Tutorial : add security with http authentication
186 views
Skip to first unread message
MonaServer
Nov 15, 2021, 11:46:42 AM11/15/21
to MonaServer
For those interested to add some security with login/password to your files and streams this is possible with HTTP authentication and few changes in the source code. (Note that you'll have to rebuild MonaTiny).
Of course we advise you to use HTTPS only since HTTP is unsecure.
First, setup the configuration file, here MonaTiny.ini :
;MonaTiny.ini
; Disable unencrypted HTTP
HTTP=false
;Add the users login/passwords
[users]
admin=admin
user=simpleuser
(Don't forget to change the password values)
Then open the file MonaTiny/sources/MonaTiny.cpp with your favorite editor (Visual Studio Community 2019 is recommended for Windows).
Authorize file access to identified users only (add the bold lines) :
bool MonaTiny::onFileAccess(Exception& ex, File::Mode mode, Path& file, DataReader& arguments, DataWriter& properties, Client* pClient) {
// on client file access, returns "false" if acess if forbiden
if(pClient) {
DEBUG(file.name(), " file access from ", pClient->protocol, " to ", pClient->path.length() ? pClient->path : "/");
if (pClient->hasCustomData())
return pClient->getCustomData<App::Client>()->onFileAccess(ex, mode, file, arguments, properties);
if (!pClient->authentification()) // only authentified users can open files
return false;
} else
DEBUG(file.name(), " file access to ", file.parent().empty() ? "/" : file.parent());
// arguments.read(properties); to test HTTP page properties (HTTP parsing!)
return !mode;
}
// on client file access, returns "false" if acess if forbiden
if(pClient) {
DEBUG(file.name(), " file access from ", pClient->protocol, " to ", pClient->path.length() ? pClient->path : "/");
if (pClient->hasCustomData())
return pClient->getCustomData<App::Client>()->onFileAccess(ex, mode, file, arguments, properties);
if (!pClient->authentification()) // only authentified users can open files
return false;
} else
DEBUG(file.name(), " file access to ", file.parent().empty() ? "/" : file.parent());
// arguments.read(properties); to test HTTP page properties (HTTP parsing!)
return !mode;
}
(You can add the same 2 lines to onSubscribe method in order to authorize stream subscription to authenticated users only)
Authorize publication to the user "admin" only :
bool MonaTiny::onPublish(Exception& ex, Publication& publication, Client* pClient) {
if (pClient) {
NOTE("Client publish ", publication.name());
if (pClient->hasCustomData())
return pClient->getCustomData<App::Client>()->onPublish(ex, publication);
const char* user = pClient->authentification();
if (!user || String::ICompare(user, "admin") != 0) // only admin user can publish
return false;
} else
NOTE("Publish ",publication.name())
return true; // "true" to allow, "false" to forbid
}
if (pClient) {
NOTE("Client publish ", publication.name());
if (pClient->hasCustomData())
return pClient->getCustomData<App::Client>()->onPublish(ex, publication);
const char* user = pClient->authentification();
if (!user || String::ICompare(user, "admin") != 0) // only admin user can publish
return false;
} else
NOTE("Publish ",publication.name())
return true; // "true" to allow, "false" to forbid
}
At this point you must rebuild MonaTiny.
And finally publish the stream using your identifiers, with ffmpeg for example :
ffmpeg -re -i Sintel.ts -c copy -chunked_post 0 -content_type video/flv -f flv https://admin:admin@localhost/live/test123
And play the stream from your browser :
You will be prompted to set the login and password.
Note: MonaTiny comes with 2 default cert.pem and key.pem files, don't forget to change those files to certified files (use Let's encrypt for example) to avoid annoying warnings for your users.
Coldcart cold
Nov 23, 2021, 12:34:08 PM11/23/21
to MonaServer
Thanks for this
Reply all
Reply to author
Forward
0 new messages