hermanbanken/config.js

## config.js
// adapted from default
export const settings = {
  ...defaultSettings,
  useStunTurn: true,
  p2p: {
    enabled: false, // disabled for testing
    useStunTurn: true,
  },
  // Some other settings for resolution & parallel talking as relevant for our usecase
}

## mod_turn.lua
-- original (adapted) source: https://raw.githubusercontent.com/netaskd/mod_turncredentials/master/mod_turncredentials.lua
-- XEP-0215 implementation for time-limited turn credentials
-- Copyright (C) 2012-2014 Philipp Hancke
-- This file is MIT/X11 licensed.

--turncredentials_secret = "keepthissecret";
--turncredentials = {
--    { type = "stun", host = "8.8.8.8", port = 3478 },
--    { type = "turn", host = "8.8.8.8", port = 3478 },
--    { type = "turn", host = "8.8.8.8", port = 80, transport = "tcp" }
--}
-- for stun servers, host is required, port defaults to 3478
-- for turn servers, host is required, port defaults to tcp,
--          transport defaults to udp
--          hosts can be a list of server names / ips for random
--          choice loadbalancing

local st = require "util.stanza";
local hmac_sha1 = require "util.hashes".hmac_sha1;
local base64 = require "util.encodings".base64;
local os_time = os.time;
local secret = module:get_option_string("turncredentials_secret");
local ttl = module:get_option_number("turncredentials_ttl", 86400);
local hosts = module:get_option("turncredentials") or {};

-- Add fixed set of stun host(s)
local hosts_fixed = {
	{ type = "stun", host = "meet-jit-si-turnrelay.jitsi.net", port = 443 }
}
for _,v in ipairs(hosts_fixed) do
	table.insert(hosts, v)
end

-- Output configuration in logs
for idx, item in pairs(hosts) do
	module:log("info", "TURN/STUN: %s %s/%q", item.type, item.host, item.hosts);
end

if not (secret) then
	module:log("error", "turncredentials not configured");
	return;
end

function random(arr)
	local index = math.random(1, #arr);
	return arr[index];
end

module:hook_global("config-reloaded", function()
	secret = module:get_option_string("turncredentials_secret");
	ttl = module:get_option_number("turncredentials_ttl", 86400);
	hosts = module:get_option("turncredentials") or {};
end);

function disco(xmlns)
	module:log("info", "TURN/STUN serving %s", xmlns);
	return function (event)
		local origin, stanza = event.origin, event.stanza;
		if origin.type ~= "c2s" then
			return;
		end
		module:log("info", "TURN/STUN running Service Discovery for end-user");
		local now = os_time() + ttl;
		local userpart = tostring(now);
		local nonce = base64.encode(hmac_sha1(secret, tostring(userpart), false));
		local reply = st.reply(stanza):tag("services", {xmlns = xmlns})
		for idx, item in pairs(hosts) do
			if item.type == "stun" or item.type == "stuns" then
				local stun = {}
				-- stun items need host and port (defaults to 3478)
				stun.type = item.type;
				stun.port = ("%d"):format(item.port);
				if item.hosts then
					stun.host = random(item.hosts)
				else
					stun.host = item.host
				end
				reply:tag("service", stun):up();
			elseif item.type == "turn" or item.type == "turns" then
				local turn = {}
				-- turn items need host, port (defaults to 3478),
				-- transport (defaults to udp)
				-- username, password, ttl
				turn.type = item.type;
				turn.port = ("%d"):format(item.port);
				turn.transport = item.transport;
				turn.username = userpart;
				turn.password = nonce;
				turn.ttl = ("%d"):format(ttl);
				if item.hosts then
					turn.host = random(item.hosts)
				else
					turn.host = item.host
				end
				reply:tag("service", turn):up();
			end
		end
		origin.send(reply);
		return true;
	end
end

-- jitsi uses extdisco:1, but extdisco:2 is also possible since 2015
-- https://community.jitsi.org/t/no-traffic-to-jvb-from-client/70817
module:hook("iq-get/host/urn:xmpp:extdisco:1:services", disco("urn:xmpp:extdisco:1"));
module:hook("iq-get/host/urn:xmpp:extdisco:2:services", disco("urn:xmpp:extdisco:2"));
	// adapted from default
	export const settings = {
	...defaultSettings,
	useStunTurn: true,
	p2p: {
	enabled: false, // disabled for testing
	useStunTurn: true,
	},
	// Some other settings for resolution & parallel talking as relevant for our usecase
	}
	-- original (adapted) source: https://raw.githubusercontent.com/netaskd/mod_turncredentials/master/mod_turncredentials.lua
	-- XEP-0215 implementation for time-limited turn credentials
	-- Copyright (C) 2012-2014 Philipp Hancke
	-- This file is MIT/X11 licensed.

