From afbec289067cc7f284dd135366b0f6febf13126b Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期一, 11 七月 2022 16:21:01 +0800
Subject: [PATCH] 增加推流鉴权。保护服务安全
---
src/main/java/com/genersoft/iot/vmp/media/zlm/ZLMHttpHookListener.java | 142 +++++++++++++++++++++++++++++++++++++----------
1 files changed, 111 insertions(+), 31 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/media/zlm/ZLMHttpHookListener.java b/src/main/java/com/genersoft/iot/vmp/media/zlm/ZLMHttpHookListener.java
index 7f6ea02..f4a2744 100644
--- a/src/main/java/com/genersoft/iot/vmp/media/zlm/ZLMHttpHookListener.java
+++ b/src/main/java/com/genersoft/iot/vmp/media/zlm/ZLMHttpHookListener.java
@@ -1,7 +1,8 @@
package com.genersoft.iot.vmp.media.zlm;
-import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import com.alibaba.fastjson.JSON;
import com.genersoft.iot.vmp.common.StreamInfo;
@@ -21,6 +22,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
+import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -78,6 +80,9 @@
@Autowired
private UserSetting userSetting;
+
+ @Autowired
+ private IUserService userService;
@Autowired
private VideoStreamSessionManager sessionManager;
@@ -151,12 +156,14 @@
*/
@ResponseBody
@PostMapping(value = "/on_play", produces = "application/json;charset=UTF-8")
- public ResponseEntity<String> onPlay(@RequestBody JSONObject json){
-
+ public ResponseEntity<String> onPlay(@RequestBody OnPlayHookParam param){
+
+ JSONObject json = (JSONObject)JSON.toJSON(param);
+
if (logger.isDebugEnabled()) {
- logger.debug("[ ZLM HOOK ]on_play API璋冪敤锛屽弬鏁帮細" + json.toString());
+ logger.debug("[ ZLM HOOK ]on_play API璋冪敤锛屽弬鏁帮細" + JSON.toJSONString(param));
}
- String mediaServerId = json.getString("mediaServerId");
+ String mediaServerId = param.getMediaServerId();
ZLMHttpHookSubscribe.Event subscribe = this.subscribe.getSubscribe(ZLMHttpHookSubscribe.HookType.on_play, json);
if (subscribe != null ) {
MediaServerItem mediaInfo = mediaServerService.getOne(mediaServerId);
@@ -165,9 +172,20 @@
}
}
JSONObject ret = new JSONObject();
+ if (!"rtp".equals(param.getApp())) {
+ Map<String, String> paramMap = urlParamToMap(param.getParams());
+ StreamAuthorityInfo streamAuthorityInfo = redisCatchStorage.getStreamAuthorityInfo(param.getApp(), param.getStream());
+ if (streamAuthorityInfo == null
+ || (streamAuthorityInfo.getCallId() != null && !streamAuthorityInfo.getCallId().equals(paramMap.get("callId")))) {
+ ret.put("code", 401);
+ ret.put("msg", "Unauthorized");
+ return new ResponseEntity<>(ret.toString(),HttpStatus.OK);
+ }
+ }
+
ret.put("code", 0);
ret.put("msg", "success");
- return new ResponseEntity<String>(ret.toString(),HttpStatus.OK);
+ return new ResponseEntity<>(ret.toString(),HttpStatus.OK);
}
/**
@@ -176,16 +194,49 @@
*/
@ResponseBody
@PostMapping(value = "/on_publish", produces = "application/json;charset=UTF-8")
- public ResponseEntity<String> onPublish(@RequestBody JSONObject json) {
+ public ResponseEntity<String> onPublish(@RequestBody OnPublishHookParam param) {
+
+ JSONObject json = (JSONObject) JSON.toJSON(param);
logger.info("[ ZLM HOOK ]on_publish API璋冪敤锛屽弬鏁帮細" + json.toString());
JSONObject ret = new JSONObject();
+ if (!"rtp".equals(param.getApp())) {
+ // 鎺ㄦ祦閴存潈
+ if (param.getParams() == null) {
+ logger.info("鎺ㄦ祦閴存潈澶辫触锛� 缂哄皯涓嶈鍙傛暟锛歴ign=md5(user琛ㄧ殑pushKey)");
+ ret.put("code", 401);
+ ret.put("msg", "Unauthorized");
+ return new ResponseEntity<>(ret.toString(), HttpStatus.OK);
+ }
+ Map<String, String> paramMap = urlParamToMap(param.getParams());
+ String sign = paramMap.get("sign");
