diff --git a/internal/server/server.go b/internal/server/server.go index ad27f45b..425a14ce 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -28,6 +28,7 @@ type Request struct { // User Configuration AuthHandler func(username string, realm string, srcAddr net.Addr) (key []byte, ok bool) + AuthSuccess func(username string, realm string, srcAddr net.Addr) Log logging.LeveledLogger Realm string ChannelBindTimeout time.Duration diff --git a/internal/server/turn_test.go b/internal/server/turn_test.go index 2590ab6e..4145c65e 100644 --- a/internal/server/turn_test.go +++ b/internal/server/turn_test.go @@ -84,6 +84,8 @@ func TestAllocationLifeTime(t *testing.T) { staticKey, err := nonceHash.Generate() assert.NoError(t, err) + authSuccessCallbackTimes := 0 + r := Request{ AllocationManager: allocationManager, NonceHash: nonceHash, @@ -93,13 +95,16 @@ func TestAllocationLifeTime(t *testing.T) { AuthHandler: func(string, string, net.Addr) (key []byte, ok bool) { return []byte(staticKey), true }, + + AuthSuccess: func(username string, realm string, srcAddr net.Addr) { + authSuccessCallbackTimes++ + }, } fiveTuple := &allocation.FiveTuple{SrcAddr: r.SrcAddr, DstAddr: r.Conn.LocalAddr(), Protocol: allocation.UDP} _, err = r.AllocationManager.CreateAllocation(fiveTuple, r.Conn, 0, time.Hour) assert.NoError(t, err) - assert.NotNil(t, r.AllocationManager.GetAllocation(fiveTuple)) m := &stun.Message{} @@ -109,7 +114,12 @@ func TestAllocationLifeTime(t *testing.T) { assert.NoError(t, (stun.Realm(staticKey)).AddTo(m)) assert.NoError(t, (stun.Username(staticKey)).AddTo(m)) + assert.NoError(t, handleCreatePermissionRequest(r, m)) + assert.Equal(t, 1, authSuccessCallbackTimes) + assert.NoError(t, handleRefreshRequest(r, m)) + assert.Equal(t, 2, authSuccessCallbackTimes) + assert.Nil(t, r.AllocationManager.GetAllocation(fiveTuple)) }) } diff --git a/internal/server/util.go b/internal/server/util.go index 97f01c01..ca7a9c07 100644 --- a/internal/server/util.go +++ b/internal/server/util.go @@ -97,6 +97,10 @@ func authenticateRequest(r Request, m *stun.Message, callingMethod stun.Method) return nil, false, buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...) } + if r.AuthSuccess != nil { + r.AuthSuccess(usernameAttr.String(), realmAttr.String(), r.SrcAddr) + } + return stun.MessageIntegrity(ourKey), true, nil } diff --git a/server.go b/server.go index 91d7b1d5..43d872c6 100644 --- a/server.go +++ b/server.go @@ -24,6 +24,7 @@ const ( type Server struct { log logging.LeveledLogger authHandler AuthHandler + authSuccess AuthCallback realm string channelBindTimeout time.Duration nonceHash *server.NonceHash @@ -60,6 +61,7 @@ func NewServer(config ServerConfig) (*Server, error) { s := &Server{ log: loggerFactory.NewLogger("turn"), authHandler: config.AuthHandler, + authSuccess: config.AuthSuccess, realm: config.Realm, channelBindTimeout: config.ChannelBindTimeout, packetConnConfigs: config.PacketConnConfigs, @@ -221,6 +223,7 @@ func (s *Server) readLoop(p net.PacketConn, allocationManager *allocation.Manage Buff: buf[:n], Log: s.log, AuthHandler: s.authHandler, + AuthSuccess: s.authSuccess, Realm: s.realm, AllocationManager: allocationManager, ChannelBindTimeout: s.channelBindTimeout, diff --git a/server_config.go b/server_config.go index eaa7a258..ffcdc22f 100644 --- a/server_config.go +++ b/server_config.go @@ -96,6 +96,9 @@ func (c *ListenerConfig) validate() error { // AuthHandler is a callback used to handle incoming auth requests, allowing users to customize Pion TURN with custom behavior type AuthHandler func(username, realm string, srcAddr net.Addr) (key []byte, ok bool) +// AuthCallback is a callback used to inform users about the success of authentication events to the server +type AuthCallback func(username, realm string, srcAddr net.Addr) + // GenerateAuthKey is a convenience function to easily generate keys in the format used by AuthHandler func GenerateAuthKey(username, realm, password string) []byte { // #nosec @@ -120,6 +123,9 @@ type ServerConfig struct { // AuthHandler is a callback used to handle incoming auth requests, allowing users to customize Pion TURN with custom behavior AuthHandler AuthHandler + // AuthCallback is a callback used to notify users of successful authentication to the TURN server + AuthSuccess AuthCallback + // ChannelBindTimeout sets the lifetime of channel binding. Defaults to 10 minutes. ChannelBindTimeout time.Duration