mirror of
https://github.com/jech/galene.git
synced 2024-11-12 19:55:59 +01:00
Implement coturn's use-auth-secret.
This commit is contained in:
Juliusz Chroboczek
parent
dbec9df288
commit
845dccc2bb
2 changed files with 34 additions and 7 deletions
14
README
14
README
|
|
@ -26,9 +26,9 @@ case of Academic and Enterprise networks), then you will need a TURN
|
||||||
server running on an innocent-looking TCP port. This is the recommended
|
server running on an innocent-looking TCP port. This is the recommended
|
||||||
setup.
|
setup.
|
||||||
|
|
||||||
You should probably be running your own TURN server — I use *coturn*. The
|
You should probably be running your own TURN server. The address of the
|
||||||
address of the TURN server is configured in the file `data/ice-servers.json`.
|
TURN server is configured in the file `data/ice-servers.json`. It should
|
||||||
It should look like this:
|
look like this:
|
||||||
|
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
|
|
@ -36,13 +36,13 @@ It should look like this:
|
||||||
"turn:turn.example.com:443",
|
"turn:turn.example.com:443",
|
||||||
"turn:turn.example.com:443?transport=tcp"
|
"turn:turn.example.com:443?transport=tcp"
|
||||||
],
|
],
|
||||||
"username": "username",
|
"username": "galene",
|
||||||
"credential": "password"
|
"credential": "secret"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
||||||
The port number, username and password should be the same as the ones in
|
If you use coturn's `use-auth-secret` option, set `credentialType` to
|
||||||
your TURN server's configuration.
|
`hmac-sha1`.
|
||||||
|
|
||||||
## Set up a group
|
## Set up a group
|
||||||
|
|
||||||
|
|
|
||||||
27
group/ice.go
27
group/ice.go
|
|
@ -1,8 +1,13 @@
|
||||||
package group
|
package group
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
|
"crypto/hmac"
|
||||||
|
"crypto/sha1"
|
||||||
|
"encoding/base64"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"sync/atomic"
|
"sync/atomic"
|
||||||
|
|
@ -29,6 +34,28 @@ func getICEServer(server ICEServer) (webrtc.ICEServer, error) {
|
||||||
s.CredentialType = webrtc.ICECredentialTypePassword
|
s.CredentialType = webrtc.ICECredentialTypePassword
|
||||||
case "oauth":
|
case "oauth":
|
||||||
s.CredentialType = webrtc.ICECredentialTypeOauth
|
s.CredentialType = webrtc.ICECredentialTypeOauth
|
||||||
|
case "hmac-sha1":
|
||||||
|
cred, ok := server.Credential.(string)
|
||||||
|
if !ok {
|
||||||
|
return webrtc.ICEServer{},
|
||||||
|
errors.New("credential is not a string")
|
||||||
|
}
|
||||||
|
ts := time.Now().Unix() + 86400
|
||||||
|
var username string
|
||||||
|
if server.Username == "" {
|
||||||
|
username = fmt.Sprintf("%d", ts)
|
||||||
|
} else {
|
||||||
|
username = fmt.Sprintf("%d:%s", ts, server.Username)
|
||||||
|
}
|
||||||
|
mac := hmac.New(sha1.New, []byte(cred))
|
||||||
|
mac.Write([]byte(username))
|
||||||
|
buf := bytes.Buffer{}
|
||||||
|
e := base64.NewEncoder(base64.StdEncoding, &buf)
|
||||||
|
e.Write(mac.Sum(nil))
|
||||||
|
e.Close()
|
||||||
|
s.Username = username
|
||||||
|
s.Credential = string(buf.Bytes())
|
||||||
|
s.CredentialType = webrtc.ICECredentialTypePassword
|
||||||
default:
|
default:
|
||||||
return webrtc.ICEServer{}, errors.New("unsupported credential type")
|
return webrtc.ICEServer{}, errors.New("unsupported credential type")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue