From b02d3b83c7dc83c56f069dce202d4bccd0b65522 Mon Sep 17 00:00:00 2001 From: Alessandro Ros Date: Sun, 22 Jan 2023 19:48:33 +0100 Subject: [PATCH] Send additional fields to the external authentication URL (#1408) * send 'protocol' to the external authentication URL * send session ID to the external authentication URL --- README.md | 5 ++++- internal/core/externalauth.go | 32 +++++++++++++++++++++++-------- internal/core/hls_muxer.go | 2 ++ internal/core/hls_server_test.go | 10 +++++++--- internal/core/rtmp_conn.go | 2 ++ internal/core/rtmp_server_test.go | 6 +++--- internal/core/rtsp_conn.go | 2 ++ internal/core/rtsp_server_test.go | 6 +++--- internal/core/webrtc_server.go | 2 ++ rtsp-simple-server.yml | 6 ++++-- 10 files changed, 53 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 683668c8..f750c510 100644 --- a/README.md +++ b/README.md @@ -264,7 +264,10 @@ Each time a user needs to be authenticated, the specified URL will be requested "user": "user", "password": "password", "path": "path", - "action": "read|publish" + "protocol": "rtsp|rtmp|hls|webrtc", + "id": "id", + "action": "read|publish", + "query": "query" } ``` diff --git a/internal/core/externalauth.go b/internal/core/externalauth.go index d887efc9..25e448b6 100644 --- a/internal/core/externalauth.go +++ b/internal/core/externalauth.go @@ -5,6 +5,17 @@ import ( "encoding/json" "fmt" "net/http" + + "github.com/google/uuid" +) + +type externalAuthProto string + +const ( + externalAuthProtoRTSP externalAuthProto = "rtsp" + externalAuthProtoRTMP externalAuthProto = "rtmp" + externalAuthProtoHLS externalAuthProto = "hls" + externalAuthProtoWebRTC externalAuthProto = "webrtc" ) func externalAuth( @@ -13,23 +24,28 @@ func externalAuth( user string, password string, path string, - isPublishing bool, + protocol externalAuthProto, + id *uuid.UUID, + publish bool, query string, ) error { enc, _ := json.Marshal(struct { - IP string `json:"ip"` - User string `json:"user"` - Password string `json:"password"` - Path string `json:"path"` - Action string `json:"action"` - Query string `json:"query"` + IP string `json:"ip"` + User string `json:"user"` + Password string `json:"password"` + Path string `json:"path"` + Protocol string `json:"protocol"` + ID *uuid.UUID `json:"id"` + Action string `json:"action"` + Query string `json:"query"` }{ IP: ip, User: user, Password: password, Path: path, + Protocol: string(protocol), Action: func() string { - if isPublishing { + if publish { return "publish" } return "read" diff --git a/internal/core/hls_muxer.go b/internal/core/hls_muxer.go index 9c7eebcd..f2cad2eb 100644 --- a/internal/core/hls_muxer.go +++ b/internal/core/hls_muxer.go @@ -570,6 +570,8 @@ func (m *hlsMuxer) authenticate(ctx *gin.Context) error { user, pass, m.pathName, + externalAuthProtoHLS, + nil, false, ctx.Request.URL.RawQuery) if err != nil { diff --git a/internal/core/hls_server_test.go b/internal/core/hls_server_test.go index 2b328409..4e29abec 100644 --- a/internal/core/hls_server_test.go +++ b/internal/core/hls_server_test.go @@ -12,19 +12,21 @@ import ( ) type testHTTPAuthenticator struct { - action string + protocol string + action string s *http.Server } -func newTestHTTPAuthenticator(action string) (*testHTTPAuthenticator, error) { +func newTestHTTPAuthenticator(protocol string, action string) (*testHTTPAuthenticator, error) { ln, err := net.Listen("tcp", "127.0.0.1:9120") if err != nil { return nil, err } ts := &testHTTPAuthenticator{ - action: action, + protocol: protocol, + action: action, } router := gin.New() @@ -46,6 +48,7 @@ func (ts *testHTTPAuthenticator) onAuth(ctx *gin.Context) { User string `json:"user"` Password string `json:"password"` Path string `json:"path"` + Protocol string `json:"protocol"` Action string `json:"action"` Query