npm - ep_webrtc - Versions diffs - 1.0.0 → 1.1.0 - Mend

ep_webrtc 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -134,6 +134,8 @@ example:
   }
 ```
+#### Ephemeral credentials
 To limit abuse, the [coturn](https://github.com/coturn/coturn) TURN server
 supports [ephemeral (temporary) usernames and
 passwords](https://github.com/coturn/coturn/blob/60e7a199fe748cb7080594a458d22c2f7bb15a8c/README.turnserver#L664-L729).
@@ -165,7 +167,36 @@ Example:
         "lifetime": 3600
       }
     ]
-  }
+  },
+```
+There is also support for ephemeral credentials from the
+[Xirsys](https://xirsys.com/) [API](https://docs.xirsys.com/?pg=api-turn):
+  * `credentialType` (required): Must be set to the exact string `"xirsys
+    ephemeral credentials"`.
+  * `url` (required): The desired Xirsys TURN API endpoint.
+  * `username` (required): Your Xirsys username.
+  * `credential` (required): Your Xirsys API secret.
+  * `lifetime` (optional; defaults to 43200 = 12 hours): How long (in seconds)
+    the ephemeral credentials will remain valid after the user visits a pad.
+    After this amount of time, new TURN connections will fail until the user
+    reloads the page (which will generate a new password).
+Example:
+```json
+  "ep_webrtc": {
+    "iceServers": [
+      {
+        "credentialType": "xirsys ephemeral credentials",
+        "url": "https://global.xirsys.net/_turn/myChannel",
+        "username": "myUsername",
+        "credential": "myPassword",
+        "lifetime": 3600
+      }
+    ]
+  },
 ```
 ### Video Sizes

package/ep.json CHANGED Viewed

@@ -5,6 +5,7 @@
       "hooks": {
         "clientVars": "",
         "handleMessage": "",
+        "init_ep_webrtc": "",
         "loadSettings": "",
         "socketio": ":setSocketIO",
         "eejsBlock_mySettings": "",

