38 lines
1.5 KiB
Markdown
38 lines
1.5 KiB
Markdown
# ECP-0056: TURN ICE Bootstrap Endpoint
|
|
|
|
Status: Draft
|
|
|
|
## Problem
|
|
|
|
WebRTC connectivity is unreliable across diverse NAT / firewall environments when we rely only on
|
|
public STUN servers. For "send a link to mom" reliability, viewers need TURN available.
|
|
|
|
We also need a single, stable place for the web app and native CLI to fetch ICE server config
|
|
without exposing implementation details in the UI.
|
|
|
|
## Proposal
|
|
|
|
- Add `GET /api/turn` on `every.channel`.
|
|
- Response returns a `just-webrtc` compatible `PeerConfiguration` subset:
|
|
- `ice_servers`: array of STUN/TURN servers.
|
|
- Default behavior:
|
|
- Always include STUN servers (Cloudflare STUN + Google STUN fallback).
|
|
- If a TURN shared secret is configured in the Worker environment, also include TURN servers
|
|
with short-lived credentials generated via the TURN REST pattern (HMAC-based).
|
|
|
|
This keeps the container DO offline (`enableInternet=false`) and centralizes "how to TURN" in the
|
|
Worker, while clients remain generic.
|
|
|
|
## Security / Abuse Notes
|
|
|
|
- TURN credentials are short-lived (hour-scale) and only usable against the TURN provider.
|
|
- We do not log or persist TURN credentials.
|
|
- The shared secret is stored as a Worker secret (not in git).
|
|
|
|
## Rollout
|
|
|
|
1. Deploy Worker with `/api/turn`.
|
|
2. Update web viewer + `ec-node` direct publish/subscribe to fetch and use `/api/turn`.
|
|
3. If/when Cloudflare Calls TURN keys are enabled for the account, store the Calls TURN key as the
|
|
shared secret in the Worker and turn on TURN at the edge.
|
|
|