j62
/
ctbrec
2
2
Fork 2
Code Issues 4 Pull Requests Packages Projects Releases 3 Wiki Activity

Protect only the playlists with HMAC 

Ignore HMAC authentication for segments, so that media players can
access the segments without the server having to manipulate the
playlist and add an hmac for every segment
This commit is contained in:
0xboobface 2018-11-16 12:42:33 +01:00
parent 917dbbadaa
commit d7ba8b2978
1 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/main/java/ctbrec/recorder/server/HlsServlet.java
View File

@ -36,23 +36,22 @@ public class HlsServlet extends AbstractCtbrecServlet {
File recordingsDir = new File(config.getSettings().recordingsDir);
File requestedFile = new File(recordingsDir, request);
try {
boolean isRequestAuthenticated = checkAuthentication(req, req.getRequestURI());
if (!isRequestAuthenticated) {
resp.setStatus(SC_UNAUTHORIZED);
String response = "{\"status\": \"error\", \"msg\": \"HMAC does not match\"}";
resp.getWriter().write(response);
return;
}
} catch (InvalidKeyException | NoSuchAlgorithmException | IllegalStateException e1) {
resp.setStatus(SC_UNAUTHORIZED);
String response = "{\"status\": \"error\", \"msg\": \"Authentication failed\"}";
resp.getWriter().write(response);
return;
}
if (requestedFile.getCanonicalPath().startsWith(config.getSettings().recordingsDir)) {
if (requestedFile.getName().equals("playlist.m3u8")) {
try {
boolean isRequestAuthenticated = checkAuthentication(req, req.getRequestURI());
if (!isRequestAuthenticated) {
resp.setStatus(SC_UNAUTHORIZED);
String response = "{\"status\": \"error\", \"msg\": \"HMAC does not match\"}";
resp.getWriter().write(response);
return;
}
} catch (InvalidKeyException | NoSuchAlgorithmException | IllegalStateException e1) {
resp.setStatus(SC_UNAUTHORIZED);
String response = "{\"status\": \"error\", \"msg\": \"Authentication failed\"}";
resp.getWriter().write(response);
return;
}
try {
servePlaylist(req, resp, requestedFile);