Skip to content

Commit

Permalink
support HTTPS, Allow-Origin and trusted proxies in API, playback serv…
Browse files Browse the repository at this point in the history 
…er, metrics server and pprof server (#2658) (#2491) (#3235)
  • Loading branch information
@aler9
aler9 committed Apr 21, 2024
1 parent 9e63630 commit 87b7956
Show file tree
Hide file tree
Showing 13 changed files with 497 additions and 280 deletions.
82 changes: 67 additions & 15 deletions apidocs/openapi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,32 +43,84 @@ components:
type: integer
externalAuthenticationURL:
type: string
metrics:
type: boolean
metricsAddress:
type: string
pprof:
type: boolean
pprofAddress:
type: string
runOnConnect:
type: string
runOnConnectRestart:
type: boolean
runOnDisconnect:
type: string

# API
# Control API
api:
type: boolean
apiAddress:
type: string
apiEncryption:
type: boolean
apiServerKey:
type: string
apiServerCert:
type: string
apiAllowOrigin:
type: string
apiTrustedProxies:
type: array
items:
type: string

# Metrics
metrics:
type: boolean
metricsAddress:
type: string
metricsEncryption:
type: boolean
metricsServerKey:
type: string
metricsServerCert:
type: string
metricsAllowOrigin:
type: string
metricsTrustedProxies:
type: array
items:
type: string

# PPROF
pprof:
type: boolean
pprofAddress:
type: string
pprofEncryption:
type: boolean
pprofServerKey:
type: string
pprofServerCert:
type: string
pprofAllowOrigin:
type: string
pprofTrustedProxies:
type: array
items:
type: string

# Playback server
playback:
type: boolean
playbackAddress:
type: string
playbackEncryption:
type: boolean
playbackServerKey:
type: string
playbackServerCert:
type: string
playbackAllowOrigin:
type: string
playbackTrustedProxies:
type: array
items:
type: string

# RTSP server
rtsp:
Expand Down Expand Up @@ -127,6 +179,12 @@ components:
type: string
hlsServerCert:
type: string
hlsAllowOrigin:
type: string
hlsTrustedProxies:
type: array
items:
type: string
hlsAlwaysRemux:
type: boolean
hlsVariant:
Expand All @@ -139,12 +197,6 @@ components:
type: string
hlsSegmentMaxSize:
type: string
hlsAllowOrigin:
type: string
hlsTrustedProxies:
type: array
items:
type: string
hlsDirectory:
type: string

Expand Down
63 changes: 37 additions & 26 deletions internal/api/api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,19 +162,24 @@ type apiParent interface {

// API is an API server.
type API struct {
Address string
ReadTimeout conf.StringDuration
Conf *conf.Conf
AuthManager apiAuthManager
PathManager PathManager
RTSPServer RTSPServer
RTSPSServer RTSPServer
RTMPServer RTMPServer
RTMPSServer RTMPServer
HLSServer HLSServer
WebRTCServer WebRTCServer
SRTServer SRTServer
Parent apiParent
Address string
Encryption bool
ServerKey string
ServerCert string
AllowOrigin string
TrustedProxies conf.IPNetworks
ReadTimeout conf.StringDuration
Conf *conf.Conf
AuthManager apiAuthManager
PathManager PathManager
RTSPServer RTSPServer
RTSPSServer RTSPServer
RTMPServer RTMPServer
RTMPSServer RTMPServer
HLSServer HLSServer
WebRTCServer WebRTCServer
SRTServer SRTServer
Parent apiParent

httpServer *httpp.WrappedServer
mutex sync.RWMutex
Expand All @@ -183,9 +188,9 @@ type API struct {
// Initialize initializes API.
func (a *API) Initialize() error {
router := gin.New()
router.SetTrustedProxies(nil) //nolint:errcheck
router.SetTrustedProxies(a.TrustedProxies.ToTrustedProxies()) //nolint:errcheck

