File

plugins/mod_turn_external.lua @ 13259:9097149923ae

mod_http_file_share: Switch to the new authz API (BC) Behavior change: It becomes up to the authorization module whether to allow requests. The default, mod_authz_internal, will allow users on the *parent* host only, breaking use by some components. Remaining question is whether to deprecate the `http_file_share_access` setting or leave as a way to complement/bypass access control?
author Kim Alvefur <zash@zash.se>
date Sat, 16 Sep 2023 14:23:08 +0200
parent 13213:50324f66ca2a
line wrap: on
line source

local set = require "prosody.util.set";

local secret = module:get_option_string("turn_external_secret");
local host = module:get_option_string("turn_external_host", module.host);
local user = module:get_option_string("turn_external_user");
local port = module:get_option_integer("turn_external_port", 3478, 1, 65535);
local ttl = module:get_option_period("turn_external_ttl", "1 day");
local tcp = module:get_option_boolean("turn_external_tcp", false);
local tls_port = module:get_option_integer("turn_external_tls_port", nil, 1, 65535);

if not secret then
	module:log_status("error", "Failed to initialize: the 'turn_external_secret' option is not set in your configuration");
	return;
end

local services = set.new({ "stun-udp"; "turn-udp" });
if tcp then
	services:add("stun-tcp");
	services:add("turn-tcp");
end
if tls_port then
	services:add("turns-tcp");
end

module:depends "external_services";

for _, type in ipairs({ "stun"; "turn"; "turns" }) do
	for _, transport in ipairs({"udp"; "tcp"}) do
		if services:contains(type .. "-" .. transport) then
			module:add_item("external_service", {
				type = type;
				transport = transport;
				host = host;
				port = type == "turns" and tls_port or port;

				username = type == "turn" and user or nil;
				secret = type == "turn" and secret or nil;
				ttl = type == "turn" and ttl or nil;
			})
		end
	end
end