support auth for RTMP/HTTP-FLV/HLS

ArtSecureId · Feb 10, 2024 · 70d8e48 · 70d8e48
1 parent 1cad13a
commit 70d8e48
Show file tree

Hide file tree

Showing 27 changed files with 1,247 additions and 92 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -15,4 +15,5 @@ members = [
   "library/codec/h264",
   "library/logger",
   "library/streamhub",
+  "library/common",
 ]
diff --git a/application/xiu/Cargo.toml b/application/xiu/Cargo.toml
@@ -28,6 +28,7 @@ tokio-metrics = { version = "0.2.0", default-features = false }
 
 env_logger_extend = { path = "../../library/logger/" }
 streamhub = { path = "../../library/streamhub/" }
+commonlib = { path = "../../library/common/" }
 rtmp = { path = "../../protocol/rtmp/" }
 xrtsp = { path = "../../protocol/rtsp/" }
 xwebrtc = { path = "../../protocol/webrtc/" }

diff --git a/application/xiu/src/config/config.toml b/application/xiu/src/config/config.toml
@@ -6,6 +6,11 @@
 enabled = true
 port = 1935
 gop_num = 0
+[rtmp.auth]
+pull_enabled = true
+push_enabled = true
+# simple or md5
+algorithm = "simple"
 # pull streams from other server node.
 [rtmp.pull]
 enabled = false
@@ -28,35 +33,61 @@ on_unpublish = "http://localhost:3001/on_unpuslish"
 on_play = "http://localhost:3001/on_play"
 on_stop = "http://localhost:3001/on_stop"
 
+[authsecret]
+# used for md5 authentication
+key = ""
+# used for simple authentication
+password = ""
+
 
 ##########################
 #    RTSP configurations  #
 ##########################
 [rtsp]
 enabled = false
 port = 445
+[rtsp.auth]
+pull_enabled = true
+push_enabled = true
+# simple or md5
+algorithm = "simple"
 
 ##########################
 #    WebRTC configurations  #
 ##########################
 [webrtc]
 enabled = false
 port = 8083
+[webrtc.auth]
+pull_enabled = true
+push_enabled = true
+# simple or md5
+algorithm = "simple"
 
 ##########################
 # HTTPFLV configurations #
 ##########################
 [httpflv]
 enabled = false
 port = 8081
+[httpflv.auth]
+pull_enabled = true
+# simple or md5
+algorithm = "simple"
+
 
 ##########################
 #    HLS configurations  #
 ##########################
 [hls]
 enabled = false
 port = 8080
-need_record = true
+need_record = false
+[hls.auth]
+pull_enabled = true
+# simple or md5
+algorithm = "simple"
+
 
 ##########################
 #   LOG configurations   #

diff --git a/application/xiu/src/config/mod.rs b/application/xiu/src/config/mod.rs
@@ -1,5 +1,6 @@
 pub mod errors;
 
+use commonlib::auth::AuthAlgorithm;
 use errors::ConfigError;
 use serde_derive::Deserialize;
 use std::fs;
@@ -14,6 +15,7 @@ pub struct Config {
     pub hls: Option<HlsConfig>,
     pub httpapi: Option<HttpApiConfig>,
     pub httpnotify: Option<HttpNotifierConfig>,
+    pub authsecret: AuthSecretConfig,
     pub log: Option<LogConfig>,
 }
 
@@ -34,6 +36,7 @@ impl Config {
                 port: rtmp_port,
                 pull: None,
                 push: None,
+                auth: None,
             });
         }
 
@@ -42,6 +45,7 @@ impl Config {
             rtsp_config = Some(RtspConfig {
                 enabled: true,
                 port: rtsp_port,
+                auth: None,
             });
         }
 
@@ -50,6 +54,7 @@ impl Config {
             webrtc_config = Some(WebRTCConfig {
                 enabled: true,
                 port: webrtc_port,
+                auth: None,
             });
         }
 
@@ -58,6 +63,7 @@ impl Config {
             httpflv_config = Some(HttpFlvConfig {
                 enabled: true,
                 port: httpflv_port,
+                auth: None,
             });
         }
 
@@ -67,6 +73,7 @@ impl Config {
                 enabled: true,
                 port: hls_port,
                 need_record: false,
+                auth: None,
             });
         }
 
@@ -83,6 +90,7 @@ impl Config {
             hls: hls_config,
             httpapi: None,
             httpnotify: None,
+            authsecret: AuthSecretConfig::default(),
             log: log_config,
         }
     }
@@ -95,6 +103,7 @@ pub struct RtmpConfig {
     pub gop_num: Option<usize>,
     pub pull: Option<RtmpPullConfig>,
     pub push: Option<Vec<RtmpPushConfig>>,
+    pub auth: Option<AuthConfig>,
 }
 #[derive(Debug, Deserialize, Clone)]
 pub struct RtmpPullConfig {
@@ -113,18 +122,21 @@ pub struct RtmpPushConfig {
 pub struct RtspConfig {
     pub enabled: bool,
     pub port: usize,
+    pub auth: Option<AuthConfig>,
 }
 
 #[derive(Debug, Deserialize, Clone)]
 pub struct WebRTCConfig {
     pub enabled: bool,
     pub port: usize,
+    pub auth: Option<AuthConfig>,
 }
 
