-
Notifications
You must be signed in to change notification settings - Fork 323
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use signed timestamp for nonce #371
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
internal/server/nonce.go
Outdated
key []byte | ||
} | ||
|
||
func (g *NonceHash) Generate() (string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if Pion linter complains, maybe name the variable n
to follow the convention of first letter of type?
Looks good to me too. One minor (and probably insignificant) point: the signature of |
|
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #371 +/- ##
==========================================
- Coverage 67.31% 66.46% -0.85%
==========================================
Files 42 43 +1
Lines 2848 2860 +12
==========================================
- Hits 1917 1901 -16
- Misses 769 793 +24
- Partials 162 166 +4
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Description
implements nonce generation using the method from chromium (https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/p2p/base/turn_server.cc;l=385;drc=8e78783dc1f7007bad46d657c9f332614e240fd8?q=turn_server.cc). create a random hmac and use it to hash the timestamp of the authentication request. validate by checking the hash and time elapsed since the nonce was generated.
Reference issue
Fixes #361