EasyDarwin实现RTSP播放动态认证的两种方式：Basic/Digest & Token

问题描述

目前为了能够方便开发者，我们将EasyDarwin中的RTSP认证过程直接忽略过了，如果要开启认证的方式，我们可以在代码中打开：

        case kRoutingRequest:            {                // Invoke router modules                numModules = QTSServerInterface::GetNumModulesInRole(QTSSModule::kRTSPRouteRole);                {                    // Manipulation of the RTPSession from the point of view of                    // a module is guaranteed to be atomic by the API.                    Assert(fRTPSession != NULL);                    OSMutexLocker   locker(fRTPSession->GetSessionMutex());                    for (; (fCurrentModule < numModules) && ((!fRequest->HasResponseBeenSent()) || fModuleState.eventRequested); fCurrentModule++)                    {                        fModuleState.eventRequested = false;                        fModuleState.idleTime = 0;                        if (fModuleState.globalLockRequested)                        {                            fModuleState.globalLockRequested = false;                            fModuleState.isGlobalLocked = true;                        }                        theModule = QTSServerInterface::GetModule(QTSSModule::kRTSPRouteRole, fCurrentModule);                        (void)theModule->CallDispatch(QTSS_RTSPRoute_Role, &fRoleParams);                        fModuleState.isGlobalLocked = false;                        if (fModuleState.globalLockRequested) // call this request back locked                            return this->CallLocked();                        // If this module has requested an event, return and wait for the event to transpire                        if (fModuleState.eventRequested)                        {                            this->ForceSameThread();    // We are holding mutexes, so we need to force                                                        // the same thread to be used for next Run()                            return fModuleState.idleTime; // If the module has requested idle time...                        }                    }                }                fCurrentModule = 0;                // SetupAuthLocalPath must happen after kRoutingRequest and before kAuthenticatingRequest                // placed here so that if the state is shifted to kPostProcessingRequest from a response being sent                // then the AuthLocalPath will still be set.                fRequest->SetupAuthLocalPath();                if (fRequest->HasResponseBeenSent())                {                    fState = kPostProcessingRequest;                    break;                }                //!!! 这里打开对RTSPSession进行授权认证的过程 !!!                if (fRequest->SkipAuthorization())                {                    // Skip the authentication and authorization states                    // The foll. normally gets executed at the end of the authorization state                     // Prepare for kPreprocessingRequest state.                    fState = kPreprocessingRequest;                    if (fRequest->GetMethod() == qtssSetupMethod)                        // Make sure to erase the session ID stored in the request at this point.                        // If we fail to do so, this same session would be used if another                        // SETUP was issued on this same TCP connection.                        fLastRTPSessionIDPtr.Len = 0;                    else if (fLastRTPSessionIDPtr.Len == 0)                        fLastRTPSessionIDPtr.Len = ::strlen(fLastRTPSessionIDPtr.Ptr);                    break;                }                else                    fState = kAuthenticatingRequest;            }

这里将kAuthenticatingRequest流程打开就能够进行RTSP认证的验证过程了，那么还有一种Token验证的方式，这种方法就类似于RTMP里面的认证方式，在流名称后面增加认证的Token串作为请求URL的QueryString发送给服务器进行动态认证，那么这种方式，我们可以在RTSPSession::SetupRequest中进行Token的相关过滤：

void RTSPSession::SetupRequest(){    // First parse the request    QTSS_Error theErr = fRequest->Parse();    if (theErr != QTSS_NoErr)        return;    // 对RTSPRequest进行Token解析    StrPtrLen *token = fRequest->GetValue(qtssRTSPReqQueryString);    //TODO::对Token进行自定义验证，失败返回401等相应错误码    //    // let's also refresh RTP session timeout so that it's kept alive in sync with the RTSP session.     //     // Attempt to find the RTP session for this request.    OSRefTable* theMap = QTSServerInterface::GetServer()->GetRTPSessionMap();    theErr = this->FindRTPSession(theMap);

EasyDarwin RTSP认证方式

基于配置文件中用户名/密码认证的方法可参考：EasyDarwin开源流媒体服务器支持basic基本认证和digest摘要认证解析

RTSP动态认证的方式可以参考博客《EasyDarwin开源流媒体服务器支持basic基本认证和digest摘要自定义认证》

EasyDarwin Token认证方式

我们可以自定义一个EasyDarwin的Module，再在上述中的RTSPSession::SetupRequest中，将token以参数的形式传递给Module进行认证处理，其处理流程可以模仿《EasyDarwin开源流媒体服务器支持basic基本认证和digest摘要自定义认证》中的流程进行；

Github

EasyDarwin开源流媒体服务器：https://github.com/EasyDarwin/EasyDarwin

获取更多信息

邮件：support@easydarwin.org

WEB：www.EasyDarwin.org

Copyright © EasyDarwin.org 2012-2016