Fixing WebRtc user name / password when using TURN REST API

2021-02-16 18:13:30 +01:00 · 2021-02-16 18:13:30 +01:00 · 6b00355ea8
commit 6b00355ea8
parent 7fb923f823
9 changed files with 65 additions and 18 deletions
--- a/back/src/Services/SocketManager.ts
+++ b/back/src/Services/SocketManager.ts
@ -283,6 +283,12 @@ export class SocketManager {
        const webrtcSignalToClient = new WebRtcSignalToClientMessage();
        webrtcSignalToClient.setUserid(user.id);
        webrtcSignalToClient.setSignal(data.getSignal());
+        // TODO: only compute credentials if data.signal.type === "offer"
+        if (TURN_STATIC_AUTH_SECRET !== '') {
+            const {username, password} = this.getTURNCredentials(''+user.id, TURN_STATIC_AUTH_SECRET);
+            webrtcSignalToClient.setWebrtcusername(username);
+            webrtcSignalToClient.setWebrtcpassword(password);
+        }

        const serverToClientMessage = new ServerToClientMessage();
        serverToClientMessage.setWebrtcsignaltoclientmessage(webrtcSignalToClient);
@ -303,6 +309,12 @@ export class SocketManager {
        const webrtcSignalToClient = new WebRtcSignalToClientMessage();
        webrtcSignalToClient.setUserid(user.id);
        webrtcSignalToClient.setSignal(data.getSignal());
+        // TODO: only compute credentials if data.signal.type === "offer"
+        if (TURN_STATIC_AUTH_SECRET !== '') {
+            const {username, password} = this.getTURNCredentials(''+user.id, TURN_STATIC_AUTH_SECRET);
+            webrtcSignalToClient.setWebrtcusername(username);
+            webrtcSignalToClient.setWebrtcpassword(password);
+        }

        const serverToClientMessage = new ServerToClientMessage();
        serverToClientMessage.setWebrtcscreensharingsignaltoclientmessage(webrtcSignalToClient);
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -31,11 +31,12 @@ services:
      ADMIN_URL: workadventure.localhost
      STARTUP_COMMAND_1: ./templater.sh
      STARTUP_COMMAND_2: yarn install
-      TURN_SERVER: "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443"
+      STUN_SERVER: "stun:stun.l.google.com:19302"
+      TURN_SERVER: "turn:coturn.workadventure.localhost:3478,turns:coturn.workadventure.localhost:5349"
      # Use TURN_USER/TURN_PASSWORD if your Coturn server is secured via hard coded credentials.
      # Advice: you should instead use Coturn REST API along the TURN_STATIC_AUTH_SECRET in the Back container
-      TURN_USER:
-      TURN_PASSWORD:
+      TURN_USER: ""
+      TURN_PASSWORD: ""
      START_ROOM_URL: "$START_ROOM_URL"
    command: yarn run start
    volumes:
@ -110,7 +111,7 @@ services:
      ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
      JITSI_URL: $JITSI_URL
      JITSI_ISS: $JITSI_ISS
-      TURN_STATIC_AUTH_SECRET:
+      TURN_STATIC_AUTH_SECRET: SomeStaticAuthSecret
    volumes:
      - ./back:/usr/src/app
    labels:
@ -152,3 +153,28 @@ services:
      - ./back:/usr/src/back
      - ./front:/usr/src/front
      - ./pusher:/usr/src/pusher
+
+#  coturn:
+#    image: coturn/coturn:4.5.2
+#    command:
+#      - turnserver
+#      #- -c=/etc/coturn/turnserver.conf
+#      - --log-file=stdout
+#      - --external-ip=$$(detect-external-ip)
+#      - --listening-port=3478
+#      - --min-port=10000
+#      - --max-port=10010
+#      - --tls-listening-port=5349
+#      - --listening-ip=0.0.0.0
+#      - --realm=coturn.workadventure.localhost
+#      - --server-name=coturn.workadventure.localhost
+#      - --lt-cred-mech
+#      # Enable Coturn "REST API" to validate temporary passwords.
+#      #- --use-auth-secret
+#      #- --static-auth-secret=SomeStaticAuthSecret
+#      #- --userdb=/var/lib/turn/turndb
+#      - --user=workadventure:WorkAdventure123
+#      # use real-valid certificate/privatekey files
+#      #- --cert=/root/letsencrypt/fullchain.pem
+#      #- --pkey=/root/letsencrypt/privkey.pem
+#    network_mode: host
--- a/front/src/Connexion/ConnexionModels.ts
+++ b/front/src/Connexion/ConnexionModels.ts
@ -96,7 +96,9 @@ export interface WebRtcSignalSentMessageInterface {

 export interface WebRtcSignalReceivedMessageInterface {
    userId: number,
-    signal: SignalData
+    signal: SignalData,
+    webRtcUser: string | undefined,
+    webRtcPassword: string | undefined
 }

