fix: Remove ICEServer proxying from client to server

[kylecarbs]

This made testing simple, but enabled insecure behavior. This allows
the listener to fetch ICEServers from a remote location, which will
likely be coderd.

[codecov]

Codecov Report

Merging #400 (ad02f75) into main (44d83e4) will increase coverage by 1.49%.
The diff coverage is 89.65%.

@@            Coverage Diff             @@
##             main     #400      +/-   ##
==========================================
+ Coverage   66.10%   67.60%   +1.49%     
==========================================
  Files          71      150      +79     
  Lines         773     8446    +7673     
  Branches       72       72              
==========================================
+ Hits          511     5710    +5199     
- Misses        248     2158    +1910     
- Partials       14      578     +564     

Flag	Coverage Δ
unittest-go-macos-latest	65.97% <89.65%> (?)
unittest-go-ubuntu-latest	67.28% <89.65%> (?)
unittest-go-windows-2022	65.36% <89.65%> (?)
unittest-js	66.10% <ø> (ø)

Impacted Files	Coverage Δ
peerbroker/listen.go	83.62% <84.21%> (ø)
peerbroker/dial.go	75.43% <100.00%> (ø)
peerbroker/proxy.go	55.97% <100.00%> (ø)
pty/pty.go	0.00% <0.00%> (ø)
codersdk/workspaceagent.go	54.16% <0.00%> (ø)
pty/start_other.go	72.00% <0.00%> (ø)
coderd/parameter/compute.go	71.85% <0.00%> (ø)
cli/projectlist.go	80.43% <0.00%> (ø)
provisioner/terraform/serve.go	63.63% <0.00%> (ø)
coderd/projectimport.go	59.39% <0.00%> (ø)
... and 72 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 44d83e4...ad02f75. Read the comment docs.

[bryphe-coder]

Seems like this comment might need to be updated now - if I understand correctly, the client won't send ICE servers anymore.

[bryphe-coder]

It wasn't clear to me where the client is sending these up now?

EDIT: I should've read the PR description & title more closely, that explains why - it's insecure

[bryphe-coder]

Was curious because it looks like the ice connection is failing in the tests now:

    t.go:56: 2022-03-04 18:18:57.801 [DEBUG]	(server)	<conn.go:243>	sending local candidate	{"candidate": "candidate:3781755249 1 udp 1694498815 23.98.128.67 1986 typ srflx raddr 0.0.0.0 rport 49007"}
    t.go:56: 2022-03-04 18:18:57.809 [DEBUG]	(client)	<conn.go:357>	accepting candidate	{"candidate": "candidate:3781755249 1 udp 1694498815 23.98.128.67 1986 typ srflx raddr 0.0.0.0 rport 49007"}
    t.go:56: 2022-03-04 18:19:27.905 [DEBUG]	(server)	<conn.go:155>	ice connection state updated	{"state": "failed"}

https://github.com/coder/coder/runs/5426432416?check_suite_focus=true#step:7:130

And I suspect it must be related to this change 🤔

[bryphe-coder]

If I switch the ICEServersFunc discovery function to nil here - the tests seem to pass: https://github.com/coder/coder/runs/5426432416?check_suite_focus=true#step:7:130

I guess it indicates there may be a bug with how we're interacting with a 'real' STUN server?

[bryphe-coder]

(or just removing the settingEngine.SetHostAcceptanceMinWait(time.Hour) line seems to make it pass too)

I had trouble finding docs on what the parameter was controlling - I found the code here https://github.com/pion/webrtc/blob/1765e9b913535f5e6aeacf91e7d4b75d1dbcdc9f/settingengine.go#L107 which sets https://github.com/pion/webrtc/blob/157220e800257ee4090f181e7edcca6435adb9f2/icegatherer.go#L102 - but wasn't clear to me how this enforces calling through to the STUN server.

[bryphe-coder]

Just had some questions inline, and noticed a test failure.

Approved pending green test run ✅