prosody
2db7b3b65363
plugins/mod_turn_external.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

plugins/mod_turn_external.lua @ 13627:2db7b3b65363

core.configmanager: Add function for getting secrets from separate files Idea is to enable easily retrieving of secret values from files outside of the config, e.g. via the method used by systemd credentials. CREDENTIALS_DIRECTORY is expected to be set by the process manager invoking Prosody, so being unset and unavailable from prosodyctl is going to be normal and a warning is reported in that case. Care will have to be taken to make it clear that prosodyctl check will not work with such values. An error is thrown if the directory is unavailable when running under Prosody.
author Kim Alvefur <zash@zash.se>
date Thu, 16 Jan 2025 15:21:34 +0100
parent 13213:50324f66ca2a
line wrap: on
line source

local set = require "prosody.util.set";

local secret = module:get_option_string("turn_external_secret");
local host = module:get_option_string("turn_external_host", module.host);
local user = module:get_option_string("turn_external_user");
local port = module:get_option_integer("turn_external_port", 3478, 1, 65535);
local ttl = module:get_option_period("turn_external_ttl", "1 day");
local tcp = module:get_option_boolean("turn_external_tcp", false);
local tls_port = module:get_option_integer("turn_external_tls_port", nil, 1, 65535);

if not secret then
	module:log_status("error", "Failed to initialize: the 'turn_external_secret' option is not set in your configuration");
	return;
end

local services = set.new({ "stun-udp"; "turn-udp" });
if tcp then
	services:add("stun-tcp");
	services:add("turn-tcp");
end
if tls_port then
	services:add("turns-tcp");
end

module:depends "external_services";

for _, type in ipairs({ "stun"; "turn"; "turns" }) do
	for _, transport in ipairs({"udp"; "tcp"}) do
		if services:contains(type .. "-" .. transport) then
			module:add_item("external_service", {
				type = type;
				transport = transport;
				host = host;
				port = type == "turns" and tls_port or port;

				username = type == "turn" and user or nil;
				secret = type == "turn" and secret or nil;
				ttl = type == "turn" and ttl or nil;
			})
		end
	end
end