Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API: Support HTTP basic authentication for API. v6.0.4, v5.0.152 #3458

Merged
merged 11 commits into from
Apr 1, 2023
Merged

API: Support HTTP basic authentication for API. v6.0.4, v5.0.152 #3458

merged 11 commits into from
Apr 1, 2023

Conversation

duiniuluantanqin
Copy link
Member

@duiniuluantanqin duiniuluantanqin commented Mar 8, 2023
edited by winlinvip
Loading

The 'Basic' HTTP Authentication Scheme

Refer to RFC7617, currently only authentication for HTTP API has been implemented.
Configuration

http_api {
    enabled on;
    listen 8080;
    auth {
        # default: off
        enabled         on;
        username        admin;
        password        admin;
    }
}

Testing

curl http://admin:admin@ip:1985/api/v1/clients/

Alternatively, accessing it directly through the browser will prompt for entering a username and password.

Modification Plan
The original process is as follows:

graph LR
    A(SrsHttpConn) --> B[SrsHttpCorsMux] --> C[SrsHttpServeMux]
Loading

The new process adds SrsHttpAuthMux as follows:

graph LR
    A(SrsHttpConn) --> B[SrsHttpCorsMux] --> C[SrsHttpAuthMux] --> D[SrsHttpServeMux]
    style C fill: #09f, stroke: #333
Loading

Note:

  1. Considering that API is for operations and maintenance, while streaming media is for users, these two passwords may be different., authentication is only performed for /api/v1/, while other endpoints such as RTC signaling /rtc/v1/ are not authenticated.
  2. Of course, static pages will also not be authenticated, even if they share the same port with the API.

TRANS_BY_GPT3

@duiniuluantanqin duiniuluantanqin linked an issue Mar 8, 2023 that may be closed by this pull request
API: Secure HTTP API for Authentication. Port 1985 does not have any security authentication. #1640
Closed
@winlinvip
Copy link
Member

winlinvip commented Mar 9, 2023
edited
Loading

After enabling authentication, will the Console prompt this popup? Check if there is a popup in the Console, as many people have reported that there is no authentication in the Console. Therefore, it would be good to have a popup, not having one might not be ideal.

Does this also apply to the RTC API? The RTC API belongs to the streaming media part, so if RTC is enabled, should HTTP-FLV also be enabled for consistency? The API is for operations and maintenance, while streaming media is for users, so the passwords for these two may be different.

The HTTP server and API can reuse the same port, so we may need to check if it will function properly.

TRANS_BY_GPT3

@duiniuluantanqin duiniuluantanqin added the API HTTP-API, HTTP-Callback, etc. label Mar 9, 2023
@winlinvip
Copy link
Member

winlinvip commented Mar 20, 2023
edited
Loading

Please add black box testing and use Go as the client to verify if the auth is correct.

TRANS_BY_GPT3

@duiniuluantanqin duiniuluantanqin force-pushed the fix_bug_issue_1640_2 branch 8 times, most recently from 321f71b to d70cee6 Compare March 22, 2023 02:39
@winlinvip winlinvip force-pushed the develop branch 3 times, most recently from c056094 to 2ac9eb8 Compare March 23, 2023 06:02
@winlinvip
Copy link
Member

winlinvip commented Apr 1, 2023
edited
Loading

I think it works for me now, please also remember to update the documentation for HTTP basic authentication at HTTP-API

@winlinvip winlinvip changed the title API: add basic auth for http api API: Support HTTP basic authentication for API. Apr 1, 2023
@winlinvip winlinvip merged commit 771ae0a into ossrs:develop Apr 1, 2023
@winlinvip winlinvip changed the title API: Support HTTP basic authentication for API. API: Support HTTP basic authentication for API. v6.0.4, v5.0.152 Apr 1, 2023
@winlinvip winlinvip changed the title API: Support HTTP basic authentication for API. v6.0.4, v5.0.152 API: Support HTTP basic authentication for API. v6.0.4, v5.0.152 Apr 1, 2023
winlinvip added a commit that referenced this pull request Apr 1, 2023
@duiniuluantanqin @winlinvip @xiaozhihong
API: Support HTTP basic authentication for API. v6.0.4, v5.0.152 (#3458)
12f3a31 
PICK 771ae0a

Co-authored-by: winlin <winlin@vip.126.com>
Co-authored-by: john <hondaxiao@tencent.com>
@duiniuluantanqin duiniuluantanqin mentioned this pull request May 22, 2023
Closed
@duiniuluantanqin duiniuluantanqin linked an issue May 22, 2023 that may be closed by this pull request
API: Exposed for WebRTC without any access control #2684
Closed
@winlinvip winlinvip added the TransByAI Translated by AI/GPT. label Jul 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@winlinvip winlinvip winlinvip approved these changes

@xiaozhihong xiaozhihong xiaozhihong approved these changes

@mapengfei53 mapengfei53 Awaiting requested review from mapengfei53

@chundonglinlin chundonglinlin Awaiting requested review from chundonglinlin

Assignees
No one assigned
Labels
API HTTP-API, HTTP-Callback, etc. TransByAI Translated by AI/GPT.
Projects
None yet
Milestone
No milestone
3 participants
@duiniuluantanqin @winlinvip @xiaozhihong