WHIP: Improve WHIP deletion by token verification. v5.0.164, v6.0.58 (#3595)

------ Co-authored-by: chundonglinlin <chundonglinlin@163.com>
2 years ago · b1d1c7abe5
parent fe230365ab
commit b1d1c7abe5
9 changed files with 32 additions and 7 deletions
--- a/trunk/doc/CHANGELOG.md
+++ b/trunk/doc/CHANGELOG.md
@ -8,6 +8,7 @@ The changelog for SRS.

 ## SRS 6.0 Changelog

+* v6.0, 2023-07-01, Merge [#3595](https://github.com/ossrs/srs/pull/3595): WHIP: Improve WHIP deletion by token verification. v6.0.58 (#3595)
 * v6.0, 2023-07-01, Merge [#3605](https://github.com/ossrs/srs/pull/3605): BugFix: Resolve the problem of srs_error_t memory leak. v6.0.57 (#3605)
 * v6.0, 2023-06-30, Merge [#3596](https://github.com/ossrs/srs/pull/3596): Improve the usage of "transcode" in the "full.conf" file. v6.0.56 (#3596)
 * v6.0, 2023-06-21, Merge [#3551](https://github.com/ossrs/srs/pull/3551): H264: Fix H.264 ISOM reserved bit value. v6.0.55 (#3551)
@ -71,6 +72,7 @@ The changelog for SRS.

 ## SRS 5.0 Changelog

+* v5.0, 2023-07-01, Merge [#3595](https://github.com/ossrs/srs/pull/3595): WHIP: Improve WHIP deletion by token verification. v5.0.164 (#3595)
 * v5.0, 2023-07-01, Merge [#3605](https://github.com/ossrs/srs/pull/3605): BugFix: Resolve the problem of srs_error_t memory leak. v5.0.163 (#3605)
 * v5.0, 2023-06-30, Merge [#3596](https://github.com/ossrs/srs/pull/3596): Improve the usage of "transcode" in the "full.conf" file. v5.0.162 (#3596)
 * v5.0, 2023-06-21, Merge [#3551](https://github.com/ossrs/srs/pull/3551): H264: Fix H.264 ISOM reserved bit value. v5.0.161 (#3551)
--- a/trunk/src/app/srs_app_rtc_api.cpp
+++ b/trunk/src/app/srs_app_rtc_api.cpp
@ -241,6 +241,7 @@ srs_error_t SrsGoApiRtcPlay::serve_http(ISrsHttpResponseWriter* w, ISrsHttpMessa

    ruc->local_sdp_str_ = local_sdp_str;
    ruc->session_id_ = session->username();
+    ruc->token_ = session->token();

    srs_trace("RTC username=%s, dtls=%u, srtp=%u, offer=%dB, answer=%dB", session->username().c_str(),
        ruc->dtls_, ruc->srtp_, ruc->remote_sdp_str_.length(), local_sdp_escaped.length());
@ -510,6 +511,7 @@ srs_error_t SrsGoApiRtcPublish::serve_http(ISrsHttpResponseWriter* w, ISrsHttpMe

    ruc->local_sdp_str_ = local_sdp_str;
    ruc->session_id_ = session->username();
+    ruc->token_ = session->token();

    srs_trace("RTC username=%s, offer=%dB, answer=%dB", session->username().c_str(),
        ruc->remote_sdp_str_.length(), local_sdp_escaped.length());
@ -603,7 +605,16 @@ srs_error_t SrsGoApiRtcWhip::serve_http(ISrsHttpResponseWriter* w, ISrsHttpMessa
    // TODO: FIXME: Stop and cleanup the RTC session.
    if (r->method() == SRS_CONSTS_HTTP_DELETE) {
        string username = r->query_get("session");
+        string token = r->query_get("token");
+        if (token.empty()) {
+            return srs_error_new(ERROR_RTC_INVALID_SESSION, "token empty");
+        }
+
        SrsRtcConnection* session = server_->find_session_by_username(username);
+        if (session && token != session->token()) {
+            return srs_error_new(ERROR_RTC_INVALID_SESSION, "token %s not match", token.c_str());
+        }
+
        if (session) session->expire();
        srs_trace("WHIP: Delete session=%s, p=%p, url=%s", username.c_str(), session, r->url().c_str());

@ -626,8 +637,8 @@ srs_error_t SrsGoApiRtcWhip::serve_http(ISrsHttpResponseWriter* w, ISrsHttpMessa
    // Setup the content type to SDP.
    w->header()->set("Content-Type", "application/sdp");
    // The location for DELETE resource, not required by SRS, but required by WHIP.
-    w->header()->set("Location", srs_fmt("/rtc/v1/whip/?action=delete&app=%s&stream=%s&session=%s",
-        ruc.req_->app.c_str(), ruc.req_->stream.c_str(), ruc.session_id_.c_str()));
+    w->header()->set("Location", srs_fmt("/rtc/v1/whip/?action=delete&token=%s&app=%s&stream=%s&session=%s",
+        ruc.token_.c_str(), ruc.req_->app.c_str(), ruc.req_->stream.c_str(), ruc.session_id_.c_str()));
    w->header()->set_content_length((int64_t)sdp.length());
    // Must be 201, see https://datatracker.ietf.org/doc/draft-ietf-wish-whip/
    w->write_header(201);
--- a/trunk/src/app/srs_app_rtc_conn.cpp
+++ b/trunk/src/app/srs_app_rtc_conn.cpp
@ -1884,6 +1884,11 @@ string SrsRtcConnection::username()
    return username_;
 }

