diff --git a/nginx/dev.conf b/nginx/dev.conf index 80850ed..4b62800 100644 --- a/nginx/dev.conf +++ b/nginx/dev.conf @@ -144,9 +144,9 @@ server { # MediaMTX HLS location ^~ /hls/ { - if ($ssl_client_verify != SUCCESS) { - return 495; - } + # if ($ssl_client_verify != SUCCESS) { + # return 495; + # } proxy_pass http://mediamtx:8888/; } diff --git a/server/internal/handlers/mediamtx.go b/server/internal/handlers/mediamtx.go index 0e96992..0528939 100644 --- a/server/internal/handlers/mediamtx.go +++ b/server/internal/handlers/mediamtx.go @@ -1,8 +1,10 @@ package handlers import ( + "bytes" "encoding/json" "fmt" + "io" "net/http" "net/url" "smoop-api/internal/config" @@ -30,6 +32,10 @@ func NewMediaMTXHandler(db *gorm.DB, jwt *crypto.JWTManager, c config.MediaMTXCo // POST /mediamtx/auth func (h *MediaMTXHandler) Auth(c *gin.Context) { var req dto.MediaMTXAuthReq + body, _ := c.GetRawData() + c.Request.Body = io.NopCloser(bytes.NewReader(body)) + + c.Writer.WriteString(fmt.Sprintf("DEBUG BODY:\n%s\n", string(body))) if err := c.ShouldBindJSON(&req); err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": "bad auth body"}) return @@ -37,8 +43,13 @@ func (h *MediaMTXHandler) Auth(c *gin.Context) { // token can come from Authorization: Bearer or from query (?token=) tok := extractBearer(c.GetHeader("Authorization")) + + if tok == "" && req.Query != "" { + tok = tokenFromQuery(req.Query) // Parse "token=" from the raw query string + } + if tok == "" { - tok = tokenFromQuery(req.Query) + tok = strings.TrimSpace(req.Token) } if tok == "" { c.JSON(http.StatusUnauthorized, gin.H{"error": "missing token"}) @@ -89,7 +100,8 @@ func tokenFromQuery(raw string) string { if raw == "" { return "" } - q, _ := url.ParseQuery(raw) + s := strings.TrimPrefix(raw, "?") + q, _ := url.ParseQuery(s) return q.Get("token") } @@ -116,6 +128,9 @@ func (h *MediaMTXHandler) canRead(sub, path string) bool { } func (h *MediaMTXHandler) canPublish(sub, path string) bool { // For devices you may use sub=0 or map to a device row; here: allow admins only + if sub == "0" { + return true + } var u models.User if err := h.db.Where("id = ?", sub).First(&u).Error; err == nil && u.Role == models.RoleAdmin { return true @@ -314,3 +329,14 @@ func (h *MediaMTXHandler) KickWebRTCSessionsByPath(path string) error { } return nil } + +func BodyLogger() gin.HandlerFunc { + return func(c *gin.Context) { + if c.Request.Method == "POST" && strings.Contains(c.Request.URL.Path, "/mediamtx/auth") { + body, _ := c.GetRawData() + fmt.Fprintf(gin.DefaultWriter, "[MTX-AUTH] %s\n", string(body)) + c.Request.Body = io.NopCloser(bytes.NewBuffer(body)) + } + c.Next() + } +} diff --git a/server/internal/router/router.go b/server/internal/router/router.go index eda96b0..ff552c3 100644 --- a/server/internal/router/router.go +++ b/server/internal/router/router.go @@ -15,7 +15,10 @@ import ( ) func Build(db *gorm.DB, minio *minio.Client, cfg *config.Config) *gin.Engine { - r := gin.Default() + // r := gin.Default() + + r := gin.New() + r.Use(handlers.BodyLogger(), gin.Logger(), gin.Recovery()) jwtMgr := crypto.NewJWT(cfg.JWTSecret)