| author | Matthew Wild <mwild1@gmail.com> |
| Sat, 24 Sep 2022 09:25:46 +0100 | |
| changeset 5062 | 39c2824c2880 |
| parent 3981 | bbfcd786cc78 |
| permissions | -rw-r--r-- |
|
1059
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
1 |
-- XEP-0215 implementation for time-limited turn credentials |
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
2 |
-- Copyright (C) 2012-2013 Philipp Hancke |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
1326
diff
changeset
|
3 |
-- This file is MIT/X11 licensed. |
|
1059
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
4 |
|
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
5 |
local st = require "util.stanza"; |
|
1108
2da546139cb5
mod_turncredentials: Import HMAC from util.hashes
Kim Alvefur <zash@zash.se>
parents:
1059
diff
changeset
|
6 |
local hmac_sha1 = require "util.hashes".hmac_sha1; |
|
1059
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
7 |
local base64 = require "util.encodings".base64; |
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
8 |
local os_time = os.time; |
|
3646
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
9 |
local datetime = require "util.datetime".datetime; |
|
1169
0ae2c250f274
mod_turncredentials: Use type-specific get_option() methods where appropriate, and pass in default values
Matthew Wild <mwild1@gmail.com>
parents:
1168
diff
changeset
|
10 |
local secret = module:get_option_string("turncredentials_secret"); |
|
0ae2c250f274
mod_turncredentials: Use type-specific get_option() methods where appropriate, and pass in default values
Matthew Wild <mwild1@gmail.com>
parents:
1168
diff
changeset
|
11 |
local host = module:get_option_string("turncredentials_host"); -- use ip addresses here to avoid further dns lookup latency |
|
0ae2c250f274
mod_turncredentials: Use type-specific get_option() methods where appropriate, and pass in default values
Matthew Wild <mwild1@gmail.com>
parents:
1168
diff
changeset
|
12 |
local port = module:get_option_number("turncredentials_port", 3478); |
|
0ae2c250f274
mod_turncredentials: Use type-specific get_option() methods where appropriate, and pass in default values
Matthew Wild <mwild1@gmail.com>
parents:
1168
diff
changeset
|
13 |
local ttl = module:get_option_number("turncredentials_ttl", 86400); |
|
1059
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
14 |
if not (secret and host) then |
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
15 |
module:log("error", "turncredentials not configured"); |
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
16 |
return; |
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
17 |
end |
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
18 |
|
|
1326
afae347928d8
mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus)
Kim Alvefur <zash@zash.se>
parents:
1325
diff
changeset
|
19 |
module:add_feature("urn:xmpp:extdisco:1"); |
|
afae347928d8
mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus)
Kim Alvefur <zash@zash.se>
parents:
1325
diff
changeset
|
20 |
|
|
1170
6695c3098025
mod_turncredentials: Use iq-get event, to save checking attr.type manually
Matthew Wild <mwild1@gmail.com>
parents:
1169
diff
changeset
|
21 |
module:hook("iq-get/host/urn:xmpp:extdisco:1:services", function(event) |
|
1059
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
22 |
local origin, stanza = event.origin, event.stanza; |
|
1171
a18effacd384
mod_turncredentials: No need to check tag name, we're already in the event handler for the 'services' tag
Matthew Wild <mwild1@gmail.com>
parents:
1170
diff
changeset
|
23 |
if origin.type ~= "c2s" then |
|
1059
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
24 |
return; |
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
25 |
end |
|
3777
915c7bd5f754
mod_turncredentials: Rename variable for clarity
Kim Alvefur <zash@zash.se>
parents:
3646
diff
changeset
|
26 |
local expires_at = os_time() + ttl; |
|
915c7bd5f754
mod_turncredentials: Rename variable for clarity
Kim Alvefur <zash@zash.se>
parents:
3646
diff
changeset
|
27 |
local userpart = tostring(expires_at); |
|
1059
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
28 |
local nonce = base64.encode(hmac_sha1(secret, tostring(userpart), false)); |
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
29 |
origin.send(st.reply(stanza):tag("services", {xmlns = "urn:xmpp:extdisco:1"}) |
|
3565
deb5ece56c49
mod_turncredentials: Convert numeric attributes to strings (fixes #1339)
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
30 |
:tag("service", { type = "stun", host = host, port = ("%d"):format(port) }):up() |
|
deb5ece56c49
mod_turncredentials: Convert numeric attributes to strings (fixes #1339)
Kim Alvefur <zash@zash.se>
parents:
1343
diff
changeset
|
31 |
:tag("service", { type = "turn", host = host, port = ("%d"):format(port), username = userpart, password = nonce, ttl = ("%d"):format(ttl) }):up() |
|
1059
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
32 |
); |
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
33 |
return true; |
|
95ab35ef52ba
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials
Philipp Hancke <fippo@goodadvice.pages.de>
parents:
diff
changeset
|
34 |
end); |
|
3646
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
35 |
|
|
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
36 |
module:add_feature("urn:xmpp:extdisco:2"); |
|
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
37 |
|
|
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
38 |
module:hook("iq-get/host/urn:xmpp:extdisco:2:services", function(event) |
|
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
39 |
local origin, stanza = event.origin, event.stanza; |
|
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
40 |
if origin.type ~= "c2s" then |
|
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
41 |
return; |
|
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
42 |
end |
|
3777
915c7bd5f754
mod_turncredentials: Rename variable for clarity
Kim Alvefur <zash@zash.se>
parents:
3646
diff
changeset
|
43 |
local expires_at = os_time() + ttl; |
|
915c7bd5f754
mod_turncredentials: Rename variable for clarity
Kim Alvefur <zash@zash.se>
parents:
3646
diff
changeset
|
44 |
local userpart = tostring(expires_at); |
|
3646
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
45 |
local nonce = base64.encode(hmac_sha1(secret, tostring(userpart), false)); |
|
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
46 |
origin.send(st.reply(stanza):tag("services", {xmlns = "urn:xmpp:extdisco:2"}) |
|
3981
bbfcd786cc78
mod_turncredentials: Add 'transport' attribute
Wiktor Kwapisiewicz <wiktor@metacode.biz>
parents:
3778
diff
changeset
|
47 |
:tag("service", { type = "stun", transport = "udp", host = host, port = ("%d"):format(port) }):up() |
|
bbfcd786cc78
mod_turncredentials: Add 'transport' attribute
Wiktor Kwapisiewicz <wiktor@metacode.biz>
parents:
3778
diff
changeset
|
48 |
:tag("service", { type = "stun", transport = "tcp", host = host, port = ("%d"):format(port) }):up() |
|
bbfcd786cc78
mod_turncredentials: Add 'transport' attribute
Wiktor Kwapisiewicz <wiktor@metacode.biz>
parents:
3778
diff
changeset
|
49 |
:tag("service", { type = "turn", transport = "udp", host = host, port = ("%d"):format(port), username = userpart, password = nonce, expires = datetime(expires_at), restricted = "1" }):up() |
|
bbfcd786cc78
mod_turncredentials: Add 'transport' attribute
Wiktor Kwapisiewicz <wiktor@metacode.biz>
parents:
3778
diff
changeset
|
50 |
:tag("service", { type = "turn", transport = "tcp", host = host, port = ("%d"):format(port), username = userpart, password = nonce, expires = datetime(expires_at), restricted = "1" }):up() |
|
3646
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
51 |
); |
|
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
52 |
return true; |
|
2bbf655431be
mod_turncredentials: Add parallel implementation of XEP-0215 v0.7
Kim Alvefur <zash@zash.se>
parents:
3565
diff
changeset
|
53 |
end); |