mirror of
https://github.com/ZLMediaKit/ZLMediaKit.git
synced 2024-11-26 04:31:37 +08:00
http api secret禁止使用默认的035c73f7-bb6b-4889-a715-d9eb2d1925cc 删除admin_params的设定
This commit is contained in:
parent
a17e842da2
commit
25d5e410c3
@ -142,9 +142,6 @@ deleteDelaySec=10
|
|||||||
segKeep=0
|
segKeep=0
|
||||||
|
|
||||||
[hook]
|
[hook]
|
||||||
#在推流时,如果url参数匹对admin_params,那么可以不经过hook鉴权直接推流成功,播放时亦然
|
|
||||||
#该配置项的目的是为了开发者自己调试测试,该参数暴露后会有泄露隐私的安全隐患
|
|
||||||
admin_params=secret=035c73f7-bb6b-4889-a715-d9eb2d1925cc
|
|
||||||
#是否启用hook事件,启用后,推拉流都将进行鉴权
|
#是否启用hook事件,启用后,推拉流都将进行鉴权
|
||||||
enable=0
|
enable=0
|
||||||
#播放器或推流器使用流量事件,置空则关闭
|
#播放器或推流器使用流量事件,置空则关闭
|
||||||
@ -273,8 +270,6 @@ handshakeSecond=15
|
|||||||
#rtmp超时时间,如果该时间内未收到客户端的数据,
|
#rtmp超时时间,如果该时间内未收到客户端的数据,
|
||||||
#或者tcp发送缓存超过这个时间,则会断开连接,单位秒
|
#或者tcp发送缓存超过这个时间,则会断开连接,单位秒
|
||||||
keepAliveSecond=15
|
keepAliveSecond=15
|
||||||
#在接收rtmp推流时,是否重新生成时间戳(很多推流器的时间戳着实很烂)
|
|
||||||
modifyStamp=0
|
|
||||||
#rtmp服务器监听端口
|
#rtmp服务器监听端口
|
||||||
port=1935
|
port=1935
|
||||||
#rtmps服务器监听地址
|
#rtmps服务器监听地址
|
||||||
|
@ -44,6 +44,8 @@ typedef enum {
|
|||||||
OtherFailed = -1,//业务代码执行失败,
|
OtherFailed = -1,//业务代码执行失败,
|
||||||
Success = 0//执行成功
|
Success = 0//执行成功
|
||||||
} ApiErr;
|
} ApiErr;
|
||||||
|
|
||||||
|
extern const std::string kSecret;
|
||||||
}//namespace API
|
}//namespace API
|
||||||
|
|
||||||
class ApiRetException: public std::runtime_error {
|
class ApiRetException: public std::runtime_error {
|
||||||
|
@ -48,7 +48,6 @@ const string kOnServerExited = HOOK_FIELD "on_server_exited";
|
|||||||
const string kOnServerKeepalive = HOOK_FIELD "on_server_keepalive";
|
const string kOnServerKeepalive = HOOK_FIELD "on_server_keepalive";
|
||||||
const string kOnSendRtpStopped = HOOK_FIELD "on_send_rtp_stopped";
|
const string kOnSendRtpStopped = HOOK_FIELD "on_send_rtp_stopped";
|
||||||
const string kOnRtpServerTimeout = HOOK_FIELD "on_rtp_server_timeout";
|
const string kOnRtpServerTimeout = HOOK_FIELD "on_rtp_server_timeout";
|
||||||
const string kAdminParams = HOOK_FIELD "admin_params";
|
|
||||||
const string kAliveInterval = HOOK_FIELD "alive_interval";
|
const string kAliveInterval = HOOK_FIELD "alive_interval";
|
||||||
const string kRetry = HOOK_FIELD "retry";
|
const string kRetry = HOOK_FIELD "retry";
|
||||||
const string kRetryDelay = HOOK_FIELD "retry_delay";
|
const string kRetryDelay = HOOK_FIELD "retry_delay";
|
||||||
@ -74,7 +73,6 @@ static onceToken token([]() {
|
|||||||
mINI::Instance()[kOnServerKeepalive] = "";
|
mINI::Instance()[kOnServerKeepalive] = "";
|
||||||
mINI::Instance()[kOnSendRtpStopped] = "";
|
mINI::Instance()[kOnSendRtpStopped] = "";
|
||||||
mINI::Instance()[kOnRtpServerTimeout] = "";
|
mINI::Instance()[kOnRtpServerTimeout] = "";
|
||||||
mINI::Instance()[kAdminParams] = "secret=035c73f7-bb6b-4889-a715-d9eb2d1925cc";
|
|
||||||
mINI::Instance()[kAliveInterval] = 30.0;
|
mINI::Instance()[kAliveInterval] = 30.0;
|
||||||
mINI::Instance()[kRetry] = 1;
|
mINI::Instance()[kRetry] = 1;
|
||||||
mINI::Instance()[kRetryDelay] = 3.0;
|
mINI::Instance()[kRetryDelay] = 3.0;
|
||||||
@ -331,11 +329,10 @@ static mINI jsonToMini(const Value &obj) {
|
|||||||
|
|
||||||
void installWebHook() {
|
void installWebHook() {
|
||||||
GET_CONFIG(bool, hook_enable, Hook::kEnable);
|
GET_CONFIG(bool, hook_enable, Hook::kEnable);
|
||||||
GET_CONFIG(string, hook_adminparams, Hook::kAdminParams);
|
|
||||||
|
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPublish, [](BroadcastMediaPublishArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPublish, [](BroadcastMediaPublishArgs) {
|
||||||
GET_CONFIG(string, hook_publish, Hook::kOnPublish);
|
GET_CONFIG(string, hook_publish, Hook::kOnPublish);
|
||||||
if (!hook_enable || args.param_strs == hook_adminparams || hook_publish.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
if (!hook_enable || hook_publish.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
||||||
invoker("", ProtocolOption());
|
invoker("", ProtocolOption());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -360,7 +357,7 @@ void installWebHook() {
|
|||||||
|
