pion
diff --git a/‎internal/allocation/allocation_manager.go
+12-8 b/‎internal/allocation/allocation_manager.go
+12-8
diff --git a/‎internal/allocation/allocation_manager_test.go
+37-30 b/‎internal/allocation/allocation_manager_test.go
+37-30
diff --git a/‎internal/allocation/allocation_test.go
+6-3 b/‎internal/allocation/allocation_test.go
+6-3
diff --git a/‎internal/server/turn.go
+16-15 b/‎internal/server/turn.go
+16-15
diff --git a/‎internal/server/turn_test.go
+3-3 b/‎internal/server/turn_test.go
+3-3
@@ -15,8 +15,8 @@ import (
 // ManagerConfig a bag of config params for Manager.
 type ManagerConfig struct {
 	LeveledLogger      logging.LeveledLogger
-	AllocatePacketConn func(network string, requestedPort int) (net.PacketConn, net.Addr, error)
-	AllocateConn       func(network string, requestedPort int) (net.Conn, net.Addr, error)
+	AllocatePacketConn func(network string, requestedPort int, username string) (net.PacketConn, net.Addr, error)
+	AllocateConn       func(network string, requestedPort int, username string) (net.Conn, net.Addr, error)
 	PermissionHandler  func(sourceAddr net.Addr, peerIP net.IP) bool
 }
 
@@ -33,8 +33,8 @@ type Manager struct {
 	allocations  map[FiveTupleFingerprint]*Allocation
 	reservations []*reservation
 
-	allocatePacketConn func(network string, requestedPort int) (net.PacketConn, net.Addr, error)
-	allocateConn       func(network string, requestedPort int) (net.Conn, net.Addr, error)
+	allocatePacketConn func(network string, requestedPort int, username string) (net.PacketConn, net.Addr, error)
+	allocateConn       func(network string, requestedPort int, username string) (net.Conn, net.Addr, error)
 	permissionHandler  func(sourceAddr net.Addr, peerIP net.IP) bool
 }
 
@@ -86,7 +86,7 @@ func (m *Manager) Close() error {
 }
 
 // CreateAllocation creates a new allocation and starts relaying
-func (m *Manager) CreateAllocation(fiveTuple *FiveTuple, turnSocket net.PacketConn, requestedPort int, lifetime time.Duration) (*Allocation, error) {
+func (m *Manager) CreateAllocation(fiveTuple *FiveTuple, turnSocket net.PacketConn, requestedPort int, lifetime time.Duration, username string) (*Allocation, error) {
 	switch {
 	case fiveTuple == nil:
 		return nil, errNilFiveTuple
@@ -105,7 +105,7 @@ func (m *Manager) CreateAllocation(fiveTuple *FiveTuple, turnSocket net.PacketCo
 	}
 	a := NewAllocation(turnSocket, fiveTuple, m.log)
 
-	conn, relayAddr, err := m.allocatePacketConn("udp4", requestedPort)
+	conn, relayAddr, err := m.allocatePacketConn("udp4", requestedPort, username)
 	if err != nil {
 		return nil, err
 	}
@@ -180,9 +180,13 @@ func (m *Manager) GetReservation(reservationToken string) (int, bool) {
 }
 
 // GetRandomEvenPort returns a random un-allocated udp4 port
-func (m *Manager) GetRandomEvenPort() (int, error) {
+func (m *Manager) GetRandomEvenPort(username string) (int, error) {
 	for i := 0; i < 128; i++ {
-		conn, addr, err := m.allocatePacketConn("udp4", 0)
+		conn, addr, err := m.allocatePacketConn("udp4", 0, username)
+		if err != nil {
+			return 0, err
+		}
+
 		if err != nil {
 			return 0, err
 		}
 