group := router.Group("/", a.mwAuth)
group := router.Group("/", a.middlewareOrigin, a.middlewareAuth)

group.GET("/v3/config/global/get", a.onConfigGlobalGet)
group.PATCH("/v3/config/global/patch", a.onConfigGlobalPatch)
Expand Down Expand Up @@ -254,16 +259,17 @@ func (a *API) Initialize() error {

network, address := restrictnetwork.Restrict("tcp", a.Address)

var err error
a.httpServer, err = httpp.NewWrappedServer(
network,
address,
time.Duration(a.ReadTimeout),
"",
"",
router,
a,
)
a.httpServer = &httpp.WrappedServer{
Network: network,
Address: address,
ReadTimeout: time.Duration(a.ReadTimeout),
Encryption: a.Encryption,
ServerCert: a.ServerCert,
ServerKey: a.ServerKey,
Handler: router,
Parent: a,
}
err := a.httpServer.Initialize()
if err != nil {
return err
}
Expand Down Expand Up @@ -294,7 +300,12 @@ func (a *API) writeError(ctx *gin.Context, status int, err error) {
})
}

func (a *API) mwAuth(ctx *gin.Context) {
func (a *API) middlewareOrigin(ctx *gin.Context) {
ctx.Writer.Header().Set("Access-Control-Allow-Origin", a.AllowOrigin)
ctx.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
}

func (a *API) middlewareAuth(ctx *gin.Context) {
user, pass, hasCredentials := ctx.Request.BasicAuth()

err := a.AuthManager.Authenticate(&auth.Request{
Expand Down
70 changes: 55 additions & 15 deletions internal/conf/conf.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,10 +130,6 @@ type Conf struct {
ReadBufferCount *int `json:"readBufferCount,omitempty"` // deprecated
WriteQueueSize int `json:"writeQueueSize"`
UDPMaxPayloadSize int `json:"udpMaxPayloadSize"`
Metrics bool `json:"metrics"`
MetricsAddress string `json:"metricsAddress"`
PPROF bool `json:"pprof"`
PPROFAddress string `json:"pprofAddress"`
RunOnConnect string `json:"runOnConnect"`
RunOnConnectRestart bool `json:"runOnConnectRestart"`
RunOnDisconnect string `json:"runOnDisconnect"`
Expand All @@ -146,13 +142,41 @@ type Conf struct {
AuthHTTPExclude []AuthInternalUserPermission `json:"authHTTPExclude"`
AuthJWTJWKS string `json:"authJWTJWKS"`

// API
API bool `json:"api"`
APIAddress string `json:"apiAddress"`
// Control API
API bool `json:"api"`
APIAddress string `json:"apiAddress"`
APIEncryption bool `json:"apiEncryption"`
APIServerKey string `json:"apiServerKey"`
APIServerCert string `json:"apiServerCert"`
APIAllowOrigin string `json:"apiAllowOrigin"`
APITrustedProxies IPNetworks `json:"apiTrustedProxies"`

// Metrics
Metrics bool `json:"metrics"`
MetricsAddress string `json:"metricsAddress"`
MetricsEncryption bool `json:"metricsEncryption"`
MetricsServerKey string `json:"metricsServerKey"`
MetricsServerCert string `json:"metricsServerCert"`
MetricsAllowOrigin string `json:"metricsAllowOrigin"`
MetricsTrustedProxies IPNetworks `json:"metricsTrustedProxies"`

// PPROF
PPROF bool `json:"pprof"`
PPROFAddress string `json:"pprofAddress"`
PPROFEncryption bool `json:"pprofEncryption"`
PPROFServerKey string `json:"pprofServerKey"`
PPROFServerCert string `json:"pprofServerCert"`
PPROFAllowOrigin string `json:"pprofAllowOrigin"`
PPROFTrustedProxies IPNetworks `json:"pprofTrustedProxies"`