+ if (sign == null) {
+ logger.info("鎺ㄦ祦閴存潈澶辫触锛� 缂哄皯涓嶈鍙傛暟锛歴ign=md5(user琛ㄧ殑pushKey)");
+ ret.put("code", 401);
+ ret.put("msg", "Unauthorized");
+ return new ResponseEntity<>(ret.toString(), HttpStatus.OK);
+ }
+ // 鎺ㄦ祦鑷畾涔夋挱鏀鹃壌鏉冪爜
+ String callId = paramMap.get("callId");
+ // 閴存潈閰嶇疆
+ boolean hasAuthority = userService.checkPushAuthority(callId, sign);
+ if (!hasAuthority) {
+ logger.info("鎺ㄦ祦閴存潈澶辫触锛� sign 鏃犳潈闄�: callId={}. sign={}", callId, sign);
+ ret.put("code", 401);
+ ret.put("msg", "Unauthorized");
+ return new ResponseEntity<>(ret.toString(), HttpStatus.OK);
+ }
+ StreamAuthorityInfo streamAuthorityInfo = StreamAuthorityInfo.getInstanceByHook(param);
+ streamAuthorityInfo.setCallId(callId);
+ streamAuthorityInfo.setSign(sign);
+ // 閴存潈閫氳繃
+ redisCatchStorage.updateStreamAuthorityInfo(param.getApp(), param.getStream(), streamAuthorityInfo);
+ }
+
ret.put("code", 0);
ret.put("msg", "success");
ret.put("enable_hls", true);
- if (json.getInteger("originType") == 1
- || json.getInteger("originType") == 2
- || json.getInteger("originType") == 3) {
+ if (!"rtp".equals(param.getApp())) {
ret.put("enable_audio", true);
}
@@ -200,14 +251,13 @@
ret.put("msg", "zlm not register");
}
}
- String app = json.getString("app");
- String stream = json.getString("stream");
- if ("rtp".equals(app)) {
+
+ if ("rtp".equals(param.getApp())) {
ret.put("enable_mp4", userSetting.getRecordSip());
}else {
ret.put("enable_mp4", userSetting.isRecordPushLive());
}
- List<SsrcTransaction> ssrcTransactionForAll = sessionManager.getSsrcTransactionForAll(null, null, null, stream);
+ List<SsrcTransaction> ssrcTransactionForAll = sessionManager.getSsrcTransactionForAll(null, null, null, param.getStream());
if (ssrcTransactionForAll != null && ssrcTransactionForAll.size() == 1) {
String deviceId = ssrcTransactionForAll.get(0).getDeviceId();
String channelId = ssrcTransactionForAll.get(0).getChannelId();
@@ -221,13 +271,14 @@
ret.put("enable_mp4", true);
ret.put("enable_audio", true);
}
-
}
return new ResponseEntity<String>(ret.toString(), HttpStatus.OK);
}
-
+
+
+
/**
* 褰曞埗mp4瀹屾垚鍚庨�氱煡浜嬩欢锛涙浜嬩欢瀵瑰洖澶嶄笉鏁忔劅銆�
*
@@ -312,9 +363,6 @@
if (logger.isDebugEnabled()) {
logger.debug("[ ZLM HOOK ]on_shell_login API璋冪敤锛屽弬鏁帮細" + json.toString());
}
- // TODO 濡傛灉鏄甫鏈塺tpstream鍒欏紑鍚寜闇�鎷夋祦
- // String app = json.getString("app");
- // String stream = json.getString("stream");
String mediaServerId = json.getString("mediaServerId");
ZLMHttpHookSubscribe.Event subscribe = this.subscribe.getSubscribe(ZLMHttpHookSubscribe.HookType.on_shell_login, json);
if (subscribe != null ) {
@@ -351,12 +399,24 @@
}
// 娴佹秷澶辩Щ闄edis play
String app = item.getApp();
- String streamId = item.getStream();
+ String stream = item.getStream();
String schema = item.getSchema();
List<MediaItem.MediaTrack> tracks = item.getTracks();
boolean regist = item.isRegist();
+ if (regist) {
+ StreamAuthorityInfo streamAuthorityInfo = redisCatchStorage.getStreamAuthorityInfo(app, stream);
+ if (streamAuthorityInfo == null) {
+ streamAuthorityInfo = StreamAuthorityInfo.getInstanceByHook(item);
+ }else {
+ streamAuthorityInfo.setOriginType(item.getOriginType());
+ streamAuthorityInfo.setOriginTypeStr(item.getOriginTypeStr());
+ }
+ redisCatchStorage.updateStreamAuthorityInfo(app, stream, streamAuthorityInfo);
+ }else {
+ redisCatchStorage.removeStreamAuthorityInfo(app, stream);
+ }
if ("rtmp".equals(schema)){
- logger.info("on_stream_changed锛氭敞鍐�->{}, app->{}, stream->{}", regist, app, streamId);
+ logger.info("on_stream_changed锛氭敞鍐�->{}, app->{}, stream->{}", regist, app, stream);
