Skip to content

Commit

Permalink
support HTTPS, Allow-Origin and trusted proxies in API, playback serv…
Browse files Browse the repository at this point in the history
…er, metrics server and pprof server (#2658) (#2491) (#3235)
  • Loading branch information
aler9 committed Apr 21, 2024
1 parent 8d16091 commit f4629ac
Show file tree
Hide file tree
Showing 13 changed files with 423 additions and 251 deletions.
68 changes: 60 additions & 8 deletions apidocs/openapi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,6 @@ components:
type: integer
externalAuthenticationURL:
type: string
metrics:
type: boolean
metricsAddress:
type: string
pprof:
type: boolean
pprofAddress:
type: string
runOnConnect:
type: string
runOnConnectRestart:
Expand All @@ -63,12 +55,72 @@ components:
type: boolean
apiAddress:
type: string
apiEncryption:
type: boolean
apiServerKey:
type: string
apiServerCert:
type: string
apiAllowOrigin:
type: string
apiTrustedProxies:
type: array
items:
type: string

# Metrics
metrics:
type: boolean
metricsAddress:
type: string
metricsEncryption:
type: boolean
metricsServerKey:
type: string
metricsServerCert:
type: string
metricsAllowOrigin:
type: string
metricsTrustedProxies:
type: array
items:
type: string

# PPROF
pprof:
type: boolean
pprofAddress:
type: string
pprofEncryption:
type: boolean
pprofServerKey:
type: string
pprofServerCert:
type: string
pprofAllowOrigin:
type: string
pprofTrustedProxies:
type: array
items:
type: string

# Playback server
playback:
type: boolean
playbackAddress:
type: string
playbackEncryption:
type: boolean
playbackServerKey:
type: string
playbackServerCert:
type: string
playbackAllowOrigin:
type: string
playbackTrustedProxies:
type: array
items:
type: string

# RTSP server
rtsp:
Expand Down
63 changes: 37 additions & 26 deletions internal/api/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -162,19 +162,24 @@ type apiParent interface {

// API is an API server.
type API struct {
Address string
ReadTimeout conf.StringDuration
Conf *conf.Conf
AuthManager apiAuthManager
PathManager PathManager
RTSPServer RTSPServer
RTSPSServer RTSPServer
RTMPServer RTMPServer
RTMPSServer RTMPServer
HLSServer HLSServer
WebRTCServer WebRTCServer
SRTServer SRTServer
Parent apiParent
Address string
Encryption bool
ServerKey string
ServerCert string
AllowOrigin string
TrustedProxies conf.IPNetworks
ReadTimeout conf.StringDuration
Conf *conf.Conf
AuthManager apiAuthManager
PathManager PathManager
RTSPServer RTSPServer
RTSPSServer RTSPServer
RTMPServer RTMPServer
RTMPSServer RTMPServer
HLSServer HLSServer
WebRTCServer WebRTCServer
SRTServer SRTServer
Parent apiParent

httpServer *httpp.WrappedServer
mutex sync.RWMutex
Expand All @@ -183,9 +188,9 @@ type API struct {
// Initialize initializes API.
func (a *API) Initialize() error {
router := gin.New()
router.SetTrustedProxies(nil) //nolint:errcheck
router.SetTrustedProxies(a.TrustedProxies.ToTrustedProxies()) //nolint:errcheck

group := router.Group("/", a.mwAuth)
group := router.Group("/", a.middlewareOrigin, a.middlewareAuth)

group.GET("/v3/config/global/get", a.onConfigGlobalGet)
group.PATCH("/v3/config/global/patch", a.onConfigGlobalPatch)
Expand Down Expand Up @@ -254,16 +259,17 @@ func (a *API) Initialize() error {

network, address := restrictnetwork.Restrict("tcp", a.Address)

var err error
a.httpServer, err = httpp.NewWrappedServer(
network,
address,
time.Duration(a.ReadTimeout),
"",
"",
router,
a,
)
a.httpServer = &httpp.WrappedServer{
Network: network,
Address: address,
ReadTimeout: time.Duration(a.ReadTimeout),
Encryption: a.Encryption,
ServerCert: a.ServerCert,
ServerKey: a.ServerKey,
Handler: router,
Parent: a,
}
err := a.httpServer.Initialize()
if err != nil {
return err
}
Expand Down Expand Up @@ -294,7 +300,12 @@ func (a *API) writeError(ctx *gin.Context, status int, err error) {
})
}