@@ -7,6 +7,7 @@
 package allocation
 
 import (
+	"errors"
 	"io"
 	"math/rand"
 	"net"
@@ -19,10 +20,12 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+var errUnexpectedTestUsername = errors.New("unexpected user name")
+
 func TestManager(t *testing.T) {
 	tt := []struct {
 		name string
-		f    func(*testing.T, net.PacketConn)
+		f    func(*testing.T, net.PacketConn, string)
 	}{
 		{"CreateInvalidAllocation", subTestCreateInvalidAllocation},
 		{"CreateAllocation", subTestCreateAllocation},
@@ -42,34 +45,34 @@ func TestManager(t *testing.T) {
 	for _, tc := range tt {
 		f := tc.f
 		t.Run(tc.name, func(t *testing.T) {
-			f(t, turnSocket)
+			f(t, turnSocket, "test_user_1")
 		})
 	}
 }
 
 // Test invalid Allocation creations
-func subTestCreateInvalidAllocation(t *testing.T, turnSocket net.PacketConn) {
-	m, err := newTestManager()
+func subTestCreateInvalidAllocation(t *testing.T, turnSocket net.PacketConn, username string) {
+	m, err := newTestManager(username)
 	assert.NoError(t, err)
 
-	if a, err := m.CreateAllocation(nil, turnSocket, 0, proto.DefaultLifetime); a != nil || err == nil {
+	if a, err := m.CreateAllocation(nil, turnSocket, 0, proto.DefaultLifetime, username); a != nil || err == nil {
 		t.Errorf("Illegally created allocation with nil FiveTuple")
 	}
-	if a, err := m.CreateAllocation(randomFiveTuple(), nil, 0, proto.DefaultLifetime); a != nil || err == nil {
+	if a, err := m.CreateAllocation(randomFiveTuple(), nil, 0, proto.DefaultLifetime, username); a != nil || err == nil {
 		t.Errorf("Illegally created allocation with nil turnSocket")
 	}
-	if a, err := m.CreateAllocation(randomFiveTuple(), turnSocket, 0, 0); a != nil || err == nil {
+	if a, err := m.CreateAllocation(randomFiveTuple(), turnSocket, 0, 0, username); a != nil || err == nil {
 		t.Errorf("Illegally created allocation with 0 lifetime")
 	}
 }
 
 // Test valid Allocation creations
-func subTestCreateAllocation(t *testing.T, turnSocket net.PacketConn) {
-	m, err := newTestManager()
+func subTestCreateAllocation(t *testing.T, turnSocket net.PacketConn, username string) {
+	m, err := newTestManager(username)
 	assert.NoError(t, err)
 
 	fiveTuple := randomFiveTuple()
-	if a, err := m.CreateAllocation(fiveTuple, turnSocket, 0, proto.DefaultLifetime); a == nil || err != nil {
+	if a, err := m.CreateAllocation(fiveTuple, turnSocket, 0, proto.DefaultLifetime, username); a == nil || err != nil {
 		t.Errorf("Failed to create allocation %v %v", a, err)
 	}
 
@@ -79,26 +82,26 @@ func subTestCreateAllocation(t *testing.T, turnSocket net.PacketConn) {
 }
 
 // Test that two allocations can't be created with the same FiveTuple
-func subTestCreateAllocationDuplicateFiveTuple(t *testing.T, turnSocket net.PacketConn) {
-	m, err := newTestManager()
+func subTestCreateAllocationDuplicateFiveTuple(t *testing.T, turnSocket net.PacketConn, username string) {
+	m, err := newTestManager(username)
 	assert.NoError(t, err)
 
 	fiveTuple := randomFiveTuple()
-	if a, err := m.CreateAllocation(fiveTuple, turnSocket, 0, proto.DefaultLifetime); a == nil || err != nil {
+	if a, err := m.CreateAllocation(fiveTuple, turnSocket, 0, proto.DefaultLifetime, username); a == nil || err != nil {
 		t.Errorf("Failed to create allocation %v %v", a, err)
 	}
 
-	if a, err := m.CreateAllocation(fiveTuple, turnSocket, 0, proto.DefaultLifetime); a != nil || err == nil {
+	if a, err := m.CreateAllocation(fiveTuple, turnSocket, 0, proto.DefaultLifetime, username); a != nil || err == nil {
 		t.Errorf("Was able to create allocation with same FiveTuple twice")
 	}
 }
 
