Corrections mineurs
This commit is contained in:
parent
cde2c32e88
commit
e64fa58ddc
9
debian/changelog
vendored
9
debian/changelog
vendored
@ -1,3 +1,12 @@
|
||||
turnserverauth (1.0-1.2) stable; urgency=medium
|
||||
|
||||
* Ajout du support de haproxy
|
||||
* Ajout du support des entêtes authorization
|
||||
* Sépartion des informations du server TURN dans le fichier de configuration
|
||||
* Ajout de commentaire
|
||||
|
||||
-- Benoit LORAND <benoit.lorand@blorand.org> Tue, 24 Mar 2020 19:51:41 +0100
|
||||
|
||||
turnserverauth (1.0-1.1) stable; urgency=medium
|
||||
|
||||
* Ajout du paramètre GET tls qui lorsqu'il est sur 1 ne renvoi que les uris turns.
|
||||
|
@ -1,5 +1,34 @@
|
||||
# Port nodejs will use
|
||||
NODE_PORT=5000
|
||||
|
||||
# IP nodes will listen
|
||||
NODE_LISTEN_IP=127.0.0.1
|
||||
|
||||
# secret as defined in turnserver
|
||||
# no default
|
||||
SECRET='changeme'
|
||||
AUTH_REQUIRED='no'
|
||||
|
||||
# TTL define how many time in seconds credentials will be available
|
||||
# no default
|
||||
TTL=8400
|
||||
|
||||
# if AUTH_REQUIRED='yes', turnserverauth doesn't deliver JSON if no auth
|
||||
# if AUTH_REQUIRED='no', and no auth exist, username will be suffixed by :undefined
|
||||
# default to 'no'
|
||||
AUTH_REQUIRED='no'
|
||||
|
||||
# TURN_SERVER define the public IP of turnserver.
|
||||
# It could be a FQDN
|
||||
# One server only
|
||||
# no default
|
||||
TURN_SERVER='turn.blorand.org'
|
||||
|
||||
# TURN_PORTS (non tls) define ports turnserver listen to
|
||||
# space separated
|
||||
# no default
|
||||
TURN_PORTS="3478 3479"
|
||||
|
||||
# TURNS_PORTS (tls) define tls ports turnserver listen to
|
||||
# space separated
|
||||
# no default
|
||||
TURNS_PORTS="5349 5350"
|
||||
|
@ -1,5 +1,8 @@
|
||||
// turnserverauth.js
|
||||
// writted by Benoit LORAND <benoit.lorand@blorand.org>
|
||||
//
|
||||
//
|
||||
// webservice who deliver in JSON format turnserver ephemere credentials
|
||||
// Should be behind a reverse proxy (Apache, Nginx, haproxy) who do basic authentication
|
||||
//
|
||||
"use strict";
|
||||
const http = require('http');
|
||||
@ -10,9 +13,12 @@ const listenip = process.env.NODE_LISTEN_IP;
|
||||
const secret = process.env.SECRET;
|
||||
const auth_required = process.env.AUTH_REQUIRED;
|
||||
const ttl = Number(process.env.TTL);
|
||||
const turnserver = 'turn.blorand.org';
|
||||
const turn_ports = ['3478', '3479'];
|
||||
const turn_ports_tls = ['5349', '5350'];
|
||||
const turnserver = process.env.TURN_SERVER; //'turn.blorand.org';
|
||||
const turn_ports = process.env.TURN_PORTS.split(' '); //['3478', '3479'];
|
||||
const turn_ports_tls = process.env.TURNS_PORTS.split(' '); //['5349', '5350'];
|
||||
|
||||
function foundhttpusername() {
|
||||
}
|
||||
|
||||
function onRequest(request, response) {
|
||||
if (request.headers['x-forwarded-for'] == undefined) {
|
||||
@ -21,7 +27,7 @@ function onRequest(request, response) {
|
||||
var IP = request.headers['x-forwarded-for'];
|
||||
}
|
||||
|
||||
if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user']){
|
||||
if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user'] && ((!request.headers['authorization']) || request.headers['authorization'].indexOf('Basic ') === -1)){
|
||||
if ( auth_required == 'yes' ) {
|
||||
console.log('Missing Authenticated-user from : ' + IP + ' - REFUSED');
|
||||
response.statusCode = 401;
|
||||
@ -30,16 +36,18 @@ function onRequest(request, response) {
|
||||
}
|
||||
console.log('Missing Authenticated-user from : ' + IP);
|
||||
}
|
||||
if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ') === -1){
|
||||
} else {
|
||||
const base64Credentials = request.headers['x-forwarded-user'].split(' ')[1];
|
||||
const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii');
|
||||
var [httpusername, httppassword] = credentials.split(':');
|
||||
}
|
||||
if (!request.headers['x-remote-user']) {
|
||||
} else {
|
||||
Array.prototype.forEach.call(['x-forwarded-user', 'authorization'], authheader => {
|
||||
if (request.headers[authheader] || (!request.headers[authheader] == 'undefined' && !request.headers[authheader].indexOf('Basic ') === -1)){
|
||||
const base64Credentials = request.headers[authheader].split(' ')[1];
|
||||
const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii');
|
||||
var [username, password] = credentials.split(':');
|
||||
}
|
||||
httpusername = username;
|
||||
});
|
||||
if (request.headers['x-remote-user']) {
|
||||
var httpusername = request.headers['x-remote-user']
|
||||
}
|
||||
|
||||
const queryObject = JSON.stringify(url.parse(request.url,true).query);
|
||||
const getparameters = JSON.parse(queryObject);
|
||||
var timestamp = Date.now() / 1000 | 0;
|
||||
@ -66,7 +74,7 @@ function onRequest(request, response) {
|
||||
uris: uris
|
||||
}
|
||||
)
|
||||
console.log('turnauthserver : Requête reçue de : ' + IP);
|
||||
console.log('turnauthserver : Requête reçue de : ' + IP + ' by : ' + httpusername);
|
||||
response.statusCode = 200;
|
||||
response.setHeader('Content-Type', 'application/json');
|
||||
response.write(data);
|
||||
|
Loading…
Reference in New Issue
Block a user