add support for legacy non-HMAC turn credentials

docker-compose.yaml

@@ -31,10 +31,17 @@ services:
       BASIC_AUTH_USER: ${BASIC_AUTH_USER}
       BASIC_AUTH_PASSWORD: ${BASIC_AUTH_PASSWORD}
 
-      # TURN with shared secret
+      # TURN with shared secret or user/pass
       TURN_SHARED_SECRET: ${TURN_SHARED_SECRET}
       TURN_HOST: ${TURN_HOST}
       TURN_PORT: ${TURN_PORT}
+      TURN_USERNAME: ${TURN_USERNAME}
+      TURN_PASSWORD: ${TURN_PASSWORD}
+
+      # Turn with coTURN web
+      COTURN_WEB_URI: ${COTURN_WEB_URI}
+      COTURN_WEB_USERNAME: ${COTURN_WEB_USERNAME}
+      COTURN_AUTH_HEADER_NAME: ${COTURN_AUTH_HEADER_NAME}
 
       # Additional server-side settings.
       WEBRTC_ENABLE_RESIZE: ${WEBRTC_ENABLE_RESIZE}

src/selkies_gstreamer/__main__.py

@@ -140,6 +140,27 @@ def stop(self):
         self.observer.stop()
         self.running = False
 
+def make_turn_rtc_config_json(host, port, username, password):
+    return """{
+  "lifetimeDuration": "86400s",
+  "iceServers": [
+    {
+      "urls": [
+        "stun:%s:%s"
+      ]
+    },
+    {
+      "urls": [
+        "turn:%s:%s?transport=udp"
+      ],
+      "username": "%s",
+      "credential": "%s"
+    }
+  ],
+  "blockStatus": "NOT_BLOCKED",
+  "iceTransportPolicy": "all"
+}""" % (host, port, host, port, username, password)
+
 def parse_rtc_config(data):
     ice_servers = json.loads(data)['iceServers']
     stun_uris = []
@@ -291,15 +312,23 @@ def main():
     parser.add_argument('--turn_shared_secret',
                         default=os.environ.get(
                             'TURN_SHARED_SECRET', ''),
-                        help='shared TURN secret used to generate HMAC credentials.')
+                        help='shared TURN secret used to generate HMAC credentials, also requires TURN_HOST and TURN_PORT.')
+    parser.add_argument('--turn_username',
+                        default=os.environ.get(
+                            'TURN_USERNAME', ''),
+                        help='Legacy non-HMAC TURN credential username, also requires TURN_HOST and TURN_PORT.')
+    parser.add_argument('--turn_password',
+                        default=os.environ.get(
+                            'TURN_PASSWORD', ''),
+                        help='Legacy non-HMAC TURN credential password, also requires TURN_HOST and TURN_PORT.')
     parser.add_argument('--turn_host',
                         default=os.environ.get(
                             'TURN_HOST', ''),
-                        help='TURN host when generating RTC config from shared secret.')
+                        help='TURN host when generating RTC config from shared secret or legacy credentials.')
     parser.add_argument('--turn_port',
                         default=os.environ.get(
                             'TURN_PORT', ''),
-                        help='TURN port when generating RTC config from shared secret.')
+                        help='TURN port when generating RTC config from shared secret or legacy credentials.')
     parser.add_argument('--uinput_mouse_socket',
                         default=os.environ.get('UINPUT_MOUSE_SOCKET', ''),
                         help='path to uinput mouse socket provided by uinput-device-plugin, if not provided, uinput is used directly.')
@@ -418,6 +447,13 @@ async def on_signalling_error(e):
             using_hmac_turn = True
             data = generate_rtc_config(args.turn_host, args.turn_port, args.turn_shared_secret, args.coturn_web_username)
             stun_servers, turn_servers, rtc_config = parse_rtc_config(data)
+        elif args.turn_username and args.turn_password:
+            if not args.turn_host and args.turn_port:
+                logger.error("missing turn host and turn port")
+                sys.exit(1)
+            logger.warning("using legacy non-HMAC TURN credentials.")
+            config_json = make_turn_rtc_config_json(args.turn_host, args.turn_port, args.turn_username, args.turn_password)
+            stun_servers, turn_servers, rtc_config = parse_rtc_config(config_json)
         else:
             # Use existing coturn-web infrastructure.
             try: