sualko · April 25, 2020 18:23 · immanuelfodor · Apr 25, 2020 · immanuelfodor · Apr 25, 2020
diff --git a/mod_turncredentials.lua b/mod_turncredentials.lua
 -- This is basically copied from andyet [1], except that it adds the required 
 -- namespace and fixes a small tab/space issue. Compared to the official module [2] 
 -- this module allows to pass multiple TURN/STUN addresses.
 -- [1] https://github.com/andyet/otalk-server/blob/50d5d385f8d81fd133c4f880ee8873b1273ee867/mod_turncredentials/mod_turncredentials.lua
 -- [2] https://hg.prosody.im/prosody-modules/file/tip/mod_turncredentials/mod_turncredentials.lua

 -- XEP-0215 implementation for time-limited turn credentials
 -- Copyright (C) 2012-2013 Philipp Hancke
 -- This file is MIT/X11 licensed.

 --turncredentials_secret = "keepthissecret";
 --turncredentials = {
 --    { type = "stun", host = "8.8.8.8" },
 --    { type = "turn", host = "8.8.8.8", port = 3478 },
 --    { type = "turn", host = "8.8.8.8", port = 80, transport = "tcp" }
 --}
 -- for stun servers, host is required, port defaults to 3478
 -- for turn servers, host is required, port defaults to tcp,
 --          transport defaults to udp

 local st = require "util.stanza";
 local hmac_sha1 = require "util.hashes".hmac_sha1;
 local base64 = require "util.encodings".base64;
 local os_time = os.time;
 local secret = module:get_option_string("turncredentials_secret");
 local ttl = module:get_option_number("turncredentials_ttl", 86400);
 local hosts = module:get_option("turncredentials") or {};
 if not (secret) then
    module:log("error", "turncredentials not configured");
    return;
 end

 module:add_feature("urn:xmpp:extdisco:2");

 module:hook_global("config-reloaded", function()
    module:log("debug", "config-reloaded")
    secret = module:get_option_string("turncredentials_secret");
    ttl = module:get_option_number("turncredentials_ttl", 86400);
    hosts = module:get_option("turncredentials") or {};
 end);

 module:hook("iq-get/host/urn:xmpp:extdisco:2:services", function(event)
    local origin, stanza = event.origin, event.stanza;
    if origin.type ~= "c2s" then
        return;
    end
    local now = os_time() + ttl;
    local userpart = tostring(now);
    local nonce = base64.encode(hmac_sha1(secret, tostring(userpart), false));
    local reply = st.reply(stanza):tag("services", {xmlns = "urn:xmpp:extdisco:2"})
    for idx, item in pairs(hosts) do
        if item.type == "stun" or item.type == "stuns" then
            -- stun items need host and port (defaults to 3478)
            reply:tag("service", item):up();
        elseif item.type == "turn" or item.type == "turns" then
            -- turn items need host, port (defaults to 3478),
            -- transport (defaults to udp)
            -- username, password, ttl
            item.username = userpart;
            item.password = nonce;
            item.ttl = ttl;
            reply:tag("service", item):up();
        end
    end
    origin.send(reply);
    return true;
 end);
	-- This is basically copied from andyet [1], except that it adds the required
	-- namespace and fixes a small tab/space issue. Compared to the official module [2]
	-- this module allows to pass multiple TURN/STUN addresses.
	-- [1] https://github.com/andyet/otalk-server/blob/50d5d385f8d81fd133c4f880ee8873b1273ee867/mod_turncredentials/mod_turncredentials.lua
	-- [2] https://hg.prosody.im/prosody-modules/file/tip/mod_turncredentials/mod_turncredentials.lua

	-- XEP-0215 implementation for time-limited turn credentials
	-- Copyright (C) 2012-2013 Philipp Hancke
	-- This file is MIT/X11 licensed.

	--turncredentials_secret = "keepthissecret";
	--turncredentials = {
	-- { type = "stun", host = "8.8.8.8" },
	-- { type = "turn", host = "8.8.8.8", port = 3478 },
	-- { type = "turn", host = "8.8.8.8", port = 80, transport = "tcp" }
	--}
	-- for stun servers, host is required, port defaults to 3478
	-- for turn servers, host is required, port defaults to tcp,
	-- transport defaults to udp

	local st = require "util.stanza";
	local hmac_sha1 = require "util.hashes".hmac_sha1;
	local base64 = require "util.encodings".base64;
	local os_time = os.time;
	local secret = module:get_option_string("turncredentials_secret");
	local ttl = module:get_option_number("turncredentials_ttl", 86400);
	local hosts = module:get_option("turncredentials") or {};
	if not (secret) then
	module:log("error", "turncredentials not configured");
	return;
	end

	module:add_feature("urn:xmpp:extdisco:2");

	module:hook_global("config-reloaded", function()
	module:log("debug", "config-reloaded")
	secret = module:get_option_string("turncredentials_secret");
	ttl = module:get_option_number("turncredentials_ttl", 86400);
	hosts = module:get_option("turncredentials") or {};
	end);

	module:hook("iq-get/host/urn:xmpp:extdisco:2:services", function(event)
	local origin, stanza = event.origin, event.stanza;
	if origin.type ~= "c2s" then
	return;
	end
	local now = os_time() + ttl;
	local userpart = tostring(now);
	local nonce = base64.encode(hmac_sha1(secret, tostring(userpart), false));
	local reply = st.reply(stanza):tag("services", {xmlns = "urn:xmpp:extdisco:2"})
	for idx, item in pairs(hosts) do
	if item.type == "stun" or item.type == "stuns" then
	-- stun items need host and port (defaults to 3478)
	reply:tag("service", item):up();
	elseif item.type == "turn" or item.type == "turns" then
	-- turn items need host, port (defaults to 3478),
	-- transport (defaults to udp)
	-- username, password, ttl
	item.username = userpart;
	item.password = nonce;
	item.ttl = ttl;
	reply:tag("service", item):up();
	end
	end
	origin.send(reply);
	return true;
	end);