benoit/turnserverauth
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8b750ff525
turnserverauth/turnserverauth.js
root 8b750ff525 Ajout du paramètre GET tls qui lorsqu'il est sur 1 ne renvoi que les uris turns. 
Ajout du paramètre AUTH_REQUIRED qui bloque la transmission du JSON pour toutes requêtes non authentifier par le proxy.
Ajout du support d'Apache en tant que proxy en plus de celui de Nginx déjà présent.
2020-03-20 18:46:27 +01:00

79 lines
2.7 KiB
JavaScript
Raw Blame History

//
//
//
"use strict";
const http = require('http');
const hmacsha1 = require('hmacsha1');
const url = require('url');
const port = Number(process.env.NODE_PORT);
const listenip = process.env.NODE_LISTEN_IP;
const secret = process.env.SECRET;
const auth_required = process.env.AUTH_REQUIRED;
const ttl = Number(process.env.TTL);
const turnserver = 'turn.blorand.org';
const turn_ports = ['3478', '3479'];
const turn_ports_tls = ['5349', '5350'];
function onRequest(request, response) {
if (request.headers['x-forwarded-for'] == undefined) {
var IP = request.connection.remoteAddress;
} else {
var IP = request.headers['x-forwarded-for'];
}
if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user']){
if ( auth_required == 'yes' ) {
console.log('Missing Authenticated-user from : ' + IP + ' - REFUSED');
response.statusCode = 401;
response.end();
return;
}
console.log('Missing Authenticated-user from : ' + IP);
}
if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ') === -1){
} else {
const base64Credentials = request.headers['x-forwarded-user'].split(' ')[1];
const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii');
var [httpusername, httppassword] = credentials.split(':');
}
if (!request.headers['x-remote-user']) {
} else {
var httpusername = request.headers['x-remote-user']
}
const queryObject = JSON.stringify(url.parse(request.url,true).query);
const getparameters = JSON.parse(queryObject);
var timestamp = Date.now() / 1000 | 0;
var expiry = (timestamp + ttl).toString(10);
var turnusername = expiry + ':' + httpusername;
var username_sha1 = hmacsha1(secret, turnusername);
var turnpassword = username_sha1;
var uris = [];
if (!(getparameters.tls === "1")) {
uris.push('turn:' + turnserver + ':' + turn_ports[0] + '?transport=udp');
uris.push('turn:' + turnserver + ':' + turn_ports[1] + '?transport=tcp');
}
var transport = 'tcp';
Array.prototype.forEach.call(turn_ports_tls, turn_port_tls => {
uris.push('turns:' + turnserver + ':' + turn_port_tls + '?transport=' + transport);
});
const data = JSON.stringify(
{
username: turnusername,
password: turnpassword,
ttl: ttl,
uris: uris
}
)
console.log('turnauthserver : Requête reçue de : ' + IP);
response.statusCode = 200;
response.setHeader('Content-Type', 'application/json');
response.write(data);
response.end();
}
http.createServer(onRequest).listen(port, listenip);
console.log(`turnauthserver running at http://${listenip}:${port}/`);
Reference in New Issue View Git Blame Copy Permalink