Add callback for TURN authentication success

pion · Jul 16, 2024 · 3144403 · 3144403
1 parent b44d85a
commit 3144403
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 1 deletion.
diff --git a/internal/server/server.go b/internal/server/server.go
@@ -28,6 +28,7 @@ type Request struct {
 
 	// User Configuration
 	AuthHandler        func(username string, realm string, srcAddr net.Addr) (key []byte, ok bool)
+	OnAuthSuccess      func(username string, realm string, srcAddr net.Addr)
 	Log                logging.LeveledLogger
 	Realm              string
 	ChannelBindTimeout time.Duration

diff --git a/internal/server/turn_test.go b/internal/server/turn_test.go
@@ -84,6 +84,8 @@ func TestAllocationLifeTime(t *testing.T) {
 		staticKey, err := nonceHash.Generate()
 		assert.NoError(t, err)
 
+		authSuccessCallbackTimes := 0
+
 		r := Request{
 			AllocationManager: allocationManager,
 			NonceHash:         nonceHash,
@@ -93,13 +95,16 @@ func TestAllocationLifeTime(t *testing.T) {
 			AuthHandler: func(string, string, net.Addr) (key []byte, ok bool) {
 				return []byte(staticKey), true
 			},
+
+			OnAuthSuccess: func(username string, realm string, srcAddr net.Addr) {
+				authSuccessCallbackTimes++
+			},
 		}
 
 		fiveTuple := &allocation.FiveTuple{SrcAddr: r.SrcAddr, DstAddr: r.Conn.LocalAddr(), Protocol: allocation.UDP}
 
 		_, err = r.AllocationManager.CreateAllocation(fiveTuple, r.Conn, 0, time.Hour)
 		assert.NoError(t, err)
-
 		assert.NotNil(t, r.AllocationManager.GetAllocation(fiveTuple))
 
 		m := &stun.Message{}
@@ -109,7 +114,12 @@ func TestAllocationLifeTime(t *testing.T) {
 		assert.NoError(t, (stun.Realm(staticKey)).AddTo(m))
 		assert.NoError(t, (stun.Username(staticKey)).AddTo(m))
 
+		assert.NoError(t, handleCreatePermissionRequest(r, m))
+		assert.Equal(t, 1, authSuccessCallbackTimes)
+
 		assert.NoError(t, handleRefreshRequest(r, m))
+		assert.Equal(t, 2, authSuccessCallbackTimes)
+
 		assert.Nil(t, r.AllocationManager.GetAllocation(fiveTuple))
 	})
 }
diff --git a/internal/server/util.go b/internal/server/util.go
@@ -97,6 +97,10 @@ func authenticateRequest(r Request, m *stun.Message, callingMethod stun.Method)
 		return nil, false, buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
 	}
 
+	if r.OnAuthSuccess != nil {
+		r.OnAuthSuccess(usernameAttr.String(), realmAttr.String(), r.SrcAddr)
+	}
+
 	return stun.MessageIntegrity(ourKey), true, nil
 }
 

diff --git a/server.go b/server.go
@@ -24,6 +24,7 @@ const (
 type Server struct {
 	log                logging.LeveledLogger
 	authHandler        AuthHandler
+	authSuccess        AuthCallback
 	realm              string
 	channelBindTimeout time.Duration
 	nonceHash          *server.NonceHash

diff --git a/server_config.go b/server_config.go
@@ -96,6 +96,9 @@ func (c *ListenerConfig) validate() error {
 // AuthHandler is a callback used to handle incoming auth requests, allowing users to customize Pion TURN with custom behavior
 type AuthHandler func(username, realm string, srcAddr net.Addr) (key []byte, ok bool)
 
+// AuthCallback is a callback used to inform users about the success of authentication events to the server
+type AuthCallback func(username, realm string, srcAddr net.Addr)
+
 // GenerateAuthKey is a convenience function to easily generate keys in the format used by AuthHandler
 func GenerateAuthKey(username, realm, password string) []byte {
 	// #nosec