Update to 2024-07-22 23:00

roles/jitsi/files/prosody/modules/mod_turncredentials.lua

@@ -0,0 +1,80 @@
+-- XEP-0215 implementation for time-limited turn credentials
+-- Copyright (C) 2012-2014 Philipp Hancke
+-- This file is MIT/X11 licensed.
+
+--turncredentials_secret = "keepthissecret";
+--turncredentials = {
+--    { type = "stun", host = "8.8.8.8" },
+--    { type = "turn", host = "8.8.8.8", port = "3478" },
+--    { type = "turn", host = "8.8.8.8", port = "80", transport = "tcp" }
+--}
+-- for stun servers, host is required, port defaults to 3478
+-- for turn servers, host is required, port defaults to tcp,
+--          transport defaults to udp
+--          hosts can be a list of server names / ips for random
+--          choice loadbalancing
+
+local st = require "util.stanza";
+local hmac_sha1 = require "util.hashes".hmac_sha1;
+local base64 = require "util.encodings".base64;
+local os_time = os.time;
+local secret = module:get_option_string("turncredentials_secret");
+local ttl = module:get_option_number("turncredentials_ttl", 86400);
+local hosts = module:get_option("turncredentials") or {};
+if not (secret) then
+    module:log("error", "turncredentials not configured");
+    return;
+end
+
+module:add_feature("urn:xmpp:extdisco:1");
+
+function random(arr)
+    local index = math.random(1, #arr);
+    return arr[index];
+end
+
+
+module:hook_global("config-reloaded", function()
+    module:log("debug", "config-reloaded")
+    secret = module:get_option_string("turncredentials_secret");
+    ttl = module:get_option_number("turncredentials_ttl", 86400);
+    hosts = module:get_option("turncredentials") or {};
+end);
+
+module:hook("iq-get/host/urn:xmpp:extdisco:1:services", function(event)
+    local origin, stanza = event.origin, event.stanza;
+    if origin.type ~= "c2s" then
+        return;
+    end
+    local now = os_time() + ttl;
+    local userpart = tostring(now);
+    local nonce = base64.encode(hmac_sha1(secret, tostring(userpart), false));
+    local reply = st.reply(stanza):tag("services", {xmlns = "urn:xmpp:extdisco:1"})
+    for idx, item in pairs(hosts) do
+        if item.type == "stun" or item.type == "stuns" then
+            -- stun items need host and port (defaults to 3478)
+            reply:tag("service",
+                { type = item.type, host = item.host, port = tostring(item.port) or "3478" }
+            ):up();
+        elseif item.type == "turn" or item.type == "turns" then
+            local turn = {}
+            -- turn items need host, port (defaults to 3478),
+	          -- transport (defaults to udp)
+	          -- username, password, ttl
+            turn.type = item.type;
+            turn.port = tostring(item.port);
+            turn.transport = item.transport;
+            turn.username = userpart;
+            turn.password = nonce;
+            turn.ttl = tostring(ttl);
+            if item.hosts then
+                turn.host = random(item.hosts)
+            else
+                turn.host = item.host
+            end
+            reply:tag("service", turn):up();
+        end
+    end
+    origin.send(reply);
+    return true;
+end);