if (regist) {
mediaServerService.addCount(mediaServerId);
}else {
@@ -365,15 +425,15 @@
if (item.getOriginType() == OriginType.PULL.ordinal()
|| item.getOriginType() == OriginType.FFMPEG_PULL.ordinal()) {
// 璁剧疆鎷夋祦浠g悊涓婄嚎/绂荤嚎
- streamProxyService.updateStatus(regist, app, streamId);
+ streamProxyService.updateStatus(regist, app, stream);
}
if ("rtp".equals(app) && !regist ) {
- StreamInfo streamInfo = redisCatchStorage.queryPlayByStreamId(streamId);
+ StreamInfo streamInfo = redisCatchStorage.queryPlayByStreamId(stream);
if (streamInfo!=null){
redisCatchStorage.stopPlay(streamInfo);
storager.stopPlay(streamInfo.getDeviceID(), streamInfo.getChannelId());
}else{
- streamInfo = redisCatchStorage.queryPlayback(null, null, streamId, null);
+ streamInfo = redisCatchStorage.queryPlayback(null, null, stream, null);
if (streamInfo != null) {
redisCatchStorage.stopPlayback(streamInfo.getDeviceID(), streamInfo.getChannelId(),
streamInfo.getStream(), null);
@@ -387,10 +447,12 @@
if (mediaServerItem != null){
if (regist) {
- StreamInfo streamInfoByAppAndStream = mediaService.getStreamInfoByAppAndStream(mediaServerItem, app, streamId, tracks);
+ StreamAuthorityInfo streamAuthorityInfo = redisCatchStorage.getStreamAuthorityInfo(app, stream);
+ StreamInfo streamInfoByAppAndStream = mediaService.getStreamInfoByAppAndStream(mediaServerItem,
+ app, stream, tracks, streamAuthorityInfo.getCallId());
item.setStreamInfo(streamInfoByAppAndStream);
- redisCatchStorage.addStream(mediaServerItem, type, app, streamId, item);
+ redisCatchStorage.addStream(mediaServerItem, type, app, stream, item);
if (item.getOriginType() == OriginType.RTSP_PUSH.ordinal()
|| item.getOriginType() == OriginType.RTMP_PUSH.ordinal()
|| item.getOriginType() == OriginType.RTC_PUSH.ordinal() ) {
@@ -413,23 +475,23 @@
}else {
// 鍏煎娴佹敞閿�鏃剁被鍨嬩粠redis璁板綍鑾峰彇
- MediaItem mediaItem = redisCatchStorage.getStreamInfo(app, streamId, mediaServerId);
+ MediaItem mediaItem = redisCatchStorage.getStreamInfo(app, stream, mediaServerId);
if (mediaItem != null) {
type = OriginType.values()[mediaItem.getOriginType()].getType();
- redisCatchStorage.removeStream(mediaServerItem.getId(), type, app, streamId);
+ redisCatchStorage.removeStream(mediaServerItem.getId(), type, app, stream);
}
- GbStream gbStream = storager.getGbStream(app, streamId);
+ GbStream gbStream = storager.getGbStream(app, stream);
if (gbStream != null) {
// eventPublisher.catalogEventPublishForStream(null, gbStream, CatalogEvent.OFF);
}
- zlmMediaListManager.removeMedia(app, streamId);
+ zlmMediaListManager.removeMedia(app, stream);
}
if (type != null) {
// 鍙戦�佹祦鍙樺寲redis娑堟伅
JSONObject jsonObject = new JSONObject();
jsonObject.put("serverId", userSetting.getServerId());
jsonObject.put("app", app);
- jsonObject.put("stream", streamId);
+ jsonObject.put("stream", stream);
jsonObject.put("register", regist);
jsonObject.put("mediaServerId", mediaServerId);
redisCatchStorage.sendStreamChangeMsg(type, jsonObject);
@@ -565,4 +627,22 @@
ret.put("msg", "success");
return new ResponseEntity<String>(ret.toString(),HttpStatus.OK);
}
+
+ private Map<String, String> urlParamToMap(String params) {
+ HashMap<String, String> map = new HashMap<>();
+ if (StringUtils.isEmpty(params)) {
+ return map;
+ }
+ String[] paramsArray = params.split("&");
+ if (paramsArray.length == 0) {
+ return map;
+ }
+ for (String param : paramsArray) {
+ String[] paramArray = param.split("=");
+ if (paramArray.length == 2){
+ map.put(paramArray[0], paramArray[1]);
+ }
+ }
+ return map;
+ }
}
--
Gitblit v1.8.0