remove performance based turn routing from CallRoutingControllerV2
This commit is contained in:
Adel Lahlou
Jon Chambers
parent
b248b6bc12
commit
886984861f
|
|
@ -94,10 +94,6 @@ import org.whispersystems.textsecuregcm.backup.BackupsDb;
|
|||
import org.whispersystems.textsecuregcm.backup.Cdn3BackupCredentialGenerator;
|
||||
import org.whispersystems.textsecuregcm.backup.Cdn3RemoteStorageManager;
|
||||
import org.whispersystems.textsecuregcm.badges.ConfiguredProfileBadgeConverter;
|
||||
import org.whispersystems.textsecuregcm.calls.routing.CallDnsRecordsManager;
|
||||
import org.whispersystems.textsecuregcm.calls.routing.CallRoutingTableManager;
|
||||
import org.whispersystems.textsecuregcm.calls.routing.DynamicConfigTurnRouter;
|
||||
import org.whispersystems.textsecuregcm.calls.routing.TurnCallRouter;
|
||||
import org.whispersystems.textsecuregcm.captcha.CaptchaChecker;
|
||||
import org.whispersystems.textsecuregcm.captcha.CaptchaClient;
|
||||
import org.whispersystems.textsecuregcm.captcha.RegistrationCaptchaManager;
|
||||
|
|
@ -142,7 +138,6 @@ import org.whispersystems.textsecuregcm.filters.RemoteDeprecationFilter;
|
|||
import org.whispersystems.textsecuregcm.filters.RequestStatisticsFilter;
|
||||
import org.whispersystems.textsecuregcm.filters.RestDeprecationFilter;
|
||||
import org.whispersystems.textsecuregcm.filters.TimestampResponseFilter;
|
||||
import org.whispersystems.textsecuregcm.geo.MaxMindDatabaseManager;
|
||||
import org.whispersystems.textsecuregcm.grpc.AccountsAnonymousGrpcService;
|
||||
import org.whispersystems.textsecuregcm.grpc.AccountsGrpcService;
|
||||
import org.whispersystems.textsecuregcm.grpc.ErrorMappingInterceptor;
|
||||
|
|
@ -813,45 +808,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
|
|||
config.getAppleDeviceCheck().teamId(),
|
||||
config.getAppleDeviceCheck().bundleId());
|
||||
|
||||
final DynamicConfigTurnRouter configTurnRouter = new DynamicConfigTurnRouter(dynamicConfigurationManager);
|
||||
|
||||
MaxMindDatabaseManager geoIpCityDatabaseManager = new MaxMindDatabaseManager(
|
||||
recurringConfigSyncExecutor,
|
||||
awsCredentialsProvider,
|
||||
config.getMaxmindCityDatabase(),
|
||||
"city"
|
||||
);
|
||||
environment.lifecycle().manage(geoIpCityDatabaseManager);
|
||||
CallDnsRecordsManager callDnsRecordsManager = new CallDnsRecordsManager(
|
||||
recurringConfigSyncExecutor,
|
||||
awsCredentialsProvider,
|
||||
config.getCallingTurnDnsRecords()
|
||||
);
|
||||
environment.lifecycle().manage(callDnsRecordsManager);
|
||||
CallRoutingTableManager callRoutingTableManager = new CallRoutingTableManager(
|
||||
recurringConfigSyncExecutor,
|
||||
awsCredentialsProvider,
|
||||
config.getCallingTurnPerformanceTable(),
|
||||
"Performance"
|
||||
);
|
||||
environment.lifecycle().manage(callRoutingTableManager);
|
||||
CallRoutingTableManager manualCallRoutingTableManager = new CallRoutingTableManager(
|
||||
recurringConfigSyncExecutor,
|
||||
awsCredentialsProvider,
|
||||
config.getCallingTurnManualTable(),
|
||||
"Manual"
|
||||
);
|
||||
environment.lifecycle().manage(manualCallRoutingTableManager);
|
||||
|
||||
TurnCallRouter callRouter = new TurnCallRouter(
|
||||
callDnsRecordsManager,
|
||||
callRoutingTableManager,
|
||||
manualCallRoutingTableManager,
|
||||
configTurnRouter,
|
||||
geoIpCityDatabaseManager,
|
||||
false
|
||||
);
|
||||
|
||||
final GrpcClientConnectionManager grpcClientConnectionManager = new GrpcClientConnectionManager();
