Bataries included: add more plugins pre-installed by default

stokito · November 22, 2024, 7:32pm

The Openfire has only the search plugin out of the box. I’m pretty sure that a typical corporate chat server also would need for HTTP File Upload, Bookmarks and maybe STUN enabled by default. A user can just start using the server and receive the most essential and common functionality like calls. Some other plugins maybe also good to have like Just Maried and others Ignite Realtime: Openfire Plugins
Maybe some plugins are supported the better by the team like Pade or Fastpath so that they are the killing feature of the OF. It will be no shame to include them to show the best what the OF can offer.

It looks like to add the plugins we can add a few lines here

github.com

igniterealtime/Openfire/blob/main/distribution/pom.xml#L63


      
                      <id>copy</id>
                      <phase>package</phase>
                      <goals>
                          <goal>copy</goal>
                      </goals>
                  </execution>
              </executions>
              <configuration>
                  <artifactItems>
                      <artifactItem>
                          <groupId>org.igniterealtime.openfire.plugins</groupId>
                          <artifactId>search</artifactId>
                          <type>jar</type>
                          <classifier>openfire-plugin-assembly</classifier>
                          <overWrite>true</overWrite>
                          <outputDirectory>${project.build.directory}${file.separator}distribution-base${file.separator}plugins</outputDirectory>
                          <destFileName>search.jar</destFileName>
                      </artifactItem>
                  </artifactItems>
              </configuration>
          </plugin>

So the questions are:

Which plugins are installed most of time? Any stats or guess.
Which plugins have the best support of the OF? Maybe some plugins are always checked on a new release.
Will you accept a PR with adding of the File Upload and Bookmarks plugins that are a built in functionality in other servers.

akrherz · November 23, 2024, 3:02pm

Thanks for your work on Ignite’s repos and this thoughtful suggestion, but I am a hard no on this and here is why.

Openfire, by default, should continue to work to reduce the security exposure/vulnerability of the software. For example, the recent change to restrict the admin console access to localhost only by default.
The search plugin’s inclusion was a one-off due to some stock openfire requirement for it to be present, IIRC.
Bundling plugins with the installer creates some thorny install time logic issues. For people that upgrade immediately with releases, it would likely be no issue as the bundled plugin would be the latest release. But if you have a properly testing, QA, staging environment, it may take months to bring openfire to production. When you do, you may have an installed plugin that is already newer than what the openfire bundled version provided.
We generally want to keep releases of Openfire and plugins asynchronous. If we bundled HTTPUpload and some vulnerability got fixed it in, would we need to immediately provide updated Openfire releases for all releases that bundled that plugin?
We generally have just one developer of Openfire and a number of us that just hack at the edges of the software. We don’t have the dev resources to support what you propose. Bundling plugins ends up providing a “contract” to users that this plugin gets significant amount of love to have as few bugs as possible, as with Openfire. We don’t want to give that impression.
Openfire is used in a number of very restrictive environments, an installer would additional plugins would create a problem for these folks as they could not use the installer, but would have to do post install scripts/procedures to remove the plugins.