This repository was archived by the owner on Aug 30, 2024. It is now read-only.

coder/coder-v1-cliPublic archive

NotificationsYou must be signed in to change notification settings
Fork18
Star71

Commit1294dd9

authored

fix: Add TURN URL to handshake message for custom proxying URLs (#389)

* fix: Enable TURN over HTTP with proper callback* Remove TURN proxy dialer* Don't use credential to authenticate

1 parentdd00acd commit1294dd9Copy full SHA for 1294dd9

File tree

8 files changed

+70

-48

lines changed

internal/cmd
- agent.go
- tunnel.go
wsnet

8 files changed

+70

-48

lines changed

`‎internal/cmd/agent.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ coder agent start --coder-url https://my-coder.com --token xxxx-xxxx`
`73`	`73`	`}`
`74`	`74`	`}`
`75`	`75`
`76`		`-listener,err:=wsnet.Listen(context.Background(),wsnet.ListenEndpoint(u,token),wsnet.TURNProxyWebSocket(u,token))`
	`76`	`+listener,err:=wsnet.Listen(context.Background(),wsnet.ListenEndpoint(u,token),token)`
`77`	`77`	`iferr!=nil {`
`78`	`78`	`returnxerrors.Errorf("listen: %w",err)`
`79`	`79`	`}`

`‎internal/cmd/tunnel.go`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@ import (`
`11`	`11`
`12`	`12`	`"cdr.dev/slog"`
`13`	`13`	`"cdr.dev/slog/sloggers/sloghuman"`
	`14`	`+"github.com/pion/webrtc/v3"`
`14`	`15`	`"github.com/spf13/cobra"`
`15`	`16`	`"golang.org/x/xerrors"`
`16`	`17`
`@@ -107,7 +108,9 @@ func (c *tunnneler) start(ctx context.Context) error {`
`107`	`108`	`ctx,`
`108`	`109`	`wsnet.ConnectEndpoint(c.brokerAddr,c.workspaceID,c.token),`
`109`	`110`	`&wsnet.DialOptions{`
`110`		`-TURNProxy:wsnet.TURNProxyWebSocket(c.brokerAddr,c.token),`
	`111`	`+TURNProxyAuthToken:c.token,`
	`112`	`+TURNProxyURL:c.brokerAddr,`
	`113`	`+ICEServers: []webrtc.ICEServer{wsnet.TURNProxyICECandidate()},`
`111`	`114`	`},`
`112`	`115`	`)`
`113`	`116`	`iferr!=nil {`

`‎wsnet/conn.go`

Lines changed: 6 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,14 +11,14 @@ import (`
`11`	`11`
`12`	`12`	`"github.com/pion/datachannel"`
`13`	`13`	`"github.com/pion/webrtc/v3"`
`14`		`-"golang.org/x/net/proxy"`
`15`	`14`	`"nhooyr.io/websocket"`
`16`	`15`
`17`	`16`	`"cdr.dev/coder-cli/coder-sdk"`
`18`	`17`	`)`
`19`	`18`
`20`	`19`	`const (`
`21`		`-httpScheme="http"`
	`20`	`+httpScheme="http"`
	`21`	`+turnProxyMagicUsername="~magicalusername~"`
`22`	`22`
`23`	`23`	`bufferedAmountLowThresholduint64=512*1024// 512 KB`
`24`	`24`	`maxBufferedAmountuint64=1024*1024// 1 MB`
`@@ -46,25 +46,17 @@ func ConnectEndpoint(baseURL *url.URL, workspace, token string) string {`
`46`	`46`	`returnfmt.Sprintf("%s://%s%s%s%s%s",wsScheme,baseURL.Host,"/api/private/envagent/",workspace,"/connect?session_token=",token)`
`47`	`47`	`}`
`48`	`48`
`49`		`-// TURNWebSocketICECandidate returns avalidrelay ICEServer that can be used to`
`50`		`-// triggera TURNWebSocketDialer.`
	`49`	`+// TURNWebSocketICECandidate returns afake TCPrelay ICEServer.`
	`50`	`+//It's used totriggerthe ICEProxyDialer.`
`51`	`51`	`funcTURNProxyICECandidate() webrtc.ICEServer {`
`52`	`52`	`return webrtc.ICEServer{`
`53`	`53`	`URLs: []string{"turn:127.0.0.1:3478?transport=tcp"},`
`54`		`-Username:"~magicalusername~",`
`55`		`-Credential:"~magicalpassword~",`
	`54`	`+Username:turnProxyMagicUsername,`
	`55`	`+Credential:turnProxyMagicUsername,`
`56`	`56`	`CredentialType:webrtc.ICECredentialTypePassword,`
`57`	`57`	`}`
`58`	`58`	`}`
`59`	`59`
`60`		`-// TURNWebSocketDialer proxies all TURN traffic through a WebSocket.`
`61`		`-funcTURNProxyWebSocket(baseURL*url.URL,tokenstring) proxy.Dialer {`
`62`		`-return&turnProxyDialer{`
`63`		`-baseURL:baseURL,`
`64`		`-token:token,`
`65`		`-}`
`66`		`-}`
`67`		`-`
`68`	`60`	`// Proxies all TURN ICEServer traffic through this dialer.`
`69`	`61`	`// References Coder APIs with a specific token.`
`70`	`62`	`typeturnProxyDialerstruct {`

