1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-12-22 15:25:48 +01:00

Implement coturn's use-auth-secret.

This commit is contained in:
Juliusz Chroboczek 2021-01-01 23:50:34 +01:00
parent dbec9df288
commit 845dccc2bb
2 changed files with 34 additions and 7 deletions

14
README
View file

@ -26,9 +26,9 @@ case of Academic and Enterprise networks), then you will need a TURN
server running on an innocent-looking TCP port. This is the recommended
setup.
You should probably be running your own TURN server — I use *coturn*. The
address of the TURN server is configured in the file `data/ice-servers.json`.
It should look like this:
You should probably be running your own TURN server. The address of the
TURN server is configured in the file `data/ice-servers.json`. It should
look like this:
[
{
@ -36,13 +36,13 @@ It should look like this:
"turn:turn.example.com:443",
"turn:turn.example.com:443?transport=tcp"
],
"username": "username",
"credential": "password"
"username": "galene",
"credential": "secret"
}
]
The port number, username and password should be the same as the ones in
your TURN server's configuration.
If you use coturn's `use-auth-secret` option, set `credentialType` to
`hmac-sha1`.
## Set up a group

View file

@ -1,8 +1,13 @@
package group
import (
"bytes"
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"log"
"os"
"sync/atomic"
@ -29,6 +34,28 @@ func getICEServer(server ICEServer) (webrtc.ICEServer, error) {
s.CredentialType = webrtc.ICECredentialTypePassword
case "oauth":
s.CredentialType = webrtc.ICECredentialTypeOauth
case "hmac-sha1":
cred, ok := server.Credential.(string)
if !ok {
return webrtc.ICEServer{},
errors.New("credential is not a string")
}
ts := time.Now().Unix() + 86400
var username string
if server.Username == "" {
username = fmt.Sprintf("%d", ts)
} else {
username = fmt.Sprintf("%d:%s", ts, server.Username)
}
mac := hmac.New(sha1.New, []byte(cred))
mac.Write([]byte(username))
buf := bytes.Buffer{}
e := base64.NewEncoder(base64.StdEncoding, &buf)
e.Write(mac.Sum(nil))
e.Close()
s.Username = username
s.Credential = string(buf.Bytes())
s.CredentialType = webrtc.ICECredentialTypePassword
default:
return webrtc.ICEServer{}, errors.New("unsupported credential type")
}