zishuo/rtsp-simple-server
1
0
Fork 0
mirror of https://github.com/aler9/rtsp-simple-server synced 2025-10-31 02:56:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

webrtc, hls: prevent brute-force attacks by waiting before sending responses (#2100)
Some checks reported warnings
lint / code (push) Has been cancelled
lint / mod-tidy (push) Has been cancelled
lint / apidocs (push) Has been cancelled
test / test64 (push) Has been cancelled
test / test32 (push) Has been cancelled
test / test_highlevel (push) Has been cancelled

Browse Source
This commit is contained in:
Alessandro Ros
2023-07-23 20:18:58 +02:00
committed by GitHub
parent 0137734294
commit 1fa53b49d4
6 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/core/webrtc_http_server.go
View File

@@ -10,6 +10,7 @@ import (
"regexp"
"strconv"
"strings"
"time"
"github.com/gin-gonic/gin"
"github.com/google/uuid"
@@ -318,6 +319,10 @@ func (s *webRTCHTTPServer) onRequest(ctx *gin.Context) {
}
s.Log(logger.Info, "connection %v failed to authenticate: %v", remoteAddr, terr.message)
// wait some seconds to stop brute force attacks
<-time.After(webrtcPauseAfterAuthError)
ctx.Writer.WriteHeader(http.StatusUnauthorized)
return
}