`‎wsnet/dial.go`

Lines changed: 24 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ import (`
`7`	`7`	`"fmt"`
`8`	`8`	`"io"`
`9`	`9`	`"net"`
	`10`	`+"net/url"`
`10`	`11`	`"sync"`
`11`	`12`	`"time"`
`12`	`13`
`@@ -24,10 +25,13 @@ type DialOptions struct {`
`24`	`25`	`// See: https://developer.mozilla.org/en-US/docs/Web/API/RTCConfiguration/iceServers`
`25`	`26`	`ICEServers []webrtc.ICEServer`
`26`	`27`
`27`		`-// TURNProxy is a function used to proxy all TURN traffic.`
`28`		-// If specified without ICEServers, `TURNProxyICECandidate`
`29`		`-// will be used.`
`30`		`-TURNProxy proxy.Dialer`
	`28`	`+// TURNProxyAuthToken is used to authenticate a TURN proxy request.`
	`29`	`+TURNProxyAuthTokenstring`
	`30`	`+`
	`31`	`+// TURNProxyURL is the URL to proxy all TURN data through.`
	`32`	`+// This URL is sent to the listener during handshake so both`
	`33`	`+// ends connect to the same TURN endpoint.`
	`34`	`+TURNProxyURL*url.URL`
`31`	`35`	`}`
`32`	`36`
`33`	`37`	`// DialWebsocket dials the broker with a WebSocket and negotiates a connection.`
`@@ -59,13 +63,15 @@ func Dial(conn net.Conn, options DialOptions) (Dialer, error) {`
`59`	`63`	`ifoptions.ICEServers==nil {`
`60`	`64`	`options.ICEServers= []webrtc.ICEServer{}`
`61`	`65`	`}`
`62`		`-// If the TURNProxy is specified and ICEServers aren't,`
`63`		`-// it's safe to assume we can inject the default proxy candidate.`
`64`		`-iflen(options.ICEServers)==0&&options.TURNProxy!=nil {`
`65`		`-options.ICEServers= []webrtc.ICEServer{TURNProxyICECandidate()}`
`66`		`-}`
`67`	`66`
`68`		`-rtc,err:=newPeerConnection(options.ICEServers,options.TURNProxy)`
	`67`	`+varturnProxy proxy.Dialer`
	`68`	`+ifoptions.TURNProxyURL!=nil {`
	`69`	`+turnProxy=&turnProxyDialer{`
	`70`	`+baseURL:options.TURNProxyURL,`
	`71`	`+token:options.TURNProxyAuthToken,`
	`72`	`+}`
	`73`	`+}`
	`74`	`+rtc,err:=newPeerConnection(options.ICEServers,turnProxy)`
`69`	`75`	`iferr!=nil {`
`70`	`76`	`returnnil,fmt.Errorf("create peer connection: %w",err)`
`71`	`77`	`}`
`@@ -89,9 +95,15 @@ func Dial(conn net.Conn, options DialOptions) (Dialer, error) {`
`89`	`95`	`returnnil,fmt.Errorf("set local offer: %w",err)`
`90`	`96`	`}`
`91`	`97`
	`98`	`+varturnProxyURLstring`
	`99`	`+ifoptions.TURNProxyURL!=nil {`
	`100`	`+turnProxyURL=options.TURNProxyURL.String()`
	`101`	`+}`
	`102`	`+`
`92`	`103`	`offerMessage,err:=json.Marshal(&BrokerMessage{`
`93`		`-Offer:&offer,`
`94`		`-Servers:options.ICEServers,`
	`104`	`+Offer:&offer,`
	`105`	`+Servers:options.ICEServers,`
	`106`	`+TURNProxyURL:turnProxyURL,`
`95`	`107`	`})`
`96`	`108`	`iferr!=nil {`
`97`	`109`	`returnnil,fmt.Errorf("marshal offer message: %w",err)`

