From d5d35b3e0f97b78f7ce27f7cc3ee805aaf14b21b Mon Sep 17 00:00:00 2001 From: root Date: Fri, 20 Mar 2020 02:25:33 +0100 Subject: [PATCH] Initial commit --- .../installed-by-dh_installdocs | 0 debian/changelog | 5 ++ debian/compat | 1 + debian/control | 17 ++++++ debian/copyright | 0 debian/postinst | 28 ++++++++++ debian/rules | 9 ++++ debian/source/format | 1 + turnserverauth | 4 ++ turnserverauth.js | 52 +++++++++++++++++++ turnserverauth.service | 14 +++++ 11 files changed, 131 insertions(+) create mode 100644 debian/.debhelper/generated/turnserverauth/installed-by-dh_installdocs create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100755 debian/postinst create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 turnserverauth create mode 100644 turnserverauth.js create mode 100644 turnserverauth.service diff --git a/debian/.debhelper/generated/turnserverauth/installed-by-dh_installdocs b/debian/.debhelper/generated/turnserverauth/installed-by-dh_installdocs new file mode 100644 index 0000000..e69de29 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..336b31b --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +turnserverauth (1.0-1) stable; urgency=medium + + * Initial release. + + -- Benoit LORAND Fri, 20 Mar 2020 01:40:00 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..f3cc9e1 --- /dev/null +++ b/debian/control @@ -0,0 +1,17 @@ +Source: turnserverauth +Maintainer: Benoit LORAND +Section: misc +Priority: optional +Standards-Version: 3.9.2 +Build-Depends: debhelper (>= 9) + +Package: turnserverauth +Architecture: all +Depends: ${shlibs:Depends}, + ${misc:Depends}, + nodejs, + npm +Suggests: nginx +Section: BLORAND +Priority: optional +Description: WebService pour distribuer des authentifications éphémères TURN diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..e69de29 diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 0000000..e81a2a9 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,28 @@ +#! /bin/bash + +set -e + +case "$1" in +configure) + npm --prefix /opt/turnserverauth/ install hmacsha1 + systemctl daemon-reload + systemctl --now enable turnserverauth.service + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + + + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..58727b0 --- /dev/null +++ b/debian/rules @@ -0,0 +1,9 @@ +#!/usr/bin/make -f +%: + dh $@ + +override_dh_auto_install: + install -D -m 0644 turnserverauth.js $$(pwd)/debian/turnserverauth/opt/turnserverauth/turnserverauth.js + install -D -m 0644 turnserverauth $$(pwd)/debian/turnserverauth/etc/default/turnserverauth + install -D -m 0644 turnserverauth.service $$(pwd)/debian/turnserverauth/lib/systemd/system/turnserverauth.service + diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/turnserverauth b/turnserverauth new file mode 100644 index 0000000..2113f3a --- /dev/null +++ b/turnserverauth @@ -0,0 +1,4 @@ +NODE_PORT=5000 +NODE_LISTEN_IP=127.0.0.1 +SECRET='changeme' +TTL=8400 diff --git a/turnserverauth.js b/turnserverauth.js new file mode 100644 index 0000000..f9efa89 --- /dev/null +++ b/turnserverauth.js @@ -0,0 +1,52 @@ +// +// +// +"use strict"; +const http = require('http'); +const hmacsha1 = require('hmacsha1'); +const port = Number(process.env.NODE_PORT); +const listenip = process.env.NODE_LISTEN_IP; +const secret = process.env.SECRET; +const ttl = Number(process.env.TTL); + +function onRequest(request, response) { + if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) { +// return response.status(401).json({ message: 'Missing Authorization Header' }); + console.log('Missing Authorization Header'); + } else { + const base64Credentials = request.headers['x-forwarded-user'].split(' ')[1]; + const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii'); + var [httpusername, httppassword] = credentials.split(':'); + } + var timestamp = Date.now() / 1000 | 0; + var expiry = (timestamp + ttl).toString(10); + var turnusername = expiry + ':' + httpusername; + var username_sha1 = hmacsha1(secret, turnusername); + var turnpassword = username_sha1; + + const data = JSON.stringify({ + username: turnusername, + password: turnpassword, + ttl: ttl, + uris: [ +// "turn:turn.blorand.org:3478?transport=udp", +// "turn:turn.blorand.org:3479?transport=tcp", + "turns:turn.blorand.org:5349?transport=udp", + "turns:turn.blorand.org:5350?transport=tcp" + ], + }) + if (request.headers['x-forwarded-for'] == undefined) { + var IP = request.connection.remoteAddress; + } else { + var IP = request.headers['x-forwarded-for']; + } + console.log('turnauthserver : Requête reçue de : ' + IP); + response.statusCode = 200; + response.setHeader('Content-Type', 'application/json'); + response.write(data); + response.end(); +} + + +http.createServer(onRequest).listen(port, listenip); +console.log(`turnauthserver running at http://${listenip}:${port}/`); diff --git a/turnserverauth.service b/turnserverauth.service new file mode 100644 index 0000000..58acea0 --- /dev/null +++ b/turnserverauth.service @@ -0,0 +1,14 @@ +[Unit] +Description=turnserverauth.js - webservice for negociating turn authentication +Documentation=https://www.blorand.org +After=network.target + +[Service] +EnvironmentFile=-/etc/default/turnserverauth +Type=simple +User=www-data +ExecStart=/usr/bin/node /opt/turnserverauth/turnserverauth.js +Restart=on-failure + +[Install] +WantedBy=multi-user.target