	--turncredentials_secret = "keepthissecret";
	--turncredentials = {
	-- { type = "stun", host = "8.8.8.8", port = 3478 },
	-- { type = "turn", host = "8.8.8.8", port = 3478 },
	-- { type = "turn", host = "8.8.8.8", port = 80, transport = "tcp" }
	--}
	-- for stun servers, host is required, port defaults to 3478
	-- for turn servers, host is required, port defaults to tcp,
	-- transport defaults to udp
	-- hosts can be a list of server names / ips for random
	-- choice loadbalancing

	local st = require "util.stanza";
	local hmac_sha1 = require "util.hashes".hmac_sha1;
	local base64 = require "util.encodings".base64;
	local os_time = os.time;
	local secret = module:get_option_string("turncredentials_secret");
	local ttl = module:get_option_number("turncredentials_ttl", 86400);
	local hosts = module:get_option("turncredentials") or {};

	-- Add fixed set of stun host(s)
	local hosts_fixed = {
	{ type = "stun", host = "meet-jit-si-turnrelay.jitsi.net", port = 443 }
	}
	for _,v in ipairs(hosts_fixed) do
	table.insert(hosts, v)
	end

	-- Output configuration in logs
	for idx, item in pairs(hosts) do
	module:log("info", "TURN/STUN: %s %s/%q", item.type, item.host, item.hosts);
	end

	if not (secret) then
	module:log("error", "turncredentials not configured");
	return;
	end

	function random(arr)
	local index = math.random(1, #arr);
	return arr[index];
	end

	module:hook_global("config-reloaded", function()
	secret = module:get_option_string("turncredentials_secret");
	ttl = module:get_option_number("turncredentials_ttl", 86400);
	hosts = module:get_option("turncredentials") or {};
	end);

	function disco(xmlns)
	module:log("info", "TURN/STUN serving %s", xmlns);
	return function (event)
	local origin, stanza = event.origin, event.stanza;
	if origin.type ~= "c2s" then
	return;
	end
	module:log("info", "TURN/STUN running Service Discovery for end-user");
	local now = os_time() + ttl;
	local userpart = tostring(now);
	local nonce = base64.encode(hmac_sha1(secret, tostring(userpart), false));
	local reply = st.reply(stanza):tag("services", {xmlns = xmlns})
	for idx, item in pairs(hosts) do
	if item.type == "stun" or item.type == "stuns" then
	local stun = {}
	-- stun items need host and port (defaults to 3478)
	stun.type = item.type;
	stun.port = ("%d"):format(item.port);
	if item.hosts then
	stun.host = random(item.hosts)
	else
	stun.host = item.host
	end
	reply:tag("service", stun):up();
	elseif item.type == "turn" or item.type == "turns" then
	local turn = {}
	-- turn items need host, port (defaults to 3478),
	-- transport (defaults to udp)
	-- username, password, ttl
	turn.type = item.type;
	turn.port = ("%d"):format(item.port);
	turn.transport = item.transport;
	turn.username = userpart;
	turn.password = nonce;
	turn.ttl = ("%d"):format(ttl);
	if item.hosts then
	turn.host = random(item.hosts)
	else
	turn.host = item.host
	end
	reply:tag("service", turn):up();
	end
	end
	origin.send(reply);
	return true;
	end
	end

	-- jitsi uses extdisco:1, but extdisco:2 is also possible since 2015
	-- https://community.jitsi.org/t/no-traffic-to-jvb-from-client/70817
	module:hook("iq-get/host/urn:xmpp:extdisco:1:services", disco("urn:xmpp:extdisco:1"));
	module:hook("iq-get/host/urn:xmpp:extdisco:2:services", disco("urn:xmpp:extdisco:2"));