support external authentication (#504) (#517)

2025-10-17 21:23:46 +08:00 · 2021-12-22 19:13:56 +01:00
parent 811540b34b
commit 11760fd79f
21 changed files with 908 additions and 542 deletions
--- a/internal/core/rtmp_server_test.go
+++ b/internal/core/rtmp_server_test.go
@@ -1,10 +1,14 @@
 package core

 import (
+	"context"
+	"io"
 	"testing"
 	"time"

 	"github.com/stretchr/testify/require"
+
+	"github.com/aler9/rtsp-simple-server/internal/rtmp"
 )

 func TestRTMPServerPublish(t *testing.T) {
@@ -78,75 +82,70 @@ func TestRTMPServerRead(t *testing.T) {
 }

 func TestRTMPServerAuth(t *testing.T) {
-	t.Run("publish", func(t *testing.T) {
-		p, ok := newInstance("rtspDisable: yes\n" +
-			"hlsDisable: yes\n" +
-			"paths:\n" +
-			"  all:\n" +
-			"    publishUser: testuser\n" +
-			"    publishPass: testpass\n" +
-			"    readIPs: [127.0.0.0/16]\n")
-		require.Equal(t, true, ok)
-		defer p.close()
+	for _, ca := range []string{
+		"internal",
+		"external",
+	} {
+		t.Run(ca, func(t *testing.T) {
+			var conf string
+			if ca == "internal" {
+				conf = "paths:\n" +
+					"  all:\n" +
+					"    publishUser: testpublisher\n" +
+					"    publishPass: testpass\n" +
+					"    publishIPs: [127.0.0.0/16]\n" +
+					"    readUser: testreader\n" +
+					"    readPass: testpass\n" +
+					"    readIPs: [127.0.0.0/16]\n"
+			} else {
+				conf = "externalAuthenticationURL: http://localhost:9120/auth\n" +
+					"paths:\n" +
+					"  all:\n"
+			}

-		cnt1, err := newContainer("ffmpeg", "source", []string{
-			"-re",
-			"-stream_loop", "-1",
-			"-i", "emptyvideo.mkv",
-			"-c", "copy",
-			"-f", "flv",
-			"rtmp://localhost/teststream?user=testuser&pass=testpass",
+			p, ok := newInstance(conf)
+			require.Equal(t, true, ok)
+			defer p.close()
+
+			var a *testHTTPAuthenticator
+			if ca == "external" {
+				var err error
+				a, err = newTestHTTPAuthenticator("publish")
+				require.NoError(t, err)
+			}
+
+			cnt1, err := newContainer("ffmpeg", "source", []string{
+				"-re",
+				"-stream_loop", "-1",
+				"-i", "emptyvideo.mkv",
+				"-c", "copy",
+				"-f", "flv",
+				"rtmp://127.0.0.1/teststream?user=testpublisher&pass=testpass",
+			})
+			require.NoError(t, err)
+			defer cnt1.close()
+
+			time.Sleep(1 * time.Second)
+
+			if ca == "external" {
+				a.close()
+				a, err = newTestHTTPAuthenticator("read")
+				require.NoError(t, err)
+				defer a.close()
+			}
+
+			conn, err := rtmp.DialContext(context.Background(),
+				"rtmp://127.0.0.1/teststream?user=testreader&pass=testpass")
+			require.NoError(t, err)
+			defer conn.Close()
+
+			err = conn.ClientHandshake()
+			require.NoError(t, err)
+
+			_, _, err = conn.ReadMetadata()
+			require.NoError(t, err)
 		})
-		require.NoError(t, err)
-		defer cnt1.close()
-
-		time.Sleep(1 * time.Second)
-
-		cnt2, err := newContainer("ffmpeg", "dest", []string{
-			"-i", "rtmp://127.0.0.1/teststream",
-			"-vframes", "1",
-			"-f", "image2",
-			"-y", "/dev/null",
-		})
-		require.NoError(t, err)
-		defer cnt2.close()
-		require.Equal(t, 0, cnt2.wait())
-	})
-
-	t.Run("read", func(t *testing.T) {
-		p, ok := newInstance("rtspDisable: yes\n" +
-			"hlsDisable: yes\n" +
-			"paths:\n" +
-			"  all:\n" +
-			"    readUser: testuser\n" +
-			"    readPass: testpass\n" +
-			"    readIPs: [127.0.0.0/16]\n")
-		require.Equal(t, true, ok)
-		defer p.close()
-
-		cnt1, err := newContainer("ffmpeg", "source", []string{
-			"-re",
-			"-stream_loop", "-1",
-			"-i", "emptyvideo.mkv",
-			"-c", "copy",
-			"-f", "flv",
-			"rtmp://localhost/teststream",
-		})
-		require.NoError(t, err)
-		defer cnt1.close()
-
-		time.Sleep(1 * time.Second)
-
-		cnt2, err := newContainer("ffmpeg", "dest", []string{
-			"-i", "rtmp://127.0.0.1/teststream?user=testuser&pass=testpass",
-			"-vframes", "1",
-			"-f", "image2",
-			"-y", "/dev/null",
-		})
-		require.NoError(t, err)
-		defer cnt2.close()
-		require.Equal(t, 0, cnt2.wait())
-	})
+	}
 }

 func TestRTMPServerAuthFail(t *testing.T) {
@@ -170,18 +169,31 @@ func TestRTMPServerAuthFail(t *testing.T) {
 		})
 		require.NoError(t, err)
 		defer cnt1.close()
+		require.NotEqual(t, 0, cnt1.wait())
+	})

-		time.Sleep(1 * time.Second)
+	t.Run("publish_external", func(t *testing.T) {
+		p, ok := newInstance("externalAuthenticationURL: http://localhost:9120/auth\n" +
+			"paths:\n" +
+			"  all:\n")
+		require.Equal(t, true, ok)
+		defer p.close()

-		cnt2, err := newContainer("ffmpeg", "dest", []string{
-			"-i", "rtmp://localhost/teststream",
-			"-vframes", "1",
-			"-f", "image2",
-			"-y", "/dev/null",
+		a, err := newTestHTTPAuthenticator("publish")
+		require.NoError(t, err)
+		defer a.close()
+
+		cnt1, err := newContainer("ffmpeg", "source", []string{
+			"-re",
+			"-stream_loop", "-1",
+			"-i", "emptyvideo.mkv",
+			"-c", "copy",
+			"-f", "flv",
+			"rtmp://localhost/teststream?user=testuser2&pass=testpass",
 		})
 		require.NoError(t, err)
-		defer cnt2.close()
-		require.NotEqual(t, 0, cnt2.wait())
+		defer cnt1.close()
+		require.NotEqual(t, 0, cnt1.wait())
 	})

 	t.Run("read", func(t *testing.T) {
@@ -207,14 +219,11 @@ func TestRTMPServerAuthFail(t *testing.T) {

 		time.Sleep(1 * time.Second)

-		cnt2, err := newContainer("ffmpeg", "dest", []string{
-			"-i", "rtmp://localhost/teststream?user=testuser&pass=testpass",
-			"-vframes", "1",
-			"-f", "image2",
-			"-y", "/dev/null",
-		})
+		conn, err := rtmp.DialContext(context.Background(), "rtmp://127.0.0.1/teststream?user=testuser&pass=testpass")
 		require.NoError(t, err)
-		defer cnt2.close()
-		require.NotEqual(t, 0, cnt2.wait())
+		defer conn.Close()
+
+		err = conn.ClientHandshake()
+		require.Equal(t, err, io.EOF)
 	})
 }