implement voip/turnServer API endpoint (#323)

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

dendrite-config.yaml

@@ -54,6 +54,24 @@ media:
         height: 600
         method: scale
 
+# The config for the TURN server
+turn:
+    # Whether or not guests can request TURN credentials
+    turn_allow_guests: true
+    # How long the authorization should last
+    turn_user_lifetime: "1h"
+    # The list of TURN URIs to pass to clients
+    turn_uris: []
+
+    # Authorization via Shared Secret
+    # The shared secret from coturn
+    turn_shared_secret: "<SECRET STRING GOES HERE>"
+
+    # Authorization via Static Username & Password
+    # Hardcoded Username and Password
+    turn_username: ""
+    turn_password: ""
+
 # The config for communicating with kafka
 kafka:
     # Where the kafka servers are running.

src/github.com/matrix-org/dendrite/clientapi/routing/routing.go

@@ -284,12 +284,8 @@ func Setup(
 	).Methods("PUT", "OPTIONS")
 
 	r0mux.Handle("/voip/turnServer",
-		common.MakeExternalAPI("turn_server", func(req *http.Request) util.JSONResponse {
-			// TODO: Return credentials for a turn server if one is configured.
-			return util.JSONResponse{
-				Code: 200,
-				JSON: struct{}{},
-			}
+		common.MakeAuthAPI("turn_server", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse {
+			return RequestTurnServer(req, device, cfg)
 		}),
 	).Methods("GET")
 

src/github.com/matrix-org/dendrite/clientapi/routing/voip.go

@@ -0,0 +1,85 @@
+// Copyright 2017 Michael Telatysnki <7t3chguy@gmail.com>
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package routing
+
+import (
+	"net/http"
+
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/base64"
+	"fmt"
+	"time"
+
+	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
+	"github.com/matrix-org/dendrite/common/config"
+	"github.com/matrix-org/util"
+	"github.com/matrix-org/dendrite/clientapi/httputil"
+)
+
+type turnServerResponse struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+	URIs []string `json:"uris"`
+	TTL int `json:"ttl"`
+}
+
+// RequestTurnServer implements:
+//     GET /voip/turnServer
+func RequestTurnServer(req *http.Request, device *authtypes.Device, cfg config.Dendrite) util.JSONResponse {
+	turnConfig := cfg.TURN
+
+	// TODO Guest Support
+	if len(turnConfig.URIs) == 0 || turnConfig.UserLifetime == "" {
+		return util.JSONResponse{
+			Code: 200,
+			JSON: struct{}{},
+		}
+	}
+
+	// Duration checked at startup, err not possible
+	duration, _ := time.ParseDuration(turnConfig.UserLifetime)
+
+	resp := turnServerResponse{
+		URIs: turnConfig.URIs,
+		TTL: int(duration.Seconds()),
+	}
+
+	if turnConfig.SharedSecret != "" {
+		expiry := time.Now().Add(duration).Unix()
+		mac := hmac.New(sha1.New, []byte(turnConfig.SharedSecret))
+		_, err := mac.Write([]byte(resp.Username))
+
+		if err != nil {
+			return httputil.LogThenError(req, err)
+		}
+
+		resp.Username = fmt.Sprintf("%d:%s", expiry, device.UserID)
+		resp.Password = base64.StdEncoding.EncodeToString(mac.Sum(nil))
+	} else if turnConfig.Username != "" && turnConfig.Password != "" {
+		resp.Username = turnConfig.Username
+		resp.Password = turnConfig.Password
+	} else {
+		return util.JSONResponse{
+			Code: 200,
+			JSON: struct{}{},
+		}
+	}
+
+	return util.JSONResponse{
+		Code: 200,
+		JSON: resp,
+	}
+}

src/github.com/matrix-org/dendrite/common/config/config.go

@@ -150,6 +150,26 @@ type Dendrite struct {
 		PublicRoomsAPI DataSource `yaml:"public_rooms_api"`
 	} `yaml:"database"`
 
+	// TURN Server Config
+	TURN struct {
+		// TODO Guest Support
+		// Whether or not guests can request TURN credentials
+		//AllowGuests bool `yaml:"turn_allow_guests"`
+		// How long the authorization should last
+		UserLifetime string `yaml:"turn_user_lifetime"`
+		// The list of TURN URIs to pass to clients
+		URIs []string `yaml:"turn_uris"`
+
+		// Authorization via Shared Secret
+		// The shared secret from coturn
+		SharedSecret string `yaml:"turn_shared_secret"`
+
+		// Authorization via Static Username & Password
+		// Hardcoded Username and Password
+		Username string `yaml:"turn_username"`
+		Password string `yaml:"turn_password"`
+	}
+
 	// The internal addresses the components will listen on.
 	// These should not be exposed externally as they expose metrics and debugging APIs.
 	Listen struct {
@@ -341,10 +361,20 @@ func (config *Dendrite) check(monolithic bool) error {
 		}
 	}
 
+	checkValidDuration := func(key, value string) {
+		if _, err := time.ParseDuration(config.TURN.UserLifetime); err != nil {
+			problems = append(problems, fmt.Sprintf("invalid duration for config key %q: %s", key, value))
+		}
+	}
+
 	checkNotEmpty("matrix.server_name", string(config.Matrix.ServerName))
 	checkNotEmpty("matrix.private_key", string(config.Matrix.PrivateKeyPath))
 	checkNotZero("matrix.federation_certificates", int64(len(config.Matrix.FederationCertificatePaths)))
 
+	if config.TURN.UserLifetime != "" {
+		checkValidDuration("turn.turn_user_lifetime", config.TURN.UserLifetime)
+	}
+
 	checkNotEmpty("media.base_path", string(config.Media.BasePath))
 	checkPositive("media.max_file_size_bytes", int64(*config.Media.MaxFileSizeBytes))
 	checkPositive("media.max_thumbnail_generators", int64(config.Media.MaxThumbnailGenerators))