diff --git a/debian/changelog b/debian/changelog index f31211f..3fd6bd5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +turnserverauth (1.0-1.2) stable; urgency=medium + + * Ajout du support de haproxy + * Ajout du support des entêtes authorization + * Sépartion des informations du server TURN dans le fichier de configuration + * Ajout de commentaire + + -- Benoit LORAND Tue, 24 Mar 2020 19:51:41 +0100 + turnserverauth (1.0-1.1) stable; urgency=medium * Ajout du paramètre GET tls qui lorsqu'il est sur 1 ne renvoi que les uris turns. diff --git a/turnserverauth b/turnserverauth index 90a1c44..36f7faf 100644 --- a/turnserverauth +++ b/turnserverauth @@ -1,5 +1,34 @@ +# Port nodejs will use NODE_PORT=5000 + +# IP nodes will listen NODE_LISTEN_IP=127.0.0.1 + +# secret as defined in turnserver +# no default SECRET='changeme' -AUTH_REQUIRED='no' + +# TTL define how many time in seconds credentials will be available +# no default TTL=8400 + +# if AUTH_REQUIRED='yes', turnserverauth doesn't deliver JSON if no auth +# if AUTH_REQUIRED='no', and no auth exist, username will be suffixed by :undefined +# default to 'no' +AUTH_REQUIRED='no' + +# TURN_SERVER define the public IP of turnserver. +# It could be a FQDN +# One server only +# no default +TURN_SERVER='turn.blorand.org' + +# TURN_PORTS (non tls) define ports turnserver listen to +# space separated +# no default +TURN_PORTS="3478 3479" + +# TURNS_PORTS (tls) define tls ports turnserver listen to +# space separated +# no default +TURNS_PORTS="5349 5350" diff --git a/turnserverauth.js b/turnserverauth.js index 34e76ea..325c25c 100644 --- a/turnserverauth.js +++ b/turnserverauth.js @@ -1,5 +1,8 @@ +// turnserverauth.js +// writted by Benoit LORAND // -// +// webservice who deliver in JSON format turnserver ephemere credentials +// Should be behind a reverse proxy (Apache, Nginx, haproxy) who do basic authentication // "use strict"; const http = require('http'); @@ -10,9 +13,12 @@ const listenip = process.env.NODE_LISTEN_IP; const secret = process.env.SECRET; const auth_required = process.env.AUTH_REQUIRED; const ttl = Number(process.env.TTL); -const turnserver = 'turn.blorand.org'; -const turn_ports = ['3478', '3479']; -const turn_ports_tls = ['5349', '5350']; +const turnserver = process.env.TURN_SERVER; //'turn.blorand.org'; +const turn_ports = process.env.TURN_PORTS.split(' '); //['3478', '3479']; +const turn_ports_tls = process.env.TURNS_PORTS.split(' '); //['5349', '5350']; + +function foundhttpusername() { +} function onRequest(request, response) { if (request.headers['x-forwarded-for'] == undefined) { @@ -21,7 +27,7 @@ function onRequest(request, response) { var IP = request.headers['x-forwarded-for']; } - if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user']){ + if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user'] && ((!request.headers['authorization']) || request.headers['authorization'].indexOf('Basic ') === -1)){ if ( auth_required == 'yes' ) { console.log('Missing Authenticated-user from : ' + IP + ' - REFUSED'); response.statusCode = 401; @@ -30,16 +36,18 @@ function onRequest(request, response) { } console.log('Missing Authenticated-user from : ' + IP); } - if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ') === -1){ - } else { - const base64Credentials = request.headers['x-forwarded-user'].split(' ')[1]; - const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii'); - var [httpusername, httppassword] = credentials.split(':'); - } - if (!request.headers['x-remote-user']) { - } else { + Array.prototype.forEach.call(['x-forwarded-user', 'authorization'], authheader => { + if (request.headers[authheader] || (!request.headers[authheader] == 'undefined' && !request.headers[authheader].indexOf('Basic ') === -1)){ + const base64Credentials = request.headers[authheader].split(' ')[1]; + const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii'); + var [username, password] = credentials.split(':'); + } + httpusername = username; + }); + if (request.headers['x-remote-user']) { var httpusername = request.headers['x-remote-user'] } + const queryObject = JSON.stringify(url.parse(request.url,true).query); const getparameters = JSON.parse(queryObject); var timestamp = Date.now() / 1000 | 0; @@ -66,7 +74,7 @@ function onRequest(request, response) { uris: uris } ) - console.log('turnauthserver : Requête reçue de : ' + IP); + console.log('turnauthserver : Requête reçue de : ' + IP + ' by : ' + httpusername); response.statusCode = 200; response.setHeader('Content-Type', 'application/json'); response.write(data);