mirror of
https://github.com/ZLMediaKit/ZLMediaKit.git
synced 2024-11-29 22:55:52 +08:00
web hook不再直接放行来自127.0.0.1播放鉴权请求
防止代理越过鉴权
This commit is contained in:
parent
2c8a46862b
commit
2bcbff09b0
@ -332,7 +332,7 @@ void installWebHook() {
|
|||||||
|
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPublish, [](BroadcastMediaPublishArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPublish, [](BroadcastMediaPublishArgs) {
|
||||||
GET_CONFIG(string, hook_publish, Hook::kOnPublish);
|
GET_CONFIG(string, hook_publish, Hook::kOnPublish);
|
||||||
if (!hook_enable || hook_publish.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
if (!hook_enable || hook_publish.empty()) {
|
||||||
invoker("", ProtocolOption());
|
invoker("", ProtocolOption());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -357,7 +357,7 @@ void installWebHook() {
|
|||||||
|
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPlayed, [](BroadcastMediaPlayedArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPlayed, [](BroadcastMediaPlayedArgs) {
|
||||||
GET_CONFIG(string, hook_play, Hook::kOnPlay);
|
GET_CONFIG(string, hook_play, Hook::kOnPlay);
|
||||||
if (!hook_enable || hook_play.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
if (!hook_enable || hook_play.empty()) {
|
||||||
invoker("");
|
invoker("");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -371,7 +371,7 @@ void installWebHook() {
|
|||||||
|
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastFlowReport, [](BroadcastFlowReportArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastFlowReport, [](BroadcastFlowReportArgs) {
|
||||||
GET_CONFIG(string, hook_flowreport, Hook::kOnFlowReport);
|
GET_CONFIG(string, hook_flowreport, Hook::kOnFlowReport);
|
||||||
if (!hook_enable || hook_flowreport.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
if (!hook_enable || hook_flowreport.empty()) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
auto body = make_json(args);
|
auto body = make_json(args);
|
||||||
@ -390,7 +390,7 @@ void installWebHook() {
|
|||||||
// 监听kBroadcastOnGetRtspRealm事件决定rtsp链接是否需要鉴权(传统的rtsp鉴权方案)才能访问
|
// 监听kBroadcastOnGetRtspRealm事件决定rtsp链接是否需要鉴权(传统的rtsp鉴权方案)才能访问
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastOnGetRtspRealm, [](BroadcastOnGetRtspRealmArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastOnGetRtspRealm, [](BroadcastOnGetRtspRealmArgs) {
|
||||||
GET_CONFIG(string, hook_rtsp_realm, Hook::kOnRtspRealm);
|
GET_CONFIG(string, hook_rtsp_realm, Hook::kOnRtspRealm);
|
||||||
if (!hook_enable || hook_rtsp_realm.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
if (!hook_enable || hook_rtsp_realm.empty()) {
|
||||||
// 无需认证
|
// 无需认证
|
||||||
invoker("");
|
invoker("");
|
||||||
return;
|
return;
|
||||||
@ -539,7 +539,7 @@ void installWebHook() {
|
|||||||
|
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastShellLogin, [](BroadcastShellLoginArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastShellLogin, [](BroadcastShellLoginArgs) {
|
||||||
GET_CONFIG(string, hook_shell_login, Hook::kOnShellLogin);
|
GET_CONFIG(string, hook_shell_login, Hook::kOnShellLogin);
|
||||||
if (!hook_enable || hook_shell_login.empty() || sender.get_peer_ip() == "127.0.0.1") {
|
if (!hook_enable || hook_shell_login.empty()) {
|
||||||
invoker("");
|
invoker("");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -617,11 +617,6 @@ void installWebHook() {
|
|||||||
// 追踪用户的目的是为了缓存上次鉴权结果,减少鉴权次数,提高性能
|
// 追踪用户的目的是为了缓存上次鉴权结果,减少鉴权次数,提高性能
|
||||||
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastHttpAccess, [](BroadcastHttpAccessArgs) {
|
NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastHttpAccess, [](BroadcastHttpAccessArgs) {
|
||||||
GET_CONFIG(string, hook_http_access, Hook::kOnHttpAccess);
|
GET_CONFIG(string, hook_http_access, Hook::kOnHttpAccess);
|
||||||
if (sender.get_peer_ip() == "127.0.0.1") {
|
|
||||||
// 如果是本机或超级管理员访问,那么不做访问鉴权;权限有效期1个小时
|
|
||||||
invoker("", "", 60 * 60);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (!hook_enable || hook_http_access.empty()) {
|
if (!hook_enable || hook_http_access.empty()) {
|
||||||
// 未开启http文件访问鉴权,那么允许访问,但是每次访问都要鉴权;
|
// 未开启http文件访问鉴权,那么允许访问,但是每次访问都要鉴权;
|
||||||
// 因为后续随时都可能开启鉴权(重载配置文件后可能重新开启鉴权)
|
// 因为后续随时都可能开启鉴权(重载配置文件后可能重新开启鉴权)
|
||||||
|
Loading…
Reference in New Issue
Block a user