From c559b6ad5fdee82a1c4ccfe18a32428fa9935fa4 Mon Sep 17 00:00:00 2001 From: Jumper78 <52802286+Jumper78@users.noreply.github.com> Date: Tue, 11 May 2021 07:57:35 +0200 Subject: [PATCH 1/4] generation for turn-server with static-auth-secret in a separate php script index.html added a two config-lines that can simply be uncommented for activating the "twilio-mode" or the "php-credentials-mode" turn-credentials.php (new file) will generate username and password for a turn server with a static-auth-secret and will offer it in json-format main.js added a section that requests output from php-credentials.php and adds the username, password, stun-server and turn-server into the configuration --- index.html | 3 +++ main.js | 41 ++++++++++++++++++++++++++++++++++++++++- turn-credentials.php | 11 +++++++++++ 3 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 turn-credentials.php diff --git a/index.html b/index.html index 44f5074..616d844 100644 --- a/index.html +++ b/index.html @@ -1577,6 +1577,9 @@ // turn.urls = ["turn:turn2.obs.ninja:443"]; // US WEST // session.configuration.iceServers.push(turn); + // session.turn-mode == "twilio" // uncomment to use credentials for the turn-server provided by Twilio + // session.turn-mode = "php-credentials" // uncomment to distribute the turn-username, -password and -server via running turn-credentials.php, e.g., if you have a turn-server with a static-auth-secret + // session.configuration.iceTransportPolicy = "relay"; // uncomment to enable "&privacy" and force the TURN server ///// Different endpoints are available; each isolated from each other. diff --git a/main.js b/main.js index 3e24749..23c5d24 100644 --- a/main.js +++ b/main.js @@ -2474,7 +2474,7 @@ if (urlParams.has('speedtest')){ // forces essentially UDP mode, unless TCP is s if (urlParams.has('turn')) { var turnstring = urlParams.get('turn'); - if (turnstring == "twilio") { // a sample function on loading remote credentials for TURN servers. + if (turnstring == "twilio" || session.turn-mode == "twilio") { // a sample function on loading remote credentials for TURN servers. try { session.ws = false; // prevents connection @@ -2515,6 +2515,45 @@ if (urlParams.has('turn')) { errorlog("Twilio Failed"); } + } else if (turnstring == "php-credentials" || session.turn-mode == "php-credentials") { // a function loading the turn server credentials from the provided php-script "turn-credentials.php" + try { + + session.ws = false; // prevents connection + var phpcredentialsRequest = new XMLHttpRequest(); + phpcredentialsRequest.onreadystatechange = function() { + if (phpcredentialsRequest.status === 200) { + try{ + var res = JSON.parse(phpcredentialsRequest.responseText); + } catch(e){return;} + session.configuration = { + iceServers: [{ + "username": res["1"], + "credential": res["2"], + "urls": res["3"] + }, + { + "username": res["1"], + "credential": res["2"], + "urls": res["4"] + } + ], + sdpSemantics: 'unified-plan' // future-proofing + }; + if (session.ws===false){ + session.ws=null; // allows connection (clears state) + session.connect(); // connect if not already connected. + } + } + // system does not connect if php script does not respond. + }; + phpcredentialsRequest.open('GET', 'turn-credentials.php', true); // `false` makes the request synchronous + phpcredentialsRequest.send(); + + + } catch (e) { + errorlog("php-credentials script Failed"); + } + } else if ((turnstring == "false") || (turnstring == "off") || (turnstring == "0")) { // disable TURN servers session.configuration = { iceServers: [ diff --git a/turn-credentials.php b/turn-credentials.php new file mode 100644 index 0000000..776d1fb --- /dev/null +++ b/turn-credentials.php @@ -0,0 +1,11 @@ +:"; + $turn_server = "turns::"; + $turn_expiry = 86400; + $turn_username = time() + $turn_expiry; + $turn_secret = ''; + $turn_password = base64_encode ( hash_hmac ( 'sha1', $turn_username, $turn_secret, true ) ); + + $arr = array('1' => $turn_username, '2' => $turn_password, '3' => $stun_server, '4' => $turn_server); + echo json_encode($arr); +?