gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-13 08:34:44 +08:00
Code Issues Projects Releases Packages Wiki Activity

add basic auth to turn server apis, handle host registration on server

Browse source
This commit is contained in:
Abhishek Kondur 2023-04-17 15:33:05 +04:00
parent a8e234efc9
commit 4f95e9f562
6 changed files with 51 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
compose/docker-compose.yml
View file

@ -32,6 +32,8 @@ services:
TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN" TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN"
TURN_SERVER_API_HOST: "https://api.turn.NETMAKER_BASE_DOMAIN" TURN_SERVER_API_HOST: "https://api.turn.NETMAKER_BASE_DOMAIN"
TURN_PORT: "3479" TURN_PORT: "3479"
TURN_USERNAME: "REPLACE_TURN_USERNAME"
TURN_PASSWORD: "REPLACE_TURN_PASSWORD"
ports: ports:
- "3478:3478/udp" - "3478:3478/udp"
netmaker-ui: netmaker-ui:

2
config/config.go
View file

@ -78,6 +78,8 @@ type ServerConfig struct {
TurnServer string `yaml:"turn_server"` TurnServer string `yaml:"turn_server"`
TurnApiServer string `yaml:"turn_api_server"` TurnApiServer string `yaml:"turn_api_server"`
TurnPort int `yaml:"turn_port"` TurnPort int `yaml:"turn_port"`
TurnUserName string `yaml:"turn_username"`
TurnPassword string `yaml:"turn_password"`
} }
// ProxyMode - default proxy mode for server // ProxyMode - default proxy mode for server

14
logic/hosts.go
View file

@ -2,6 +2,7 @@ package logic
import ( import (
"crypto/md5" "crypto/md5"
"encoding/base64"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
@ -442,12 +443,12 @@ func ConvHostPassToHash(hostPass string) string {
// RegisterHostWithTurn - registers the host with the given turn server // RegisterHostWithTurn - registers the host with the given turn server
func RegisterHostWithTurn(hostID, hostPass string) error { func RegisterHostWithTurn(hostID, hostPass string) error {
auth := servercfg.GetTurnUserName() + ":" + servercfg.GetTurnPassword()
api := httpclient.JSONEndpoint[models.SuccessResponse, models.ErrorResponse]{ api := httpclient.JSONEndpoint[models.SuccessResponse, models.ErrorResponse]{
URL: servercfg.GetTurnApiHost(), URL: servercfg.GetTurnApiHost(),
Route: "/api/v1/host/register", Route: "/api/v1/host/register",
Method: http.MethodPost, Method: http.MethodPost,
//Authorization: fmt.Sprintf("Bearer %s", op.AuthToken), Authorization: fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(auth))),
Data: models.HostTurnRegister{ Data: models.HostTurnRegister{
HostID: hostID, HostID: hostID,
HostPassHash: ConvHostPassToHash(hostPass), HostPassHash: ConvHostPassToHash(hostPass),
@ -467,11 +468,12 @@ func RegisterHostWithTurn(hostID, hostPass string) error {
// DeRegisterHostWithTurn - to be called when host need to be deregistered from a turn server // DeRegisterHostWithTurn - to be called when host need to be deregistered from a turn server
func DeRegisterHostWithTurn(hostID string) error { func DeRegisterHostWithTurn(hostID string) error {
auth := servercfg.GetTurnUserName() + ":" + servercfg.GetTurnPassword()
api := httpclient.JSONEndpoint[models.SuccessResponse, models.ErrorResponse]{ api := httpclient.JSONEndpoint[models.SuccessResponse, models.ErrorResponse]{
URL: servercfg.GetTurnApiHost(), URL: servercfg.GetTurnApiHost(),
Route: fmt.Sprintf("/api/v1/host/deregister?host_id=%s", hostID), Route: fmt.Sprintf("/api/v1/host/deregister?host_id=%s", hostID),
Method: http.MethodPost, Method: http.MethodPost,
Authorization: fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(auth))),
Response: models.SuccessResponse{}, Response: models.SuccessResponse{},
ErrorResponse: models.ErrorResponse{}, ErrorResponse: models.ErrorResponse{},
} }

5
mq/handlers.go
View file

@ -141,7 +141,10 @@ func UpdateHost(client mqtt.Client, msg mqtt.Message) {
} }
sendPeerUpdate = true sendPeerUpdate = true
case models.RegisterWithTurn: case models.RegisterWithTurn:
logic.RegisterHostWithTurn(hostUpdate.Host.ID.String(), hostUpdate.Host.HostPass) err = logic.RegisterHostWithTurn(hostUpdate.Host.ID.String(), hostUpdate.Host.HostPass)
if err != nil {
logger.Log(0, "failed to register host with turn server: ", err.Error())
}
} }
if sendPeerUpdate { if sendPeerUpdate {

24
servercfg/serverconf.go
View file

@ -663,6 +663,30 @@ func GetTurnPort() int {
return port return port
} }
// GetTurnUserName - fetches the turn server username
func GetTurnUserName() string {
userName := ""
if os.Getenv("TURN_USERNAME") != "" {
userName = os.Getenv("TURN_USERNAME")
} else {
userName = config.Config.Server.TurnUserName
}
return userName
}
// GetTurnPassword - fetches the turn server password
func GetTurnPassword() string {
pass := ""
if os.Getenv("TURN_PASSWORD") != "" {
pass = os.Getenv("TURN_PASSWORD")
} else {
pass = config.Config.Server.TurnPassword
}
return pass
}
// IsProxyEnabled - is proxy on or off // IsProxyEnabled - is proxy on or off
func IsProxyEnabled() bool { func IsProxyEnabled() bool {
var enabled = false //default var enabled = false //default

12
turnserver/internal/auth/auth.go
View file

@ -15,10 +15,12 @@ var (
authMapLock = &sync.RWMutex{} authMapLock = &sync.RWMutex{}
HostMap = make(map[string]string) HostMap = make(map[string]string)
authBackUpFile = "auth.json" authBackUpFile = "auth.json"
backUpFilePath = filepath.Join("/etc/config", authBackUpFile)
) )
func init() { func init() {
os.MkdirAll("/etc/config", os.ModePerm) os.MkdirAll("/etc/config", os.ModePerm)
loadCredsFromFile()
} }
func RegisterNewHostWithTurn(hostID, hostPass string) { func RegisterNewHostWithTurn(hostID, hostPass string) {
@ -42,8 +44,16 @@ func dumpCredsToFile() {
return return
} }
err = os.WriteFile(filepath.Join("/etc/config", authBackUpFile), d, os.ModePerm) err = os.WriteFile(backUpFilePath, d, os.ModePerm)
if err != nil { if err != nil {
logger.Log(0, "failed to backup auth data: ", err.Error()) logger.Log(0, "failed to backup auth data: ", err.Error())
} }
} }
func loadCredsFromFile() error {
d, err := os.ReadFile(backUpFilePath)
if err != nil {
return err
}
return json.Unmarshal(d, &HostMap)
}