-func subTestDeleteAllocation(t *testing.T, turnSocket net.PacketConn) {
-	m, err := newTestManager()
+func subTestDeleteAllocation(t *testing.T, turnSocket net.PacketConn, username string) {
+	m, err := newTestManager(username)
 	assert.NoError(t, err)
 
 	fiveTuple := randomFiveTuple()
-	if a, err := m.CreateAllocation(fiveTuple, turnSocket, 0, proto.DefaultLifetime); a == nil || err != nil {
+	if a, err := m.CreateAllocation(fiveTuple, turnSocket, 0, proto.DefaultLifetime, username); a == nil || err != nil {
 		t.Errorf("Failed to create allocation %v %v", a, err)
 	}
 
@@ -113,8 +116,8 @@ func subTestDeleteAllocation(t *testing.T, turnSocket net.PacketConn) {
 }
 
 // Test that allocation should be closed if timeout
-func subTestAllocationTimeout(t *testing.T, turnSocket net.PacketConn) {
-	m, err := newTestManager()
+func subTestAllocationTimeout(t *testing.T, turnSocket net.PacketConn, username string) {
+	m, err := newTestManager(username)
 	assert.NoError(t, err)
 
 	allocations := make([]*Allocation, 5)
@@ -123,7 +126,7 @@ func subTestAllocationTimeout(t *testing.T, turnSocket net.PacketConn) {
 	for index := range allocations {
 		fiveTuple := randomFiveTuple()
 
-		a, err := m.CreateAllocation(fiveTuple, turnSocket, 0, lifetime)
+		a, err := m.CreateAllocation(fiveTuple, turnSocket, 0, lifetime, username)
 		if err != nil {
 			t.Errorf("Failed to create allocation with %v", fiveTuple)
 		}
@@ -141,15 +144,15 @@ func subTestAllocationTimeout(t *testing.T, turnSocket net.PacketConn) {
 }
 
 // Test for manager close
-func subTestManagerClose(t *testing.T, turnSocket net.PacketConn) {
-	m, err := newTestManager()
+func subTestManagerClose(t *testing.T, turnSocket net.PacketConn, username string) {
+	m, err := newTestManager(username)
 	assert.NoError(t, err)
 
 	allocations := make([]*Allocation, 2)
 
-	a1, _ := m.CreateAllocation(randomFiveTuple(), turnSocket, 0, time.Second)
+	a1, _ := m.CreateAllocation(randomFiveTuple(), turnSocket, 0, time.Second, username)
 	allocations[0] = a1
-	a2, _ := m.CreateAllocation(randomFiveTuple(), turnSocket, 0, time.Minute)
+	a2, _ := m.CreateAllocation(randomFiveTuple(), turnSocket, 0, time.Minute, username)
 	allocations[1] = a2
 
 	// Make a1 timeout
@@ -174,21 +177,25 @@ func randomFiveTuple() *FiveTuple {
 	}
 }
 
-func newTestManager() (*Manager, error) {
+func newTestManager(expectedUsername string) (*Manager, error) {
 	loggerFactory := logging.NewDefaultLoggerFactory()
 
 	config := ManagerConfig{
 		LeveledLogger: loggerFactory.NewLogger("test"),
-		AllocatePacketConn: func(string, int) (net.PacketConn, net.Addr, error) {
+		AllocatePacketConn: func(_ string, _ int, username string) (net.PacketConn, net.Addr, error) {
+			if username != expectedUsername {
+				return nil, nil, errUnexpectedTestUsername
+			}
 			conn, err := net.ListenPacket("udp4", "0.0.0.0:0")
 			if err != nil {
 				return nil, nil, err
 			}
 
 			return conn, conn.LocalAddr(), nil
 		},
-		AllocateConn: func(string, int) (net.Conn, net.Addr, error) { return nil, nil, nil },
+		AllocateConn: func(string, int, string) (net.Conn, net.Addr, error) { return nil, nil, nil },
 	}
+
 	return NewManager(config)
 }
 
