Ajout du paramètre GET tls qui lorsqu'il est sur 1 ne renvoi que les uris turns.

Ajout du paramètre AUTH_REQUIRED qui bloque la transmission du JSON pour toutes requêtes non authentifier par le proxy.
Ajout du support d'Apache en tant que proxy en plus de celui de Nginx déjà présent.

turnserverauth

@@ -1,4 +1,5 @@
 NODE_PORT=5000
 NODE_LISTEN_IP=127.0.0.1
 SECRET='changeme'
+AUTH_REQUIRED='no'
 TTL=8400

turnserverauth.js

@@ -4,42 +4,68 @@
 "use strict";
 const http = require('http');
 const hmacsha1 = require('hmacsha1');
+const url = require('url');
 const port = Number(process.env.NODE_PORT);
 const listenip = process.env.NODE_LISTEN_IP;
 const secret = process.env.SECRET;
+const auth_required = process.env.AUTH_REQUIRED;
 const ttl = Number(process.env.TTL);
+const turnserver = 'turn.blorand.org';
+const turn_ports = ['3478', '3479'];
+const turn_ports_tls = ['5349', '5350'];
 
 function onRequest(request, response) {
-  if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) {
+  if (request.headers['x-forwarded-for'] == undefined) {
-//	return response.status(401).json({ message: 'Missing Authorization Header' });
+    var IP = request.connection.remoteAddress;
-	console.log('Missing Authorization Header');
+  } else {
+    var IP = request.headers['x-forwarded-for'];
+  }
+
+  if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user']){
+    if ( auth_required == 'yes' ) {	
+    console.log('Missing Authenticated-user from : ' + IP + ' - REFUSED');
+       response.statusCode = 401;
+       response.end();
+       return;
+    }
+    console.log('Missing Authenticated-user from : ' + IP);
+  }
+  if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ')  === -1){
   } else {
 	const base64Credentials =  request.headers['x-forwarded-user'].split(' ')[1];
 	const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii');
 	var [httpusername, httppassword] = credentials.split(':');
   }
+  if (!request.headers['x-remote-user']) {
+  } else {
+	  var httpusername = request.headers['x-remote-user']
+  }
+  const queryObject = JSON.stringify(url.parse(request.url,true).query);
+  const getparameters = JSON.parse(queryObject);
   var timestamp = Date.now() / 1000 | 0;
   var expiry = (timestamp + ttl).toString(10);
   var turnusername = expiry + ':' + httpusername;
   var username_sha1 = hmacsha1(secret, turnusername);
   var turnpassword = username_sha1;
 
-  const data = JSON.stringify({
+  var uris = [];
-	username: turnusername,
+  if (!(getparameters.tls === "1")) {
-	password: turnpassword,
+        uris.push('turn:' + turnserver + ':' + turn_ports[0] + '?transport=udp');
-	ttl: ttl,
+        uris.push('turn:' + turnserver + ':' + turn_ports[1] + '?transport=tcp');
-	uris: [
-//		"turn:turn.blorand.org:3478?transport=udp",
-//		"turn:turn.blorand.org:3479?transport=tcp",
-		"turns:turn.blorand.org:5349?transport=udp",
-		"turns:turn.blorand.org:5350?transport=tcp"
-	],
-  })
-  if (request.headers['x-forwarded-for'] == undefined) {
-	var IP = request.connection.remoteAddress;
-  } else {
-	var IP = request.headers['x-forwarded-for'];
   }
+     var transport = 'tcp';
+     Array.prototype.forEach.call(turn_ports_tls, turn_port_tls => {
+    	  uris.push('turns:' + turnserver + ':' + turn_port_tls + '?transport=' + transport);
+     });
+
+  const data = JSON.stringify(
+	  {
+	  username: turnusername,
+	  password: turnpassword,
+	  ttl: ttl,
+	  uris: uris
+	  }
+  )
   console.log('turnauthserver : Requête reçue de : ' + IP);
   response.statusCode = 200;
   response.setHeader('Content-Type', 'application/json');