external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

API: Support HTTP basic authentication for API. v6.0.4, v5.0.152 (#3458)

Browse source 
Co-authored-by: winlin <winlin@vip.126.com>
Co-authored-by: john <hondaxiao@tencent.com>
This commit is contained in:
Haibo Chen 2023-04-01 12:45:29 +08:00 committed by GitHub
parent 571043ff3d
commit 771ae0a1a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 660 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

83
trunk/src/app/srs_app_config.cpp
View file

@ -2284,7 +2284,7 @@ srs_error_t SrsConfig::check_normal_config()
for (int i = 0; conf && i < (int)conf->directives.size(); i++) {
SrsConfDirective* obj = conf->at(i);
string n = obj->name;
if (n != "enabled" && n != "listen" && n != "crossdomain" && n != "raw_api" && n != "https") {
if (n != "enabled" && n != "listen" && n != "crossdomain" && n != "raw_api" && n != "auth" && n != "https") {
return srs_error_new(ERROR_SYSTEM_CONFIG_INVALID, "illegal http_api.%s", n.c_str());
}
@ -2296,6 +2296,15 @@ srs_error_t SrsConfig::check_normal_config()
}
}
}
if (n == "auth") {
for (int j = 0; j < (int)obj->directives.size(); j++) {
string m = obj->at(j)->name;
if (m != "enabled" && m != "username" && m != "password") {
return srs_error_new(ERROR_SYSTEM_CONFIG_INVALID, "illegal http_api.auth.%s", m.c_str());
}
}
}
}
}
if (true) {
@ -7605,6 +7614,78 @@ bool SrsConfig::get_raw_api_allow_update()
return false;
}
bool SrsConfig::get_http_api_auth_enabled()
{
SRS_OVERWRITE_BY_ENV_BOOL("srs.http_api.auth.enabled"); // SRS_HTTP_API_AUTH_ENABLED
static bool DEFAULT = false;
SrsConfDirective* conf = root->get("http_api");
if (!conf) {
return DEFAULT;
}
conf = conf->get("auth");
if (!conf) {
return DEFAULT;
}
conf = conf->get("enabled");
if (!conf || conf->arg0().empty()) {
return DEFAULT;
}
return SRS_CONF_PERFER_FALSE(conf->arg0());
}
std::string SrsConfig::get_http_api_auth_username()
{
SRS_OVERWRITE_BY_ENV_STRING("srs.http_api.auth.username"); // SRS_HTTP_API_AUTH_USERNAME
static string DEFAULT = "";
SrsConfDirective* conf = root->get("http_api");
if (!conf) {
return DEFAULT;
}
conf = conf->get("auth");
if (!conf) {
return DEFAULT;
}
conf = conf->get("username");
if (!conf) {
return DEFAULT;
}
return conf->arg0();
}
std::string SrsConfig::get_http_api_auth_password()
{
SRS_OVERWRITE_BY_ENV_STRING("srs.http_api.auth.password"); // SRS_HTTP_API_AUTH_PASSWORD
static string DEFAULT = "";
SrsConfDirective* conf = root->get("http_api");
if (!conf) {
return DEFAULT;
}
conf = conf->get("auth");
if (!conf) {
return DEFAULT;
}
conf = conf->get("password");
if (!conf) {
return DEFAULT;
}
return conf->arg0();
}
SrsConfDirective* SrsConfig::get_https_api()
{
SrsConfDirective* conf = root->get("http_api");

6
trunk/src/app/srs_app_config.hpp
View file

@ -1021,6 +1021,12 @@ public:
virtual bool get_raw_api_allow_query();
// Whether allow rpc update.
virtual bool get_raw_api_allow_update();
// Whether http api auth enabled.
virtual bool get_http_api_auth_enabled();
// Get the http api auth username.
virtual std::string get_http_api_auth_username();
// Get the http api auth password.
virtual std::string get_http_api_auth_password();
// https api section
private:
SrsConfDirective* get_https_api();

33
trunk/src/app/srs_app_http_conn.cpp
View file

@ -54,7 +54,9 @@ ISrsHttpConnOwner::~ISrsHttpConnOwner()
SrsHttpConn::SrsHttpConn(ISrsHttpConnOwner* handler, ISrsProtocolReadWriter* fd, ISrsHttpServeMux* m, string cip, int cport)
{
parser = new SrsHttpParser();
cors = new SrsHttpCorsMux();
auth = new SrsHttpAuthMux(m);
cors = new SrsHttpCorsMux(auth);
http_mux = m;
handler_ = handler;
@ -74,6 +76,7 @@ SrsHttpConn::~SrsHttpConn()
srs_freep(parser);
srs_freep(cors);
srs_freep(auth);
srs_freep(delta_);
}
@ -227,10 +230,10 @@ srs_error_t SrsHttpConn::process_request(ISrsHttpResponseWriter* w, ISrsHttpMess
srs_trace("HTTP #%d %s:%d %s %s, content-length=%" PRId64 "", rid, ip.c_str(), port,
r->method_str().c_str(), r->url().c_str(), r->content_length());
// use cors server mux to serve http request, which will proxy to http_remux.
// proxy to cors-->auth-->http_remux.
if ((err = cors->serve_http(w, r)) != srs_success) {
return srs_error_wrap(err, "mux serve");
return srs_error_wrap(err, "cors serve");
}
return err;
@ -256,14 +259,27 @@ srs_error_t SrsHttpConn::set_crossdomain_enabled(bool v)
{
srs_error_t err = srs_success;
// initialize the cors, which will proxy to mux.
if ((err = cors->initialize(http_mux, v)) != srs_success) {
if ((err = cors->initialize(v)) != srs_success) {
return srs_error_wrap(err, "init cors");
}
return err;
}
srs_error_t SrsHttpConn::set_auth_enabled(bool auth_enabled)
{
srs_error_t err = srs_success;
// initialize the auth, which will proxy to mux.
if ((err = auth->initialize(auth_enabled,
_srs_config->get_http_api_auth_username(),
_srs_config->get_http_api_auth_password())) != srs_success) {
return srs_error_wrap(err, "init auth");
}
return err;
}
srs_error_t SrsHttpConn::set_jsonp(bool v)
{
parser->set_jsonp(v);
@ -451,6 +467,11 @@ srs_error_t SrsHttpxConn::start()
return srs_error_wrap(err, "set cors=%d", v);
}
bool auth_enabled = _srs_config->get_http_api_auth_enabled();
if ((err = conn->set_auth_enabled(auth_enabled)) != srs_success) {
return srs_error_wrap(err, "set auth");
}
return conn->start();
}

3
trunk/src/app/srs_app_http_conn.hpp
View file

@ -67,6 +67,7 @@ protected:
SrsHttpParser* parser;
ISrsHttpServeMux* http_mux;
SrsHttpCorsMux* cors;
SrsHttpAuthMux* auth;
ISrsHttpConnOwner* handler_;
protected:
ISrsProtocolReadWriter* skt;
@ -111,6 +112,8 @@ public:
virtual srs_error_t pull();
// Whether enable the CORS(cross-domain).
virtual srs_error_t set_crossdomain_enabled(bool v);
// Whether enable the Auth.
virtual srs_error_t set_auth_enabled(bool auth_enabled);
// Whether enable the JSONP.
virtual srs_error_t set_jsonp(bool v);
// Interface ISrsConnection.