 export interface StartMapInterface {
--- a/front/src/Connexion/RoomConnection.ts
+++ b/front/src/Connexion/RoomConnection.ts
@ -428,7 +428,7 @@ export class RoomConnection implements RoomConnection {
                userId: message.getUserid(),
                name: message.getName(),
                initiator: message.getInitiator(),
-                webRtcUser: message.getWebrtcpassword() ?? undefined,
+                webRtcUser: message.getWebrtcusername() ?? undefined,
                webRtcPassword: message.getWebrtcpassword() ?? undefined,
            });
        });
@ -438,7 +438,9 @@ export class RoomConnection implements RoomConnection {
        this.onMessage(EventMessage.WEBRTC_SIGNAL, (message: WebRtcSignalToClientMessage) => {
            callback({
                userId: message.getUserid(),
-                signal: JSON.parse(message.getSignal())
+                signal: JSON.parse(message.getSignal()),
+                webRtcUser: message.getWebrtcusername() ?? undefined,
+                webRtcPassword: message.getWebrtcpassword() ?? undefined,
            });
        });
    }
@ -447,7 +449,9 @@ export class RoomConnection implements RoomConnection {
        this.onMessage(EventMessage.WEBRTC_SCREEN_SHARING_SIGNAL, (message: WebRtcSignalToClientMessage) => {
            callback({
                userId: message.getUserid(),
-                signal: JSON.parse(message.getSignal())
+                signal: JSON.parse(message.getSignal()),
+                webRtcUser: message.getWebrtcusername() ?? undefined,
+                webRtcPassword: message.getWebrtcpassword() ?? undefined,
            });
        });
    }
--- a/front/src/Enum/EnvironmentVariable.ts
+++ b/front/src/Enum/EnvironmentVariable.ts
@ -4,9 +4,9 @@ const API_URL = (process.env.API_PROTOCOL || (typeof(window) !== 'undefined' ? w
 const UPLOADER_URL = (process.env.API_PROTOCOL || (typeof(window) !== 'undefined' ? window.location.protocol : 'http:')) + '//' + (process.env.UPLOADER_URL || 'uploader.workadventure.localhost');
 const ADMIN_URL = (process.env.API_PROTOCOL || (typeof(window) !== 'undefined' ? window.location.protocol : 'http:')) + '//' + (process.env.ADMIN_URL || "workadventure.localhost");
 const STUN_SERVER: string = process.env.STUN_SERVER || "stun:stun.l.google.com:19302";
-const TURN_SERVER: string = process.env.TURN_SERVER || "turn:numb.viagenie.ca";
-const TURN_USER: string = process.env.TURN_USER || 'g.parant@thecodingmachine.com';
-const TURN_PASSWORD: string = process.env.TURN_PASSWORD || 'itcugcOHxle9Acqi$';
+const TURN_SERVER: string = process.env.TURN_SERVER || "";
+const TURN_USER: string = process.env.TURN_USER || '';
+const TURN_PASSWORD: string = process.env.TURN_PASSWORD || '';
 const JITSI_URL : string|undefined = (process.env.JITSI_URL === '') ? undefined : process.env.JITSI_URL;
 const JITSI_PRIVATE_MODE : boolean = process.env.JITSI_PRIVATE_MODE == "true";
 const RESOLUTION = 2;
--- a/front/src/WebRtc/ScreenSharingPeer.ts
+++ b/front/src/WebRtc/ScreenSharingPeer.ts
@ -28,12 +28,12 @@ export class ScreenSharingPeer extends Peer {
                    {
                        urls: STUN_SERVER.split(',')
                    },
-                    {
+                    TURN_SERVER !== '' ? {
                        urls: TURN_SERVER.split(','),
                        username: user.webRtcUser || TURN_USER,
                        credential: user.webRtcPassword || TURN_PASSWORD
-                    },
-                ]
+                    } :  undefined,
+                ].filter((value) => value !== undefined)
            }
        });

--- a/front/src/WebRtc/SimplePeer.ts
+++ b/front/src/WebRtc/SimplePeer.ts
@ -103,7 +103,7 @@ export class SimplePeer {
        // This would be symmetrical to the way we handle disconnection.

        //start connection
-        console.log('receiveWebrtcStart. Initiator: ', user.initiator)
+        //console.log('receiveWebrtcStart. Initiator: ', user.initiator)
        if(!user.initiator){
            return;
        }
--- a/front/src/WebRtc/VideoPeer.ts
+++ b/front/src/WebRtc/VideoPeer.ts
@ -34,14 +34,15 @@ export class VideoPeer extends Peer {
                    {
                        urls: STUN_SERVER.split(',')
                    },
-                    {
+                    TURN_SERVER !== '' ? {
                        urls: TURN_SERVER.split(','),
                        username: user.webRtcUser || TURN_USER,
                        credential: user.webRtcPassword || TURN_PASSWORD
-                    },
-                ]
+                    } :  undefined,
+                ].filter((value) => value !== undefined)
            }
        });
+
        this.userId = user.userId;
        this.userName = user.name || '';

--- a/messages/protos/messages.proto
+++ b/messages/protos/messages.proto
@ -179,6 +179,8 @@ message WebRtcDisconnectMessage {
 message WebRtcSignalToClientMessage {
  int32 userId = 1;
  string signal = 2;
+  string webrtcUserName = 4;
+  string webrtcPassword = 5;
 }

 message TeleportMessageMessage{