lt_cred support for TURN REST format #370
Conversation
|
I see the failed checks, I'll amend. |
giavac
force-pushed
the
master
branch
2 times, most recently
from
13764ec to
64db7d0
Compare
|
@rg0now I've pushed changes to satisfy some checks. I'm not sure all checks will pass - is https://github.com/pion/webrtc/wiki/Contributing up to date? I don't see all the referenced lint scripts in .goassets. Please let me know if there's an up to date set of checks I can do locally. Thanks. |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #370 +/- ##
==========================================
- Coverage 66.78% 66.68% -0.10%
==========================================
Files 43 43
Lines 2860 2888 +28
==========================================
+ Hits 1910 1926 +16
- Misses 787 796 +9
- Partials 163 166 +3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
| Realm: *realm, | ||
| // Set AuthHandler callback | ||
| // This is called everytime a user tries to authenticate with the TURN server | ||
| // Return the key for that user, or false when no user is found |
There was a problem hiding this comment.
Please remove useless comment. Also adding a short explanation might help people trying to adopt the feature.
| @@ -0,0 +1,72 @@ | |||
| // Package main implements a TURN server using | |||
There was a problem hiding this comment.
Please add copyright stanza as per the failing REUSE test. See examples/turn-server/lt-cred/main.go for an example.
| @@ -0,0 +1,72 @@ | |||
| // Package main implements a TURN server using | |||
| // ephemeral credentials. | |||
There was a problem hiding this comment.
Please add a short description of what's going on here to examples/README.md. No need to go into details, just the basic usage like here. This can go right after the existing lt-creds description.
go.mod
Outdated
| @@ -1,6 +1,6 @@ | |||
| module github.com/pion/turn/v3 | |||
|
|
|||
| go 1.13 | |||
| go 1.19 | |||
There was a problem hiding this comment.
I'm not sure we are allowed to upgrade the required Go version here. That would be a major break and may require a major release (not sure about this). Currently we are at 1.13 and my understanding is that there's nothing in your code that absolutely requires a higher version so I'd rather not bump the Go version here.
ps: not that I full understand the min Go version requirements across the entire pion project (some code like DTLS is still at 1.13 whole some like mediadevices require 1.19)...
lt_cred.go
Outdated
| @@ -57,3 +67,31 @@ func NewLongTermAuthHandler(sharedSecret string, l logging.LeveledLogger) AuthHa | |||
| return GenerateAuthKey(username, realm, password), true | |||
| } | |||
| } | |||
|
|
|||
| // LongTermTURNRESTAuthHandler returns a turn.AuthAuthHandler used with Long Term (or Time Windowed) Credentials. | |||
There was a problem hiding this comment.
Can you please add one line description of the main purpose of the REST API? I'm thinking of something along the following lines:
// LongTermTURNRESTAuthHandler returns a turn.AuthAuthHandler that can be used to authenticate
// time-windowed TURN credentials generated by the TURN REST API described in
// https://datatracker.ietf.org/doc/html/draft-uberti-behave-turn-rest-00
//
// The supported format of is timestamp:username, where username is an arbitrary user id and the
// timestamp specifies the expiry of the credential.
If you are at it: can you please also fix the URL in the doc of NewLongTermAuthHandler: the orignal URL https://tools.ietf.org/search/rfc5389#section-10.2 does not seem to work anymore for some reason, plus RFC 5389 is now obsoleted by RFC 8489, so we should use this URL instead: https://datatracker.ietf.org/doc/html/rfc8489#section-9.2.
|
Dear @giavac, would you be so kind to collapse your commits into a single one? (Just |
giavac
force-pushed
the
master
branch
2 times, most recently
from
4bb736c to
7b2a1d4
Compare
|
Thanks @rg0now - it should be OK now? |
|
@rg0now maybe I could try to increase the code coverage, if that's what's holding the last check? |
|
Unfortunately that won't fix this (codecov checks are not "required") but it would definitely help. The problem is the pending results for the Go 1.21 tests. Since I don't seem to receive a definite answer at Slack, I think we'll just merge manually anyway. |
|
Thanks a lot @giavac, merged |
|
Thanks for the review and guidance @rg0now |
Description
This PR adds support for ephemeral credentials, as initially described in https://datatracker.ietf.org/doc/html/draft-uberti-behave-turn-rest-00 and widely used by https://github.com/coturn/coturn