RTSPtoWeb icon indicating copy to clipboard operation
RTSPtoWeb copied to clipboard
verified publisher icon deepch

Protecting streams with authentication

Open jktz903 opened this issue 1 year ago • 2 comments

How do I protect my streams with basic authentication? config.json seems to offer some options but I'm unable to find any documentation on this matter. Any ideas would be appreciated.

jktz903 avatar Aug 03 '24 10:08 jktz903

You have to place your own api inside the token which will authenticate the resource. Here is a simple config having auth.

{
  "channel_defaults": {
    "on_demand": true
  },
  "server": {
    "debug": true,
    "http_debug": false,
    "http_demo": true,
    "http_dir": "",
    "http_login": "demo",
    "http_password": "demo",
    "http_port": ":8083",
    "https": false,
    "https_auto_tls": false,
    "https_auto_tls_name": "",
    "https_cert": "",
    "https_key": "",
    "https_port": "",
    "ice_credential": "",
    "ice_servers": [
      "stun:stun.l.google.com:19302"
    ],
    "token": {
    "enable": true,
    "backend": "your_api_goes_here"
    },
    "ice_username": "",
    "log_level": "info",
    "rtsp_port": "",
    "webrtc_port_max": 0,
    "webrtc_port_min": 0
  },
  "streams": {
    "random_generated": {
      "channels": {
        "0": {
          "debug": true,
          "on_demand": true,
          "url": "url?token=secret"
        }
      },
      "name": "streamname"
    }
  }
}

Now when you add new stream you have to add the query param like this with your stream rtsp://127.0.0.1:5541/demo/0?token=you_key

Note: Your endpoint which you use in the token object (your_api_goes_here) should have to return the json having key status and its value would be 0 or 1

irtaza9 avatar Sep 04 '24 03:09 irtaza9

Maybe someone should update the docs to be a bit clearer on this?

i got it working. but struggled a bit.

  • It supports including user:pass@ip:port/path
  • The request is a POST request not GET
  • Status is written with upper case 'S' 'Status' and is of type string not number
  • include Content-Type: 'application/json; charset=UTF-8' in the response

The docs are a bit confusing indicating that '?token=whatever' should be added to the rtsp url in the config. But i added it to the hls stream url and it got passed all the way to the auth backend.

Also. The docker container crashes if it does not get a good response from the backend

it would also be great with a http endpoint to test auth on and get a JSON response.

/auth_test/{{stream}}/{{channel}}/{{proto}}/?token=whatever -> response: {Status:"1"} or {Status:"0"}

svefro avatar Mar 12 '25 08:03 svefro