zishuo/rtsp-simple-server
1
0
Fork 0
mirror of https://github.com/aler9/rtsp-simple-server synced 2025-10-09 01:20:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Send additional fields to the external authentication URL (#1408)

Browse Source 
* send 'protocol' to the external authentication URL

* send session ID to the external authentication URL
This commit is contained in:
Alessandro Ros
2023-01-22 19:48:33 +01:00
committed by GitHub
parent ef214b7649
commit b02d3b83c7
10 changed files with 53 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -264,7 +264,10 @@ Each time a user needs to be authenticated, the specified URL will be requested
"user": "user", "user": "user",
"password": "password", "password": "password",
"path": "path", "path": "path",
"action": "read|publish" "protocol": "rtsp|rtmp|hls|webrtc",
"id": "id",
"action": "read|publish",
"query": "query"
} }
``` ```

32
internal/core/externalauth.go
View File

@@ -5,6 +5,17 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"net/http" "net/http"
"github.com/google/uuid"
)
type externalAuthProto string
const (
externalAuthProtoRTSP externalAuthProto = "rtsp"
externalAuthProtoRTMP externalAuthProto = "rtmp"
externalAuthProtoHLS externalAuthProto = "hls"
externalAuthProtoWebRTC externalAuthProto = "webrtc"
) )
func externalAuth( func externalAuth(
@@ -13,23 +24,28 @@ func externalAuth(
user string, user string,
password string, password string,
path string, path string,
isPublishing bool, protocol externalAuthProto,
id *uuid.UUID,
publish bool,
query string, query string,
) error { ) error {
enc, _ := json.Marshal(struct { enc, _ := json.Marshal(struct {
IP string `json:"ip"` IP string `json:"ip"`
User string `json:"user"` User string `json:"user"`
Password string `json:"password"` Password string `json:"password"`
Path string `json:"path"` Path string `json:"path"`
Action string `json:"action"` Protocol string `json:"protocol"`
Query string `json:"query"` ID *uuid.UUID `json:"id"`
Action string `json:"action"`
Query string `json:"query"`
}{ }{
IP: ip, IP: ip,
User: user, User: user,
Password: password, Password: password,
Path: path, Path: path,
Protocol: string(protocol),
Action: func() string { Action: func() string {
if isPublishing { if publish {
return "publish" return "publish"
} }
return "read" return "read"

2
internal/core/hls_muxer.go
View File

@@ -570,6 +570,8 @@ func (m *hlsMuxer) authenticate(ctx *gin.Context) error {
user, user,
pass, pass,
m.pathName, m.pathName,
externalAuthProtoHLS,
nil,
false, false,
ctx.Request.URL.RawQuery) ctx.Request.URL.RawQuery)
if err != nil { if err != nil {

10
internal/core/hls_server_test.go
View File

@@ -12,19 +12,21 @@ import (
) )
type testHTTPAuthenticator struct { type testHTTPAuthenticator struct {
action string protocol string
action string
s *http.Server s *http.Server
} }
func newTestHTTPAuthenticator(action string) (*testHTTPAuthenticator, error) { func newTestHTTPAuthenticator(protocol string, action string) (*testHTTPAuthenticator, error) {
ln, err := net.Listen("tcp", "127.0.0.1:9120") ln, err := net.Listen("tcp", "127.0.0.1:9120")
if err != nil { if err != nil {
return nil, err return nil, err
} }
ts := &testHTTPAuthenticator{ ts := &testHTTPAuthenticator{
action: action, protocol: protocol,
action: action,
} }
router := gin.New() router := gin.New()
@@ -46,6 +48,7 @@ func (ts *testHTTPAuthenticator) onAuth(ctx *gin.Context) {
User string `json:"user"` User string `json:"user"`
Password string `json:"password"` Password string `json:"password"`
Path string `json:"path"` Path string `json:"path"`
Protocol string `json:"protocol"`
Action string `json:"action"` Action string `json:"action"`
Query string `json:"query"` Query string `json:"query"`
} }
@@ -66,6 +69,7 @@ func (ts *testHTTPAuthenticator) onAuth(ctx *gin.Context) {
in.User != user || in.User != user ||
