Commit 54705ef5 authored by Erik Hedenström's avatar Erik Hedenström
Browse files

Added authentication using shared secret

parent b8bc3852
......@@ -2,6 +2,7 @@ package main
import (
"encoding/json"
"errors"
"io/ioutil"
"time"
......@@ -27,6 +28,7 @@ func loadOptions() {
viper.BindEnv("username", "MYDLINK_USERNAME")
viper.BindEnv("password", "MYDLINK_PASSWORD")
viper.BindEnv("login_host", "MYDLINK_LOGIN_HOST")
viper.BindEnv("shared_secret", "SHARED_SECRET")
viper.SetDefault("log_level", "info")
viper.SetDefault("token_file", ".token")
viper.SetDefault("login_host", "se.mydlink.com")
......@@ -85,6 +87,13 @@ func main() {
DisableStartupMessage: true,
})
app.Use(func(c *fiber.Ctx) error {
if c.Query("token") != viper.GetString("shared_secret") {
return errors.New("invalid token")
}
return c.Next()
})
app.Use(func(c *fiber.Ctx) error {
if m.IsExpired() {
err := m.FormLogin(viper.GetString("username"), viper.GetString("password"))
......
......@@ -7,6 +7,7 @@ import (
"strings"
"github.com/gorilla/websocket"
"github.com/spf13/viper"
)
type Proxy struct {
......@@ -47,10 +48,14 @@ func (proxy *Proxy) handleRequest(cliConn net.Conn) {
return
}
r, _ := regexp.Compile(`OPTIONS (rtsp:\/\/\S+\/(\d+))`)
r, _ := regexp.Compile(`OPTIONS (rtsp:\/\/\S+\/(\d+)\?token=(\S+))`)
m := r.FindSubmatch(b[:n])
if m != nil {
if string(m[3]) != viper.GetString("shared_secret") {
log.Warn("Invalid token")
return
}
myDlinkID := string(m[2])
stream, err := proxy.m.GetStream(myDlinkID)
if err != nil {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment