The open source service lalserver supports a variety of authentication and anti-theft chain methods

Time:2022-5-11

Lalserver is a streaming media server developed by pure golang. At present, RTMP, RTSP (RTP / RTCP), HLS, HTTP [S] / websocket [S] – flv / TS protocols have been supported.

At present, the authentication chain supports a variety of anti-theft methods.

LAL GitHub addresshttps://github.com/q191201771…

mode 1 Fixed value authentication parameters

First, modify the configuration file as follows:

"conf_version": "v0.2.6",
...
"simple_auth": {
    "Key": "q191201771"
    "Dangerous_lal_secret": "pengrl", // backdoor authentication parameter. All streams can be authenticated through this parameter value
    "Pub_rtmp_enable": true, // whether authentication is enabled for RTMP streaming. True means authentication is enabled and false means authentication is not enabled
    "Sub_rtmp_enable": true, // whether authentication is enabled for RTMP streaming
    "Sub_httpflv_enable": true, // whether authentication is enabled for httpflv streaming
    "Sub_httpts_enable": true, // whether authentication is enabled for httpts streaming
    "Pub_rtsp_enable": true, // whether authentication is enabled for RTSP streaming
    "Sub_rtsp_enable": true, // whether authentication is enabled for RTSP streaming
    "Hls_m3u8_enable": true // whether the m3u8 pull stream enables authentication
}
...

The configurations of mode 1 and mode 2 are in the configuration itemsimple_authManagement under:

  • pubandsubThe field at the beginning determines whether authentication is enabled for each protocol
  • dangerous_lal_secretIs the value of the authentication parameter
  • keyIt is used in mode 2 below. I don’t care about it for the time being

For example, when the authentication function is not enabled, the URL of the RTMP stream isrtmp://127.0.0.1:8080/live/test110

When enabled, the business party’s streaming URL changes to

rtmp://127.0.0.1:8080/live/test110?lal_secret=pengrl

amonglal_secretIt is the authentication signature parameter. The name is fixed and the value is fixed. It corresponds to the configuration filedangerous_lal_secretValue of.

In this authentication method, all streams use the same authentication parameter value.

▌ mode 2 Authentication parameters of MD5 signature

First, the configuration file is still modified (see the description in mode 1 above):

  • pubandsubThe fields at the beginning of etc. determine whether authentication is enabled for each protocol
  • keyUsed for MD5 signature

For example, when the authentication function is not enabled, the URL of the RTMP stream isrtmp://127.0.0.1:8080/live/test110

When enabled, the business party’s streaming URL changes to

rtmp://127.0.0.1:8080/live/test110?lal_secret=700997e1595a06c9ffa60ebef79105b0

amonglal_secretIt is the authentication signature parameter. The name is fixed and the calculation formula of the value is

MD5 (simple_auth:: Key + stream name in configuration file)

The calculation method corresponding to the above example is

md5("q191201771test110")

See how to calculate MD5 for go, C + + code, command line and web page tools:Using tools or code to generate MD5 – Renliang notes

In this authentication mode, different stream names correspond to different authentication parameters.

Note that mode 1 and mode 2 can be used at the same time.lal_secretIf the value of meets any calculation method, it can be authenticated.

▌ mode 3 Interact with the service of the business party and customize the authentication method freely

The general logic is that when receiving a push or pull request, the lalserver uses HTTP callback to notify the service of the business party.

The service of the business party determines whether the push or pull request is legal according to its own logic.

If it is illegal, use the HTTP API interface provided by the lalserver to kick out the request.

Related documents:

Third party documents

Recommended Today

Network protocol: still using HTTP proxy? Weak explosion! Try Socks5

brief introduction Existence is reasonable. The emergence of Socks5 is to solve the big problem that Socks4 does not support identity authentication. After all, we pay more and more attention to the security of the network. The network without authentication is like a life under the camera. It has no privacy. It’s really terrible. Today, […]