@@ -197,11 +204,11 @@ func isClose(conn io.Closer) bool {
 	return closeErr != nil && strings.Contains(closeErr.Error(), "use of closed network connection")
 }
 
-func subTestGetRandomEvenPort(t *testing.T, _ net.PacketConn) {
-	m, err := newTestManager()
+func subTestGetRandomEvenPort(t *testing.T, _ net.PacketConn, username string) {
+	m, err := newTestManager(username)
 	assert.NoError(t, err)
 
-	port, err := m.GetRandomEvenPort()
+	port, err := m.GetRandomEvenPort(username)
 	assert.NoError(t, err)
 	assert.True(t, port > 0)
 	assert.True(t, port%2 == 0)
 
@@ -259,9 +259,12 @@ func subTestAllocationClose(t *testing.T) {
 }
 
 func subTestPacketHandler(t *testing.T) {
-	network := "udp"
+	const (
+		network      = "udp"
+		testUsername = "test_user_2"
+	)
 
-	m, _ := newTestManager()
+	m, _ := newTestManager(testUsername)
 
 	// TURN server initialization
 	turnSocket, err := net.ListenPacket(network, "127.0.0.1:0")
@@ -292,7 +295,7 @@ func subTestPacketHandler(t *testing.T) {
 	a, err := m.CreateAllocation(&FiveTuple{
 		SrcAddr: clientListener.LocalAddr(),
 		DstAddr: turnSocket.LocalAddr(),
-	}, turnSocket, 0, proto.DefaultLifetime)
+	}, turnSocket, 0, proto.DefaultLifetime, testUsername)
 
 	assert.Nil(t, err, "should succeed")
 
 
@@ -25,8 +25,8 @@ func handleAllocateRequest(r Request, m *stun.Message) error {
 	//    mechanism of [https://tools.ietf.org/html/rfc5389#section-10.2.2]
 	//    unless the client and server agree to use another mechanism through
 	//    some procedure outside the scope of this document.
-	messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodAllocate)
-	if !hasAuth {
+	authResult, err := authenticateRequest(r, m, stun.MethodAllocate)
+	if !authResult.hasAuth {
 		return err
 	}
 
@@ -51,7 +51,7 @@ func handleAllocateRequest(r Request, m *stun.Message) error {
 			return buildAndSendErr(r.Conn, r.SrcAddr, errRelayAlreadyAllocatedForFiveTuple, msg...)
 		}
 		// A retry allocation
-		msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassSuccessResponse), append(attrs, messageIntegrity)...)
+		msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassSuccessResponse), append(attrs, authResult.messageIntegrity)...)
 		return buildAndSend(r.Conn, r.SrcAddr, msg...)
 	}
 
@@ -104,7 +104,7 @@ func handleAllocateRequest(r Request, m *stun.Message) error {
 	var evenPort proto.EvenPort
 	if err = evenPort.GetFrom(m); err == nil {
 		var randomPort int
-		randomPort, err = r.AllocationManager.GetRandomEvenPort()
+		randomPort, err = r.AllocationManager.GetRandomEvenPort(authResult.username)
 		if err != nil {
 			return buildAndSendErr(r.Conn, r.SrcAddr, err, insufficientCapacityMsg...)
 		}
@@ -131,7 +131,8 @@ func handleAllocateRequest(r Request, m *stun.Message) error {
 		fiveTuple,
 		r.Conn,
 		requestedPort,
-		lifetimeDuration)
+		lifetimeDuration,
+		authResult.username)
 	if err != nil {
 		return buildAndSendErr(r.Conn, r.SrcAddr, err, insufficientCapacityMsg...)
 	}
@@ -177,16 +178,16 @@ func handleAllocateRequest(r Request, m *stun.Message) error {
 		responseAttrs = append(responseAttrs, proto.ReservationToken([]byte(reservationToken)))
 	}
 