func (a *API) mwAuth(ctx *gin.Context) {
func (a *API) middlewareOrigin(ctx *gin.Context) {
ctx.Writer.Header().Set("Access-Control-Allow-Origin", a.AllowOrigin)
ctx.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
}

func (a *API) middlewareAuth(ctx *gin.Context) {
user, pass, hasCredentials := ctx.Request.BasicAuth()

err := a.AuthManager.Authenticate(&auth.Request{
Expand Down
60 changes: 50 additions & 10 deletions internal/conf/conf.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,10 +130,6 @@ type Conf struct {
ReadBufferCount *int `json:"readBufferCount,omitempty"` // deprecated
WriteQueueSize int `json:"writeQueueSize"`
UDPMaxPayloadSize int `json:"udpMaxPayloadSize"`
Metrics bool `json:"metrics"`
MetricsAddress string `json:"metricsAddress"`
PPROF bool `json:"pprof"`
PPROFAddress string `json:"pprofAddress"`
RunOnConnect string `json:"runOnConnect"`
RunOnConnectRestart bool `json:"runOnConnectRestart"`
RunOnDisconnect string `json:"runOnDisconnect"`
Expand All @@ -147,12 +143,40 @@ type Conf struct {
AuthJWTJWKS string `json:"authJWTJWKS"`

// API
API bool `json:"api"`
APIAddress string `json:"apiAddress"`
API bool `json:"api"`
APIAddress string `json:"apiAddress"`
APIEncryption bool `json:"apiEncryption"`
APIServerKey string `json:"apiServerKey"`
APIServerCert string `json:"apiServerCert"`
APIAllowOrigin string `json:"apiAllowOrigin"`
APITrustedProxies IPNetworks `json:"apiTrustedProxies"`

// Metrics
Metrics bool `json:"metrics"`
MetricsAddress string `json:"metricsAddress"`
MetricsEncryption bool `json:"metricsEncryption"`
MetricsServerKey string `json:"metricsServerKey"`
MetricsServerCert string `json:"metricsServerCert"`
MetricsAllowOrigin string `json:"metricsAllowOrigin"`
MetricsTrustedProxies IPNetworks `json:"metricsTrustedProxies"`

// PPROF
PPROF bool `json:"pprof"`
PPROFAddress string `json:"pprofAddress"`
PPROFEncryption bool `json:"pprofEncryption"`
PPROFServerKey string `json:"pprofServerKey"`
PPROFServerCert string `json:"pprofServerCert"`
PPROFAllowOrigin string `json:"pprofAllowOrigin"`
PPROFTrustedProxies IPNetworks `json:"pprofTrustedProxies"`

// Playback
Playback bool `json:"playback"`
PlaybackAddress string `json:"playbackAddress"`
Playback bool `json:"playback"`
PlaybackAddress string `json:"playbackAddress"`
PlaybackEncryption bool `json:"playbackEncryption"`
PlaybackServerKey string `json:"playbackServerKey"`
PlaybackServerCert string `json:"playbackServerCert"`
PlaybackAllowOrigin string `json:"playbackAllowOrigin"`
PlaybackTrustedProxies IPNetworks `json:"playbackTrustedProxies"`

// RTSP server
RTSP bool `json:"rtsp"`
Expand Down Expand Up @@ -246,8 +270,6 @@ func (conf *Conf) setDefaults() {
conf.WriteTimeout = 10 * StringDuration(time.Second)
conf.WriteQueueSize = 512
conf.UDPMaxPayloadSize = 1472
conf.MetricsAddress = ":9998"
conf.PPROFAddress = ":9999"

// Authentication
conf.AuthInternalUsers = []AuthInternalUser{
Expand Down Expand Up @@ -297,9 +319,27 @@ func (conf *Conf) setDefaults() {

// API
conf.APIAddress = ":9997"
conf.APIServerKey = "server.key"
conf.APIServerCert = "server.crt"
conf.APIAllowOrigin = "*"

// Metrics
conf.MetricsAddress = ":9998"
conf.MetricsServerKey = "server.key"
conf.MetricsServerCert = "server.crt"
conf.MetricsAllowOrigin = "*"

// PPROF
conf.PPROFAddress = ":9999"
conf.PPROFServerKey = "server.key"
conf.PPROFServerCert = "server.crt"
conf.PPROFAllowOrigin = "*"

// Playback server
conf.PlaybackAddress = ":9996"
conf.PlaybackServerKey = "server.key"
conf.PlaybackServerCert = "server.crt"
conf.PlaybackAllowOrigin = "*"

// RTSP server
conf.RTSP = true
Expand Down
Loading

0 comments on commit f4629ac

Please sign in to comment.