Initial commit

debian/changelog

@@ -0,0 +1,5 @@
+turnserverauth (1.0-1) stable; urgency=medium
+
+  * Initial release.
+
+ -- Benoit LORAND <benoit.lorand@blorand.org>  Fri, 20 Mar 2020 01:40:00 +0100

debian/compat

@@ -0,0 +1 @@
+10

debian/control

@@ -0,0 +1,17 @@
+Source: turnserverauth
+Maintainer: Benoit LORAND <benoit.lorand@blorand.fr>
+Section: misc
+Priority: optional
+Standards-Version: 3.9.2
+Build-Depends: debhelper (>= 9)
+
+Package: turnserverauth
+Architecture: all
+Depends: ${shlibs:Depends},
+	${misc:Depends},
+	nodejs,
+	npm
+Suggests: nginx
+Section: BLORAND
+Priority: optional
+Description: WebService pour distribuer des authentifications éphémères TURN

debian/postinst

@@ -0,0 +1,28 @@
+#! /bin/bash
+
+set -e
+
+case "$1" in
+configure)
+	npm --prefix /opt/turnserverauth/ install hmacsha1
+	systemctl daemon-reload
+	systemctl --now enable turnserverauth.service
+
+	;;
+
+	abort-upgrade|abort-remove|abort-deconfigure)
+	
+	;;
+
+	*)
+	echo "postinst called with unknown argument \`$1'" >&2
+	exit 0
+	;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+
+
+exit 0

debian/rules

@@ -0,0 +1,9 @@
+#!/usr/bin/make -f  
+%:  
+	dh $@
+
+override_dh_auto_install:
+	install -D -m 0644 turnserverauth.js $$(pwd)/debian/turnserverauth/opt/turnserverauth/turnserverauth.js
+	install -D -m 0644 turnserverauth $$(pwd)/debian/turnserverauth/etc/default/turnserverauth
+	install -D -m 0644 turnserverauth.service $$(pwd)/debian/turnserverauth/lib/systemd/system/turnserverauth.service
+

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

turnserverauth

@@ -0,0 +1,4 @@
+NODE_PORT=5000
+NODE_LISTEN_IP=127.0.0.1
+SECRET='changeme'
+TTL=8400

turnserverauth.js

@@ -0,0 +1,52 @@
+//
+//
+//
+"use strict";
+const http = require('http');
+const hmacsha1 = require('hmacsha1');
+const port = Number(process.env.NODE_PORT);
+const listenip = process.env.NODE_LISTEN_IP;
+const secret = process.env.SECRET;
+const ttl = Number(process.env.TTL);
+
+function onRequest(request, response) {
+  if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) {
+//	return response.status(401).json({ message: 'Missing Authorization Header' });
+	console.log('Missing Authorization Header');
+  } else {
+	const base64Credentials =  request.headers['x-forwarded-user'].split(' ')[1];
+	const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii');
+	var [httpusername, httppassword] = credentials.split(':');
+  }
+  var timestamp = Date.now() / 1000 | 0;
+  var expiry = (timestamp + ttl).toString(10);
+  var turnusername = expiry + ':' + httpusername;
+  var username_sha1 = hmacsha1(secret, turnusername);
+  var turnpassword = username_sha1;
+
+  const data = JSON.stringify({
+	username: turnusername,
+	password: turnpassword,
+	ttl: ttl,
+	uris: [
+//		"turn:turn.blorand.org:3478?transport=udp",
+//		"turn:turn.blorand.org:3479?transport=tcp",
+		"turns:turn.blorand.org:5349?transport=udp",
+		"turns:turn.blorand.org:5350?transport=tcp"
+	],
+  })
+  if (request.headers['x-forwarded-for'] == undefined) {
+	var IP = request.connection.remoteAddress;
+  } else {
+	var IP = request.headers['x-forwarded-for'];
+  }
+  console.log('turnauthserver : Requête reçue de : ' + IP);
+  response.statusCode = 200;
+  response.setHeader('Content-Type', 'application/json');
+  response.write(data);
+  response.end();
+}
+
+
+http.createServer(onRequest).listen(port, listenip);
+console.log(`turnauthserver running at http://${listenip}:${port}/`);

turnserverauth.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=turnserverauth.js - webservice for negociating turn authentication
+Documentation=https://www.blorand.org
+After=network.target
+
+[Service]
+EnvironmentFile=-/etc/default/turnserverauth
+Type=simple
+User=www-data
+ExecStart=/usr/bin/node /opt/turnserverauth/turnserverauth.js
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target