Update README.

976df35e · Juliusz Chroboczek · 5f58ce04 · 976df35e
Commit 976df35e authored Apr 04, 2023 by Juliusz Chroboczek
Show whitespace changes
Inline Side-by-side

Showing with 55 additions and 17 deletions

README README +55 -17

No files found.
--- a/README
+++ b/README
@@ -14,17 +14,29 @@ See the file INSTALL in this directory for installation instructions.
 There is a landing page at the root of the server.  It contains a form
 for typing the name of a group, and a clickable list of public groups.
-Groups are available under `/group/groupname`.  You may share this URL
+Groups are available under `/group/groupname/`.  You may share this URL
 with others, there is no need to go through the landing page.
-Recordings can be accessed under `/recordings/groupname`.  This is only
+Recordings can be accessed under `/recordings/groupname/`.  This is only
 available to the administrator of the group.
 Some statistics are available under `/stats.json`, with a human-readable
 version at `/stats.html`.  This is only available to the server administrator.
-## Side menu
+## Main interface
+After logging in, the user is confronted with the main interface.
+### Buttons
+There are up to three buttons at the top.  The *Enable*/*Disable* button
+enables either or both the camera and the microphone (depending on the
+options set in the side menu, see below).  The *Mute* button mutes or
+unmutes the microphone.  The *Share Screen* button shares the screen or
+a window.
+### Side menu
 There is a menu on the right of the user interface.  This allows choosing
 the camera and microphone and setting the video throughput.  The
@@ -32,13 +44,20 @@ the camera and microphone and setting the video throughput.  The
 in favour of image quality.  The *Play local file* dialog allows streaming
 a video from a local file.
+### User list
+There is a user list on the left.  Clicking on a user opens a menu with
+actions that can be applied to that user.  Clicking on ones own username
+opens a menu with actions that are global to the group.
-## Commands
+### Text box
-Typing a line starting with a slash `/` in the chat dialogue causes
+Typing a string in the text box at the bottom of the chat pane sends
-a command to be sent to the server.  Type `/help` to get the list of
+a broadcast message to all of the users in the group.
-available commands; the output depends on whether you are an operator or
-not.
+Typing a line starting with a slash `/` in the text box causes a command
+to be sent to the server.  Type `/help` to get the list of available
+commands; the output depends on whether you are an operator or not.
 # The global configuration file
@@ -53,10 +72,10 @@ file may look as follows:
 The fields are as follows:
- `proxyURL`: if running behind a reverse proxy, this specifies the
-  address of the proxy.
 - `admin` defines the users allowed to look at the `/stats.html` file; it
  has the same syntax as user definitions in groups (see below).
+- `proxyURL`: if running behind a reverse proxy, this specifies the
+  address of the proxy.
 - `canonicalHost`: the canonical name of the host running the server; this
  will cause clients to be redirected if they use a different hostname to
  access the server.
@@ -142,13 +161,13 @@ anything except Opus.
 ## Client Authorisation
-Galene implements two authorisation methods: a simple username/password
+Galene implements three authorisation methods: a simple username/password
-authorisation scheme that is built into the Galene server, and
+authorisation scheme, a scheme using stateful tokens and a mechanism based
-a token-based mechanism that relies on an external server.  The simple
+on cryptographic tokens that are generated by an external server.  The
-mechanism is intended to be used in standalone installations, while the
+former two mechanism are intended to be used in standalone installations,
-server-based mechanism is designed to allow easy integration with an
+while the server-based mechanism is designed to allow easy integration
-existing authorisation infrastructure (such as LDAP, OAuth2, or even Unix
+with an existing authorisation infrastructure (such as LDAP, OAuth2, or
-passwords).
+even Unix passwords).
 ### Password authorisation
@@ -198,6 +217,25 @@ user entry with a hashed password looks like this:
        }
    }
+### Stateful tokens
+Stateful tokens allow to temporarily grant access to a user.  In order to
+generate a stateful token, the group administrator types
+    /invite user period
+where `user` is the username granted to the temporary user, and `period`
+is the time period for which the token will be valid (for example `2d`
+meaning 2 days).  The server replies with a link, valid the given time
+period, that may be sent to the temporary user for example by e-mail.
+Tokens may also be granted without imposing a specific username:
+    /invite '' 2d
+Stateful tokens are revokable (use the `/revoke` command) and their
+lifetime may be extended (use the `/reinvite` command).
 ### Authorisation servers