added routes and auth for devices and users for MediaMTX server

2025-09-25 18:47:25 +03:00
parent 4c4d254852
commit e0490e42c5
6 changed files with 452 additions and 7 deletions
--- a/server/internal/crypto/jwt.go
+++ b/server/internal/crypto/jwt.go
@@ -1,8 +1,11 @@
 package crypto

 import (
+	"fmt"
 	"time"

+	"smoop-api/internal/dto"
+
 	"github.com/golang-jwt/jwt/v5"
 )

@@ -28,3 +31,33 @@ func (j *JWTManager) Generate(userID uint, username, role string) (string, error
 func (j *JWTManager) Parse(tok string) (*jwt.Token, error) {
 	return jwt.Parse(tok, func(t *jwt.Token) (interface{}, error) { return j.secret, nil })
 }
+
+func (j *JWTManager) GenerateMediaToken(sub uint, act, path string, ttl time.Duration) (string, error) {
+	now := time.Now()
+	claims := dto.MediaClaims{
+		Act:  act,
+		Path: path,
+		RegisteredClaims: jwt.RegisteredClaims{
+			Subject:   fmt.Sprintf("%d", sub),
+			IssuedAt:  jwt.NewNumericDate(now),
+			ExpiresAt: jwt.NewNumericDate(now.Add(ttl)),
+		},
+	}
+	t := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return t.SignedString([]byte(j.secret))
+}
+
+// NEW: parse a media token into typed claims
+func (j *JWTManager) ParseMedia(tokenStr string) (*dto.MediaClaims, error) {
+	tok, err := jwt.ParseWithClaims(tokenStr, &dto.MediaClaims{}, func(t *jwt.Token) (interface{}, error) {
+		return []byte(j.secret), nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	mc, ok := tok.Claims.(*dto.MediaClaims)
+	if !ok || !tok.Valid {
+		return nil, fmt.Errorf("invalid media token")
+	}
+	return mc, nil
+}