string `json:"query"` } @@ -66,6 +69,7 @@ func (ts *testHTTPAuthenticator) onAuth(ctx *gin.Context) { in.User != user || in.Password != "testpass" || in.Path != "teststream" || + in.Protocol != ts.protocol || in.Action != ts.action || (in.Query != "user=testreader&pass=testpass¶m=value" && in.Query != "user=testpublisher&pass=testpass¶m=value" && diff --git a/internal/core/rtmp_conn.go b/internal/core/rtmp_conn.go index b98b3d92..6a0b1d25 100644 --- a/internal/core/rtmp_conn.go +++ b/internal/core/rtmp_conn.go @@ -640,6 +640,8 @@ func (c *rtmpConn) authenticate( query.Get("user"), query.Get("pass"), pathName, + externalAuthProtoRTMP, + &c.uuid, isPublishing, rawQuery) if err != nil { diff --git a/internal/core/rtmp_server_test.go b/internal/core/rtmp_server_test.go index 2f2c2175..3cc883cc 100644 --- a/internal/core/rtmp_server_test.go +++ b/internal/core/rtmp_server_test.go @@ -176,7 +176,7 @@ func TestRTMPServerAuth(t *testing.T) { var a *testHTTPAuthenticator if ca == "external" { var err error - a, err = newTestHTTPAuthenticator("publish") + a, err = newTestHTTPAuthenticator("rtmp", "publish") require.NoError(t, err) } @@ -211,7 +211,7 @@ func TestRTMPServerAuth(t *testing.T) { if ca == "external" { a.close() - a, err = newTestHTTPAuthenticator("read") + a, err = newTestHTTPAuthenticator("rtmp", "read") require.NoError(t, err) defer a.close() } @@ -296,7 +296,7 @@ func TestRTMPServerAuthFail(t *testing.T) { require.Equal(t, true, ok) defer p.Close() - a, err := newTestHTTPAuthenticator("publish") + a, err := newTestHTTPAuthenticator("rtmp", "publish") require.NoError(t, err) defer a.close() diff --git a/internal/core/rtsp_conn.go b/internal/core/rtsp_conn.go index 88c416e2..33a3789c 100644 --- a/internal/core/rtsp_conn.go +++ b/internal/core/rtsp_conn.go @@ -139,6 +139,8 @@ func (c *rtspConn) authenticate( username, password, path, + externalAuthProtoRTSP, + &c.uuid, isPublishing, query) if err != nil { diff --git a/internal/core/rtsp_server_test.go b/internal/core/rtsp_server_test.go index 0cf3a85b..d0bcc111 100644 --- a/internal/core/rtsp_server_test.go +++ b/internal/core/rtsp_server_test.go @@ -42,7 +42,7 @@ func TestRTSPServerAuth(t *testing.T) { var a *testHTTPAuthenticator if ca == "external" { var err error - a, err = newTestHTTPAuthenticator("publish") + a, err = newTestHTTPAuthenticator("rtsp", "publish") require.NoError(t, err) } @@ -59,7 +59,7 @@ func TestRTSPServerAuth(t *testing.T) { if ca == "external" { a.close() var err error - a, err = newTestHTTPAuthenticator("read") + a, err = newTestHTTPAuthenticator("rtsp", "read") require.NoError(t, err) defer a.close() } @@ -226,7 +226,7 @@ func TestRTSPServerAuthFail(t *testing.T) { require.Equal(t, true, ok) defer p.Close() - a, err := newTestHTTPAuthenticator("publish") + a, err := newTestHTTPAuthenticator("rtsp", "publish") require.NoError(t, err) defer a.close() diff --git a/internal/core/webrtc_server.go b/internal/core/webrtc_server.go index dc5e085e..726c6ff1 100644 --- a/internal/core/webrtc_server.go +++ b/internal/core/webrtc_server.go @@ -436,6 +436,8 @@ func (s *webRTCServer) authenticate(pa *path, ctx *gin.Context) error { user, pass, pa.name, + externalAuthProtoWebRTC, + nil, false, ctx.Request.URL.RawQuery) if err != nil { diff --git a/rtsp-simple-server.yml b/rtsp-simple-server.yml index 5ec6e795..fc1e52b1 100644 --- a/rtsp-simple-server.yml +++ b/rtsp-simple-server.yml @@ -25,8 +25,10 @@ readBufferCount: 512 # "user": "user", # "password": "password", # "path": "path", -# "action": "read|publish" -# "query": "url's raw query" +# "protocol": "rtsp|rtmp|hls|webrtc", +# "id": "id", +# "action": "read|publish", +# "query": "query" # } # If the response code is 20x, authentication is accepted, otherwise # it is discarded.