Merge branch 'turn-config' into 'next'

feat(turn): move config to table & error when no config is set See merge request famedly/conduit!733
2025-08-01 17:38:36 +00:00 · 2025-02-04 15:43:14 +00:00 · 2025-02-04 15:43:14 +00:00 · 7963a9d23f
commit 7963a9d23f
parent e952522a39 dbc1daaefb
4 changed files with 106 additions and 89 deletions
--- a/src/api/client_server/voip.rs
+++ b/src/api/client_server/voip.rs
@ -1,7 +1,10 @@
-use crate::{services, Result, Ruma};
+use crate::{config::TurnAuth, services, Error, Result, Ruma};
 use base64::{engine::general_purpose, Engine as _};
 use hmac::{Hmac, Mac};
-use ruma::{api::client::voip::get_turn_server_info, SecondsSinceUnixEpoch};
+use ruma::{
+    api::client::{error::ErrorKind, voip::get_turn_server_info},
+    SecondsSinceUnixEpoch,
+};
 use sha1::Sha1;
 use std::time::{Duration, SystemTime};

@ -9,40 +12,41 @@ type HmacSha1 = Hmac<Sha1>;

 /// # `GET /_matrix/client/r0/voip/turnServer`
 ///
-/// TODO: Returns information about the recommended turn server.
+/// Returns information about the recommended turn server.
 pub async fn turn_server_route(
    body: Ruma<get_turn_server_info::v3::Request>,
 ) -> Result<get_turn_server_info::v3::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

-    let turn_secret = services().globals.turn_secret().clone();
+    if let Some(turn) = services().globals.turn() {
+        let (username, password) = match turn.auth {
+            TurnAuth::Secret { secret } => {
+                let expiry = SecondsSinceUnixEpoch::from_system_time(
+                    SystemTime::now() + Duration::from_secs(turn.ttl),
+                )
+                .expect("time is valid");

-    let (username, password) = if !turn_secret.is_empty() {
-        let expiry = SecondsSinceUnixEpoch::from_system_time(
-            SystemTime::now() + Duration::from_secs(services().globals.turn_ttl()),
-        )
-        .expect("time is valid");
+                let username: String = format!("{}:{}", expiry.get(), sender_user);

-        let username: String = format!("{}:{}", expiry.get(), sender_user);
+                let mut mac = HmacSha1::new_from_slice(secret.as_bytes())
+                    .expect("HMAC can take key of any size");
+                mac.update(username.as_bytes());

-        let mut mac = HmacSha1::new_from_slice(turn_secret.as_bytes())
-            .expect("HMAC can take key of any size");
-        mac.update(username.as_bytes());
+                let password: String =
+                    general_purpose::STANDARD.encode(mac.finalize().into_bytes());

-        let password: String = general_purpose::STANDARD.encode(mac.finalize().into_bytes());
+                (username, password)
+            }
+            TurnAuth::UserPass { username, password } => (username, password),
+        };

-        (username, password)
+        Ok(get_turn_server_info::v3::Response {
+            username,
+            password,
+            uris: turn.uris,
+            ttl: Duration::from_secs(turn.ttl),
+        })
    } else {
-        (
-            services().globals.turn_username().clone(),
-            services().globals.turn_password().clone(),
-        )
-    };
-
-    Ok(get_turn_server_info::v3::Response {
-        username,
-        password,
-        uris: services().globals.turn_uris().to_vec(),
-        ttl: Duration::from_secs(services().globals.turn_ttl()),
-    })
+        Err(Error::BadRequest(ErrorKind::NotFound, "No TURN config set"))
+    }
 }