mon Sep 17 00:00:00 2001
From: Aaron van Meerten <aaron.van.meerten@8x8.com>
Date: Wed, 20 Nov 2024 14:09:01 -0600
Subject: [PATCH 1/3] feat(prosody): dump mode for prosody->jicofo connection

---
 .../templates/jitsi_meet_backend.nomad.tpl    | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl b/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl
index 409e868a..5b519b13 100644
--- a/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl
+++ b/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl
@@ -50,6 +50,10 @@ job [[ template "job_name" . ]] {
       }
       port "prosody-client" {
       }
+[[- if eq (or (env "CONFIG_prosody_shard_mitm_enabled") "false") "true" ]]
+      port "prosody-mitm" {
+      }
+[[- end ]]
 [[- if eq (or (env "CONFIG_prosody_brewery_shard_enabled") "true") "true" ]]
       port "prosody-jvb-client" {
       }
@@ -757,6 +761,17 @@ EOH
         memory    = [[ or (env "CONFIG_nomad_prosody_memory") "2048" ]]
       }
     }
+[[- if eq (or (env "CONFIG_prosody_shard_mitm_enabled") "false") "true" ]]
+    task "prosody-mitm" {
+      driver = "docker"
+      config {
+        # force_pull = [[ or (env "CONFIG_force_pull") "false" ]]
+        image        = "mitmproxy:latest"
+        ports = ["prosody-mitm"]
+        command = "mitmdump --mode reverse:tls://localhost:${NOMAD_HOST_PORT_prosody_client}@${NOMAD_HOST_PORT_prosody_mitm} --insecure"
+      }
+    }
+[[ end ]]
 [[- if eq (or (env "CONFIG_prosody_brewery_shard_enabled") "true") "true" ]]
     task "prosody-jvb" {
       driver = "docker"
@@ -948,7 +963,11 @@ VISITORS_MAX_PARTICIPANTS="[[ env "CONFIG_jicofo_visitors_max_participants" ]]"
 VISITORS_MAX_VISITORS_PER_NODE="[[ env "CONFIG_jicofo_visitors_max_visitors_per_node" ]]"
 [[ end -]]
 
+[[- if eq (or (env "CONFIG_prosody_shard_mitm_enabled") "false") "true" ]]
+JICOFO_OPTS="-Djicofo.xmpp.client.port={{ env "NOMAD_HOST_PORT_prosody_mitm" }}"
+[[ else ]]
 JICOFO_OPTS="-Djicofo.xmpp.client.port={{ env "NOMAD_HOST_PORT_prosody_client" }}"
+[[ end ]]
 
 # Exposed HTTP port
 HTTP_PORT={{ env "NOMAD_HOST_PORT_http" }}
@@ -958,7 +977,11 @@ HTTPS_PORT={{ env "NOMAD_HOST_PORT_https" }}
 
 # Internal XMPP server
 XMPP_SERVER=localhost
+[[- if eq (or (env "CONFIG_prosody_shard_mitm_enabled") "false") "true" ]]
+XMPP_PORT={{  env "NOMAD_HOST_PORT_prosody_mitm" }}
+[[ else ]]
 XMPP_PORT={{  env "NOMAD_HOST_PORT_prosody_client" }}
+[[ end ]]
 
 # Internal XMPP server URL
 XMPP_BOSH_URL_BASE=http://{{ env "NOMAD_IP_prosody_http" }}:{{ env "NOMAD_HOST_PORT_prosody_http" }}

From 80db328b120d6b81ec3a7bcbe9ed2275796659d1 Mon Sep 17 00:00:00 2001
From: Aaron van Meerten <aaron.van.meerten@8x8.com>
Date: Wed, 20 Nov 2024 14:57:28 -0600
Subject: [PATCH 2/3] mitm further progress

---
 .../templates/jitsi_meet_backend.nomad.tpl           | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl b/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl
index 5b519b13..fbee20c4 100644
--- a/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl
+++ b/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl
@@ -766,9 +766,17 @@ EOH
       driver = "docker"
       config {
         # force_pull = [[ or (env "CONFIG_force_pull") "false" ]]
-        image        = "mitmproxy:latest"
+        image        = "mitmproxy/mitmproxy:latest"
         ports = ["prosody-mitm"]
-        command = "mitmdump --mode reverse:tls://localhost:${NOMAD_HOST_PORT_prosody_client}@${NOMAD_HOST_PORT_prosody_mitm} --insecure"
+        command = "/usr/local/bin/mitmdump"
+        args = [
+          "--mode",
+          "reverse:tcp://${NOMAD_IP_prosody_client}:${NOMAD_HOST_PORT_prosody_client}@${NOMAD_HOST_PORT_prosody_mitm}",
+          "--ssl-insecure",
+          "-w",
+          "/proc/1/fd/1",
+          "~all"
+        ]
       }
     }
 [[ end ]]

From 3e129dc6cc4146b59651bb65a62503661107a5b6 Mon Sep 17 00:00:00 2001
From: Aaron van Meerten <aaron.van.meerten@8x8.com>
Date: Thu, 21 Nov 2024 09:33:34 -0600
Subject: [PATCH 3/3] wip

---
 .../templates/jitsi_meet_backend.nomad.tpl      | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl b/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl
index fbee20c4..ad61fee1 100644
--- a/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl
+++ b/nomad/jitsi_packs/packs/jitsi_meet_backend/templates/jitsi_meet_backend.nomad.tpl
@@ -773,11 +773,24 @@ EOH
           "--mode",
           "reverse:tcp://${NOMAD_IP_prosody_client}:${NOMAD_HOST_PORT_prosody_client}@${NOMAD_HOST_PORT_prosody_mitm}",
           "--ssl-insecure",
-          "-w",
-          "/proc/1/fd/1",
+          "-s",
+          "/local/save.py",
           "~all"
         ]
       }
+      template {
+        data = <<EOF
+from mitmproxy.net.http.http1.assemble import assemble_request, assemble_response
+
+f = open('/proc/1/fd/1', 'w')
+
+def response(flow):
+    f.write(assemble_request(flow.request).decode('utf-8'))
+    f.write(assemble_response(flow.response).decode('utf-8', 'replace'))
+EOF
+        destination = "local/save.py"
+        perms = "755"
+      }
     }
 [[ end ]]
 [[- if eq (or (env "CONFIG_prosody_brewery_shard_enabled") "true") "true" ]]