 #[derive(Debug, Deserialize, Clone)]
 pub struct HttpFlvConfig {
     pub enabled: bool,
     pub port: usize,
+    pub auth: Option<AuthConfig>,
 }
 
 #[derive(Debug, Deserialize, Clone)]
@@ -133,6 +145,7 @@ pub struct HlsConfig {
     pub port: usize,
     //record or not
     pub need_record: bool,
+    pub auth: Option<AuthConfig>,
 }
 
 pub enum LogLevel {
@@ -170,6 +183,19 @@ pub struct HttpNotifierConfig {
     pub on_stop: Option<String>,
 }
 
+#[derive(Debug, Deserialize, Clone, Default)]
+pub struct AuthSecretConfig {
+    pub key: String,
+    pub password: String,
+}
+
+#[derive(Debug, Deserialize, Clone, Default)]
+pub struct AuthConfig {
+    pub pull_enabled: bool,
+    pub push_enabled: Option<bool>,
+    pub algorithm: AuthAlgorithm,
+}
+
 pub fn load(cfg_path: &String) -> Result<Config, ConfigError> {
     let content = fs::read_to_string(cfg_path)?;
     let decoded_config = toml::from_str(&content[..]).unwrap();
@@ -184,15 +210,13 @@ fn test_toml_parse() {
         Err(err) => println!("{}", err),
     }
 
-    let str = fs::read_to_string(
-        "./src/config/config.toml",
-    );
+    let str = fs::read_to_string("./src/config/config.toml");
 
     match str {
         Ok(val) => {
             println!("++++++{val}\n");
             let decoded: Config = toml::from_str(&val[..]).unwrap();
-
+            println!("whole config: {:?}", decoded);
             let rtmp = decoded.httpnotify;
 
             if let Some(val) = rtmp {

diff --git a/application/xiu/src/service.rs b/application/xiu/src/service.rs
@@ -1,10 +1,14 @@
+use commonlib::auth::AuthType;
 use rtmp::remuxer::RtmpRemuxer;
 
+use crate::config::{AuthConfig, AuthSecretConfig};
+
 use {
     super::api,
     super::config::Config,
     //https://rustcc.cn/article?id=6dcbf032-0483-4980-8bfe-c64a7dfb33c7
     anyhow::Result,
+    commonlib::auth::Auth,
     hls::remuxer::HlsRemuxer,
     hls::server as hls_server,
     httpflv::server as httpflv_server,
@@ -27,6 +31,35 @@ impl Service {
         Service { cfg }
     }
 
+    fn gen_auth(auth_config: &Option<AuthConfig>, authsecret: &AuthSecretConfig) -> Option<Auth> {
+        if let Some(cfg) = auth_config {
+            let auth_type = if let Some(push_enabled) = cfg.push_enabled {
+                if push_enabled && cfg.pull_enabled {
+                    AuthType::Both
+                } else if !push_enabled && !cfg.pull_enabled {
+                    AuthType::None
+                } else if push_enabled && !cfg.pull_enabled {
+                    AuthType::Push
+                } else {
+                    AuthType::Pull
+                }
+            } else {
+                match cfg.pull_enabled {
+                    true => AuthType::Pull,
+                    false => AuthType::None,
+                }
+            };
+            Some(Auth::new(
+                authsecret.key.clone(),
+                authsecret.password.clone(),
+                cfg.algorithm.clone(),
+                auth_type,
+            ))
+        } else {
+            None
+        }
+    }
+
     pub async fn run(&mut self) -> Result<()> {
         let notifier = if let Some(httpnotifier) = &self.cfg.httpnotify {
             if !httpnotifier.enabled {
@@ -146,7 +179,8 @@ impl Service {
             let listen_port = rtmp_cfg_value.port;
             let address = format!("0.0.0.0:{listen_port}");
 
-            let mut rtmp_server = RtmpServer::new(address, producer, gop_num);
+            let auth = Self::gen_auth(&rtmp_cfg_value.auth, &self.cfg.authsecret);
+            let mut rtmp_server = RtmpServer::new(address, producer, gop_num, auth);
             tokio::spawn(async move {
                 if let Err(err) = rtmp_server.run().await {
                     log::error!("rtmp server error: {}", err);
@@ -258,8 +292,9 @@ impl Service {
             let port = httpflv_cfg_value.port;
             let event_producer = stream_hub.get_hub_event_sender();
 
+            let auth = Self::gen_auth(&httpflv_cfg_value.auth, &self.cfg.authsecret);
             tokio::spawn(async move {
-                if let Err(err) = httpflv_server::run(event_producer, port).await {
+                if let Err(err) = httpflv_server::run(event_producer, port, auth).await {
                     log::error!("httpflv server error: {}", err);
                 }
             });
@@ -291,9 +326,9 @@ impl Service {
             });
 
             let port = hls_cfg_value.port;
-
+            let auth = Self::gen_auth(&hls_cfg_value.auth, &self.cfg.authsecret);
             tokio::spawn(async move {
-                if let Err(err) = hls_server::run(port).await {
+                if let Err(err) = hls_server::run(port, auth).await {
                     log::error!("hls server error: {}", err);
                 }
             });