-	msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassSuccessResponse), append(responseAttrs, messageIntegrity)...)
+	msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassSuccessResponse), append(responseAttrs, authResult.messageIntegrity)...)
 	a.SetResponseCache(m.TransactionID, responseAttrs)
 	return buildAndSend(r.Conn, r.SrcAddr, msg...)
 }
 
 func handleRefreshRequest(r Request, m *stun.Message) error {
 	r.Log.Debugf("Received RefreshRequest from %s", r.SrcAddr)
 
-	messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodRefresh)
-	if !hasAuth {
+	authResult, err := authenticateRequest(r, m, stun.MethodRefresh)
+	if !authResult.hasAuth {
 		return err
 	}
 
@@ -212,7 +213,7 @@ func handleRefreshRequest(r Request, m *stun.Message) error {
 		&proto.Lifetime{
 			Duration: lifetimeDuration,
 		},
-		messageIntegrity,
+		authResult.messageIntegrity,
 	}...)...)
 }
 
@@ -228,8 +229,8 @@ func handleCreatePermissionRequest(r Request, m *stun.Message) error {
 		return fmt.Errorf("%w %v:%v", errNoAllocationFound, r.SrcAddr, r.Conn.LocalAddr())
 	}
 
-	messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodCreatePermission)
-	if !hasAuth {
+	authResult, err := authenticateRequest(r, m, stun.MethodCreatePermission)
+	if !authResult.hasAuth {
 		return err
 	}
 
@@ -267,7 +268,7 @@ func handleCreatePermissionRequest(r Request, m *stun.Message) error {
 		respClass = stun.ClassErrorResponse
 	}
 
-	return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodCreatePermission, respClass), []stun.Setter{messageIntegrity}...)...)
+	return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodCreatePermission, respClass), []stun.Setter{authResult.messageIntegrity}...)...)
 }
 
 func handleSendIndication(r Request, m *stun.Message) error {
@@ -317,8 +318,8 @@ func handleChannelBindRequest(r Request, m *stun.Message) error {
 
 	badRequestMsg := buildMsg(m.TransactionID, stun.NewType(stun.MethodChannelBind, stun.ClassErrorResponse), &stun.ErrorCodeAttribute{Code: stun.CodeBadRequest})
 
-	messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodChannelBind)
-	if !hasAuth {
+	authResult, err := authenticateRequest(r, m, stun.MethodChannelBind)
+	if !authResult.hasAuth {
 		return err
 	}
 
@@ -351,7 +352,7 @@ func handleChannelBindRequest(r Request, m *stun.Message) error {
 		return buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)
 	}
 
-	return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodChannelBind, stun.ClassSuccessResponse), []stun.Setter{messageIntegrity}...)...)
+	return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodChannelBind, stun.ClassSuccessResponse), []stun.Setter{authResult.messageIntegrity}...)...)
 }
 
 func handleChannelData(r Request, c *proto.ChannelData) error {
 
@@ -64,15 +64,15 @@ func TestAllocationLifeTime(t *testing.T) {
 		logger := logging.NewDefaultLoggerFactory().NewLogger("turn")
 
 		allocationManager, err := allocation.NewManager(allocation.ManagerConfig{
-			AllocatePacketConn: func(network string, _ int) (net.PacketConn, net.Addr, error) {
+			AllocatePacketConn: func(network string, _ int, _ string) (net.PacketConn, net.Addr, error) {
 				conn, listenErr := net.ListenPacket(network, "0.0.0.0:0")
 				if err != nil {
 					return nil, nil, listenErr
 				}
 
 				return conn, conn.LocalAddr(), nil
 			},
-			AllocateConn: func(string, int) (net.Conn, net.Addr, error) {
+			AllocateConn: func(string, int, string) (net.Conn, net.Addr, error) {
 				return nil, nil, nil
 			},
 			LeveledLogger: logger,
@@ -97,7 +97,7 @@ func TestAllocationLifeTime(t *testing.T) {
 
 		fiveTuple := &allocation.FiveTuple{SrcAddr: r.SrcAddr, DstAddr: r.Conn.LocalAddr(), Protocol: allocation.UDP}
 