|
||||
|
||||
disconnectionRequestManager.addListener(grpcClientConnectionManager);
|
||||
|
|
@ -1117,7 +1073,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
|
|||
new AttachmentControllerV4(rateLimiters, gcsAttachmentGenerator, tusAttachmentGenerator,
|
||||
experimentEnrollmentManager),
|
||||
new ArchiveController(backupAuthManager, backupManager),
|
||||
new CallRoutingControllerV2(rateLimiters, callRouter, turnTokenGenerator, experimentEnrollmentManager, cloudflareTurnCredentialsManager),
|
||||
new CallRoutingControllerV2(rateLimiters, cloudflareTurnCredentialsManager),
|
||||
new CallLinkController(rateLimiters, callingGenericZkSecretParams),
|
||||
new CertificateController(new CertificateGenerator(config.getDeliveryCertificate().certificate().value(),
|
||||
config.getDeliveryCertificate().ecPrivateKey(), config.getDeliveryCertificate().expiresDays()),
|
||||
|
|
|
|||
|
|
@ -18,20 +18,13 @@ import jakarta.ws.rs.Produces;
|
|||
import jakarta.ws.rs.container.ContainerRequestContext;
|
||||
import jakarta.ws.rs.core.Context;
|
||||
import jakarta.ws.rs.core.MediaType;
|
||||
import java.net.InetAddress;
|
||||
import java.net.UnknownHostException;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
|
||||
import org.whispersystems.textsecuregcm.auth.CloudflareTurnCredentialsManager;
|
||||
import org.whispersystems.textsecuregcm.auth.TurnToken;
|
||||
import org.whispersystems.textsecuregcm.auth.TurnTokenGenerator;
|
||||
import org.whispersystems.textsecuregcm.calls.routing.TurnCallRouter;
|
||||
import org.whispersystems.textsecuregcm.calls.routing.TurnServerOptions;
|
||||
import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
|
||||
import org.whispersystems.textsecuregcm.filters.RemoteAddressFilter;
|
||||
import org.whispersystems.textsecuregcm.limits.RateLimiters;
|
||||
import org.whispersystems.websocket.auth.ReadOnly;
|
||||
|
||||
|
|
@ -39,25 +32,15 @@ import org.whispersystems.websocket.auth.ReadOnly;
|
|||
@Path("/v2/calling")
|
||||
public class CallRoutingControllerV2 {
|
||||
|
||||
private static final Counter INVALID_IP_COUNTER = Metrics.counter(name(CallRoutingControllerV2.class, "invalidIP"));
|
||||
private static final Counter CLOUDFLARE_TURN_ERROR_COUNTER = Metrics.counter(name(CallRoutingControllerV2.class, "cloudflareTurnError"));
|
||||
private final RateLimiters rateLimiters;
|
||||
private final TurnCallRouter turnCallRouter;
|
||||
private final TurnTokenGenerator tokenGenerator;
|
||||
private final ExperimentEnrollmentManager experimentEnrollmentManager;
|
||||
private final CloudflareTurnCredentialsManager cloudflareTurnCredentialsManager;
|
||||
|
||||
public CallRoutingControllerV2(
|
||||
final RateLimiters rateLimiters,
|
||||
final TurnCallRouter turnCallRouter,
|
||||
final TurnTokenGenerator tokenGenerator,
|
||||
final ExperimentEnrollmentManager experimentEnrollmentManager,
|
||||
final CloudflareTurnCredentialsManager cloudflareTurnCredentialsManager
|
||||
) {
|
||||
this.rateLimiters = rateLimiters;
|
||||
this.turnCallRouter = turnCallRouter;
|
||||
this.tokenGenerator = tokenGenerator;
|
||||
this.experimentEnrollmentManager = experimentEnrollmentManager;
|
||||
this.cloudflareTurnCredentialsManager = cloudflareTurnCredentialsManager;
|
||||
}
|
||||
|
||||
|
|
@ -76,34 +59,19 @@ public class CallRoutingControllerV2 {
|
|||
@ApiResponse(responseCode = "422", description = "Invalid request format.")