> \ No newline at end of file From 11ad42bf342eb76752e6c78b1f85e1e816097f12 Mon Sep 17 00:00:00 2001 From: Jumper78 <52802286+Jumper78@users.noreply.github.com> Date: Tue, 11 May 2021 18:46:38 +0200 Subject: [PATCH 2/4] invalid variable names corrected index.html session.turn-mode changed to session.turnmode main.js session.turn-mode changed to session.turnmode --- index.html | 4 ++-- main.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/index.html b/index.html index 616d844..8be9494 100644 --- a/index.html +++ b/index.html @@ -1577,8 +1577,8 @@ // turn.urls = ["turn:turn2.obs.ninja:443"]; // US WEST // session.configuration.iceServers.push(turn); - // session.turn-mode == "twilio" // uncomment to use credentials for the turn-server provided by Twilio - // session.turn-mode = "php-credentials" // uncomment to distribute the turn-username, -password and -server via running turn-credentials.php, e.g., if you have a turn-server with a static-auth-secret + // session.turnmode == "twilio" // uncomment to use credentials for the turn-server provided by Twilio + // session.turnmode = "php-credentials" // uncomment to distribute the turn-username, -password and -server via running turn-credentials.php, e.g., if you have a turn-server with a static-auth-secret // session.configuration.iceTransportPolicy = "relay"; // uncomment to enable "&privacy" and force the TURN server diff --git a/main.js b/main.js index 23c5d24..4d22b8d 100644 --- a/main.js +++ b/main.js @@ -2474,7 +2474,7 @@ if (urlParams.has('speedtest')){ // forces essentially UDP mode, unless TCP is s if (urlParams.has('turn')) { var turnstring = urlParams.get('turn'); - if (turnstring == "twilio" || session.turn-mode == "twilio") { // a sample function on loading remote credentials for TURN servers. + if (turnstring == "twilio" || session.turnmode == "twilio") { // a sample function on loading remote credentials for TURN servers. try { session.ws = false; // prevents connection @@ -2515,7 +2515,7 @@ if (urlParams.has('turn')) { errorlog("Twilio Failed"); } - } else if (turnstring == "php-credentials" || session.turn-mode == "php-credentials") { // a function loading the turn server credentials from the provided php-script "turn-credentials.php" + } else if (turnstring == "php-credentials" || session.turnmode == "php-credentials") { // a function loading the turn server credentials from the provided php-script "turn-credentials.php" try { session.ws = false; // prevents connection From b6c966197ad96914f291406a2e62108f0f34a713 Mon Sep 17 00:00:00 2001 From: Jumper78 <52802286+Jumper78@users.noreply.github.com> Date: Wed, 19 May 2021 10:23:03 +0200 Subject: [PATCH 3/4] move turn-credentials request to index.html main.js remove the section with the request to the turn-credentials.php script index.html add and uncomment the request to the turn-credentials.php script --- index.html | 37 +++++++++++++++++++++++++++++++++++-- main.js | 41 +---------------------------------------- 2 files changed, 36 insertions(+), 42 deletions(-) diff --git a/index.html b/index.html index 8be9494..e5fb440 100644 --- a/index.html +++ b/index.html @@ -1577,8 +1577,41 @@ // turn.urls = ["turn:turn2.obs.ninja:443"]; // US WEST // session.configuration.iceServers.push(turn); - // session.turnmode == "twilio" // uncomment to use credentials for the turn-server provided by Twilio - // session.turnmode = "php-credentials" // uncomment to distribute the turn-username, -password and -server via running turn-credentials.php, e.g., if you have a turn-server with a static-auth-secret + // use this section if you plan to use the turn-credentials.php to provide usename and password of the turn-server, e.g., because you use a turn-server that uses use-auth-secret and static-auth-secret + // try { + // session.ws = false; // prevents connection + // var phpcredentialsRequest = new