From 0c801564fd7e1a10959944defe72b76bb6dd60f8 Mon Sep 17 00:00:00 2001 From: Alessandro Ros Date: Fri, 12 Sep 2025 15:24:51 +0200 Subject: [PATCH] playback: fix crash during authentication errors (#4960) (#4966) --- internal/playback/on_list_test.go | 49 +++++++++++++++++++++++++++++++ internal/playback/server.go | 2 +- 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/internal/playback/on_list_test.go b/internal/playback/on_list_test.go index a0b4923a..5252b88a 100644 --- a/internal/playback/on_list_test.go +++ b/internal/playback/on_list_test.go @@ -16,6 +16,7 @@ import ( "github.com/bluenviron/mediacommon/v2/pkg/formats/fmp4" "github.com/bluenviron/mediacommon/v2/pkg/formats/mp4" + "github.com/bluenviron/mediamtx/internal/auth" "github.com/bluenviron/mediamtx/internal/conf" "github.com/bluenviron/mediamtx/internal/test" "github.com/stretchr/testify/require" @@ -320,3 +321,51 @@ func TestOnListCachedDuration(t *testing.T) { }, }, out) } + +func TestOnListAuthError(t *testing.T) { + dir, err := os.MkdirTemp("", "mediamtx-playback") + require.NoError(t, err) + defer os.RemoveAll(dir) + + s := &Server{ + Address: "127.0.0.1:9996", + ReadTimeout: conf.Duration(10 * time.Second), + PathConfs: map[string]*conf.Path{ + "mypath": { + Name: "mypath", + RecordPath: filepath.Join(dir, "%path/%Y-%m-%d_%H-%M-%S-%f"), + }, + }, + AuthManager: &test.AuthManager{ + AuthenticateImpl: func(_ *auth.Request) error { + return auth.Error{Wrapped: fmt.Errorf("auth error")} + }, + RefreshJWTJWKSImpl: func() { + }, + }, + Parent: test.NilLogger, + } + err = s.Initialize() + require.NoError(t, err) + defer s.Close() + + u, err := url.Parse("http://myuser:mypass@localhost:9996/list") + require.NoError(t, err) + + v := url.Values{} + v.Set("path", "mypath") + u.RawQuery = v.Encode() + + req, err := http.NewRequest(http.MethodGet, u.String(), nil) + require.NoError(t, err) + + start := time.Now() + + res, err := http.DefaultClient.Do(req) + require.NoError(t, err) + defer res.Body.Close() + + require.Greater(t, time.Since(start), 2*time.Second) + + require.Equal(t, http.StatusUnauthorized, res.StatusCode) +} diff --git a/internal/playback/server.go b/internal/playback/server.go index 9f757857..52e7e904 100644 --- a/internal/playback/server.go +++ b/internal/playback/server.go @@ -130,7 +130,7 @@ func (s *Server) doAuth(ctx *gin.Context, pathName string) bool { } s.Log(logger.Info, "connection %v failed to authenticate: %v", - httpp.RemoteAddr(ctx), err.(*auth.Error).Message) //nolint:errorlint + httpp.RemoteAddr(ctx), err.(auth.Error).Message) //nolint:errorlint // wait some seconds to mitigate brute force attacks <-time.After(auth.PauseAfterError)