From 8b750ff525a0c7425ab60dcfa30319974830f851 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 20 Mar 2020 18:46:27 +0100 Subject: [PATCH] =?UTF-8?q?Ajout=20du=20param=C3=A8tre=20GET=20tls=20qui?= =?UTF-8?q?=20lorsqu'il=20est=20sur=201=20ne=20renvoi=20que=20les=20uris?= =?UTF-8?q?=20turns.=20Ajout=20du=20param=C3=A8tre=20AUTH=5FREQUIRED=20qui?= =?UTF-8?q?=20bloque=20la=20transmission=20du=20JSON=20pour=20toutes=20req?= =?UTF-8?q?u=C3=AAtes=20non=20authentifier=20par=20le=20proxy.=20Ajout=20d?= =?UTF-8?q?u=20support=20d'Apache=20en=20tant=20que=20proxy=20en=20plus=20?= =?UTF-8?q?de=20celui=20de=20Nginx=20d=C3=A9j=C3=A0=20pr=C3=A9sent.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- turnserverauth | 1 + turnserverauth.js | 62 +++++++++++++++++++++++++++++++++-------------- 2 files changed, 45 insertions(+), 18 deletions(-) diff --git a/turnserverauth b/turnserverauth index 2113f3a..90a1c44 100644 --- a/turnserverauth +++ b/turnserverauth @@ -1,4 +1,5 @@ NODE_PORT=5000 NODE_LISTEN_IP=127.0.0.1 SECRET='changeme' +AUTH_REQUIRED='no' TTL=8400 diff --git a/turnserverauth.js b/turnserverauth.js index f9efa89..34e76ea 100644 --- a/turnserverauth.js +++ b/turnserverauth.js @@ -4,42 +4,68 @@ "use strict"; const http = require('http'); const hmacsha1 = require('hmacsha1'); +const url = require('url'); const port = Number(process.env.NODE_PORT); const listenip = process.env.NODE_LISTEN_IP; const secret = process.env.SECRET; +const auth_required = process.env.AUTH_REQUIRED; const ttl = Number(process.env.TTL); +const turnserver = 'turn.blorand.org'; +const turn_ports = ['3478', '3479']; +const turn_ports_tls = ['5349', '5350']; function onRequest(request, response) { - if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) { -// return response.status(401).json({ message: 'Missing Authorization Header' }); - console.log('Missing Authorization Header'); + if (request.headers['x-forwarded-for'] == undefined) { + var IP = request.connection.remoteAddress; + } else { + var IP = request.headers['x-forwarded-for']; + } + + if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user']){ + if ( auth_required == 'yes' ) { + console.log('Missing Authenticated-user from : ' + IP + ' - REFUSED'); + response.statusCode = 401; + response.end(); + return; + } + console.log('Missing Authenticated-user from : ' + IP); + } + if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ') === -1){ } else { const base64Credentials = request.headers['x-forwarded-user'].split(' ')[1]; const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii'); var [httpusername, httppassword] = credentials.split(':'); } + if (!request.headers['x-remote-user']) { + } else { + var httpusername = request.headers['x-remote-user'] + } + const queryObject = JSON.stringify(url.parse(request.url,true).query); + const getparameters = JSON.parse(queryObject); var timestamp = Date.now() / 1000 | 0; var expiry = (timestamp + ttl).toString(10); var turnusername = expiry + ':' + httpusername; var username_sha1 = hmacsha1(secret, turnusername); var turnpassword = username_sha1; - const data = JSON.stringify({ - username: turnusername, - password: turnpassword, - ttl: ttl, - uris: [ -// "turn:turn.blorand.org:3478?transport=udp", -// "turn:turn.blorand.org:3479?transport=tcp", - "turns:turn.blorand.org:5349?transport=udp", - "turns:turn.blorand.org:5350?transport=tcp" - ], - }) - if (request.headers['x-forwarded-for'] == undefined) { - var IP = request.connection.remoteAddress; - } else { - var IP = request.headers['x-forwarded-for']; + var uris = []; + if (!(getparameters.tls === "1")) { + uris.push('turn:' + turnserver + ':' + turn_ports[0] + '?transport=udp'); + uris.push('turn:' + turnserver + ':' + turn_ports[1] + '?transport=tcp'); } + var transport = 'tcp'; + Array.prototype.forEach.call(turn_ports_tls, turn_port_tls => { + uris.push('turns:' + turnserver + ':' + turn_port_tls + '?transport=' + transport); + }); + + const data = JSON.stringify( + { + username: turnusername, + password: turnpassword, + ttl: ttl, + uris: uris + } + ) console.log('turnauthserver : Requête reçue de : ' + IP); response.statusCode = 200; response.setHeader('Content-Type', 'application/json');