pimhwang
/
mediamtx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

do not switch to legacy authentication system when readUser, readPass, publishUser, publishPass are present but are empty (#3113)

pull/3120/head
Alessandro Ros 1 year ago committed by GitHub
parent
2c857fc329
commit
dd3b268346
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 26 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 28
      internal/conf/conf.go
  2. 12
      internal/conf/path.go

28
internal/conf/conf.go
Unescape View File

@ -94,14 +94,24 @@ func mustParseCIDR(v string) net.IPNet { @@ -94,14 +94,24 @@ func mustParseCIDR(v string) net.IPNet {
return *ne
}
func credentialIsNotEmpty(c *Credential) bool {
return c != nil && *c != ""
}
func ipNetworkIsNotEmpty(i *IPNetworks) bool {
return i != nil && len(*i) != 0
}
func anyPathHasDeprecatedCredentials(paths map[string]*OptionalPath) bool {
for _, pa := range paths {
if pa != nil {
rva := reflect.ValueOf(pa.Values).Elem()
if !rva.FieldByName("PublishUser").IsNil() || !rva.FieldByName("PublishPass").IsNil() ||
!rva.FieldByName("PublishIPs").IsNil() ||
!rva.FieldByName("ReadUser").IsNil() || !rva.FieldByName("ReadPass").IsNil() ||
!rva.FieldByName("ReadIPs").IsNil() {
if credentialIsNotEmpty(rva.FieldByName("PublishUser").Interface().(*Credential)) ||
credentialIsNotEmpty(rva.FieldByName("PublishPass").Interface().(*Credential)) ||
ipNetworkIsNotEmpty(rva.FieldByName("PublishIPs").Interface().(*IPNetworks)) ||
credentialIsNotEmpty(rva.FieldByName("ReadUser").Interface().(*Credential)) ||
credentialIsNotEmpty(rva.FieldByName("ReadPass").Interface().(*Credential)) ||
ipNetworkIsNotEmpty(rva.FieldByName("ReadIPs").Interface().(*IPNetworks)) {
return true
}
}
@ -460,10 +470,12 @@ func (conf *Conf) Validate() error { @@ -460,10 +470,12 @@ func (conf *Conf) Validate() error {
return fmt.Errorf("'authJWTJWKS' must be a HTTP URL")
}
deprecatedCredentialsMode := false
if conf.PathDefaults.PublishUser != nil || conf.PathDefaults.PublishPass != nil ||
conf.PathDefaults.PublishIPs != nil ||
conf.PathDefaults.ReadUser != nil || conf.PathDefaults.ReadPass != nil ||
conf.PathDefaults.ReadIPs != nil ||
if credentialIsNotEmpty(conf.PathDefaults.PublishUser) ||
credentialIsNotEmpty(conf.PathDefaults.PublishPass) ||
ipNetworkIsNotEmpty(conf.PathDefaults.PublishIPs) ||
credentialIsNotEmpty(conf.PathDefaults.ReadUser) ||
credentialIsNotEmpty(conf.PathDefaults.ReadPass) ||
ipNetworkIsNotEmpty(conf.PathDefaults.ReadIPs) ||
anyPathHasDeprecatedCredentials(conf.OptionalPaths) {
conf.AuthInternalUsers = []AuthInternalUser{
{

12
internal/conf/path.go
Unescape View File

@ -383,17 +383,17 @@ func (pconf *Path) validate( @@ -383,17 +383,17 @@ func (pconf *Path) validate(
if deprecatedCredentialsMode {
func() {
var user Credential = "any"
if pconf.PublishUser != nil {
if credentialIsNotEmpty(pconf.PublishUser) {
user = *pconf.PublishUser
}
var pass Credential
if pconf.PublishPass != nil {
if credentialIsNotEmpty(pconf.PublishPass) {
pass = *pconf.PublishPass
}
ips := IPNetworks{mustParseCIDR("0.0.0.0/0")}
if pconf.PublishIPs != nil {
if ipNetworkIsNotEmpty(pconf.PublishIPs) {
ips = *pconf.PublishIPs
}
@ -415,17 +415,17 @@ func (pconf *Path) validate( @@ -415,17 +415,17 @@ func (pconf *Path) validate(
func() {
var user Credential = "any"
if pconf.ReadUser != nil {
if credentialIsNotEmpty(pconf.ReadUser) {
user = *pconf.ReadUser
}
var pass Credential
if pconf.ReadPass != nil {
if credentialIsNotEmpty(pconf.ReadPass) {
pass = *pconf.ReadPass
}
ips := IPNetworks{mustParseCIDR("0.0.0.0/0")}
if pconf.ReadIPs != nil {
if ipNetworkIsNotEmpty(pconf.ReadIPs) {
ips = *pconf.ReadIPs
}

Write Preview
Loading…
Cancel
Save