implement voip/turnServer API endpoint

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2025-12-12 09:23:09 -06:00 · 2017-11-07 21:00:46 +00:00 · 2017-11-07 21:00:46 +00:00 · 6858b00ed0
parent b7cfc2e057
commit 6858b00ed0
4 changed files with 124 additions and 6 deletions
--- a/dendrite-config.yaml
+++ b/dendrite-config.yaml
@ -54,6 +54,24 @@ media:
        height: 600
        method: scale

+# The config for the TURN server
+turn:
+    # Whether or not guests can request TURN credentials
+    turn_allow_guests: true
+    # How long the authorization should last
+    turn_user_lifetime: "1h"
+    # The list of TURN URIs to pass to clients
+    turn_uris: []
+
+    # Authorization via Shared Secret
+    # The shared secret from coturn
+    turn_shared_secret: "<SECRET STRING GOES HERE>"
+
+    # Authorization via Static Username & Password
+    # Hardcoded Username and Password
+    turn_username: ""
+    turn_password: ""
+
 # The config for communicating with kafka
 kafka:
    # Where the kafka servers are running.
--- a/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go
+++ b/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go
@ -284,12 +284,8 @@ func Setup(
 	).Methods("PUT", "OPTIONS")

 	r0mux.Handle("/voip/turnServer",
-		common.MakeExternalAPI("turn_server", func(req *http.Request) util.JSONResponse {
-			// TODO: Return credentials for a turn server if one is configured.
-			return util.JSONResponse{
-				Code: 200,
-				JSON: struct{}{},
-			}
+		common.MakeAuthAPI("turn_server", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse {
+			return RequestTurnServer(req, device, cfg)
 		}),
 	).Methods("GET")

--- a/src/github.com/matrix-org/dendrite/clientapi/routing/voip.go
+++ b/src/github.com/matrix-org/dendrite/clientapi/routing/voip.go
@ -0,0 +1,85 @@
+// Copyright 2017 Michael Telatysnki <7t3chguy@gmail.com>
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package routing
+
+import (
+	"net/http"
+
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/base64"
+	"fmt"
+	"time"
+
+	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
+	"github.com/matrix-org/dendrite/common/config"
+	"github.com/matrix-org/util"
+)
+
+type turnServerResponse struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+	URIs []string `json:"uris"`
+	TTL int `json:"ttl"`
+}
+
+func RequestTurnServer(req *http.Request, device *authtypes.Device, cfg config.Dendrite) util.JSONResponse {
+	turnConfig := cfg.TURN
+
+	// TODO Guest Support
+	if len(turnConfig.URIs) == 0 /* || (isGuest && !turnConfig.AllowGuests) */ {
+		return util.JSONResponse{
+			Code: 200,
+			JSON: struct{}{},
+		}
+	}
+
+	duration, err := time.ParseDuration(turnConfig.UserLifetime)
+	if err != nil {
+		util.GetLogger(req.Context()).WithError(err).Warn("Invalid configuration value turn.turn_user_lifetime")
+		return util.JSONResponse{
+			Code: 200,
+			JSON: struct{}{},
+		}
+	}
+
+	resp := turnServerResponse{
+		Username: turnConfig.Username,
+		Password: turnConfig.Password,
+		URIs: turnConfig.URIs,
+		TTL: int(duration.Seconds()),
+	}
+
+	if turnConfig.SharedSecret != "" {
+		expiry := time.Now().Add(duration).Unix()
+		resp.Username = fmt.Sprintf("%d:%s", expiry, device.UserID)
+
+		mac := hmac.New(sha1.New, []byte(turnConfig.SharedSecret))
+		mac.Write([]byte(resp.Username))
+		resp.Password = base64.StdEncoding.EncodeToString(mac.Sum(nil))
+	} else if turnConfig.Username != "" && turnConfig.Password != "" {
+		// Already have turnConfig.Username and turnConfig.Password in resp
+	} else {
+		return util.JSONResponse{
+			Code: 200,
+			JSON: struct{}{},
+		}
+	}
+
+	return util.JSONResponse{
+		Code: 200,
+		JSON: resp,
+	}
+}
--- a/src/github.com/matrix-org/dendrite/common/config/config.go
+++ b/src/github.com/matrix-org/dendrite/common/config/config.go
@ -150,6 +150,25 @@ type Dendrite struct {
 		PublicRoomsAPI DataSource `yaml:"public_rooms_api"`
 	} `yaml:"database"`

+	// TURN Server Config
+	TURN struct {
+		// Whether or not guests can request TURN credentials
+		AllowGuests bool `yaml:"turn_allow_guests"`
+		// How long the authorization should last
+		UserLifetime string `yaml:"turn_user_lifetime"`
+		// The list of TURN URIs to pass to clients
+		URIs []string `yaml:"turn_uris"`
+
+		// Authorization via Shared Secret
+		// The shared secret from coturn
+		SharedSecret string `yaml:"turn_shared_secret"`
+
+		// Authorization via Static Username & Password
+		// Hardcoded Username and Password
+		Username string `yaml:"turn_username"`
+		Password string `yaml:"turn_password"`
+	}
+
 	// The internal addresses the components will listen on.
 	// These should not be exposed externally as they expose metrics and debugging APIs.
 	Listen struct {