配置

# TURN 配置 Cloudflare TURN 服务在 Workers 和应用程序中的设置与配置。 ## 环境变量 bash # .env CLOUDFLARE_ACCOUNT_ID=your_account_id CLOUDFLARE_API_TOKEN=your_api_token TURN_KEY_ID=your_turn_key_id TURN_KEY_SECRET=your_turn_key_secret 使用 zod 进行验证： typescript import { z } from 'zod'; const envSchema = z.object({ CLOUDFLARE_ACCOUNT_ID: z.string().min(1), CLOUDFLARE_API_TOKEN: z.string().min(1), TURN_KEY_ID: z.string().min(1), TURN_KEY_SECRET: z.string().min(1) }); export const config = envSchema.parse(process.env); ## wrangler.jsonc c { "name": "turn-credentials-api", "main": "src/index.ts", "compatibility_date": "2025-01-01", "vars": { "TURN_KEY_ID": "your-turn-key-id" // 非敏感信息，可放在 vars 中 }, "env": { "production": { "kv_namespaces": [ { "binding": "CREDENTIALS_CACHE", "id": "your-kv-namespace-id" } ] } } } **单独存储密钥**： bash wrangler secret put TURN_KEY_SECRET ## Cloudflare Worker 集成 ### Worker 绑定类型 typescript interface Env { TURN_KEY_ID: string; TURN_KEY_SECRET: string; CREDENTIALS_CACHE?: KVNamespace; } export default { async fetch(request: Request, env: Env): Promise { // 实现细节请参考 patterns.md } } ### Worker 基础示例 typescript export default { async fetch(request: Request, env: Env): Promise { if (request.url.endsWith('/turn-credentials')) { // 验证客户端授权 const authHeader = request.headers.get('Authorization'); if (!authHeader) { return new Response('Unauthorized', { status: 401 }); } const response = await fetch( `https://rtc.live.cloudflare.com/v1/turn/keys/${env.TURN_KEY_ID}/credentials/generate`, { method: 'POST', headers: { 'Authorization': `Bearer ${env.TURN_KEY_SECRET}`, 'Content-Type': 'application/json' }, body: JSON.stringify({ ttl: 3600 }) } ); if (!response.ok) { return new Response('Failed to generate credentials', { status: 500 }); } const data = await response.json(); // 为浏览器客户端过滤 53 端口 const filteredUrls = data.iceServers.urls.filter( (url: string) => !url.includes(':53') ); return Response.json({ iceServers: [