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPlayed, [](BroadcastMediaPlayedArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPlayed, [](BroadcastMediaPlayedArgs) {
|
||||||
GET_CONFIG(string, hook_play, Hook::kOnPlay);
|
GET_CONFIG(string, hook_play, Hook::kOnPlay);
|
||||||
if (!hook_enable || args.param_strs == hook_adminparams || hook_play.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
if (!hook_enable || hook_play.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
||||||
invoker("");
|
invoker("");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -374,7 +371,7 @@ void installWebHook() {
|
|||||||
|
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastFlowReport, [](BroadcastFlowReportArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastFlowReport, [](BroadcastFlowReportArgs) {
|
||||||
GET_CONFIG(string, hook_flowreport, Hook::kOnFlowReport);
|
GET_CONFIG(string, hook_flowreport, Hook::kOnFlowReport);
|
||||||
if (!hook_enable || args.param_strs == hook_adminparams || hook_flowreport.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
if (!hook_enable || hook_flowreport.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
auto body = make_json(args);
|
auto body = make_json(args);
|
||||||
@ -393,7 +390,7 @@ void installWebHook() {
|
|||||||
// 监听kBroadcastOnGetRtspRealm事件决定rtsp链接是否需要鉴权(传统的rtsp鉴权方案)才能访问
|
// 监听kBroadcastOnGetRtspRealm事件决定rtsp链接是否需要鉴权(传统的rtsp鉴权方案)才能访问
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastOnGetRtspRealm, [](BroadcastOnGetRtspRealmArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastOnGetRtspRealm, [](BroadcastOnGetRtspRealmArgs) {
|
||||||
GET_CONFIG(string, hook_rtsp_realm, Hook::kOnRtspRealm);
|
GET_CONFIG(string, hook_rtsp_realm, Hook::kOnRtspRealm);
|
||||||
if (!hook_enable || args.param_strs == hook_adminparams || hook_rtsp_realm.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
if (!hook_enable || hook_rtsp_realm.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
||||||
// 无需认证
|
// 无需认证
|
||||||
invoker("");
|
invoker("");
|
||||||
return;
|
return;
|
||||||
@ -620,7 +617,7 @@ void installWebHook() {
|
|||||||
// 追踪用户的目的是为了缓存上次鉴权结果,减少鉴权次数,提高性能
|
// 追踪用户的目的是为了缓存上次鉴权结果,减少鉴权次数,提高性能
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastHttpAccess, [](BroadcastHttpAccessArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastHttpAccess, [](BroadcastHttpAccessArgs) {
|
||||||
GET_CONFIG(string, hook_http_access, Hook::kOnHttpAccess);
|
GET_CONFIG(string, hook_http_access, Hook::kOnHttpAccess);
|
||||||
if (sender.get_peer_ip() == "127.0.0.1" || parser.params() == hook_adminparams) {
|
if (sender.get_peer_ip() == "127.0.0.1") {
|
||||||
// 如果是本机或超级管理员访问,那么不做访问鉴权;权限有效期1个小时
|
// 如果是本机或超级管理员访问,那么不做访问鉴权;权限有效期1个小时
|
||||||
invoker("", "", 60 * 60);
|
invoker("", "", 60 * 60);
|
||||||
return;
|
return;
|
||||||
|
@ -351,6 +351,11 @@ int start_main(int argc,char *argv[]) {
|
|||||||
#endif //defined(ENABLE_SRT)
|
#endif //defined(ENABLE_SRT)
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
auto secret = mINI::Instance()[API::kSecret];
|
||||||
|
if (secret == "035c73f7-bb6b-4889-a715-d9eb2d1925cc" || secret.empty()) {
|
||||||
|
// 使用默认secret被禁止启动
|
||||||
|
throw std::invalid_argument("please modify the configuration named " + API::kSecret + " in " + g_ini_file);
|
||||||
|
}
|
||||||
//rtsp服务器,端口默认554
|
//rtsp服务器,端口默认554
|
||||||
if (rtspPort) { rtspSrv->start<RtspSession>(rtspPort); }
|
if (rtspPort) { rtspSrv->start<RtspSession>(rtspPort); }
|
||||||
//rtsps服务器,端口默认322
|
//rtsps服务器,端口默认322
|
||||||
@ -388,8 +393,7 @@ int start_main(int argc,char *argv[]) {
|
|||||||
#endif//defined(ENABLE_SRT)
|
#endif//defined(ENABLE_SRT)
|
||||||
|
|
||||||
} catch (std::exception &ex) {
|
} catch (std::exception &ex) {
|
||||||
WarnL << "端口占用或无权限:" << ex.what();
|
ErrorL << "Start server failed: " << ex.what();
|
||||||
ErrorL << "程序启动失败,请修改配置文件中端口号后重试!";
|
|
||||||
sleep(1);
|
sleep(1);
|
||||||
#if !defined(_WIN32)
|
#if !defined(_WIN32)
|
||||||
if (pid != getpid() && kill_parent_if_failed) {
|
if (pid != getpid() && kill_parent_if_failed) {
|
||||||
|
Loading…
Reference in New Issue
Block a user