From 4f95e9f56296604afaee6f890783be8983a9831e Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Mon, 17 Apr 2023 15:33:05 +0400 Subject: [PATCH] add basic auth to turn server apis, handle host registration on server --- compose/docker-compose.yml | 2 ++ config/config.go | 2 ++ logic/hosts.go | 14 ++++++++------ mq/handlers.go | 5 ++++- servercfg/serverconf.go | 24 ++++++++++++++++++++++++ turnserver/internal/auth/auth.go | 12 +++++++++++- 6 files changed, 51 insertions(+), 8 deletions(-) diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index bcdf559f..0c8e5580 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -32,6 +32,8 @@ services: TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN" TURN_SERVER_API_HOST: "https://api.turn.NETMAKER_BASE_DOMAIN" TURN_PORT: "3479" + TURN_USERNAME: "REPLACE_TURN_USERNAME" + TURN_PASSWORD: "REPLACE_TURN_PASSWORD" ports: - "3478:3478/udp" netmaker-ui: diff --git a/config/config.go b/config/config.go index d0eb169a..e462cb85 100644 --- a/config/config.go +++ b/config/config.go @@ -78,6 +78,8 @@ type ServerConfig struct { TurnServer string `yaml:"turn_server"` TurnApiServer string `yaml:"turn_api_server"` TurnPort int `yaml:"turn_port"` + TurnUserName string `yaml:"turn_username"` + TurnPassword string `yaml:"turn_password"` } // ProxyMode - default proxy mode for server diff --git a/logic/hosts.go b/logic/hosts.go index b655198f..d5a2a5f6 100644 --- a/logic/hosts.go +++ b/logic/hosts.go @@ -2,6 +2,7 @@ package logic import ( "crypto/md5" + "encoding/base64" "encoding/json" "errors" "fmt" @@ -442,12 +443,12 @@ func ConvHostPassToHash(hostPass string) string { // RegisterHostWithTurn - registers the host with the given turn server func RegisterHostWithTurn(hostID, hostPass string) error { - + auth := servercfg.GetTurnUserName() + ":" + servercfg.GetTurnPassword() api := httpclient.JSONEndpoint[models.SuccessResponse, models.ErrorResponse]{ - URL: servercfg.GetTurnApiHost(), - Route: "/api/v1/host/register", - Method: http.MethodPost, - //Authorization: fmt.Sprintf("Bearer %s", op.AuthToken), + URL: servercfg.GetTurnApiHost(), + Route: "/api/v1/host/register", + Method: http.MethodPost, + Authorization: fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(auth))), Data: models.HostTurnRegister{ HostID: hostID, HostPassHash: ConvHostPassToHash(hostPass), @@ -467,11 +468,12 @@ func RegisterHostWithTurn(hostID, hostPass string) error { // DeRegisterHostWithTurn - to be called when host need to be deregistered from a turn server func DeRegisterHostWithTurn(hostID string) error { - + auth := servercfg.GetTurnUserName() + ":" + servercfg.GetTurnPassword() api := httpclient.JSONEndpoint[models.SuccessResponse, models.ErrorResponse]{ URL: servercfg.GetTurnApiHost(), Route: fmt.Sprintf("/api/v1/host/deregister?host_id=%s", hostID), Method: http.MethodPost, + Authorization: fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(auth))), Response: models.SuccessResponse{}, ErrorResponse: models.ErrorResponse{}, } diff --git a/mq/handlers.go b/mq/handlers.go index 6394fd51..6b339bfc 100644 --- a/mq/handlers.go +++ b/mq/handlers.go @@ -141,7 +141,10 @@ func UpdateHost(client mqtt.Client, msg mqtt.Message) { } sendPeerUpdate = true case models.RegisterWithTurn: - logic.RegisterHostWithTurn(hostUpdate.Host.ID.String(), hostUpdate.Host.HostPass) + err = logic.RegisterHostWithTurn(hostUpdate.Host.ID.String(), hostUpdate.Host.HostPass) + if err != nil { + logger.Log(0, "failed to register host with turn server: ", err.Error()) + } } if sendPeerUpdate { diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index 28c22b6c..9576d9b9 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -663,6 +663,30 @@ func GetTurnPort() int { return port } +// GetTurnUserName - fetches the turn server username +func GetTurnUserName() string { + userName := "" + if os.Getenv("TURN_USERNAME") != "" { + userName = os.Getenv("TURN_USERNAME") + } else { + userName = config.Config.Server.TurnUserName + } + return userName + +} + +// GetTurnPassword - fetches the turn server password +func GetTurnPassword() string { + pass := "" + if os.Getenv("TURN_PASSWORD") != "" { + pass = os.Getenv("TURN_PASSWORD") + } else { + pass = config.Config.Server.TurnPassword + } + return pass + +} + // IsProxyEnabled - is proxy on or off func IsProxyEnabled() bool { var enabled = false //default diff --git a/turnserver/internal/auth/auth.go b/turnserver/internal/auth/auth.go index 0c797819..8e30e80d 100644 --- a/turnserver/internal/auth/auth.go +++ b/turnserver/internal/auth/auth.go @@ -15,10 +15,12 @@ var ( authMapLock = &sync.RWMutex{} HostMap = make(map[string]string) authBackUpFile = "auth.json" + backUpFilePath = filepath.Join("/etc/config", authBackUpFile) ) func init() { os.MkdirAll("/etc/config", os.ModePerm) + loadCredsFromFile() } func RegisterNewHostWithTurn(hostID, hostPass string) { @@ -42,8 +44,16 @@ func dumpCredsToFile() { return } - err = os.WriteFile(filepath.Join("/etc/config", authBackUpFile), d, os.ModePerm) + err = os.WriteFile(backUpFilePath, d, os.ModePerm) if err != nil { logger.Log(0, "failed to backup auth data: ", err.Error()) } } + +func loadCredsFromFile() error { + d, err := os.ReadFile(backUpFilePath) + if err != nil { + return err + } + return json.Unmarshal(d, &HostMap) +}