|
||||
@ApiResponse(responseCode = "429", description = "Rate limited.")
|
||||
public GetCallingRelaysResponse getCallingRelays(
|
||||
final @ReadOnly @Auth AuthenticatedDevice auth,
|
||||
@Context ContainerRequestContext requestContext
|
||||
) throws RateLimitExceededException {
|
||||
final @ReadOnly @Auth AuthenticatedDevice auth
|
||||
) throws RateLimitExceededException, IOException {
|
||||
UUID aci = auth.getAccount().getUuid();
|
||||
rateLimiters.getCallEndpointLimiter().validate(aci);
|
||||
|
||||
List<TurnToken> tokens = new ArrayList<>();
|
||||
try {
|
||||
if (experimentEnrollmentManager.isEnrolled(auth.getAccount().getNumber(), aci, "cloudflareTurn")) {
|
||||
tokens.add(cloudflareTurnCredentialsManager.retrieveFromCloudflare());
|
||||
}
|
||||
tokens.add(cloudflareTurnCredentialsManager.retrieveFromCloudflare());
|
||||
} catch (Exception e) {
|
||||
// emit counter, rely on Signal URL fallback
|
||||
CallRoutingControllerV2.CLOUDFLARE_TURN_ERROR_COUNTER.increment();
|
||||
throw e;
|
||||
}
|
||||
|
||||
Optional<InetAddress> address = Optional.empty();
|
||||
try {
|
||||
final String remoteAddress = (String) requestContext.getProperty(
|
||||
RemoteAddressFilter.REMOTE_ADDRESS_ATTRIBUTE_NAME);
|
||||
address = Optional.of(InetAddress.getByName(remoteAddress));
|
||||
} catch (UnknownHostException e) {
|
||||
INVALID_IP_COUNTER.increment();
|
||||
}
|
||||
|
||||
TurnServerOptions options = turnCallRouter.getRoutingFor(aci, address);
|
||||
tokens.add(tokenGenerator.generateWithTurnServerOptions(options));
|
||||
|
||||
return new GetCallingRelaysResponse(tokens);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,8 +6,6 @@
|
|||
package org.whispersystems.textsecuregcm.controllers;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.anyInt;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.doThrow;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.reset;
|
||||
|
|
@ -18,11 +16,7 @@ import io.dropwizard.testing.junit5.DropwizardExtensionsSupport;
|
|||
import io.dropwizard.testing.junit5.ResourceExtension;
|
||||
import jakarta.ws.rs.core.Response;
|
||||
import java.io.IOException;
|
||||
import java.net.InetAddress;
|
||||
import java.net.UnknownHostException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
|
|
@ -31,10 +25,6 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||
import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
|
||||
import org.whispersystems.textsecuregcm.auth.CloudflareTurnCredentialsManager;
|
||||
import org.whispersystems.textsecuregcm.auth.TurnToken;
|
||||
import org.whispersystems.textsecuregcm.auth.TurnTokenGenerator;
|
||||
import org.whispersystems.textsecuregcm.calls.routing.TurnCallRouter;
|
||||
import org.whispersystems.textsecuregcm.calls.routing.TurnServerOptions;
|
||||
import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
|
||||
import org.whispersystems.textsecuregcm.limits.RateLimiter;
|
||||
import org.whispersystems.textsecuregcm.limits.RateLimiters;
|
||||
import org.whispersystems.textsecuregcm.mappers.RateLimitExceededExceptionMapper;
|
||||
|
|
@ -47,11 +37,6 @@ class CallRoutingControllerV2Test {
|
|||
|
||||
private static final String GET_CALL_RELAYS_PATH = "v2/calling/relays";
|
||||
private static final String REMOTE_ADDRESS = "123.123.123.1";
