implement voip/turnServer API endpoint (#323)

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
This commit is contained in:
Michael Telatynski 2017-11-09 09:58:45 +00:00 committed by Erik Johnston
parent b7cfc2e057
commit 90396b5620
4 changed files with 135 additions and 6 deletions

View File

@ -54,6 +54,24 @@ media:
height: 600
method: scale
# The config for the TURN server
turn:
# Whether or not guests can request TURN credentials
turn_allow_guests: true
# How long the authorization should last
turn_user_lifetime: "1h"
# The list of TURN URIs to pass to clients
turn_uris: []
# Authorization via Shared Secret
# The shared secret from coturn
turn_shared_secret: "<SECRET STRING GOES HERE>"
# Authorization via Static Username & Password
# Hardcoded Username and Password
turn_username: ""
turn_password: ""
# The config for communicating with kafka
kafka:
# Where the kafka servers are running.

View File

@ -284,12 +284,8 @@ func Setup(
).Methods("PUT", "OPTIONS")
r0mux.Handle("/voip/turnServer",
common.MakeExternalAPI("turn_server", func(req *http.Request) util.JSONResponse {
// TODO: Return credentials for a turn server if one is configured.
return util.JSONResponse{
Code: 200,
JSON: struct{}{},
}
common.MakeAuthAPI("turn_server", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse {
return RequestTurnServer(req, device, cfg)
}),
).Methods("GET")

View File

@ -0,0 +1,85 @@
// Copyright 2017 Michael Telatysnki <7t3chguy@gmail.com>
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package routing
import (
"net/http"
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
"fmt"
"time"
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
"github.com/matrix-org/dendrite/common/config"
"github.com/matrix-org/util"
"github.com/matrix-org/dendrite/clientapi/httputil"
)
type turnServerResponse struct {
Username string `json:"username"`
Password string `json:"password"`
URIs []string `json:"uris"`
TTL int `json:"ttl"`
}
// RequestTurnServer implements:
// GET /voip/turnServer
func RequestTurnServer(req *http.Request, device *authtypes.Device, cfg config.Dendrite) util.JSONResponse {
turnConfig := cfg.TURN
// TODO Guest Support
if len(turnConfig.URIs) == 0 || turnConfig.UserLifetime == "" {
return util.JSONResponse{
Code: 200,
JSON: struct{}{},
}
}
// Duration checked at startup, err not possible
duration, _ := time.ParseDuration(turnConfig.UserLifetime)
resp := turnServerResponse{
URIs: turnConfig.URIs,
TTL: int(duration.Seconds()),
}
if turnConfig.SharedSecret != "" {
expiry := time.Now().Add(duration).Unix()
mac := hmac.New(sha1.New, []byte(turnConfig.SharedSecret))
_, err := mac.Write([]byte(resp.Username))
if err != nil {
return httputil.LogThenError(req, err)
}
resp.Username = fmt.Sprintf("%d:%s", expiry, device.UserID)
resp.Password = base64.StdEncoding.EncodeToString(mac.Sum(nil))
} else if turnConfig.Username != "" && turnConfig.Password != "" {
resp.Username = turnConfig.Username
resp.Password = turnConfig.Password
} else {
return util.JSONResponse{
Code: 200,
JSON: struct{}{},
}
}
return util.JSONResponse{
Code: 200,
JSON: resp,
}
}

View File

@ -150,6 +150,26 @@ type Dendrite struct {
PublicRoomsAPI DataSource `yaml:"public_rooms_api"`
} `yaml:"database"`
// TURN Server Config
TURN struct {
// TODO Guest Support
// Whether or not guests can request TURN credentials
//AllowGuests bool `yaml:"turn_allow_guests"`
// How long the authorization should last
UserLifetime string `yaml:"turn_user_lifetime"`
// The list of TURN URIs to pass to clients
URIs []string `yaml:"turn_uris"`
// Authorization via Shared Secret
// The shared secret from coturn
SharedSecret string `yaml:"turn_shared_secret"`
// Authorization via Static Username & Password
// Hardcoded Username and Password
Username string `yaml:"turn_username"`
Password string `yaml:"turn_password"`
}
// The internal addresses the components will listen on.
// These should not be exposed externally as they expose metrics and debugging APIs.
Listen struct {
@ -341,10 +361,20 @@ func (config *Dendrite) check(monolithic bool) error {
}
}
checkValidDuration := func(key, value string) {
if _, err := time.ParseDuration(config.TURN.UserLifetime); err != nil {
problems = append(problems, fmt.Sprintf("invalid duration for config key %q: %s", key, value))
}
}
checkNotEmpty("matrix.server_name", string(config.Matrix.ServerName))
checkNotEmpty("matrix.private_key", string(config.Matrix.PrivateKeyPath))
checkNotZero("matrix.federation_certificates", int64(len(config.Matrix.FederationCertificatePaths)))
if config.TURN.UserLifetime != "" {
checkValidDuration("turn.turn_user_lifetime", config.TURN.UserLifetime)
}
checkNotEmpty("media.base_path", string(config.Media.BasePath))
checkPositive("media.max_file_size_bytes", int64(*config.Media.MaxFileSizeBytes))
checkPositive("media.max_thumbnail_generators", int64(config.Media.MaxThumbnailGenerators))