tweaked the php turn server code a bit to make it slightly easier

steveseguin · Jan 23, 2023 · 4cfe930 · 4cfe930 · steveseguin · Jan 23, 2023
1 parent 694d761
commit 4cfe930
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 45 deletions.
diff --git a/index.html b/index.html
@@ -2296,7 +2296,7 @@ <h3>Assign to slot:</h3><br />
 
 			session.stunServers = [{ urls: ["stun:stun.l.google.com:19302", "stun:stun4.l.google.com:19302"]}]; // google stun servers. default
 
-			///////////////  ------  Custom TURN SETUP SECTION STARTS Here --------
+			///////////////  ------  Custom basic TURN SETUP SECTION STARTS Here --------
 			// session.configuration = {         // uncomment to disable the default usage of the vdo.ninja turn servers.
 			//	iceServers: session.stunServers,
 			//	sdpSemantics: 'unified-plan'
@@ -2314,47 +2314,51 @@ <h3>Assign to slot:</h3><br />
 			// session.configuration.iceServers.push(turn);
 			/////////////// ------------ END OF TURN SETUP SECTION -------
 
-			// use this section if you plan to use the turn-credentials.php to provide usename and password of the turn-server, e.g., because you use a turn-server that uses use-auth-secret and static-auth-secret
+			/////////////// --------  Alternative custom TURN SETUP SECTION here ---------
+			// Use this section if you plan to use the turn-credentials.php sample and its use-auth-secret and static-auth-secret method, rather than a plain password
+			// 
 			// try {
-			// 	session.ws = false; // prevents connection
-			// 	var phpcredentialsRequest = new XMLHttpRequest();
-			// 	phpcredentialsRequest.onreadystatechange = function() {
-			// 		if (phpcredentialsRequest.status === 200) {
-			// 			try{
-			// 				var res = JSON.parse(phpcredentialsRequest.responseText);
-			// 			} catch(e){return;}
-			// 			session.configuration = {
-			// 				iceServers: [{
-			// 						"username": res["1"],
-			// 						"credential": res["2"],
-			// 						"urls": res["3"]
-			// 					},
-			// 					{
-			// 						"username": res["1"],
-			// 						"credential": res["2"],
-			// 						"urls": res["4"]
-			// 					}
-			// 				],
-			// 				sdpSemantics: 'unified-plan' // future-proofing
-			// 			};
-			// 			if (session.ws===false){
-			// 				session.ws=null; // allows connection (clears state)
-			// 				session.connect(); // connect if not already connected.
-			// 			}
-			// 		}
-			// 		// system does not connect if php script does not respond.
-			// 	};
-			// 	phpcredentialsRequest.open('GET', 'turn-credentials.php', true); // `false` makes the request synchronous
-			// 	phpcredentialsRequest.send();
+				// session.ws = false; // prevents connection
+				// var phpcredentialsRequest = new XMLHttpRequest();
+				// phpcredentialsRequest.onload = function() {
+					// if (this.status === 200) {
+						// try {
+							// var res = JSON.parse(this.responseText);
+						// } catch(e){
+							// console.error(e); // not proper JSON
+							// return;
+						// }
+						// session.configuration = {};
+						// session.configuration.sdpSemantics = "unified-plan";
+						// session.configuration.iceServers = [];
+						//  // session.configuration.iceServers = session.stunServers; // Uncomment to use the hard-coded Google STUN servers, if we don't provide our own STUN
+
+						// let phpIceServers = {"username": res[0], "credential": res[1], urls:[]};
+						// for (let i = 2; i < res.length; i++){ // Supports one or multiple TURN/STUN servers, but assumes same credientials for each.
+							// phpIceServers['urls'].push(res[i]);
+						// };
+						// session.configuration.iceServers.push(phpIceServers);
+
+						// if (session.ws===false){
+							// session.ws=null; // allows connection (clears block state)
+							// session.connect(); // connect if not already connected.
+						// }
+					// }
+					//  // system does not connect if php script does not respond.
+				// };
+				// phpcredentialsRequest.open('GET', './turn-credentials.json', true); // `false` makes the request synchronous
+				// phpcredentialsRequest.send();
 			// } catch (e) {
-			// 	errorlog("php-credentials script Failed");
+				// console.error(e);
+				// errorlog("php-credentials script Failed");
 			// }
+			//////////////////// -------------- END OF ALTERNATIVE TURN SETUP SECTION -------
 
-      // session.configuration.iceTransportPolicy = "relay";  // uncomment to enable "&privacy" and force the TURN server
+			// session.configuration.iceTransportPolicy = "relay";  // uncomment to enable "&privacy" and force the TURN server's use
 
 			// session.wss = "wss://backupapi.vdo.ninja:443"; // US-East (Default)
 
-			///  If wanting to fully-self-host, uncomment the following and deploy your own websocket server; good for air-gapped deployments
+			//  If wanting to fully-self-host, uncomment the following and deploy your own websocket server; good for air-gapped deployments
 			// session.wss = "wss://wss.yourdomainhere.com:443"; // https://github.com/steveseguin/websocket_server 
 			// session.customWSS = true;
 			//////

diff --git a/turn-credentials-php.sample b/turn-credentials-php.sample
@@ -1,13 +1,19 @@
 <?php
-        //  If using static-auth-secret for your turn server, modify this file as needed; also rename to "turn-credentials.php"
+    //  If using static-auth-secret for your turn server, modify this file as needed; also rename to "turn-credentials.php"
+
+	$expiry = 86400;
+	$username = time() + $expiry;
+	$secret = '<static-auth-secret>';
+	$password = base64_encode ( hash_hmac ( 'sha1', $username, $secret, true ) );
+
+	$turn_server = "turns:<turn-server>:<https-turn-port>"; // "turns" or "turn", depending on your turn server setup
+	$stun_server = "stun:<stun-server>:<stun-port>"; // We're assuming our turn server also offers stun; uses the same username/password
 
-	$stun_server = "stun:<stun-server>:<stun-port>";
-	$turn_server = "turns:<turn-server>:<https-turn-port>";
-	$turn_expiry = 86400;
-	$turn_username = time() + $turn_expiry;
-	$turn_secret = '<turn-server static-auth-secret>';
-	$turn_password = base64_encode ( hash_hmac ( 'sha1', $turn_username, $turn_secret, true ) );
-
-	$arr = array('1' => $turn_username, '2' => $turn_password, '3' => $stun_server, '4' => $turn_server);
+	$arr = array($username, $password, $turn_server, $stun_server);
+
+	// $arr = array($username, $password, $turn_server); // We can use this instead if using Google STUN
+
 	echo json_encode($arr);
-?>
+
+	// sample output: [1674572313,"iTofoKaflP\/pjyJOgUwstTUoT2Q=","turns:<turn-server>:<https-turn-port>","stun:<stun-server>:<stun-port>"]
+?>