-		_, err = r.AllocationManager.CreateAllocation(fiveTuple, r.Conn, 0, time.Hour)
+		_, err = r.AllocationManager.CreateAllocation(fiveTuple, r.Conn, 0, time.Hour, "")
 		assert.NoError(t, err)
 
 		assert.NotNil(t, r.AllocationManager.GetAllocation(fiveTuple))
Original file line number	Diff line number	Diff line change
`@@ -25,8 +25,8 @@ func handleAllocateRequest(r Request, m *stun.Message) error {`
`25`	`25`	`// mechanism of [https://tools.ietf.org/html/rfc5389#section-10.2.2]`
`26`	`26`	`// unless the client and server agree to use another mechanism through`
`27`	`27`	`// some procedure outside the scope of this document.`
`28`		`- messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodAllocate)`
`29`		`- if !hasAuth {`
	`28`	`+ authResult, err := authenticateRequest(r, m, stun.MethodAllocate)`
	`29`	`+ if !authResult.hasAuth {`
`30`	`30`	`return err`
`31`	`31`	`}`
`32`	`32`
`@@ -51,7 +51,7 @@ func handleAllocateRequest(r Request, m *stun.Message) error {`
`51`	`51`	`return buildAndSendErr(r.Conn, r.SrcAddr, errRelayAlreadyAllocatedForFiveTuple, msg...)`
`52`	`52`	`}`
`53`	`53`	`// A retry allocation`
`54`		`- msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassSuccessResponse), append(attrs, messageIntegrity)...)`
	`54`	`+ msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassSuccessResponse), append(attrs, authResult.messageIntegrity)...)`
`55`	`55`	`return buildAndSend(r.Conn, r.SrcAddr, msg...)`
`56`	`56`	`}`
`57`	`57`
`@@ -104,7 +104,7 @@ func handleAllocateRequest(r Request, m *stun.Message) error {`
`104`	`104`	`var evenPort proto.EvenPort`
`105`	`105`	`if err = evenPort.GetFrom(m); err == nil {`
`106`	`106`	`var randomPort int`
`107`		`- randomPort, err = r.AllocationManager.GetRandomEvenPort()`
	`107`	`+ randomPort, err = r.AllocationManager.GetRandomEvenPort(authResult.username)`
`108`	`108`	`if err != nil {`
`109`	`109`	`return buildAndSendErr(r.Conn, r.SrcAddr, err, insufficientCapacityMsg...)`
`110`	`110`	`}`
`@@ -131,7 +131,8 @@ func handleAllocateRequest(r Request, m *stun.Message) error {`
`131`	`131`	`fiveTuple,`
`132`	`132`	`r.Conn,`
`133`	`133`	`requestedPort,`
`134`		`- lifetimeDuration)`
	`134`	`+ lifetimeDuration,`
	`135`	`+ authResult.username)`
`135`	`136`	`if err != nil {`
`136`	`137`	`return buildAndSendErr(r.Conn, r.SrcAddr, err, insufficientCapacityMsg...)`
`137`	`138`	`}`
`@@ -177,16 +178,16 @@ func handleAllocateRequest(r Request, m *stun.Message) error {`
`177`	`178`	`responseAttrs = append(responseAttrs, proto.ReservationToken([]byte(reservationToken)))`
`178`	`179`	`}`
`179`	`180`
`180`		`- msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassSuccessResponse), append(responseAttrs, messageIntegrity)...)`
	`181`	`+ msg := buildMsg(m.TransactionID, stun.NewType(stun.MethodAllocate, stun.ClassSuccessResponse), append(responseAttrs, authResult.messageIntegrity)...)`
`181`	`182`	`a.SetResponseCache(m.TransactionID, responseAttrs)`
`182`	`183`	`return buildAndSend(r.Conn, r.SrcAddr, msg...)`
`183`	`184`	`}`
`184`	`185`
