hydrar/mistserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

X-Real-IP support

Browse source
This commit is contained in:
Erik Zandvliet 2016-02-02 13:28:25 +01:00 committed by Thulinma
parent 53febd82d1
commit c0b5f0d4b1
6 changed files with 78 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/output/output.cpp
View file

@ -132,7 +132,7 @@ namespace Mist {
sought = false; sought = false;
/*LTS-START*/ /*LTS-START*/
if(Triggers::shouldTrigger("CONN_PLAY", streamName)){ if(Triggers::shouldTrigger("CONN_PLAY", streamName)){
std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl; std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl;
if (!Triggers::doTrigger("CONN_PLAY", payload, streamName)){ if (!Triggers::doTrigger("CONN_PLAY", payload, streamName)){
myConn.close(); myConn.close();
} }
@ -745,7 +745,7 @@ namespace Mist {
int Output::run() { int Output::run() {
/*LTS-START*/ /*LTS-START*/
if(Triggers::shouldTrigger("CONN_OPEN", streamName)){ if(Triggers::shouldTrigger("CONN_OPEN", streamName)){
std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl; std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl;
if (!Triggers::doTrigger("CONN_OPEN", payload, streamName)){ if (!Triggers::doTrigger("CONN_OPEN", payload, streamName)){
return 1; return 1;
} }
@ -779,7 +779,7 @@ namespace Mist {
/*LTS-START*/ /*LTS-START*/
if(Triggers::shouldTrigger("CONN_CLOSE", streamName)){ if(Triggers::shouldTrigger("CONN_CLOSE", streamName)){
std::string payload = streamName+"\n"+myConn.getHost()+"\n"+capa["name"].asStringRef()+"\n"+reqUrl; ///\todo generate payload std::string payload = streamName+"\n"+getConnectedHost()+"\n"+capa["name"].asStringRef()+"\n"+reqUrl; ///\todo generate payload
Triggers::doTrigger("CONN_CLOSE", payload, streamName); //no stream specified Triggers::doTrigger("CONN_CLOSE", payload, streamName); //no stream specified
} }
/*LTS-END*/ /*LTS-END*/
@ -836,7 +836,7 @@ namespace Mist {
onFinish(); onFinish();
/*LTS-START*/ /*LTS-START*/
if(Triggers::shouldTrigger("CONN_STOP", streamName)){ if(Triggers::shouldTrigger("CONN_STOP", streamName)){
std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"; std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n";
Triggers::doTrigger("CONN_STOP", payload, streamName); Triggers::doTrigger("CONN_STOP", payload, streamName);
} }
/*LTS-END*/ /*LTS-END*/

2
src/output/output.h
View file

@ -85,6 +85,8 @@ namespace Mist {
bool onList(std::string ip, std::string list); bool onList(std::string ip, std::string list);
std::string getCountry(std::string ip); std::string getCountry(std::string ip);
/*LTS-END*/ /*LTS-END*/
std::map<unsigned long, unsigned int> currKeyOpen; std::map<unsigned long, unsigned int> currKeyOpen;
void loadPageForKey(long unsigned int trackId, long long int keyNum); void loadPageForKey(long unsigned int trackId, long long int keyNum);
int pageNumForKey(long unsigned int trackId, long long int keyNum); int pageNumForKey(long unsigned int trackId, long long int keyNum);

62
src/output/output_http.cpp
View file

@ -2,6 +2,7 @@
#include "output_http.h" #include "output_http.h"
#include <mist/stream.h> #include <mist/stream.h>
#include <mist/checksum.h> #include <mist/checksum.h>
#include <set>
namespace Mist { namespace Mist {
HTTPOutput::HTTPOutput(Socket::Connection & conn) : Output(conn) { HTTPOutput::HTTPOutput(Socket::Connection & conn) : Output(conn) {
@ -334,4 +335,65 @@ namespace Mist {
execv(argarr[0], argarr); execv(argarr[0], argarr);
} }
/*LTS-START*/
std::string HTTPOutput::getConnectedHost(){
std::string host = Output::getConnectedHost();
std::string xRealIp = H.GetHeader("x-real-ip");
if (!isTrustedProxy(host) || !xRealIp.size()){
static bool msg = false;
if (xRealIp.size() && !msg){
WARN_MSG("Host %s is attempting to act as a proxy, but not trusted", host.c_str());
msg = true;
}
return host;
}
return xRealIp;
}
std::string HTTPOutput::getConnectedBinHost(){
//Do first check with connected host because of simplicity
std::string host = Output::getConnectedHost();
std::string xRealIp = H.GetHeader("x-real-ip");
if (!isTrustedProxy(host) || !xRealIp.size()){
static bool msg = false;
if (xRealIp.size() && !msg){
WARN_MSG("Host %s is attempting to act as a proxy, but not trusted", host.c_str());
msg = true;
}
return Output::getConnectedBinHost();
}
Socket::Connection binConn;
binConn.setHost(xRealIp);
return binConn.getBinHost();
}
bool HTTPOutput::isTrustedProxy(const std::string & ip){
static std::set<std::string> trustedProxies;
if (!trustedProxies.size()){
trustedProxies.insert("::1");
trustedProxies.insert("127.0.0.1");
IPC::sharedPage serverCfg("!mistConfig", DEFAULT_CONF_PAGE_SIZE, false, false); ///< Open server config
IPC::semaphore configLock("!mistConfLock", O_CREAT | O_RDWR, ACCESSPERMS, 1);
configLock.wait();
std::string trustedList = DTSC::Scan(serverCfg.mapped, serverCfg.len).getMember("config").getMember("trustedproxy").asString();
configLock.post();
configLock.close();
size_t pos = 0;
size_t endPos;
while (pos != std::string::npos){
endPos = trustedList.find(" ", pos);
trustedProxies.insert(trustedList.substr(pos, endPos - pos));
pos = endPos;
if (pos != std::string::npos){
pos++;
}
}
}
return trustedProxies.count(ip);
}
/*LTS-END*/
} }

