Add callback for TURN authentication success

pion · Jul 16, 2024 · 2404127 · 2404127
1 parent b44d85a
commit 2404127
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 1 deletion.
diff --git a/internal/server/server.go b/internal/server/server.go
@@ -28,6 +28,7 @@ type Request struct {
 
 	// User Configuration
 	AuthHandler        func(username string, realm string, srcAddr net.Addr) (key []byte, ok bool)
+	AuthSuccess        func(username string, realm string, srcAddr net.Addr)
 	Log                logging.LeveledLogger
 	Realm              string
 	ChannelBindTimeout time.Duration

diff --git a/internal/server/turn_test.go b/internal/server/turn_test.go
@@ -84,6 +84,8 @@ func TestAllocationLifeTime(t *testing.T) {
 		staticKey, err := nonceHash.Generate()
 		assert.NoError(t, err)
 
+		authSuccessCallbackTimes := 0
+
 		r := Request{
 			AllocationManager: allocationManager,
 			NonceHash:         nonceHash,
@@ -93,13 +95,16 @@ func TestAllocationLifeTime(t *testing.T) {
 			AuthHandler: func(string, string, net.Addr) (key []byte, ok bool) {
 				return []byte(staticKey), true
 			},
+
+			AuthSuccess: func(username string, realm string, srcAddr net.Addr) {
+				authSuccessCallbackTimes++
+			},
 		}
 
 		fiveTuple := &allocation.FiveTuple{SrcAddr: r.SrcAddr, DstAddr: r.Conn.LocalAddr(), Protocol: allocation.UDP}
 
 		_, err = r.AllocationManager.CreateAllocation(fiveTuple, r.Conn, 0, time.Hour)
 		assert.NoError(t, err)
-
 		assert.NotNil(t, r.AllocationManager.GetAllocation(fiveTuple))
 
 		m := &stun.Message{}
@@ -109,7 +114,12 @@ func TestAllocationLifeTime(t *testing.T) {
 		assert.NoError(t, (stun.Realm(staticKey)).AddTo(m))
 		assert.NoError(t, (stun.Username(staticKey)).AddTo(m))
 
+		assert.NoError(t, handleCreatePermissionRequest(r, m))
+		assert.Equal(t, 1, authSuccessCallbackTimes)
+
 		assert.NoError(t, handleRefreshRequest(r, m))
+		assert.Equal(t, 2, authSuccessCallbackTimes)
+
 		assert.Nil(t, r.AllocationManager.GetAllocation(fiveTuple))
 	})
 }
diff --git a/internal/server/util.go b/internal/server/util.go
@@ -97,6 +97,10 @@ func authenticateRequest(r Request, m *stun.Message, callingMethod stun.Method)
 		return nil, false, buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
 	}
 
+	if r.AuthSuccess != nil {
+		r.AuthSuccess(usernameAttr.String(), realmAttr.String(), r.SrcAddr)
+	}
+
 	return stun.MessageIntegrity(ourKey), true, nil
 }
 

diff --git a/server.go b/server.go
@@ -24,6 +24,7 @@ const (
 type Server struct {
 	log                logging.LeveledLogger
 	authHandler        AuthHandler
+	authSuccess        AuthCallback
 	realm              string
 	channelBindTimeout time.Duration
 	nonceHash          *server.NonceHash
@@ -60,6 +61,7 @@ func NewServer(config ServerConfig) (*Server, error) {
 	s := &Server{
 		log:                loggerFactory.NewLogger("turn"),
 		authHandler:        config.AuthHandler,
+		authSuccess:        config.AuthSuccess,
 		realm:              config.Realm,
 		channelBindTimeout: config.ChannelBindTimeout,
 		packetConnConfigs:  config.PacketConnConfigs,
@@ -221,6 +223,7 @@ func (s *Server) readLoop(p net.PacketConn, allocationManager *allocation.Manage
 			Buff:               buf[:n],
 			Log:                s.log,
 			AuthHandler:        s.authHandler,
+			AuthSuccess:        s.authSuccess,
 			Realm:              s.realm,
 			AllocationManager:  allocationManager,
 			ChannelBindTimeout: s.channelBindTimeout,

diff --git a/server_config.go b/server_config.go
@@ -96,6 +96,9 @@ func (c *ListenerConfig) validate() error {
 // AuthHandler is a callback used to handle incoming auth requests, allowing users to customize Pion TURN with custom behavior
 type AuthHandler func(username, realm string, srcAddr net.Addr) (key []byte, ok bool)
 
+// AuthCallback is a callback used to inform users about the success of authentication events to the server
+type AuthCallback func(username, realm string, srcAddr net.Addr)
+
 // GenerateAuthKey is a convenience function to easily generate keys in the format used by AuthHandler
 func GenerateAuthKey(username, realm, password string) []byte {
 	// #nosec
@@ -120,6 +123,9 @@ type ServerConfig struct {
 	// AuthHandler is a callback used to handle incoming auth requests, allowing users to customize Pion TURN with custom behavior
 	AuthHandler AuthHandler
 
+	// AuthCallback is a callback used to notify users of successful authentication to the TURN server
+	AuthSuccess AuthCallback
+
 	// ChannelBindTimeout sets the lifetime of channel binding. Defaults to 10 minutes.
 	ChannelBindTimeout time.Duration