-
Notifications
You must be signed in to change notification settings - Fork 0
/
query.php
111 lines (91 loc) · 3.49 KB
/
query.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<?php
require_once ('params.php');
$result = [];
$Ymd = date("Ymd");
$logname = $Ymd .'.log';
$remoteip = $_SERVER['REMOTE_ADDR'];
// --------------------------------------------------------------------------------------------
// SECURITY - if the ip is in the blacklist, do not grant the ICE servers
// --------------------------------------------------------------------------------------------
if (in_array($remoteip, $blacklist))
{
exit_error($logname, 'error');
}
// --------------------------------------------------------------------------------------------
// SECURITY - if not in the white list, throttle
// --------------------------------------------------------------------------------------------
if (!in_array($remoteip, $whitelist))
{
// if too many connections for this ip today, do not grant the
$csv = array_map( function($input){ return str_getcsv($input, '#');}, file($logname));
$attempts = 0;
foreach ($csv as $row)
{
if (trim($row[2]) == $remoteip)
{
++$attempts;
}
}
if ($attemps > 3)
{
log_attempt($logname, 'THIRD_TODAY');
}
if ($attempts > MAX_ATTEMPTS_PER_IP_PER_24_HOURS)
{
exit_error($logname, 'too_many_attempts');
}
}
// --------------------------------------------------------------------------------------------
// CORE of the query
// --------------------------------------------------------------------------------------------
switch($_POST['action'])
{
case 'get_ice_servers':
$fields = ["TTl"=> '600']; // this token : max 10 min
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.twilio.com/2010-04-01/Accounts/'.TWILIO_SID.'/Tokens.json');
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_USERPWD, TWILIO_SID . ':' . TWILIO_APIKEY);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
$ret = curl_exec($ch);
curl_close($ch);
if ($ret != null)
{
$ret = json_decode($ret, true);
$result = ['ice_servers' => $ret["ice_servers"]];
exit_ok($logname, $result);
}
else
{
exit_error($logname, 'unknown_error');
}
break;
default:
exit_error($logname, 'unknown_action');
}
// --------------------------------------------------------------------------------------------
// SECURITY -- log and report
// --------------------------------------------------------------------------------------------
function log_attempt($logname, $result_txt)
{
file_get_contents(EMAIL_WEBHOOK . '?value1='.$result_txt); // to get notified very easily -- in production, should find smth more professional
error_log(time() . ' # ' . date("Y-m-d H:i:s") . ' # ' . $_SERVER['REMOTE_ADDR'] . ' # ' . $_SERVER['REMOTE_HOST'] . ' # ' . $_SERVER['HTTP_USER_AGENT'] . ' # ' . $result_txt . PHP_EOL, 3, $logname);
}
// --------------------------------------------------------------------------------------------
// exit functions
// --------------------------------------------------------------------------------------------
function exit_error($logname, $error_txt)
{
log_attempt($logname, 'TURN_REFUSED');
die(json_encode( ['message'=>$error_txt]));
}
function exit_ok($logname, $result)
{
log_attempt($logname, 'TURN_GRANTED');
die(json_encode($result));
}
?>