external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

WHIP: Improve WHIP deletion by token verification. v5.0.164, v6.0.58 (#3595)

Browse source 
------

Co-authored-by: chundonglinlin <chundonglinlin@163.com>
This commit is contained in:
Winlin 2023-07-01 19:08:21 +08:00 committed by winlin
parent 17f0d1fefc
commit 6d679fd0e3
8 changed files with 30 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

15
trunk/src/app/srs_app_rtc_api.cpp
View file

@ -241,6 +241,7 @@ srs_error_t SrsGoApiRtcPlay::serve_http(ISrsHttpResponseWriter* w, ISrsHttpMessa
ruc->local_sdp_str_ = local_sdp_str;
ruc->session_id_ = session->username();
ruc->token_ = session->token();
srs_trace("RTC username=%s, dtls=%u, srtp=%u, offer=%dB, answer=%dB", session->username().c_str(),
ruc->dtls_, ruc->srtp_, ruc->remote_sdp_str_.length(), local_sdp_escaped.length());
@ -510,6 +511,7 @@ srs_error_t SrsGoApiRtcPublish::serve_http(ISrsHttpResponseWriter* w, ISrsHttpMe
ruc->local_sdp_str_ = local_sdp_str;
ruc->session_id_ = session->username();
ruc->token_ = session->token();
srs_trace("RTC username=%s, offer=%dB, answer=%dB", session->username().c_str(),
ruc->remote_sdp_str_.length(), local_sdp_escaped.length());
@ -603,7 +605,16 @@ srs_error_t SrsGoApiRtcWhip::serve_http(ISrsHttpResponseWriter* w, ISrsHttpMessa
// TODO: FIXME: Stop and cleanup the RTC session.
if (r->method() == SRS_CONSTS_HTTP_DELETE) {
string username = r->query_get("session");
string token = r->query_get("token");
if (token.empty()) {
return srs_error_new(ERROR_RTC_INVALID_SESSION, "token empty");
}
SrsRtcConnection* session = server_->find_session_by_username(username);
if (session && token != session->token()) {
return srs_error_new(ERROR_RTC_INVALID_SESSION, "token %s not match", token.c_str());
}
if (session) session->expire();
srs_trace("WHIP: Delete session=%s, p=%p, url=%s", username.c_str(), session, r->url().c_str());
@ -626,8 +637,8 @@ srs_error_t SrsGoApiRtcWhip::serve_http(ISrsHttpResponseWriter* w, ISrsHttpMessa
// Setup the content type to SDP.
w->header()->set("Content-Type", "application/sdp");
// The location for DELETE resource, not required by SRS, but required by WHIP.
w->header()->set("Location", srs_fmt("/rtc/v1/whip/?action=delete&app=%s&stream=%s&session=%s",
ruc.req_->app.c_str(), ruc.req_->stream.c_str(), ruc.session_id_.c_str()));
w->header()->set("Location", srs_fmt("/rtc/v1/whip/?action=delete&token=%s&app=%s&stream=%s&session=%s",
ruc.token_.c_str(), ruc.req_->app.c_str(), ruc.req_->stream.c_str(), ruc.session_id_.c_str()));
w->header()->set_content_length((int64_t)sdp.length());
// Must be 201, see https://datatracker.ietf.org/doc/draft-ietf-wish-whip/
w->write_header(201);