|
||||
private static final TurnServerOptions TURN_SERVER_OPTIONS = new TurnServerOptions(
|
||||
"example.domain.org",
|
||||
Optional.of(List.of("stun:12.34.56.78")),
|
||||
Optional.of(List.of("stun:example.domain.org"))
|
||||
);
|
||||
private static final TurnToken CLOUDFLARE_TURN_TOKEN = new TurnToken(
|
||||
"ABC",
|
||||
"XYZ",
|
||||
|
|
@ -61,12 +46,8 @@ class CallRoutingControllerV2Test {
|
|||
|
||||
private static final RateLimiters rateLimiters = mock(RateLimiters.class);
|
||||
private static final RateLimiter getCallEndpointLimiter = mock(RateLimiter.class);
|
||||
private static final ExperimentEnrollmentManager experimentEnrollmentManager = mock(
|
||||
ExperimentEnrollmentManager.class);
|
||||
private static final TurnTokenGenerator turnTokenGenerator = new TurnTokenGenerator("bloop".getBytes(StandardCharsets.UTF_8));
|
||||
private static final CloudflareTurnCredentialsManager cloudflareTurnCredentialsManager = mock(
|
||||
CloudflareTurnCredentialsManager.class);
|
||||
private static final TurnCallRouter turnCallRouter = mock(TurnCallRouter.class);
|
||||
|
||||
private static final ResourceExtension resources = ResourceExtension.builder()
|
||||
.addProvider(AuthHelper.getAuthFilter())
|
||||
|
|
@ -75,8 +56,7 @@ class CallRoutingControllerV2Test {
|
|||
.addProvider(new TestRemoteAddressFilterProvider(REMOTE_ADDRESS))
|
||||
.setMapper(SystemMapper.jsonMapper())
|
||||
.setTestContainerFactory(new GrizzlyWebTestContainerFactory())
|
||||
.addResource(new CallRoutingControllerV2(rateLimiters, turnCallRouter, turnTokenGenerator,
|
||||
experimentEnrollmentManager, cloudflareTurnCredentialsManager))
|
||||
.addResource(new CallRoutingControllerV2(rateLimiters, cloudflareTurnCredentialsManager))
|
||||
.build();
|
||||
|
||||
@BeforeEach
|
||||
|
|
@ -86,58 +66,19 @@ class CallRoutingControllerV2Test {
|
|||
|
||||
@AfterEach
|
||||
void tearDown() {
|
||||
reset(experimentEnrollmentManager, rateLimiters, getCallEndpointLimiter, turnCallRouter);
|
||||
reset( rateLimiters, getCallEndpointLimiter);
|
||||
}
|
||||
|
||||
void initializeMocksWith(Optional<TurnServerOptions> signalTurn, Optional<TurnToken> cloudflare) {
|
||||
signalTurn.ifPresent(options -> {
|
||||
void initializeMocksWith(TurnToken cloudflareToken) {
|
||||
try {
|
||||
when(turnCallRouter.getRoutingFor(
|
||||
eq(AuthHelper.VALID_UUID),
|
||||
eq(Optional.of(InetAddress.getByName(REMOTE_ADDRESS))))
|
||||
).thenReturn(options);
|
||||
} catch (UnknownHostException ignored) {
|
||||
}
|
||||
});
|
||||
cloudflare.ifPresent(token -> {
|
||||
when(experimentEnrollmentManager.isEnrolled(AuthHelper.VALID_NUMBER, AuthHelper.VALID_UUID, "cloudflareTurn"))
|
||||
.thenReturn(true);
|
||||
try {
|
||||
when(cloudflareTurnCredentialsManager.retrieveFromCloudflare()).thenReturn(token);
|
||||
when(cloudflareTurnCredentialsManager.retrieveFromCloudflare()).thenReturn(cloudflareToken);
|
||||
} catch (IOException ignored) {
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
void testGetRelaysSignalRoutingOnly() {
|
||||
TurnServerOptions options = TURN_SERVER_OPTIONS;
|
||||
initializeMocksWith(Optional.of(options), Optional.empty());
|
||||
|
||||
try (Response rawResponse = resources.getJerseyTest()
|
||||
.target(GET_CALL_RELAYS_PATH)
|
||||
.request()
|
