add turn credentials and config

2026-06-07 07:55:16 +02:00 · 2026-02-03 11:34:44 +05:30 · 2026-02-03 11:34:44 +05:30 · 8ba69b35df
commit 8ba69b35df
parent fde2940e53
3 changed files with 33 additions and 7 deletions
--- a/api/routes/turn_credentials.py
+++ b/api/routes/turn_credentials.py
@ -24,6 +24,7 @@ from loguru import logger
 from pydantic import BaseModel

 from api.constants import (
+    ENVIRONMENT,
    TURN_CREDENTIAL_TTL,
    TURN_HOST,
    TURN_PORT,
@ -31,6 +32,7 @@ from api.constants import (
    TURN_TLS_PORT,
 )
 from api.db.models import UserModel
+from api.enums import Environment
 from api.services.auth.depends import get_user

 router = APIRouter(prefix="/turn", tags=["turn"])
@ -88,10 +90,28 @@ def generate_turn_credentials(user_id: str, ttl: int = TURN_CREDENTIAL_TTL) -> d
    ).decode("utf-8")

    # Build TURN URIs
-    uris = [
-        f"turn:{TURN_HOST}:{TURN_PORT}",  # TURN over UDP
-        f"turn:{TURN_HOST}:{TURN_PORT}?transport=tcp",  # TURN over TCP
-    ]
+    # Note: aiortc only uses the FIRST valid TURN URI, so ordering matters.
+    # Priority:
+    #   1. TURNS (TLS) if configured - most secure
+    #   2. TURN TCP for LOCAL env (macOS Docker compatibility)
+    #   3. TURN UDP for production (more efficient)
+    uris = []
+
+    # Add non-TLS TURN as fallback, ordered by environment
+    if ENVIRONMENT == Environment.LOCAL.value:
+        uris.extend(
+            [
+                f"turn:{TURN_HOST}:{TURN_PORT}?transport=tcp",  # TCP for macOS Docker
+                f"turn:{TURN_HOST}:{TURN_PORT}",  # UDP fallback
+            ]
+        )
+    else:
+        uris.extend(
+            [
+                f"turn:{TURN_HOST}:{TURN_PORT}",  # UDP preferred for other environments
+                f"turn:{TURN_HOST}:{TURN_PORT}?transport=tcp",  # TCP fallback
+            ]
+        )

    # Add TLS URIs if TLS port is configured
    if TURN_TLS_PORT:
--- a/config/coturn/turnserver.conf
+++ b/config/coturn/turnserver.conf
@ -82,8 +82,8 @@ new-log-timestamp
 # For cloud deployments (AWS, GCP), set external IP explicitly:
 # external-ip=<PUBLIC_IP>/<PRIVATE_IP>

-# Uncomment to restrict to specific listening IPs:
-# listening-ip=0.0.0.0
+# Explicitly bind to all interfaces (required for Docker port mapping)
+listening-ip=0.0.0.0

 # =============================================================================
 # STUN Configuration
--- a/docker-compose-local.yaml
+++ b/docker-compose-local.yaml
@ -62,12 +62,18 @@ services:
    image: coturn/coturn:4.8.0
    container_name: coturn
    restart: unless-stopped
-    network_mode: host
+    ports:
+      - "3478:3478/udp"      # TURN/STUN UDP
+      - "3478:3478/tcp"      # TURN/STUN TCP
+      - "5349:5349/tcp"      # TURNS (TLS)
+      - "49152-49200:49152-49200/udp"  # Relay ports
    volumes:
      - ./config/coturn/turnserver.conf:/etc/coturn/turnserver.conf:ro
    command:
      - "-c"
      - "/etc/coturn/turnserver.conf"
+    networks:
+      - app-network

 volumes:
  postgres_data: