From d7ba8b2978aea3fa5d3a15234e4f6daa799451e9 Mon Sep 17 00:00:00 2001
From: 0xboobface <0xboobface@gmail.com>
Date: Fri, 16 Nov 2018 12:42:33 +0100
Subject: [PATCH] Protect only the playlists with HMAC

Ignore HMAC authentication for segments, so that media players can
access the segments without the server having to manipulate the
playlist and add an hmac for every segment
---
 .../ctbrec/recorder/server/HlsServlet.java    | 29 +++++++++----------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/src/main/java/ctbrec/recorder/server/HlsServlet.java b/src/main/java/ctbrec/recorder/server/HlsServlet.java
index 4e425f9e..cf7b02db 100644
--- a/src/main/java/ctbrec/recorder/server/HlsServlet.java
+++ b/src/main/java/ctbrec/recorder/server/HlsServlet.java
@@ -36,23 +36,22 @@ public class HlsServlet extends AbstractCtbrecServlet {
         File recordingsDir = new File(config.getSettings().recordingsDir);
         File requestedFile = new File(recordingsDir, request);
 
-        try {
-            boolean isRequestAuthenticated = checkAuthentication(req, req.getRequestURI());
-            if (!isRequestAuthenticated) {
-                resp.setStatus(SC_UNAUTHORIZED);
-                String response = "{\"status\": \"error\", \"msg\": \"HMAC does not match\"}";
-                resp.getWriter().write(response);
-                return;
-            }
-        } catch (InvalidKeyException | NoSuchAlgorithmException | IllegalStateException e1) {
-            resp.setStatus(SC_UNAUTHORIZED);
-            String response = "{\"status\": \"error\", \"msg\": \"Authentication failed\"}";
-            resp.getWriter().write(response);
-            return;
-        }
-
         if (requestedFile.getCanonicalPath().startsWith(config.getSettings().recordingsDir)) {
             if (requestedFile.getName().equals("playlist.m3u8")) {
+                try {
+                    boolean isRequestAuthenticated = checkAuthentication(req, req.getRequestURI());
+                    if (!isRequestAuthenticated) {
+                        resp.setStatus(SC_UNAUTHORIZED);
+                        String response = "{\"status\": \"error\", \"msg\": \"HMAC does not match\"}";
+                        resp.getWriter().write(response);
+                        return;
+                    }
+                } catch (InvalidKeyException | NoSuchAlgorithmException | IllegalStateException e1) {
+                    resp.setStatus(SC_UNAUTHORIZED);
+                    String response = "{\"status\": \"error\", \"msg\": \"Authentication failed\"}";
+                    resp.getWriter().write(response);
+                    return;
+                }
 
                 try {
                     servePlaylist(req, resp, requestedFile);