||||
.header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
|
||||
.get()) {
|
||||
|
||||
assertThat(rawResponse.getStatus()).isEqualTo(200);
|
||||
|
||||
CallRoutingControllerV2.GetCallingRelaysResponse response = rawResponse.readEntity(
|
||||
CallRoutingControllerV2.GetCallingRelaysResponse.class);
|
||||
List<TurnToken> relays = response.relays();
|
||||
assertThat(relays).hasSize(1);
|
||||
assertThat(relays.getFirst().username()).isNotEmpty();
|
||||
assertThat(relays.getFirst().password()).isNotEmpty();
|
||||
assertThat(relays.getFirst().hostname()).isEqualTo(options.hostname());
|
||||
assertThat(relays.getFirst().urlsWithIps()).isEqualTo(options.urlsWithIps().get());
|
||||
assertThat(relays.getFirst().urls()).isEqualTo(options.urlsWithHostname().get());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void testGetRelaysBothRouting() {
|
||||
TurnServerOptions options = TURN_SERVER_OPTIONS;
|
||||
initializeMocksWith(Optional.of(options), Optional.of(CLOUDFLARE_TURN_TOKEN));
|
||||
initializeMocksWith(CLOUDFLARE_TURN_TOKEN);
|
||||
|
||||
try (Response rawResponse = resources.getJerseyTest()
|
||||
.target(GET_CALL_RELAYS_PATH)
|
||||
|
|
@ -151,49 +92,7 @@ class CallRoutingControllerV2Test {
|
|||
CallRoutingControllerV2.GetCallingRelaysResponse.class);
|
||||
|
||||
List<TurnToken> relays = response.relays();
|
||||
assertThat(relays).hasSize(2);
|
||||
|
||||
assertThat(relays.getFirst()).isEqualTo(CLOUDFLARE_TURN_TOKEN);
|
||||
|
||||
TurnToken token = relays.get(1);
|
||||
assertThat(token.username()).isNotEmpty();
|
||||
assertThat(token.password()).isNotEmpty();
|
||||
assertThat(token.hostname()).isEqualTo(options.hostname());
|
||||
assertThat(token.urlsWithIps()).isEqualTo(options.urlsWithIps().get());
|
||||
assertThat(token.urls()).isEqualTo(options.urlsWithHostname().get());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void testGetRelaysInvalidIpSuccess() throws UnknownHostException {
|
||||
TurnServerOptions options = new TurnServerOptions(
|
||||
"example.domain.org",
|
||||
Optional.of(List.of()),
|
||||
Optional.of(List.of("stun:example.domain.org"))
|
||||
);
|
||||
|
||||
when(turnCallRouter.getRoutingFor(
|
||||
eq(AuthHelper.VALID_UUID),
|
||||
eq(Optional.of(InetAddress.getByName(REMOTE_ADDRESS))))
|
||||
).thenReturn(options);
|
||||
try (Response rawResponse = resources.getJerseyTest()
|
||||
.target(GET_CALL_RELAYS_PATH)
|
||||
.request()
|
||||
.header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
|
||||
.get()) {
|
||||
|
||||
assertThat(rawResponse.getStatus()).isEqualTo(200);
|
||||
CallRoutingControllerV2.GetCallingRelaysResponse response = rawResponse.readEntity(
|
||||
CallRoutingControllerV2.GetCallingRelaysResponse.class
|
||||
);
|
||||
|
||||
assertThat(response.relays()).hasSize(1);
|
||||
TurnToken token = response.relays().getFirst();
|
||||
assertThat(token.username()).isNotEmpty();
|
||||
assertThat(token.password()).isNotEmpty();
|
||||
assertThat(token.hostname()).isEqualTo(options.hostname());
|
||||
assertThat(token.urlsWithIps()).isEqualTo(options.urlsWithIps().get());
|
||||
assertThat(token.urls()).isEqualTo(options.urlsWithHostname().get());
|
||||
assertThat(relays).isEqualTo(List.of(CLOUDFLARE_TURN_TOKEN));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue