-
Notifications
You must be signed in to change notification settings - Fork 43
/
obfuscator.js
108 lines (102 loc) · 3.35 KB
/
obfuscator.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
// obfuscate ip addresses which should not be stored long-term.
const SDPUtils = require('sdp');
// obfuscate ip, keeping address family intact.
function obfuscateIP(ip) {
if (ip.indexOf('[') === 0 || ip.indexOf(':') !== -1) { // IPv6
// obfuscate last five bits like Chrome does.
return ip.split(':').slice(0, 3).join(':') + ':x:x:x:x:x'
}
const parts = ip.split('.');
if (parts.length === 4) {
parts[3] = 'x';
return parts.join('.');
} else {
return ip;
}
}
// obfuscate the ip in ice candidates. Does NOT obfuscate the ip of the TURN server to allow
// selecting/grouping sessions by TURN server.
function obfuscateCandidate(candidate) {
const cand = SDPUtils.parseCandidate(candidate);
if (!(cand.type === 'relay' || cand.protocol === 'ssltcp')) {
cand.ip = obfuscateIP(cand.ip);
cand.address = obfuscateIP(cand.address);
}
if (cand.relatedAddress) {
cand.relatedAddress = obfuscateIP(cand.relatedAddress);
}
return SDPUtils.writeCandidate(cand);
}
function obfuscateSDP(sdp) {
const lines = SDPUtils.splitLines(sdp);
return lines.map(line => {
// obfuscate a=candidate, c= and a=rtcp
if (line.indexOf('a=candidate:') === 0) {
return 'a=' + obfuscateCandidate(line);
} else if (line.indexOf('c=') === 0) {
return 'c=IN IP4 0.0.0.0';
} else if (line.indexOf('a=rtcp:') === 0) {
return 'a=rtcp:9 IN IP4 0.0.0.0';
} else {
return line;
}
}).join('\r\n').trim() + '\r\n';
}
function obfuscateStats(stats) {
Object.keys(stats).forEach(id => {
const report = stats[id];
if (!report) {
console.warn('no report for', id, stats);
return;
}
// obfuscate different variants of how the ip is contained in different stats / versions.
['ipAddress', 'ip', 'address'].forEach((address) => {
if (report[address] && report.candidateType !== 'relayed') {
report[address] = obfuscateIP(report[address]);
}
});
['googLocalAddress', 'googRemoteAddress'].forEach(name => {
// contains both address and port
let port;
if (report[name]) {
if (report[name][0] === '[') {
port = report[name].substr(report[name].indexOf(']') + 2);
} else {
port = report[name].substr(report[name].indexOf(':') + 1);
}
report[name] = obfuscateIP(report[name]) + ':' + port;
}
});
});
}
module.exports = function(data) {
switch(data[0]) {
case 'addIceCandidate':
case 'onicecandidate':
if (data[2] && data[2].candidate) {
data[2].candidate = obfuscateCandidate(data[2].candidate);
}
break;
case 'setLocalDescription':
case 'setRemoteDescription':
case 'createOfferOnSuccess':
case 'createAnswerOnSuccess':
if (data[2] && data[2].sdp) {
data[2].sdp = obfuscateSDP(data[2].sdp);
}
break;
case 'getStats':
case 'getstats':
if (data[2]) {
obfuscateStats(data[2]);
}
break;
case 'publicIP':
if (data[2]) {
data[2] = obfuscateIP(data[2]);
}
break;
default:
break;
}
};