XMLHttpRequest(); + // phpcredentialsRequest.onreadystatechange = function() { + // if (phpcredentialsRequest.status === 200) { + // try{ + // var res = JSON.parse(phpcredentialsRequest.responseText); + // } catch(e){return;} + // session.configuration = { + // iceServers: [{ + // "username": res["1"], + // "credential": res["2"], + // "urls": res["3"] + // }, + // { + // "username": res["1"], + // "credential": res["2"], + // "urls": res["4"] + // } + // ], + // sdpSemantics: 'unified-plan' // future-proofing + // }; + // if (session.ws===false){ + // session.ws=null; // allows connection (clears state) + // session.connect(); // connect if not already connected. + // } + // } + // // system does not connect if php script does not respond. + // }; + // phpcredentialsRequest.open('GET', 'turn-credentials.php', true); // `false` makes the request synchronous + // phpcredentialsRequest.send(); + // } catch (e) { + // errorlog("php-credentials script Failed"); + // } // session.configuration.iceTransportPolicy = "relay"; // uncomment to enable "&privacy" and force the TURN server diff --git a/main.js b/main.js index 4d22b8d..3e24749 100644 --- a/main.js +++ b/main.js @@ -2474,7 +2474,7 @@ if (urlParams.has('speedtest')){ // forces essentially UDP mode, unless TCP is s if (urlParams.has('turn')) { var turnstring = urlParams.get('turn'); - if (turnstring == "twilio" || session.turnmode == "twilio") { // a sample function on loading remote credentials for TURN servers. + if (turnstring == "twilio") { // a sample function on loading remote credentials for TURN servers. try { session.ws = false; // prevents connection @@ -2515,45 +2515,6 @@ if (urlParams.has('turn')) { errorlog("Twilio Failed"); } - } else if (turnstring == "php-credentials" || session.turnmode == "php-credentials") { // a function loading the turn server credentials from the provided php-script "turn-credentials.php" - try { - - session.ws = false; // prevents connection - var phpcredentialsRequest = new XMLHttpRequest(); - phpcredentialsRequest.onreadystatechange = function() { - if (phpcredentialsRequest.status === 200) { - try{ - var res = JSON.parse(phpcredentialsRequest.responseText); - } catch(e){return;} - session.configuration = { - iceServers: [{ - "username": res["1"], - "credential": res["2"], - "urls": res["3"] - }, - { - "username": res["1"], - "credential": res["2"], - "urls": res["4"] - } - ], - sdpSemantics: 'unified-plan' // future-proofing - }; - if (session.ws===false){ - session.ws=null; // allows connection (clears state) - session.connect(); // connect if not already connected. - } - } - // system does not connect if php script does not respond. - }; - phpcredentialsRequest.open('GET', 'turn-credentials.php', true); // `false` makes the request synchronous - phpcredentialsRequest.send(); - - - } catch (e) { - errorlog("php-credentials script Failed"); - } - } else if ((turnstring == "false") || (turnstring == "off") || (turnstring == "0")) { // disable TURN servers session.configuration = { iceServers: [ From 651c05b3eb3a9f8d6555932587de4a001d245ddf Mon Sep 17 00:00:00 2001 From: Steve Seguin Date: Sun, 22 Jan 2023 06:00:26 -0500 Subject: [PATCH 4/4] Update and rename turn-credentials.php to turn-credentials-php.sample renaming file extension to prevent php from being active by default. --- turn-credentials.php => turn-credentials-php.sample | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) rename turn-credentials.php => turn-credentials-php.sample (77%) diff --git a/turn-credentials.php b/turn-credentials-php.sample similarity index 77% rename from turn-credentials.php rename to turn-credentials-php.sample index 776d1fb..09964cc 100644 --- a/turn-credentials.php +++ b/turn-credentials-php.sample @@ -1,4 +1,6 @@ :"; $turn_server = "turns::"; $turn_expiry = 86400; @@ -8,4 +10,4 @@ $arr = array('1' => $turn_username, '2' => $turn_password, '3' => $stun_server, '4' => $turn_server); echo json_encode($arr); -?> \ No newline at end of file +?>