`185`	`186`	`func handleRefreshRequest(r Request, m *stun.Message) error {`
`186`	`187`	`r.Log.Debugf("Received RefreshRequest from %s", r.SrcAddr)`
`187`	`188`
`188`		`- messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodRefresh)`
`189`		`- if !hasAuth {`
	`189`	`+ authResult, err := authenticateRequest(r, m, stun.MethodRefresh)`
	`190`	`+ if !authResult.hasAuth {`
`190`	`191`	`return err`
`191`	`192`	`}`
`192`	`193`
`@@ -212,7 +213,7 @@ func handleRefreshRequest(r Request, m *stun.Message) error {`
`212`	`213`	`&proto.Lifetime{`
`213`	`214`	`Duration: lifetimeDuration,`
`214`	`215`	`},`
`215`		`- messageIntegrity,`
	`216`	`+ authResult.messageIntegrity,`
`216`	`217`	`}...)...)`
`217`	`218`	`}`
`218`	`219`
`@@ -228,8 +229,8 @@ func handleCreatePermissionRequest(r Request, m *stun.Message) error {`
`228`	`229`	`return fmt.Errorf("%w %v:%v", errNoAllocationFound, r.SrcAddr, r.Conn.LocalAddr())`
`229`	`230`	`}`
`230`	`231`
`231`		`- messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodCreatePermission)`
`232`		`- if !hasAuth {`
	`232`	`+ authResult, err := authenticateRequest(r, m, stun.MethodCreatePermission)`
	`233`	`+ if !authResult.hasAuth {`
`233`	`234`	`return err`
`234`	`235`	`}`
`235`	`236`
`@@ -267,7 +268,7 @@ func handleCreatePermissionRequest(r Request, m *stun.Message) error {`
`267`	`268`	`respClass = stun.ClassErrorResponse`
`268`	`269`	`}`
`269`	`270`
`270`		`- return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodCreatePermission, respClass), []stun.Setter{messageIntegrity}...)...)`
	`271`	`+ return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodCreatePermission, respClass), []stun.Setter{authResult.messageIntegrity}...)...)`
`271`	`272`	`}`
`272`	`273`
`273`	`274`	`func handleSendIndication(r Request, m *stun.Message) error {`
`@@ -317,8 +318,8 @@ func handleChannelBindRequest(r Request, m *stun.Message) error {`
`317`	`318`
`318`	`319`	`badRequestMsg := buildMsg(m.TransactionID, stun.NewType(stun.MethodChannelBind, stun.ClassErrorResponse), &stun.ErrorCodeAttribute{Code: stun.CodeBadRequest})`
`319`	`320`
`320`		`- messageIntegrity, hasAuth, err := authenticateRequest(r, m, stun.MethodChannelBind)`
`321`		`- if !hasAuth {`
	`321`	`+ authResult, err := authenticateRequest(r, m, stun.MethodChannelBind)`
	`322`	`+ if !authResult.hasAuth {`
`322`	`323`	`return err`
`323`	`324`	`}`
`324`	`325`
`@@ -351,7 +352,7 @@ func handleChannelBindRequest(r Request, m *stun.Message) error {`
`351`	`352`	`return buildAndSendErr(r.Conn, r.SrcAddr, err, badRequestMsg...)`
`352`	`353`	`}`
`353`	`354`
`354`		`- return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodChannelBind, stun.ClassSuccessResponse), []stun.Setter{messageIntegrity}...)...)`
	`355`	`+ return buildAndSend(r.Conn, r.SrcAddr, buildMsg(m.TransactionID, stun.NewType(stun.MethodChannelBind, stun.ClassSuccessResponse), []stun.Setter{authResult.messageIntegrity}...)...)`
`355`	`356`	`}`
`356`	`357`
`357`	`358`	`func handleChannelData(r Request, c *proto.ChannelData) error {`