`‎wsnet/dial_test.go`

Lines changed: 9 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ func TestDial(t *testing.T) {`
`55`	`55`	`t.Parallel()`
`56`	`56`
`57`	`57`	`connectAddr,listenAddr:=createDumbBroker(t)`
`58`		`-_,err:=Listen(context.Background(),listenAddr,nil)`
	`58`	`+_,err:=Listen(context.Background(),listenAddr,"")`
`59`	`59`	`iferr!=nil {`
`60`	`60`	`t.Error(err)`
`61`	`61`	`return`
`@@ -75,7 +75,7 @@ func TestDial(t *testing.T) {`
`75`	`75`	`t.Parallel()`
`76`	`76`
`77`	`77`	`connectAddr,listenAddr:=createDumbBroker(t)`
`78`		`-_,err:=Listen(context.Background(),listenAddr,nil)`
	`78`	`+_,err:=Listen(context.Background(),listenAddr,"")`
`79`	`79`	`iferr!=nil {`
`80`	`80`	`t.Error(err)`
`81`	`81`	`return`
`@@ -106,7 +106,7 @@ func TestDial(t *testing.T) {`
`106`	`106`	`t.Parallel()`
`107`	`107`
`108`	`108`	`connectAddr,listenAddr:=createDumbBroker(t)`
`109`		`-_,err:=Listen(context.Background(),listenAddr,nil)`
	`109`	`+_,err:=Listen(context.Background(),listenAddr,"")`
`110`	`110`	`iferr!=nil {`
`111`	`111`	`t.Error(err)`
`112`	`112`	`return`
`@@ -145,7 +145,7 @@ func TestDial(t *testing.T) {`
`145`	`145`	`}()`
`146`	`146`
`147`	`147`	`connectAddr,listenAddr:=createDumbBroker(t)`
`148`		`-_,err=Listen(context.Background(),listenAddr,nil)`
	`148`	`+_,err=Listen(context.Background(),listenAddr,"")`
`149`	`149`	`iferr!=nil {`
`150`	`150`	`t.Error(err)`
`151`	`151`	`return`
`@@ -184,7 +184,7 @@ func TestDial(t *testing.T) {`
`184`	`184`	`_,_=listener.Accept()`
`185`	`185`	`}()`
`186`	`186`	`connectAddr,listenAddr:=createDumbBroker(t)`
`187`		`-srv,err:=Listen(context.Background(),listenAddr,nil)`
	`187`	`+srv,err:=Listen(context.Background(),listenAddr,"")`
`188`	`188`	`iferr!=nil {`
`189`	`189`	`t.Error(err)`
`190`	`190`	`return`
`@@ -211,7 +211,7 @@ func TestDial(t *testing.T) {`
`211`	`211`	`t.Parallel()`
`212`	`212`
`213`	`213`	`connectAddr,listenAddr:=createDumbBroker(t)`
`214`		`-_,err:=Listen(context.Background(),listenAddr,nil)`
	`214`	`+_,err:=Listen(context.Background(),listenAddr,"")`
`215`	`215`	`iferr!=nil {`
`216`	`216`	`t.Error(err)`
`217`	`217`	`return`
`@@ -245,7 +245,7 @@ func TestDial(t *testing.T) {`
`245`	`245`	`}()`
`246`	`246`
`247`	`247`	`connectAddr,listenAddr:=createDumbBroker(t)`
`248`		`-_,err=Listen(context.Background(),listenAddr,nil)`
	`248`	`+_,err=Listen(context.Background(),listenAddr,"")`
`249`	`249`	`iferr!=nil {`
`250`	`250`	`t.Error(err)`
`251`	`251`	`return`
`@@ -282,7 +282,7 @@ func TestDial(t *testing.T) {`
`282`	`282`	`t.Parallel()`
`283`	`283`
`284`	`284`	`connectAddr,listenAddr:=createDumbBroker(t)`
`285`		`-_,err:=Listen(context.Background(),listenAddr,nil)`
	`285`	`+_,err:=Listen(context.Background(),listenAddr,"")`
`286`	`286`	`iferr!=nil {`
`287`	`287`	`t.Error(err)`
`288`	`288`	`return`
`@@ -333,7 +333,7 @@ func BenchmarkThroughput(b *testing.B) {`
`333`	`333`	`}`
`334`	`334`	`}()`
`335`	`335`	`connectAddr,listenAddr:=createDumbBroker(b)`
`336`		`-_,err=Listen(context.Background(),listenAddr,nil)`
	`336`	`+_,err=Listen(context.Background(),listenAddr,"")`
`337`	`337`	`iferr!=nil {`
`338`	`338`	`b.Error(err)`
`339`	`339`	`return`

