gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fd54253f66
secubox-openwrt/package/secubox/luci-app-turn/root/usr/libexec/rpcd/luci.turn
CyberMind-FR df58e96a9a feat(turn): Add setup-nextcloud command for Nextcloud Talk 
- turnctl setup-nextcloud [turn-domain] [use-port-443]
  - Configures TURN for Nextcloud Talk compatibility
  - Uses port 443 by default (firewall-friendly)
  - Generates auth secret if not exists
  - Outputs admin settings to paste into Nextcloud Talk

- LuCI integration:
  - New "Nextcloud Talk" section in TURN overview
  - Shows STUN/TURN/secret settings for easy copy-paste
  - RPC method: setup_nextcloud

- ACL updated with setup_nextcloud permission

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-21 18:11:42 +01:00

235 lines
5.7 KiB
Bash
Raw Blame History

#!/bin/sh
# RPCD handler for TURN server management
. /usr/share/libubox/jshn.sh
uci_get() { uci -q get "turn.$1" 2>/dev/null || echo "$2"; }
case "$1" in
list)
echo '{"status":{},"logs":{"lines":50},"test":{"host":""},"start":{},"stop":{},"restart":{},"enable":{},"disable":{},"setup_jitsi":{"jitsi_domain":"","turn_domain":""},"setup_nextcloud":{"turn_domain":"","use_port_443":"yes"},"ssl":{"domain":""},"expose":{"domain":""},"credentials":{"username":"","ttl":86400}}'
;;
call)
case "$2" in
status)
json_init
local enabled=$(uci_get main.enabled 0)
local realm=$(uci_get main.realm "turn.secubox.in")
local port=$(uci_get main.listening_port "3478")
local tls_port=$(uci_get main.tls_port "5349")
local external_ip=$(uci_get main.external_ip "")
json_add_boolean enabled $([ "$enabled" = "1" ] && echo 1 || echo 0)
json_add_string realm "$realm"
json_add_int port "$port"
json_add_int tls_port "$tls_port"
json_add_string external_ip "$external_ip"
if pgrep -f "turnserver" >/dev/null 2>&1; then
json_add_boolean running 1
json_add_int pid $(pgrep -f "turnserver" | head -1)
else
json_add_boolean running 0
json_add_int pid 0
fi
# Check ports
if grep -q ":0D92 " /proc/net/udp 2>/dev/null; then
json_add_boolean udp_3478 1
else
json_add_boolean udp_3478 0
fi
if grep -q ":14E5 " /proc/net/tcp 2>/dev/null; then
json_add_boolean tcp_5349 1
else
json_add_boolean tcp_5349 0
fi
# Auto-detect external IP if empty
if [ -z "$external_ip" ]; then
external_ip=$(curl -s -4 --connect-timeout 3 https://ifconfig.me 2>/dev/null || echo "")
json_add_string detected_ip "$external_ip"
fi
json_dump
;;
logs)
read -r input
json_load "$input"
json_get_var lines lines 50
json_init
json_add_string result "ok"
local log_file=$(uci_get log.log_file "/var/log/turnserver.log")
if [ -f "$log_file" ]; then
json_add_string logs "$(tail -n "$lines" "$log_file" 2>/dev/null | head -c 50000)"
else
json_add_string logs "$(logread | grep -i turn | tail -n "$lines" | head -c 50000)"
fi
json_dump
;;
test)
read -r input
json_load "$input"
json_get_var host host ""
[ -z "$host" ] && host=$(uci_get main.realm "turn.secubox.in")
json_init
# Test UDP 3478
if nc -u -z -w 2 "$host" 3478 2>/dev/null; then
json_add_boolean udp_reachable 1
else
json_add_boolean udp_reachable 0
fi
# Test TCP 5349
if nc -z -w 2 "$host" 5349 2>/dev/null; then
json_add_boolean tcp_reachable 1
else
json_add_boolean tcp_reachable 0
fi
json_add_string host "$host"
json_dump
;;
start)
/etc/init.d/turn start 2>&1
json_init
json_add_string result "ok"
json_dump
;;
stop)
/etc/init.d/turn stop 2>&1
json_init
json_add_string result "ok"
json_dump
;;
restart)
/etc/init.d/turn restart 2>&1
json_init
json_add_string result "ok"
json_dump
;;
enable)
uci set turn.main.enabled='1'
uci commit turn
/etc/init.d/turn enable
/etc/init.d/turn start
json_init
json_add_string result "ok"
json_dump
;;
disable)
uci set turn.main.enabled='0'
uci commit turn
/etc/init.d/turn disable
/etc/init.d/turn stop
json_init
json_add_string result "ok"
json_dump
;;
setup_jitsi)
read -r input
json_load "$input"
json_get_var jitsi_domain jitsi_domain ""
json_get_var turn_domain turn_domain "turn.secubox.in"
output=$(turnctl setup-jitsi "$jitsi_domain" "$turn_domain" 2>&1)
local auth_secret=$(uci_get main.static_auth_secret "")
json_init
json_add_string result "ok"
json_add_string turn_domain "$turn_domain"
json_add_string auth_secret "$auth_secret"
json_add_string output "$output"
json_dump
;;
setup_nextcloud)
read -r input
json_load "$input"
json_get_var turn_domain turn_domain "turn.secubox.in"
json_get_var use_port_443 use_port_443 "yes"
output=$(turnctl setup-nextcloud "$turn_domain" "$use_port_443" 2>&1)
local auth_secret=$(uci_get main.static_auth_secret "")
local tls_port=$(uci_get main.tls_port "443")
local stun_port=$(uci_get main.listening_port "3478")
json_init
json_add_string result "ok"
json_add_string turn_domain "$turn_domain"
json_add_string auth_secret "$auth_secret"
json_add_int stun_port "$stun_port"
json_add_int tls_port "$tls_port"
json_add_string output "$output"
json_dump
;;
ssl)
read -r input
json_load "$input"
json_get_var domain domain ""
output=$(turnctl ssl "$domain" 2>&1)
json_init
json_add_string result "ok"
json_add_string output "$output"
json_dump
;;
expose)
read -r input
json_load "$input"
json_get_var domain domain ""
output=$(turnctl expose "$domain" 2>&1)
json_init
json_add_string result "ok"
json_add_string output "$output"
json_dump
;;
credentials)
read -r input
json_load "$input"
json_get_var username username "webrtc"
json_get_var ttl ttl 86400
local auth_secret=$(uci_get main.static_auth_secret "")
local realm=$(uci_get main.realm "turn.secubox.in")
local timestamp=$(($(date +%s) + ttl))
local temp_username="${timestamp}:${username}"
# HMAC-SHA1 credential
local password=$(echo -n "$temp_username" | openssl dgst -sha1 -hmac "$auth_secret" -binary | base64)
json_init
json_add_string result "ok"
json_add_string realm "$realm"
json_add_string username "$temp_username"
json_add_string password "$password"
json_add_int ttl "$ttl"
json_add_int expires "$timestamp"
json_dump
;;
esac
;;
esac
Reference in New Issue View Git Blame Copy Permalink