From 6858b00ed0e52f99efb4783b3ea5a82778c83e4d Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Tue, 7 Nov 2017 21:00:46 +0000 Subject: [PATCH] implement voip/turnServer API endpoint Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- dendrite-config.yaml | 18 ++++ .../dendrite/clientapi/routing/routing.go | 8 +- .../dendrite/clientapi/routing/voip.go | 85 +++++++++++++++++++ .../dendrite/common/config/config.go | 19 +++++ 4 files changed, 124 insertions(+), 6 deletions(-) create mode 100644 src/github.com/matrix-org/dendrite/clientapi/routing/voip.go diff --git a/dendrite-config.yaml b/dendrite-config.yaml index cb768a106..9baba8f94 100644 --- a/dendrite-config.yaml +++ b/dendrite-config.yaml @@ -54,6 +54,24 @@ media: height: 600 method: scale +# The config for the TURN server +turn: + # Whether or not guests can request TURN credentials + turn_allow_guests: true + # How long the authorization should last + turn_user_lifetime: "1h" + # The list of TURN URIs to pass to clients + turn_uris: [] + + # Authorization via Shared Secret + # The shared secret from coturn + turn_shared_secret: "" + + # Authorization via Static Username & Password + # Hardcoded Username and Password + turn_username: "" + turn_password: "" + # The config for communicating with kafka kafka: # Where the kafka servers are running. diff --git a/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go b/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go index ebf48ad6e..87f52ad09 100644 --- a/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go +++ b/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go @@ -284,12 +284,8 @@ func Setup( ).Methods("PUT", "OPTIONS") r0mux.Handle("/voip/turnServer", - common.MakeExternalAPI("turn_server", func(req *http.Request) util.JSONResponse { - // TODO: Return credentials for a turn server if one is configured. - return util.JSONResponse{ - Code: 200, - JSON: struct{}{}, - } + common.MakeAuthAPI("turn_server", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { + return RequestTurnServer(req, device, cfg) }), ).Methods("GET") diff --git a/src/github.com/matrix-org/dendrite/clientapi/routing/voip.go b/src/github.com/matrix-org/dendrite/clientapi/routing/voip.go new file mode 100644 index 000000000..c718a252c --- /dev/null +++ b/src/github.com/matrix-org/dendrite/clientapi/routing/voip.go @@ -0,0 +1,85 @@ +// Copyright 2017 Michael Telatysnki <7t3chguy@gmail.com> +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package routing + +import ( + "net/http" + + "crypto/hmac" + "crypto/sha1" + "encoding/base64" + "fmt" + "time" + + "github.com/matrix-org/dendrite/clientapi/auth/authtypes" + "github.com/matrix-org/dendrite/common/config" + "github.com/matrix-org/util" +) + +type turnServerResponse struct { + Username string `json:"username"` + Password string `json:"password"` + URIs []string `json:"uris"` + TTL int `json:"ttl"` +} + +func RequestTurnServer(req *http.Request, device *authtypes.Device, cfg config.Dendrite) util.JSONResponse { + turnConfig := cfg.TURN + + // TODO Guest Support + if len(turnConfig.URIs) == 0 /* || (isGuest && !turnConfig.AllowGuests) */ { + return util.JSONResponse{ + Code: 200, + JSON: struct{}{}, + } + } + + duration, err := time.ParseDuration(turnConfig.UserLifetime) + if err != nil { + util.GetLogger(req.Context()).WithError(err).Warn("Invalid configuration value turn.turn_user_lifetime") + return util.JSONResponse{ + Code: 200, + JSON: struct{}{}, + } + } + + resp := turnServerResponse{ + Username: turnConfig.Username, + Password: turnConfig.Password, + URIs: turnConfig.URIs, + TTL: int(duration.Seconds()), + } + + if turnConfig.SharedSecret != "" { + expiry := time.Now().Add(duration).Unix() + resp.Username = fmt.Sprintf("%d:%s", expiry, device.UserID) + + mac := hmac.New(sha1.New, []byte(turnConfig.SharedSecret)) + mac.Write([]byte(resp.Username)) + resp.Password = base64.StdEncoding.EncodeToString(mac.Sum(nil)) + } else if turnConfig.Username != "" && turnConfig.Password != "" { + // Already have turnConfig.Username and turnConfig.Password in resp + } else { + return util.JSONResponse{ + Code: 200, + JSON: struct{}{}, + } + } + + return util.JSONResponse{ + Code: 200, + JSON: resp, + } +} diff --git a/src/github.com/matrix-org/dendrite/common/config/config.go b/src/github.com/matrix-org/dendrite/common/config/config.go index 8f80aa2bc..1723848e7 100644 --- a/src/github.com/matrix-org/dendrite/common/config/config.go +++ b/src/github.com/matrix-org/dendrite/common/config/config.go @@ -150,6 +150,25 @@ type Dendrite struct { PublicRoomsAPI DataSource `yaml:"public_rooms_api"` } `yaml:"database"` + // TURN Server Config + TURN struct { + // Whether or not guests can request TURN credentials + AllowGuests bool `yaml:"turn_allow_guests"` + // How long the authorization should last + UserLifetime string `yaml:"turn_user_lifetime"` + // The list of TURN URIs to pass to clients + URIs []string `yaml:"turn_uris"` + + // Authorization via Shared Secret + // The shared secret from coturn + SharedSecret string `yaml:"turn_shared_secret"` + + // Authorization via Static Username & Password + // Hardcoded Username and Password + Username string `yaml:"turn_username"` + Password string `yaml:"turn_password"` + } + // The internal addresses the components will listen on. // These should not be exposed externally as they expose metrics and debugging APIs. Listen struct {