`‎wsnet/listen.go`

Lines changed: 21 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ import (`
`7`	`7`	`"fmt"`
`8`	`8`	`"io"`
`9`	`9`	`"net"`
	`10`	`+"net/url"`
`10`	`11`	`"sync"`
`11`	`12`	`"time"`
`12`	`13`
`@@ -40,11 +41,11 @@ type DialChannelResponse struct {`
`40`	`41`
`41`	`42`	`// Listen connects to the broker proxies connections to the local net.`
`42`	`43`	`// Close will end all RTC connections.`
`43`		`-funcListen(ctx context.Context,brokerstring,tcpProxy proxy.Dialer) (io.Closer,error) {`
	`44`	`+funcListen(ctx context.Context,brokerstring,turnProxyAuthTokenstring) (io.Closer,error) {`
`44`	`45`	`l:=&listener{`
`45`		`-broker:broker,`
`46`		`-connClosers:make([]io.Closer,0),`
`47`		`-tcpProxy:tcpProxy,`
	`46`	`+broker:broker,`
	`47`	`+connClosers:make([]io.Closer,0),`
	`48`	`+turnProxyAuthToken:turnProxyAuthToken,`
`48`	`49`	`}`
`49`	`50`	`// We do a one-off dial outside of the loop to ensure the initial`
`50`	`51`	`// connection is successful. If not, there's likely an error the`
`@@ -85,8 +86,8 @@ func Listen(ctx context.Context, broker string, tcpProxy proxy.Dialer) (io.Close`
`85`	`86`	`}`
`86`	`87`
`87`	`88`	`typelistenerstruct {`
`88`		`-brokerstring`
`89`		`-tcpProxy proxy.Dialer`
	`89`	`+brokerstring`
	`90`	`+turnProxyAuthTokenstring`
`90`	`91`
`91`	`92`	`acceptErrorerror`
`92`	`93`	`ws*websocket.Conn`
`@@ -189,7 +190,7 @@ func (l *listener) negotiate(conn net.Conn) {`
`189`	`190`	`return`
`190`	`191`	`}`
`191`	`192`	`for_,server:=rangemsg.Servers {`
`192`		`-ifserver.Username==TURNProxyICECandidate().Username {`
	`193`	`+ifserver.Username==turnProxyMagicUsername {`
`193`	`194`	`// This candidate is only used when proxying,`
`194`	`195`	`// so it will not validate.`
`195`	`196`	`continue`
`@@ -200,7 +201,19 @@ func (l *listener) negotiate(conn net.Conn) {`
`200`	`201`	`return`
`201`	`202`	`}`
`202`	`203`	`}`
`203`		`-rtc,err=newPeerConnection(msg.Servers,l.tcpProxy)`
	`204`	`+varturnProxy proxy.Dialer`
	`205`	`+ifmsg.TURNProxyURL!="" {`
	`206`	`+u,err:=url.Parse(msg.TURNProxyURL)`
	`207`	`+iferr!=nil {`
	`208`	`+closeError(fmt.Errorf("parse turn proxy url: %w",err))`
	`209`	`+return`
	`210`	`+}`
	`211`	`+turnProxy=&turnProxyDialer{`
	`212`	`+baseURL:u,`
	`213`	`+token:l.turnProxyAuthToken,`
	`214`	`+}`
	`215`	`+}`
	`216`	`+rtc,err=newPeerConnection(msg.Servers,turnProxy)`
`204`	`217`	`iferr!=nil {`
`205`	`218`	`closeError(err)`
`206`	`219`	`return`

`‎wsnet/listen_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ func TestListen(t *testing.T) {`
`45`	`45`	`addr:=listener.Addr()`
`46`	`46`	`broker:=fmt.Sprintf("http://%s/",addr.String())`
`47`	`47`
`48`		`-_,err=Listen(context.Background(),broker,nil)`
	`48`	`+_,err=Listen(context.Background(),broker,"")`
`49`	`49`	`iferr!=nil {`
`50`	`50`	`t.Error(err)`
`51`	`51`	`return`

`‎wsnet/proto.go`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -49,8 +49,10 @@ func (p DialPolicy) permits(network, host string, port uint16) bool {`
`49`	`49`	`// sides can begin exchanging candidates.`
`50`	`50`	`typeBrokerMessagestruct {`
`51`	`51`	`// Dialer -> Listener`
`52`		-Offer*webrtc.SessionDescription`json:"offer"`
`53`		-Servers []webrtc.ICEServer`json:"servers"`
	`52`	+Offer*webrtc.SessionDescription`json:"offer"`
	`53`	+Servers []webrtc.ICEServer`json:"servers"`
	`54`	+TURNProxyURLstring`json:"turn_proxy_url"`
	`55`	`+`
`54`	`56`	`// Policies denote which addresses the client can dial. If empty or nil, all`
`55`	`57`	`// addresses are permitted.`
`56`	`58`	Policies []DialPolicy`json:"ports"`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit1294dd9

File tree

8 files changed

8 files changed

`‎internal/cmd/agent.go`

`‎internal/cmd/tunnel.go`

`‎wsnet/conn.go`

`‎wsnet/dial.go`

`‎wsnet/dial_test.go`

`‎wsnet/listen.go`

`‎wsnet/listen_test.go`

`‎wsnet/proto.go`

0 commit comments