checkpoint before audio stream fix

nginx/dev.conf

@@ -144,9 +144,9 @@ server {
 
   # MediaMTX HLS
   location ^~ /hls/ {
-    if ($ssl_client_verify != SUCCESS) { 
-      return 495; 
-    }
+    # if ($ssl_client_verify != SUCCESS) { 
+    #   return 495; 
+    # }
     proxy_pass http://mediamtx:8888/;
   }
 

server/internal/handlers/mediamtx.go

@@ -1,8 +1,10 @@
 package handlers
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"smoop-api/internal/config"
@@ -30,6 +32,10 @@ func NewMediaMTXHandler(db *gorm.DB, jwt *crypto.JWTManager, c config.MediaMTXCo
 // POST /mediamtx/auth
 func (h *MediaMTXHandler) Auth(c *gin.Context) {
 	var req dto.MediaMTXAuthReq
+	body, _ := c.GetRawData()
+	c.Request.Body = io.NopCloser(bytes.NewReader(body))
+
+	c.Writer.WriteString(fmt.Sprintf("DEBUG BODY:\n%s\n", string(body)))
 	if err := c.ShouldBindJSON(&req); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "bad auth body"})
 		return
@@ -37,8 +43,13 @@ func (h *MediaMTXHandler) Auth(c *gin.Context) {
 
 	// token can come from Authorization: Bearer or from query (?token=)
 	tok := extractBearer(c.GetHeader("Authorization"))
+
+	if tok == "" && req.Query != "" {
+		tok = tokenFromQuery(req.Query) // Parse "token=" from the raw query string
+	}
+
 	if tok == "" {
-		tok = tokenFromQuery(req.Query)
+		tok = strings.TrimSpace(req.Token)
 	}
 	if tok == "" {
 		c.JSON(http.StatusUnauthorized, gin.H{"error": "missing token"})
@@ -89,7 +100,8 @@ func tokenFromQuery(raw string) string {
 	if raw == "" {
 		return ""
 	}
-	q, _ := url.ParseQuery(raw)
+	s := strings.TrimPrefix(raw, "?")
+	q, _ := url.ParseQuery(s)
 	return q.Get("token")
 }
 
@@ -116,6 +128,9 @@ func (h *MediaMTXHandler) canRead(sub, path string) bool {
 }
 func (h *MediaMTXHandler) canPublish(sub, path string) bool {
 	// For devices you may use sub=0 or map to a device row; here: allow admins only
+	if sub == "0" {
+		return true
+	}
 	var u models.User
 	if err := h.db.Where("id = ?", sub).First(&u).Error; err == nil && u.Role == models.RoleAdmin {
 		return true
@@ -314,3 +329,14 @@ func (h *MediaMTXHandler) KickWebRTCSessionsByPath(path string) error {
 	}
 	return nil
 }
+
+func BodyLogger() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if c.Request.Method == "POST" && strings.Contains(c.Request.URL.Path, "/mediamtx/auth") {
+			body, _ := c.GetRawData()
+			fmt.Fprintf(gin.DefaultWriter, "[MTX-AUTH] %s\n", string(body))
+			c.Request.Body = io.NopCloser(bytes.NewBuffer(body))
+		}
+		c.Next()
+	}
+}

server/internal/router/router.go

@@ -15,7 +15,10 @@ import (
 )
 
 func Build(db *gorm.DB, minio *minio.Client, cfg *config.Config) *gin.Engine {
-	r := gin.Default()
+	// r := gin.Default()
+
+	r := gin.New()
+	r.Use(handlers.BodyLogger(), gin.Logger(), gin.Recovery())
 
 	jwtMgr := crypto.NewJWT(cfg.JWTSecret)