From 95e2da85a75d0e2c44af5a0ee259d21a7bca2ec8 Mon Sep 17 00:00:00 2001
From: Moritz Langenstein <ml5717@ic.ac.uk>
Date: Fri, 18 Oct 2019 23:40:50 +0000
Subject: [PATCH] (ml5717) Added secure STUN server and TURN REST API

---
 dist/sockets.js | 35 +++++++++++++++++++++++++++--------
 package.json    |  2 +-
 src/sockets.js  | 28 ++++++++++++++++++++++------
 3 files changed, 50 insertions(+), 15 deletions(-)

diff --git a/dist/sockets.js b/dist/sockets.js
index 01cc3ec..c92a8fd 100755
--- a/dist/sockets.js
+++ b/dist/sockets.js
@@ -8,11 +8,15 @@ var _v = require('uuid/v4');
 
 var _v2 = _interopRequireDefault(_v);
 
-var _freeice = require('freeice');
+var _util = require('./util');
 
-var _freeice2 = _interopRequireDefault(_freeice);
+var _crypto = require('crypto');
 
-var _util = require('./util');
+var _crypto2 = _interopRequireDefault(_crypto);
+
+var _normalice = require('normalice');
+
+var _normalice2 = _interopRequireDefault(_normalice);
 
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 
@@ -125,12 +129,27 @@ function signalbuddy(server, config) {
       });
     });
 
-    // tell client about stun and turn servers and generate nonces
-    client.emit('stunservers', (0, _freeice2.default)({ stunCount: config.stunCount, turnCount: -1 }).map(function (server) {
-      return { urls: server.url };
-    }));
+    function getStunServers() {
+      return [(0, _normalice2.default)('stun:' + config.ice.stun.username + ':' + config.ice.stun.password + '@' + config.ice.host + ':' + config.ice.port)];
+    }
+
+    function getTurnServers() {
+      // See https://github.com/coturn/coturn/wiki/turnserver#turn-rest-api for details
+      var acting_ice_turn_username = Math.floor(Date.now() / 1000) + config.ice.turn.timeout + "-" + config.ice.stun.username;
+      var acting_ice_turn_password = _crypto2.default.createHmac('sha1', config.ice.turn.secret).update(acting_ice_turn_username).digest('base64');
+
+      return [(0, _normalice2.default)('turn:' + acting_ice_turn_username + ':' + acting_ice_turn_password + '@' + config.ice.host + ':' + config.ice.port)];
+    }
+
+    client.on('stunservers', function (cb) {
+      (0, _util.safeCb)(cb)(null, getStunServers());
+    });
+
+    client.on('turnservers', function (cb) {
+      (0, _util.safeCb)(cb)(null, getTurnServers());
+    });
 
-    client.emit('turnservers', (0, _freeice2.default)({ stunCount: -1, turnCount: config.turnCount }));
+    client.emit('stunservers', getStunServers());
   });
 
   function describeRoom(roomName) {
diff --git a/package.json b/package.json
index c635320..6ed7037 100755
--- a/package.json
+++ b/package.json
@@ -3,7 +3,7 @@
   "description": "A scalable socket.io signaling solution for WebRTC using NodeJS cluster and Redis.",
   "version": "1.0.0",
   "dependencies": {
-    "freeice": "^2.2.2",
+    "normalice": "^1.0.1",
     "socket.io": "^2.3.0",
     "uuid": "^3.3.3"
   },
diff --git a/src/sockets.js b/src/sockets.js
index cbd8263..826c61a 100755
--- a/src/sockets.js
+++ b/src/sockets.js
@@ -1,7 +1,8 @@
 import socketIO from 'socket.io';
 import uuidv4 from 'uuid/v4';
-import freeice from 'freeice';
 import { safeCb } from './util';
+import crypto from 'crypto';
+import normalice from 'normalice';
 
 function signalbuddy(server, config) {
   const io = socketIO.listen(server);
@@ -110,12 +111,27 @@ function signalbuddy(server, config) {
       });
     });
 
-    // tell client about stun and turn servers and generate nonces
-    client.emit('stunservers', freeice({stunCount: config.stunCount, turnCount: -1}).map(server => {
-      return { urls: server.url }
-    }));
+    function getStunServers() {
+      return [normalice(`stun:${config.ice.stun.username}:${config.ice.stun.password}@${config.ice.host}:${config.ice.port}`)]
+    }
+
+    function getTurnServers() {
+      // See https://github.com/coturn/coturn/wiki/turnserver#turn-rest-api for details
+      const acting_ice_turn_username = (Math.floor(Date.now() / 1000) + config.ice.turn.timeout) + "-" + config.ice.stun.username
+      const acting_ice_turn_password = crypto.createHmac('sha1', config.ice.turn.secret).update(acting_ice_turn_username).digest('base64')
+
+      return [normalice(`turn:${acting_ice_turn_username}:${acting_ice_turn_password}@${config.ice.host}:${config.ice.port}`)]
+    }
+
+    client.on('stunservers', (cb) => {
+      safeCb(cb)(null, getStunServers())
+    });
+
+    client.on('turnservers', (cb) => {
+      safeCb(cb)(null, getTurnServers())
+    });
 
-    client.emit('turnservers', freeice({stunCount: -1, turnCount: config.turnCount}));
+    client.emit('stunservers', getStunServers())
   });
 
   function describeRoom(roomName) {
-- 
GitLab