in.Password != "testpass" || in.Password != "testpass" ||
in.Path != "teststream" || in.Path != "teststream" ||
in.Protocol != ts.protocol ||
in.Action != ts.action || in.Action != ts.action ||
(in.Query != "user=testreader&pass=testpass&param=value" && (in.Query != "user=testreader&pass=testpass&param=value" &&
in.Query != "user=testpublisher&pass=testpass&param=value" && in.Query != "user=testpublisher&pass=testpass&param=value" &&

2
internal/core/rtmp_conn.go
View File

@@ -640,6 +640,8 @@ func (c *rtmpConn) authenticate(
query.Get("user"), query.Get("user"),
query.Get("pass"), query.Get("pass"),
pathName, pathName,
externalAuthProtoRTMP,
&c.uuid,
isPublishing, isPublishing,
rawQuery) rawQuery)
if err != nil { if err != nil {

6
internal/core/rtmp_server_test.go
View File

@@ -176,7 +176,7 @@ func TestRTMPServerAuth(t *testing.T) {
var a *testHTTPAuthenticator var a *testHTTPAuthenticator
if ca == "external" { if ca == "external" {
var err error var err error
a, err = newTestHTTPAuthenticator("publish") a, err = newTestHTTPAuthenticator("rtmp", "publish")
require.NoError(t, err) require.NoError(t, err)
} }
@@ -211,7 +211,7 @@ func TestRTMPServerAuth(t *testing.T) {
if ca == "external" { if ca == "external" {
a.close() a.close()
a, err = newTestHTTPAuthenticator("read") a, err = newTestHTTPAuthenticator("rtmp", "read")
require.NoError(t, err) require.NoError(t, err)
defer a.close() defer a.close()
} }
@@ -296,7 +296,7 @@ func TestRTMPServerAuthFail(t *testing.T) {
require.Equal(t, true, ok) require.Equal(t, true, ok)
defer p.Close() defer p.Close()
a, err := newTestHTTPAuthenticator("publish") a, err := newTestHTTPAuthenticator("rtmp", "publish")
require.NoError(t, err) require.NoError(t, err)
defer a.close() defer a.close()

2
internal/core/rtsp_conn.go
View File

@@ -139,6 +139,8 @@ func (c *rtspConn) authenticate(
username, username,
password, password,
path, path,
externalAuthProtoRTSP,
&c.uuid,
isPublishing, isPublishing,
query) query)
if err != nil { if err != nil {

6
internal/core/rtsp_server_test.go
View File

@@ -42,7 +42,7 @@ func TestRTSPServerAuth(t *testing.T) {
var a *testHTTPAuthenticator var a *testHTTPAuthenticator
if ca == "external" { if ca == "external" {
var err error var err error
a, err = newTestHTTPAuthenticator("publish") a, err = newTestHTTPAuthenticator("rtsp", "publish")
require.NoError(t, err) require.NoError(t, err)
} }
@@ -59,7 +59,7 @@ func TestRTSPServerAuth(t *testing.T) {
if ca == "external" { if ca == "external" {
a.close() a.close()
var err error var err error
a, err = newTestHTTPAuthenticator("read") a, err = newTestHTTPAuthenticator("rtsp", "read")
require.NoError(t, err) require.NoError(t, err)
defer a.close() defer a.close()
} }
@@ -226,7 +226,7 @@ func TestRTSPServerAuthFail(t *testing.T) {
require.Equal(t, true, ok) require.Equal(t, true, ok)
defer p.Close() defer p.Close()
a, err := newTestHTTPAuthenticator("publish") a, err := newTestHTTPAuthenticator("rtsp", "publish")
require.NoError(t, err) require.NoError(t, err)
defer a.close() defer a.close()

2
internal/core/webrtc_server.go
View File

@@ -436,6 +436,8 @@ func (s *webRTCServer) authenticate(pa *path, ctx *gin.Context) error {
user, user,
pass, pass,
pa.name, pa.name,
externalAuthProtoWebRTC,
nil,
false, false,
ctx.Request.URL.RawQuery) ctx.Request.URL.RawQuery)
if err != nil { if err != nil {

6
rtsp-simple-server.yml
View File

@@ -25,8 +25,10 @@ readBufferCount: 512
# "user": "user", # "user": "user",
# "password": "password", # "password": "password",
# "path": "path", # "path": "path",
# "action": "read|publish" # "protocol": "rtsp|rtmp|hls|webrtc",
# "query": "url's raw query" # "id": "id",
# "action": "read|publish",
# "query": "query"
# } # }
# If the response code is 20x, authentication is accepted, otherwise # If the response code is 20x, authentication is accepted, otherwise
# it is discarded. # it is discarded.