Corrections mineurs

This commit is contained in:
root 2020-03-24 20:06:35 +01:00
parent cde2c32e88
commit e64fa58ddc
3 changed files with 61 additions and 15 deletions

9
debian/changelog vendored
View File

@ -1,3 +1,12 @@
turnserverauth (1.0-1.2) stable; urgency=medium
* Ajout du support de haproxy
* Ajout du support des entêtes authorization
* Sépartion des informations du server TURN dans le fichier de configuration
* Ajout de commentaire
-- Benoit LORAND <benoit.lorand@blorand.org> Tue, 24 Mar 2020 19:51:41 +0100
turnserverauth (1.0-1.1) stable; urgency=medium
* Ajout du paramètre GET tls qui lorsqu'il est sur 1 ne renvoi que les uris turns.

View File

@ -1,5 +1,34 @@
# Port nodejs will use
NODE_PORT=5000
# IP nodes will listen
NODE_LISTEN_IP=127.0.0.1
# secret as defined in turnserver
# no default
SECRET='changeme'
AUTH_REQUIRED='no'
# TTL define how many time in seconds credentials will be available
# no default
TTL=8400
# if AUTH_REQUIRED='yes', turnserverauth doesn't deliver JSON if no auth
# if AUTH_REQUIRED='no', and no auth exist, username will be suffixed by :undefined
# default to 'no'
AUTH_REQUIRED='no'
# TURN_SERVER define the public IP of turnserver.
# It could be a FQDN
# One server only
# no default
TURN_SERVER='turn.blorand.org'
# TURN_PORTS (non tls) define ports turnserver listen to
# space separated
# no default
TURN_PORTS="3478 3479"
# TURNS_PORTS (tls) define tls ports turnserver listen to
# space separated
# no default
TURNS_PORTS="5349 5350"

View File

@ -1,5 +1,8 @@
// turnserverauth.js
// writted by Benoit LORAND <benoit.lorand@blorand.org>
//
//
// webservice who deliver in JSON format turnserver ephemere credentials
// Should be behind a reverse proxy (Apache, Nginx, haproxy) who do basic authentication
//
"use strict";
const http = require('http');
@ -10,9 +13,12 @@ const listenip = process.env.NODE_LISTEN_IP;
const secret = process.env.SECRET;
const auth_required = process.env.AUTH_REQUIRED;
const ttl = Number(process.env.TTL);
const turnserver = 'turn.blorand.org';
const turn_ports = ['3478', '3479'];
const turn_ports_tls = ['5349', '5350'];
const turnserver = process.env.TURN_SERVER; //'turn.blorand.org';
const turn_ports = process.env.TURN_PORTS.split(' '); //['3478', '3479'];
const turn_ports_tls = process.env.TURNS_PORTS.split(' '); //['5349', '5350'];
function foundhttpusername() {
}
function onRequest(request, response) {
if (request.headers['x-forwarded-for'] == undefined) {
@ -21,7 +27,7 @@ function onRequest(request, response) {
var IP = request.headers['x-forwarded-for'];
}
if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user']){
if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user'] && ((!request.headers['authorization']) || request.headers['authorization'].indexOf('Basic ') === -1)){
if ( auth_required == 'yes' ) {
console.log('Missing Authenticated-user from : ' + IP + ' - REFUSED');
response.statusCode = 401;
@ -30,16 +36,18 @@ function onRequest(request, response) {
}
console.log('Missing Authenticated-user from : ' + IP);
}
if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ') === -1){
} else {
const base64Credentials = request.headers['x-forwarded-user'].split(' ')[1];
const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii');
var [httpusername, httppassword] = credentials.split(':');
}
if (!request.headers['x-remote-user']) {
} else {
Array.prototype.forEach.call(['x-forwarded-user', 'authorization'], authheader => {
if (request.headers[authheader] || (!request.headers[authheader] == 'undefined' && !request.headers[authheader].indexOf('Basic ') === -1)){
const base64Credentials = request.headers[authheader].split(' ')[1];
const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii');
var [username, password] = credentials.split(':');
}
httpusername = username;
});
if (request.headers['x-remote-user']) {
var httpusername = request.headers['x-remote-user']
}
const queryObject = JSON.stringify(url.parse(request.url,true).query);
const getparameters = JSON.parse(queryObject);
var timestamp = Date.now() / 1000 | 0;
@ -66,7 +74,7 @@ function onRequest(request, response) {
uris: uris
}
)
console.log('turnauthserver : Requête reçue de : ' + IP);
console.log('turnauthserver : Requête reçue de : ' + IP + ' by : ' + httpusername);
response.statusCode = 200;
response.setHeader('Content-Type', 'application/json');
response.write(data);