Turn credentials generation (#102)

* abstract peer channel * remove wip code * refactor NewServer with Peer updates channel * feature: add TURN credentials manager * hmac logic * example test function * test: add TimeBasedAuthSecretsManager_GenerateCredentials test * test: make tests for now with hardcoded secret * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_SetupRefresh test * test: add TimeBasedAuthSecretsManager_CancelRefresh test * feature: extract TURNConfig to the management config * feature: return hash based TURN credentials only on initial sync * feature: make TURN time based secret credentials optional Co-authored-by: mlsmaycon <mlsmaycon@gmail.com>
2026-04-18 00:06:38 +00:00 · 2021-09-02 14:41:54 +02:00
parent 86f3b1e5c8
commit b17424d630
11 changed files with 399 additions and 57 deletions
--- a/client/cmd/testutil.go
+++ b/client/cmd/testutil.go
@@ -39,7 +39,8 @@ func startManagement(config *mgmt.Config, t *testing.T) (*grpc.Server, net.Liste

 	accountManager := mgmt.NewManager(store)
 	peersUpdateManager := mgmt.NewPeersUpdateManager()
-	mgmtServer, err := mgmt.NewServer(config, accountManager, peersUpdateManager)
+	turnManager := mgmt.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig)
+	mgmtServer, err := mgmt.NewServer(config, accountManager, peersUpdateManager, turnManager)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/client/testdata/management.json
+++ b/client/testdata/management.json
@@ -7,14 +7,19 @@
            "Password": null
        }
    ],
-    "Turns": [
-        {
-            "Proto": "udp",
-            "URI": "turn:stun.wiretrustee.com:3468",
-            "Username": "some_user",
-            "Password": "c29tZV9wYXNzd29yZA=="
-        }
-    ],
+    "TURNConfig": {
+        "Turns": [
+            {
+                "Proto": "udp",
+                "URI": "turn:stun.wiretrustee.com:3468",
+                "Username": "some_user",
+                "Password": "c29tZV9wYXNzd29yZA=="
+            }
+        ],
+        "CredentialsTTL": "1h",
+        "Secret": "c29tZV9wYXNzd29yZA==",
+        "TimeBasedCredentials": true
+    },
    "Signal": {
        "Proto": "http",
        "URI": "signal.wiretrustee.com:10000",