+string SrsRtcConnection::token()
+{
+    return token_;
+}
+
 ISrsKbpsDelta* SrsRtcConnection::delta()
 {
    return networks_->delta();
@ -2004,6 +2009,7 @@ srs_error_t SrsRtcConnection::initialize(SrsRequest* r, bool dtls, bool srtp, st
    srs_error_t err = srs_success;

    username_ = username;
+    token_ = srs_random_str(9);
    req_ = r->copy();

    SrsSessionConfig* cfg = &local_sdp.session_negotiate_;
--- a/trunk/src/app/srs_app_rtc_conn.hpp
+++ b/trunk/src/app/srs_app_rtc_conn.hpp
@ -444,6 +444,8 @@ private:
 private:
    // The local:remote username, such as m5x0n128:jvOm where local name is m5x0n128.
    std::string username_;
+    // The random token to verify the WHIP DELETE request etc.
+    std::string token_;
    // A group of networks, each has its own DTLS and SRTP context.
    SrsRtcNetworks* networks_;
 private:
@ -484,6 +486,8 @@ public:
    void set_state_as_waiting_stun();
    // Get username pair for this connection, used as ID of session.
    std::string username();
+    // Get the token for verify this session, for example, when delete session by WHIP API.
+    std::string token();
 public:
    virtual ISrsKbpsDelta* delta();
 // Interface ISrsResource.
--- a/trunk/src/app/srs_app_rtc_server.hpp
+++ b/trunk/src/app/srs_app_rtc_server.hpp
@ -62,6 +62,7 @@ public:
    // Session data.
    std::string local_sdp_str_;
    std::string session_id_;
+    std::string token_;

    // Generated data.
    SrsRequest* req_;
--- a/trunk/src/core/srs_core_version5.hpp
+++ b/trunk/src/core/srs_core_version5.hpp
@ -9,6 +9,6 @@

 #define VERSION_MAJOR       5
 #define VERSION_MINOR       0
-#define VERSION_REVISION    163
+#define VERSION_REVISION    164

 #endif
--- a/trunk/src/core/srs_core_version6.hpp
+++ b/trunk/src/core/srs_core_version6.hpp
@ -9,6 +9,6 @@

 #define VERSION_MAJOR       6
 #define VERSION_MINOR       0
-#define VERSION_REVISION    57
+#define VERSION_REVISION    58

 #endif
--- a/trunk/src/kernel/srs_kernel_error.hpp
+++ b/trunk/src/kernel/srs_kernel_error.hpp
@ -373,7 +373,8 @@
    XX(ERROR_RTC_TCP_SIZE                  , 5032, "RtcTcpSize", "RTC TCP packet size is invalid") \
    XX(ERROR_RTC_TCP_PACKET                , 5033, "RtcTcpStun", "RTC TCP first packet must be STUN") \
    XX(ERROR_RTC_TCP_STUN                  , 5034, "RtcTcpSession", "RTC TCP packet is invalid for session not found") \
-    XX(ERROR_RTC_TCP_UNIQUE                , 5035, "RtcUnique", "RTC only support one UDP or TCP network")
+    XX(ERROR_RTC_TCP_UNIQUE                , 5035, "RtcUnique", "RTC only support one UDP or TCP network") \
+    XX(ERROR_RTC_INVALID_SESSION           , 5036, "RtcInvalidSession", "Invalid request for no RTC session matched")

 /**************************************************/
 /* SRT protocol error. */
--- a/trunk/src/protocol/srs_protocol_raw_avc.cpp
+++ b/trunk/src/protocol/srs_protocol_raw_avc.cpp
@ -157,14 +157,14 @@ srs_error_t SrsRawH264Stream::mux_sequence_header(string sps, string pps, string
        stream.write_1bytes(level_idc);
        // lengthSizeMinusOne, or NAL_unit_length, always use 4bytes size,
        // so we always set it to 0x03.
-        stream.write_1bytes(0xfc | 0x03);
+        stream.write_1bytes(uint8_t(0xfc | 0x03));
    }
    
    // sps
    if (true) {
        // 5.3.4.2.1 Syntax, ISO_IEC_14496-15-AVC-format-2012.pdf, page 16
        // numOfSequenceParameterSets, always 1
-        stream.write_1bytes(0xe0 | 0x01);
+        stream.write_1bytes(uint8_t(0xe0 | 0x01));
        // sequenceParameterSetLength
        stream.write_2bytes((int16_t)sps.length());
        // sequenceParameterSetNALUnit