Software /
code /
prosody-modules
File
mod_turncredentials/mod_turncredentials.lua @ 1166:2b62a3b76d76
mod_s2s_auth_fingerprint: Don't halt event propagation in cert pinning mode
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 16 Aug 2013 00:25:37 +0200 |
parent | 1108:2da546139cb5 |
child | 1168:0b6b33688b75 |
line wrap: on
line source
-- XEP-0215 implementation for time-limited turn credentials -- Copyright (C) 2012-2013 Philipp Hancke -- This file is MIT/X11 licensed. local st = require "util.stanza"; local hmac_sha1 = require "util.hashes".hmac_sha1; local base64 = require "util.encodings".base64; local os_time = os.time; local secret = module:get_option("turncredentials_secret") or false; local host = module:get_option("turncredentials_host") or false -- use ip addresses here to avoid further dns lookup latency local port = module:get_option("turncredentials_port") or 3478 if not (secret and host) then module:log("error", "turncredentials not configured"); return; end module:hook("iq/host/urn:xmpp:extdisco:1:services", function(event) local origin, stanza = event.origin, event.stanza; if stanza.attr.type ~= "get" or stanza.tags[1].name ~= "services" or origin.type ~= "c2s" then return; end local now = os_time(); local userpart = tostring(now); local nonce = base64.encode(hmac_sha1(secret, tostring(userpart), false)); origin.send(st.reply(stanza):tag("services", {xmlns = "urn:xmpp:extdisco:1"}) :tag("service", { type = "stun", host = host, port = port }):up() :tag("service", { type = "turn", host = host, port = port, username = userpart, password = nonce }):up() ); return true; end);