Implemented secure userid.

doc/CHANNELING-API.txt

@@ -87,6 +87,7 @@ Special purpose documents for channling
         "Id": "4",
         "Sid": "5157",
         "Userid": "",
+        "Suserid": "",
         "Token": "some-very-long-string",
         "Version": "server-version-number",
         "Turn": {
@@ -108,20 +109,21 @@ Special purpose documents for channling
 
     Keys:
 
-        Type   : Self (string)
+        Type    : Self (string)
-        Id     : Public Session id for this connection (string).
+        Id      : Public Session id for this connection (string).
-        Sid    : Secure (non public) id for this session (string).
+        Sid     : Secure (non public) id for this session (string).
-        Userid : User id if this session belongs to an authenticated user. Else empty.
+        Userid  : User id if this session belongs to an authenticated user. Else empty.
-        Token  : Security token (string), to restablish connection with the same
+        Suserid : Secure (non public) user id if session has an user id. Else empty.
+        Token   : Security token (string), to restablish connection with the same
                  session. Pass the value as URL query parameter t, to the websocket URL.
-        Version: Server version number. Use this to detect server upgrades.
+        Version : Server version number. Use this to detect server upgrades.
-        Turn   : Mapping (interface{}) to contain TURN server details, like
+        Turn    : Mapping (interface{}) to contain TURN server details, like
-                 urls, password and username. See
+                  urls, password and username. See
-                 http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
+                  http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
-                 and TURN REST API section in
+                  and TURN REST API section in
-                 https://code.google.com/p/rfc5766-turn-server/wiki/turnserver
+                  https://code.google.com/p/rfc5766-turn-server/wiki/turnserver
-                 for details.
+                  for details.
-        Stun   : Array with STUN server URLs.
+        Stun    : Array with STUN server URLs.
 
     You can also send an empty Self document to the server to make the server
     transmit a fresh Self document (eg. to refresh when ttl was reached). Please

src/app/spreed-webrtc-server/channeling.go

@@ -50,6 +50,7 @@ type DataSelf struct {
 	Id      string
 	Sid     string
 	Userid  string
+	Suserid string
 	Token   string
 	Version string
 	Turn    *DataTurn

src/app/spreed-webrtc-server/hub.go

@@ -177,6 +177,15 @@ func (h *Hub) CreateTurnData(id string) *DataTurn {
 
 }
 
+func (h *Hub) CreateSuserid(session *Session) (suserid string) {
+	if session.Userid != "" {
+		m := hmac.New(sha256.New, h.encryptionSecret)
+		m.Write([]byte(session.Userid))
+		suserid = base64.StdEncoding.EncodeToString(m.Sum(nil))
+	}
+	return suserid
+}
+
 func (h *Hub) CreateSession(request *http.Request, st *SessionToken) *Session {
 
 	// NOTE(longsleep): Is it required to make this a secure cookie,

src/app/spreed-webrtc-server/server.go

@@ -45,6 +45,7 @@ func (s *Server) OnRegister(c *Connection) {
 			Id:      c.Id,
 			Sid:     c.Session.Sid,
 			Userid:  c.Session.Userid,
+			Suserid: c.h.CreateSuserid(c.Session),
 			Token:   token,
 			Version: c.h.version,
 			Turn:    c.h.CreateTurnData(c.Id),

src/app/spreed-webrtc-server/session.go

@@ -76,19 +76,6 @@ func (s *Session) Update(update *SessionUpdate) uint64 {
 
 }
 
-func (s *Session) Apply(st *SessionToken) uint64 {
-
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-	s.Id = st.Id
-	s.Sid = st.Sid
-	s.Userid = st.Userid
-
-	s.UpdateRev++
-	return s.UpdateRev
-
-}
-
 func (s *Session) Authorize(realm string, st *SessionToken) (string, error) {
 
 	s.mutex.Lock()