Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: securely get the session ID via HTTPS and use it in HTTP calls to the video/audio-* URLs #73

Closed
nanosonde opened this issue Apr 18, 2023 · 5 comments · Fixed by #82
Closed

Feature Request: securely get the session ID via HTTPS and use it in HTTP calls to the video/audio-* URLs #73

nanosonde opened this issue Apr 18, 2023 · 5 comments · Fixed by #82
Assignees
@ihrigb
Labels
enhancement New feature or request

Comments

@nanosonde
Copy link

nanosonde commented Apr 18, 2023
edited
Loading

Currently, the module sends the username/password credentials unencrypted in the HTTP calls to the video and audio-receive/audio-transmit URLs.
As described in the LAN API document there is another way of securely using those media URLs.
Use the getsession.cgi URL securely via HTTPS with the username/password credentials. This way they are protected.
Then use the session ID in the URLs which point to the media by appending the ?sessionid= parameter. The media URLs are not accessible via HTTPS, only via HTTP.
@ihrigb ihrigb mentioned this issue Apr 18, 2023
Closed
@ihrigb
Copy link
Owner

ihrigb commented Apr 18, 2023

Hi @nanosonde

I absolutely support this request and in fact I already started to work on this. If you are interested, I can share my work in a separate branch.

BR,
Benjamin

@ihrigb ihrigb self-assigned this Apr 18, 2023
@ihrigb ihrigb added the enhancement New feature or request label Apr 18, 2023
@nanosonde
Copy link
Author

Great news!
BTW: I plan to use your module here: https://github.com/nanosonde/scrypted/tree/doorbird__plugin

@nanosonde nanosonde mentioned this issue Apr 18, 2023
Merged
@ihrigb
Copy link
Owner

ihrigb commented Apr 18, 2023

I linked the development branch for this (dev-https).

@nanosonde nanosonde changed the title Feature Request: securely get the session ID via HTTPS and use it in HTTP calls to the video/image/audio-* URLs Feature Request: securely get the session ID via HTTPS and use it in HTTP calls to the video/audio-* URLs Apr 19, 2023
@nanosonde
Copy link
Author

Thanks.

Just for the records: the RTSP live video endpoint is protected by standard RTSP authentication. I have just verified with Wireshark and VLC connecting to my Doorbird that the DIGEST auth scheme is supported and used.

Important, because I require RTSP as well. If it would have only been BASIC auth, I would have suggested to skip this whole HTTPS implementation as the password would have been send plain-text (base64) over the wire anyway.
Now, luckily this does not seem to be the case.

@ihrigb ihrigb mentioned this issue May 5, 2023
Merged
@ihrigb ihrigb linked a pull request May 5, 2023 that will close this issue
Support HTTPS communication #82
Merged
@ihrigb
Copy link
Owner

ihrigb commented May 11, 2023

@nanosonde HTTPS is now supported as of version 2.2.0 (https://github.com/ihrigb/node-doorbird/releases/tag/v2.2.0)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ihrigb ihrigb

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support HTTPS communication ihrigb/node-doorbird
2 participants
@nanosonde @ihrigb