// Playback
Playback bool `json:"playback"`
PlaybackAddress string `json:"playbackAddress"`
Playback bool `json:"playback"`
PlaybackAddress string `json:"playbackAddress"`
PlaybackEncryption bool `json:"playbackEncryption"`
PlaybackServerKey string `json:"playbackServerKey"`
PlaybackServerCert string `json:"playbackServerCert"`
PlaybackAllowOrigin string `json:"playbackAllowOrigin"`
PlaybackTrustedProxies IPNetworks `json:"playbackTrustedProxies"`

// RTSP server
RTSP bool `json:"rtsp"`
Expand Down Expand Up @@ -187,14 +211,14 @@ type Conf struct {
HLSEncryption bool `json:"hlsEncryption"`
HLSServerKey string `json:"hlsServerKey"`
HLSServerCert string `json:"hlsServerCert"`
HLSAllowOrigin string `json:"hlsAllowOrigin"`
HLSTrustedProxies IPNetworks `json:"hlsTrustedProxies"`
HLSAlwaysRemux bool `json:"hlsAlwaysRemux"`
HLSVariant HLSVariant `json:"hlsVariant"`
HLSSegmentCount int `json:"hlsSegmentCount"`
HLSSegmentDuration StringDuration `json:"hlsSegmentDuration"`
HLSPartDuration StringDuration `json:"hlsPartDuration"`
HLSSegmentMaxSize StringSize `json:"hlsSegmentMaxSize"`
HLSAllowOrigin string `json:"hlsAllowOrigin"`
HLSTrustedProxies IPNetworks `json:"hlsTrustedProxies"`
HLSDirectory string `json:"hlsDirectory"`

// WebRTC server
Expand Down Expand Up @@ -246,8 +270,6 @@ func (conf *Conf) setDefaults() {
conf.WriteTimeout = 10 * StringDuration(time.Second)
conf.WriteQueueSize = 512
conf.UDPMaxPayloadSize = 1472
conf.MetricsAddress = ":9998"
conf.PPROFAddress = ":9999"

// Authentication
conf.AuthInternalUsers = []AuthInternalUser{
Expand Down Expand Up @@ -295,11 +317,29 @@ func (conf *Conf) setDefaults() {
},
}

// API
// Control API
conf.APIAddress = ":9997"
conf.APIServerKey = "server.key"
conf.APIServerCert = "server.crt"
conf.APIAllowOrigin = "*"

// Metrics
conf.MetricsAddress = ":9998"
conf.MetricsServerKey = "server.key"
conf.MetricsServerCert = "server.crt"
conf.MetricsAllowOrigin = "*"

// PPROF
conf.PPROFAddress = ":9999"
conf.PPROFServerKey = "server.key"
conf.PPROFServerCert = "server.crt"
conf.PPROFAllowOrigin = "*"

// Playback server
conf.PlaybackAddress = ":9996"
conf.PlaybackServerKey = "server.key"
conf.PlaybackServerCert = "server.crt"
conf.PlaybackAllowOrigin = "*"

// RTSP server
conf.RTSP = true
Expand Down Expand Up @@ -331,12 +371,12 @@ func (conf *Conf) setDefaults() {
conf.HLSAddress = ":8888"
conf.HLSServerKey = "server.key"
conf.HLSServerCert = "server.crt"
conf.HLSAllowOrigin = "*"
conf.HLSVariant = HLSVariant(gohlslib.MuxerVariantLowLatency)
conf.HLSSegmentCount = 7
conf.HLSSegmentDuration = 1 * StringDuration(time.Second)
conf.HLSPartDuration = 200 * StringDuration(time.Millisecond)
conf.HLSSegmentMaxSize = 50 * 1024 * 1024
conf.HLSAllowOrigin = "*"

// WebRTC server
conf.WebRTC = true
Expand Down

0 comments on commit 87b7956

Please sign in to comment.