benoit
/
turnserverauth
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Corrections mineurs

This commit is contained in:
root 2020-03-24 20:06:35 +01:00
parent cde2c32e88
commit e64fa58ddc
3 changed files with 61 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
debian/changelog vendored
View File

@ -1,3 +1,12 @@
turnserverauth (1.0-1.2) stable; urgency=medium
* Ajout du support de haproxy
* Ajout du support des entêtes authorization
* Sépartion des informations du server TURN dans le fichier de configuration
* Ajout de commentaire
-- Benoit LORAND <benoit.lorand@blorand.org> Tue, 24 Mar 2020 19:51:41 +0100
turnserverauth (1.0-1.1) stable; urgency=medium turnserverauth (1.0-1.1) stable; urgency=medium
* Ajout du paramètre GET tls qui lorsqu'il est sur 1 ne renvoi que les uris turns. * Ajout du paramètre GET tls qui lorsqu'il est sur 1 ne renvoi que les uris turns.

31
turnserverauth
View File

@ -1,5 +1,34 @@
# Port nodejs will use
NODE_PORT=5000 NODE_PORT=5000
# IP nodes will listen
NODE_LISTEN_IP=127.0.0.1 NODE_LISTEN_IP=127.0.0.1
# secret as defined in turnserver
# no default
SECRET='changeme' SECRET='changeme'
AUTH_REQUIRED='no'
# TTL define how many time in seconds credentials will be available
# no default
TTL=8400 TTL=8400
# if AUTH_REQUIRED='yes', turnserverauth doesn't deliver JSON if no auth
# if AUTH_REQUIRED='no', and no auth exist, username will be suffixed by :undefined
# default to 'no'
AUTH_REQUIRED='no'
# TURN_SERVER define the public IP of turnserver.
# It could be a FQDN
# One server only
# no default
TURN_SERVER='turn.blorand.org'
# TURN_PORTS (non tls) define ports turnserver listen to
# space separated
# no default
TURN_PORTS="3478 3479"
# TURNS_PORTS (tls) define tls ports turnserver listen to
# space separated
# no default
TURNS_PORTS="5349 5350"

36
turnserverauth.js
View File

@ -1,5 +1,8 @@
// turnserverauth.js
// writted by Benoit LORAND <benoit.lorand@blorand.org>
// //
// // webservice who deliver in JSON format turnserver ephemere credentials
// Should be behind a reverse proxy (Apache, Nginx, haproxy) who do basic authentication
// //
"use strict"; "use strict";
const http = require('http'); const http = require('http');
@ -10,9 +13,12 @@ const listenip = process.env.NODE_LISTEN_IP;
const secret = process.env.SECRET; const secret = process.env.SECRET;
const auth_required = process.env.AUTH_REQUIRED; const auth_required = process.env.AUTH_REQUIRED;
const ttl = Number(process.env.TTL); const ttl = Number(process.env.TTL);
const turnserver = 'turn.blorand.org'; const turnserver = process.env.TURN_SERVER; //'turn.blorand.org';
const turn_ports = ['3478', '3479']; const turn_ports = process.env.TURN_PORTS.split(' '); //['3478', '3479'];
const turn_ports_tls = ['5349', '5350']; const turn_ports_tls = process.env.TURNS_PORTS.split(' '); //['5349', '5350'];
function foundhttpusername() {
}
function onRequest(request, response) { function onRequest(request, response) {
if (request.headers['x-forwarded-for'] == undefined) { if (request.headers['x-forwarded-for'] == undefined) {
@ -21,7 +27,7 @@ function onRequest(request, response) {
var IP = request.headers['x-forwarded-for']; var IP = request.headers['x-forwarded-for'];
} }
if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user']){ if (((!request.headers['x-forwarded-user']) || request.headers['x-forwarded-user'].indexOf('Basic ') === -1) && !request.headers['x-remote-user'] && ((!request.headers['authorization']) || request.headers['authorization'].indexOf('Basic ') === -1)){
if ( auth_required == 'yes' ) { if ( auth_required == 'yes' ) {
console.log('Missing Authenticated-user from : ' + IP + ' - REFUSED'); console.log('Missing Authenticated-user from : ' + IP + ' - REFUSED');
response.statusCode = 401; response.statusCode = 401;
@ -30,16 +36,18 @@ function onRequest(request, response) {
} }
console.log('Missing Authenticated-user from : ' + IP); console.log('Missing Authenticated-user from : ' + IP);
} }
if (!request.headers['x-forwarded-user'] || request.headers['x-forwarded-user'].indexOf('Basic ') === -1){ Array.prototype.forEach.call(['x-forwarded-user', 'authorization'], authheader => {
} else { if (request.headers[authheader] || (!request.headers[authheader] == 'undefined' && !request.headers[authheader].indexOf('Basic ') === -1)){
const base64Credentials = request.headers['x-forwarded-user'].split(' ')[1]; const base64Credentials = request.headers[authheader].split(' ')[1];
const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii'); const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii');
var [httpusername, httppassword] = credentials.split(':'); var [username, password] = credentials.split(':');
} }
if (!request.headers['x-remote-user']) { httpusername = username;
} else { });
if (request.headers['x-remote-user']) {
var httpusername = request.headers['x-remote-user'] var httpusername = request.headers['x-remote-user']
} }
const queryObject = JSON.stringify(url.parse(request.url,true).query); const queryObject = JSON.stringify(url.parse(request.url,true).query);
const getparameters = JSON.parse(queryObject); const getparameters = JSON.parse(queryObject);
var timestamp = Date.now() / 1000 | 0; var timestamp = Date.now() / 1000 | 0;
@ -66,7 +74,7 @@ function onRequest(request, response) {
uris: uris uris: uris
} }
) )
console.log('turnauthserver : Requête reçue de : ' + IP); console.log('turnauthserver : Requête reçue de : ' + IP + ' by : ' + httpusername);
response.statusCode = 200; response.statusCode = 200;
response.setHeader('Content-Type', 'application/json'); response.setHeader('Content-Type', 'application/json');
response.write(data); response.write(data);