package/index.js CHANGED Viewed

@@ -14,15 +14,19 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+const _ = require('lodash');
+const {Buffer} = require('buffer');
 const crypto = require('crypto');
-const log4js = require('ep_etherpad-lite/node_modules/log4js');
-const statsLogger = log4js.getLogger('stats');
-const configLogger = log4js.getLogger('configuration');
 const eejs = require('ep_etherpad-lite/node/eejs/');
 const sessioninfos = require('ep_etherpad-lite/node/handler/PadMessageHandler').sessioninfos;
 const stats = require('ep_etherpad-lite/node/stats');
-const settings = {
+let logger = {};
+for (const level of ['debug', 'info', 'warn', 'error']) {
+  logger[level] = console[level].bind(console, 'ep_webrtc:');
+}
+const defaultSettings = {
   // The defaults here are overridden by the values in the `ep_webrtc` object from `settings.json`.
   enabled: true,
   audio: {
@@ -40,8 +44,18 @@ const settings = {
   listenClass: null,
   moreInfoUrl: {},
 };
+let settings = null;
 let socketio;
+const addContextToError = (err, pfx) => {
+  const newErr = new Error(`${pfx}${err.message}`, {cause: err});
+  if (Error.captureStackTrace) Error.captureStackTrace(newErr, addContextToError);
+  // Check for https://github.com/tc39/proposal-error-cause support, available in Node.js >= v16.10.
+  if (newErr.cause === err) return newErr;
+  err.message = `${pfx}${err.message}`;
+  return err;
+};
 // Copied from:
 // https://github.com/ether/etherpad-lite/blob/f95b09e0b6752a0d226d58d8b246831164dc9533/src/node/handler/PadMessageHandler.js#L1411-L1420
 const _getRoomSockets = (padId) => {
@@ -102,21 +116,70 @@ const handleErrorStatMessage = (statName) => {
   if (statErrorNames.includes(statName)) {
     stats.meter(`ep_webrtc_err_${statName}`).mark();
   } else {
-    statsLogger.warn(`Invalid ep_webrtc error stat: ${statName}`);
+    logger.warn(`Invalid ep_webrtc error stat: ${statName}`);
+  }
+};
+const fetchJson = async (url, opts = {}) => {
+  const c = new globalThis.AbortController();
+  const t = setTimeout(() => c.abort(), 5000);
+  let res;
+  try {
+    res = await globalThis.fetch(url, {signal: c.signal, ...opts});
+  } finally {
+    clearTimeout(t);
   }
+  if (!res.ok) throw new Error(`HTTP ${res.status} ${res.statusText}`);
+  return await res.json();
 };
 exports.clientVars = async (hookName, {clientVars: {userId: authorId}}) => ({ep_webrtc: {
   ...settings,
-  iceServers: settings.iceServers.map((server) => {
-    if (server.credentialType !== 'coturn ephemeral password') return server;
-    const {lifetime = 60 * 60 * 12 /* seconds */} = server;
-    const username = `${Math.floor(Date.now() / 1000) + lifetime}:${authorId}`;
-    const hmac = crypto.createHmac('sha1', server.credential);
-    hmac.update(username);
-    const credential = hmac.digest('base64');
-    return {urls: server.urls, username, credential};
-  }),
+  iceServers: await Promise.all(settings.iceServers.map(async (server) => {
+    switch (server.credentialType) {
+      case 'coturn ephemeral password': {
+        const {lifetime = 60 * 60 * 12 /* seconds */} = server;
+        const username = `${Math.floor(Date.now() / 1000) + lifetime}:${authorId}`;
+        const hmac = crypto.createHmac('sha1', server.credential);
+        hmac.update(username);
+        const credential = hmac.digest('base64');
+        return {urls: server.urls, username, credential};
+      }
+      case 'xirsys ephemeral credentials': {
+        const {
+          url,
+          username,
+          credential,
+          lifetime: expire = 12 * 60 * 60, // seconds
+          method = 'PUT',
+          headers: h = {},
+          jsonBody: b = {},
+        } = server;
+        // Can't set default values for the Content-Type and Authorization headers by using an
+        // object literal with spread (e.g., `{'content-type': 'foo', ...h}`) because the Headers
+        // constructor uses `.append()` internally instead of `.set()`. This matters if a header is
+        // repeated multiple times by using different mixes of upper- and lower-case letters.
+        const headers = new globalThis.Headers(h);
+        if (!headers.has('content-type')) headers.set('content-type', 'application/json');
+        if (username && !headers.has('authorization')) {
+          headers.set('authorization',
+              `Basic ${Buffer.from(`${username}:${credential}`).toString('base64')}`);
+        }
+        const body =
+            JSON.stringify(b && typeof b === 'object' ? {format: 'urls', expire, ...b} : b);
+        try {
+          const {v, s} = await fetchJson(url, {method, headers, body});
+          if (s !== 'ok') throw new Error(`API error: ${v}`);
+          return v.iceServers;
+        } catch (err) {
+          const newErr = addContextToError(err, 'failed to get TURN credentials: ');
+          logger.error(newErr.stack || newErr.toString());
+          throw newErr;
+        }
+      }
+      default: return server;
+    }
+  })),
 }});
 exports.handleMessage = async (hookName, {message, socket}) => {
@@ -130,6 +193,22 @@ exports.handleMessage = async (hookName, {message, socket}) => {
   }
 };
+exports.init_ep_webrtc = async (hookName, {logger: l}) => {
+  if (l != null) logger = l;
+  // TODO: Remove this once all supported Node.js versions have the fetch API (added in Node.js
+  // v17.5.0 behind the --experimental-fetch flag).
+  if (!globalThis.fetch) {
+    // eslint-disable-next-line node/no-unsupported-features/es-syntax -- https://github.com/mysticatea/eslint-plugin-node/issues/250
+    const {default: fetch, Headers, Request, Response} = await import('node-fetch');
+    Object.assign(globalThis, {fetch, Headers, Request, Response});
+  }
+  // TODO: Remove this once all supported Node.js versions have AbortController (>= v15.4.0).
+  if (!globalThis.AbortController) {
+    // eslint-disable-next-line node/no-unsupported-features/es-syntax -- https://github.com/mysticatea/eslint-plugin-node/issues/250
+    globalThis.AbortController = (await import('abort-controller')).default;
+  }
+};
 exports.setSocketIO = (hookName, {io}) => { socketio = io; };
 exports.eejsBlock_mySettings = (hookName, context) => {
@@ -143,27 +222,23 @@ exports.eejsBlock_styles = (hookName, context) => {
   context.content += eejs.require('./templates/styles.html', {}, module);
 };
-exports.loadSettings = async (hookName, {settings: {ep_webrtc = {}}}) => {
-  const isObj = (o) => o != null && typeof o === 'object' && !Array.isArray(o);
-  const merge = (target, source) => {
-    for (const [k, sv] of Object.entries(source)) {
-      const tv = target[k];
-      // The own-property check on the target prevents prototype pollution. (Prototype pollution
-      // shouldn't be exploitable here because the source comes from admin-controlled settings.json,
-      // but the check is added anyway to hopefully pacify static analysis tools.)
-      if (Object.prototype.hasOwnProperty.call(target, k) && isObj(tv) && isObj(sv)) merge(tv, sv);
-      else target[k] = sv;
-    }
-  };
-  merge(settings, ep_webrtc);
+exports.loadSettings = async (hookName, {settings: {ep_webrtc: s = {}}}) => {
+  settings = _.mergeWith({}, defaultSettings, s, (objV, srcV, key, obj, src) => {
+    if (Array.isArray(srcV)) return _.cloneDeep(srcV); // Don't merge arrays, replace them.
+    if (src === s && key === 'videoConstraints') return _.cloneDeep(srcV);
+  });
   settings.configError = (() => {
     for (const k of ['audio', 'video']) {
       const {[k]: {disabled} = {}} = settings;
       if (disabled != null && !['none', 'hard', 'soft'].includes(disabled)) {
-        configLogger.error(`Invalid value in settings.json for ep_webrtc.${k}.disabled`);
+        logger.error(`Invalid value in settings.json for ep_webrtc.${k}.disabled`);
         return true;
       }
     }
     return false;
   })();
+  logger.info('configured:', {
+    ...settings,
+    iceServers: settings.iceServers.map((s) => s.credential ? {...s, credential: '*****'} : s),
+  });
 };

package/package.json CHANGED Viewed

@@ -5,21 +5,25 @@
     "url": "git@github.com:ether/ep_webrtc.git",
     "type": "git"
   },
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "WebRTC based audio/video chat to Etherpad",
   "author": "John McLear <john@mclear.co.uk>",
   "contributors": [],
   "engines": {
     "node": ">=12.17.0"
   },
-  "dependencies": {},
+  "dependencies": {
+    "abort-controller": "^3.0.0",
+    "lodash": "^4.17.21",
+    "node-fetch": "^3.2.1"
+  },
   "funding": {
     "type": "individual",
     "url": "https://etherpad.org/"
   },
   "devDependencies": {
     "eslint": "^8.10.0",
-    "eslint-config-etherpad": "^3.0.4",
+    "eslint-config-etherpad": "^3.0.5",
     "typescript": "^4.6.2"
   },
   "scripts": {