# HG changeset patch
# User Philipp Hancke <fippo@goodadvice.pages.de>
# Date 1370873220 -3600
# Node ID 95ab35ef52bab5d72299fb4c27e3c9dafe06f3e1
# Parent  1255de347dd4fbe5c9622dd8835209ee8d093fdf
mod_turncredentials: XEP-0215 implementation for time-limited turn credentials

diff -r 1255de347dd4 -r 95ab35ef52ba mod_turncredentials/mod_turncredentials.lua
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_turncredentials/mod_turncredentials.lua	Mon Jun 10 15:07:00 2013 +0100
@@ -0,0 +1,30 @@
+-- XEP-0215 implementation for time-limited turn credentials
+-- Copyright (C) 2012-2013 Philipp Hancke
+-- This file is MIT/X11 licensed. 
+
+local st = require "util.stanza";
+local hmac_sha1 = require "util.hmac".sha1;
+local base64 = require "util.encodings".base64;
+local os_time = os.time;
+local secret = module:get_option("turncredentials_secret") or false;
+local host = module:get_option("turncredentials_host") or false -- use ip addresses here to avoid further dns lookup latency
+local port = module:get_option("turncredentials_port") or 3478
+if not (secret and host) then
+    module:log("error", "turncredentials not configured");
+    return;
+end
+
+module:hook("iq/host/urn:xmpp:extdisco:1:services", function(event)
+    local origin, stanza = event.origin, event.stanza;
+    if stanza.attr.type ~= "get" or stanza.tags[1].name ~= "services" or origin.type ~= "c2s" then
+        return;
+    end
+    local now = os_time();
+    local userpart = tostring(now);
+    local nonce = base64.encode(hmac_sha1(secret, tostring(userpart), false));
+    origin.send(st.reply(stanza):tag("services", {xmlns = "urn:xmpp:extdisco:1"})
+        :tag("service", { type = "stun", host = host, port = port }):up()
+        :tag("service", { type = "turn", host = host, port = port, username = userpart, password = nonce }):up()
+    );
+    return true;
+end);