3
src/output/output_http.h
View file

@ -19,5 +19,8 @@ namespace Mist {
std::string getHandler(); std::string getHandler();
protected: protected:
HTTP::Parser H; HTTP::Parser H;
std::string getConnectedHost();//LTS
std::string getConnectedBinHost();//LTS
bool isTrustedProxy(const std::string & ip);//LTS
}; };
} }

8
src/output/output_rtmp.cpp
View file

@ -489,11 +489,11 @@ namespace Mist {
/*LTS-START*/ /*LTS-START*/
if(Triggers::shouldTrigger("RTMP_PUSH_REWRITE")){ if(Triggers::shouldTrigger("RTMP_PUSH_REWRITE")){
std::string payload = reqUrl+"\n" + myConn.getHost(); std::string payload = reqUrl+"\n" + getConnectedHost();
std::string newUrl = ""; std::string newUrl = "";
Triggers::doTrigger("RTMP_PUSH_REWRITE", payload, "", false, newUrl); Triggers::doTrigger("RTMP_PUSH_REWRITE", payload, "", false, newUrl);
if (!newUrl.size()){ if (!newUrl.size()){
FAIL_MSG("Push from %s to URL %s rejected - RTMP_PUSH_REWRITE trigger blanked the URL", myConn.getHost().c_str(), reqUrl.c_str()); FAIL_MSG("Push from %s to URL %s rejected - RTMP_PUSH_REWRITE trigger blanked the URL", getConnectedHost().c_str(), reqUrl.c_str());
myConn.close(); myConn.close();
return; return;
} }
@ -551,9 +551,9 @@ namespace Mist {
} }
} }
if(Triggers::shouldTrigger("STREAM_PUSH", smp)){ if(Triggers::shouldTrigger("STREAM_PUSH", smp)){
std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl; std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl;
if (!Triggers::doTrigger("STREAM_PUSH", payload, smp)){ if (!Triggers::doTrigger("STREAM_PUSH", payload, smp)){
DEBUG_MSG(DLVL_FAIL, "Push from %s to %s rejected - STREAM_PUSH trigger denied the push", myConn.getHost().c_str(), streamName.c_str()); DEBUG_MSG(DLVL_FAIL, "Push from %s to %s rejected - STREAM_PUSH trigger denied the push", getConnectedHost().c_str(), streamName.c_str());
myConn.close(); myConn.close();
configLock.post(); configLock.post();
configLock.close(); configLock.close();

6
src/output/output_rtsp.cpp
View file

@ -145,7 +145,7 @@ namespace Mist {
streamName = HTTP_R.url.substr(found + 1, HTTP_R.url.substr(found + 1).find('/')); streamName = HTTP_R.url.substr(found + 1, HTTP_R.url.substr(found + 1).find('/'));
Util::sanitizeName(streamName); Util::sanitizeName(streamName);
if (streamName != ""){ if (streamName != ""){
HTTP_S.SetHeader("Session", Secure::md5(HTTP_S.GetHeader("User-Agent") + myConn.getHost()) + "_" + streamName); HTTP_S.SetHeader("Session", Secure::md5(HTTP_S.GetHeader("User-Agent") + getConnectedHost()) + "_" + streamName);
} }
//set the date //set the date
@ -312,10 +312,10 @@ namespace Mist {
cPort = atol(transport.substr(port_loc, transport.rfind('-') - port_loc).c_str()); cPort = atol(transport.substr(port_loc, transport.rfind('-') - port_loc).c_str());
//find available ports locally; //find available ports locally;
int sendbuff = 4*1024*1024; int sendbuff = 4*1024*1024;
tracks[trId].data.SetDestination(myConn.getHost(), cPort); tracks[trId].data.SetDestination(getConnectedHost(), cPort);
tracks[trId].data.bind(2000 + trId * 2); tracks[trId].data.bind(2000 + trId * 2);
setsockopt(tracks[trId].data.getSock(), SOL_SOCKET, SO_SNDBUF, &sendbuff, sizeof(sendbuff)); setsockopt(tracks[trId].data.getSock(), SOL_SOCKET, SO_SNDBUF, &sendbuff, sizeof(sendbuff));
tracks[trId].rtcp.SetDestination(myConn.getHost(), cPort + 1); tracks[trId].rtcp.SetDestination(getConnectedHost(), cPort + 1);
tracks[trId].rtcp.bind(2000 + trId * 2 + 1); tracks[trId].rtcp.bind(2000 + trId * 2 + 1);
setsockopt(tracks[trId].rtcp.getSock(), SOL_SOCKET, SO_SNDBUF, &sendbuff, sizeof(sendbuff)); setsockopt(tracks[trId].rtcp.getSock(), SOL_SOCKET, SO_SNDBUF, &sendbuff, sizeof(sendbuff));
std::string source = HTTP_R.url.substr(7); std::string source = HTTP_R.url.substr(7);