pimhwang
/
spreed-webrtc
mirror of https://github.com/strukturag/spreed-webrtc.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Support fixed username/password TURN credentials.

pull/397/head
Joachim Bauch 9 years ago
parent
0e5e106e99
commit
d0d3348dc3
Failed to extract signature
4 changed files with 39 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      go/channelling/config.go
  2. 49
      go/channelling/hub.go
  3. 2
      go/channelling/server/config.go
  4. 6
      server.conf.in

2
go/channelling/config.go
Unescape View File

@ -14,6 +14,8 @@ type Config struct {
Renegotiation bool // Renegotiation flag Renegotiation bool // Renegotiation flag
StunURIs []string // STUN server URIs StunURIs []string // STUN server URIs
TurnURIs []string // TURN server URIs TurnURIs []string // TURN server URIs
TurnUsername string // Username for TURN server
TurnPassword string // Password for TURN server
Tokens bool // True when we got a tokens file Tokens bool // True when we got a tokens file
Version string // Server version number Version string // Server version number
UsersEnabled bool // Flag if users are enabled UsersEnabled bool // Flag if users are enabled

49
go/channelling/hub.go
Unescape View File

@ -92,29 +92,38 @@ func (h *hub) ClientInfo(details bool) (clientCount int, sessions map[string]*Da
} }
func (h *hub) CreateTurnData(sender Sender, session *Session) *DataTurn { func (h *hub) CreateTurnData(sender Sender, session *Session) *DataTurn {
// Create turn data credentials for shared secret auth with TURN if len(h.turnSecret) > 0 {
// server. See http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 // Create turn data credentials for shared secret auth with TURN
// and https://code.google.com/p/rfc5766-turn-server/ REST API auth // server. See http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
// and set shared secret in TURN server with static-auth-secret. // and https://code.google.com/p/rfc5766-turn-server/ REST API auth
if len(h.turnSecret) == 0 { // and set shared secret in TURN server with static-auth-secret.
return &DataTurn{} id := session.Id
bar := sha256.New()
bar.Write([]byte(id))
id = base64.StdEncoding.EncodeToString(bar.Sum(nil))
foo := hmac.New(sha1.New, h.turnSecret)
expiration := int32(time.Now().Unix()) + turnTTL
user := fmt.Sprintf("%d:%s", expiration, id)
foo.Write([]byte(user))
password := base64.StdEncoding.EncodeToString(foo.Sum(nil))
return &DataTurn{
Username: user,
Password: password,
Ttl: turnTTL,
Urls: h.config.TurnURIs,
}
} }
id := session.Id
bar := sha256.New()
bar.Write([]byte(id))
id = base64.StdEncoding.EncodeToString(bar.Sum(nil))
foo := hmac.New(sha1.New, h.turnSecret)
expiration := int32(time.Now().Unix()) + turnTTL
user := fmt.Sprintf("%d:%s", expiration, id)
foo.Write([]byte(user))
password := base64.StdEncoding.EncodeToString(foo.Sum(nil))
return &DataTurn{ if h.config.TurnUsername != "" && h.config.TurnPassword != "" {
Username: user, return &DataTurn{
Password: password, Username: h.config.TurnUsername,
Ttl: turnTTL, Password: h.config.TurnPassword,
Urls: h.config.TurnURIs, Urls: h.config.TurnURIs,
}
} }
return &DataTurn{}
} }
func (h *hub) GetSession(id string) (session *Session, ok bool) { func (h *hub) GetSession(id string) (session *Session, ok bool) {

2
go/channelling/server/config.go
Unescape View File

@ -128,6 +128,8 @@ func NewConfig(container phoenix.Container, tokens bool) (*channelling.Config, e
Renegotiation: container.GetBoolDefault("app", "renegotiation", false), Renegotiation: container.GetBoolDefault("app", "renegotiation", false),
StunURIs: stunURIs, StunURIs: stunURIs,
TurnURIs: turnURIs, TurnURIs: turnURIs,
TurnUsername: container.GetStringDefault("app", "turnUsername", ""),
TurnPassword: container.GetStringDefault("app", "turnPassword", ""),
Tokens: tokens, Tokens: tokens,
Version: version, Version: version,
UsersEnabled: container.GetBoolDefault("users", "enabled", false), UsersEnabled: container.GetBoolDefault("users", "enabled", false),

6
server.conf.in
Unescape View File

@ -57,6 +57,12 @@ listen = 127.0.0.1:8080
; See http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 for details. ; See http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 for details.
; A supported TURN server is https://code.google.com/p/rfc5766-turn-server/. ; A supported TURN server is https://code.google.com/p/rfc5766-turn-server/.
;turnSecret = the-default-turn-shared-secret-do-not-keep ;turnSecret = the-default-turn-shared-secret-do-not-keep
; Fixed username/password credentials to be used for the TURN server.
; IMPORTANT: This will give all users connected to the spreed-webrtc service
; access to the credentials, so in almost all cases the shared secret mode
; should be used instead!!
;turnUsername = the-turn-username
;turnPassword = the-turn-secret
; Enable renegotiation support. Set to true to tell clients that they can ; Enable renegotiation support. Set to true to tell clients that they can
; renegotiate peer connections when required. Firefox support is not complete, ; renegotiate peer connections when required. Firefox support is not complete,
; so do not enable if you want compatibility with Firefox clients. ; so do not enable if you want compatibility with Firefox clients.

Write Preview
Loading…
Cancel
Save