web hook不再直接放行来自127.0.0.1播放鉴权请求

防止代理越过鉴权

web hook不再直接放行来自127.0.0.1播放鉴权请求
防止代理越过鉴权
2bcbff09 · xia-chu · 2c8a4686 · 2bcbff09
Commit 2bcbff09 authored Jul 27, 2023 by xia-chu
--- a/server/WebHook.cpp
+++ b/server/WebHook.cpp
@@ -332,7 +332,7 @@ void installWebHook() {

    NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPublish, [](BroadcastMediaPublishArgs) {
        GET_CONFIG(string, hook_publish, Hook::kOnPublish);
-        if (!hook_enable || hook_publish.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_publish.empty()) {
            invoker("", ProtocolOption());
            return;
        }
@@ -357,7 +357,7 @@ void installWebHook() {

    NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPlayed, [](BroadcastMediaPlayedArgs) {
        GET_CONFIG(string, hook_play, Hook::kOnPlay);
-        if (!hook_enable || hook_play.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_play.empty()) {
            invoker("");
            return;
        }
@@ -371,7 +371,7 @@ void installWebHook() {

    NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastFlowReport, [](BroadcastFlowReportArgs) {
        GET_CONFIG(string, hook_flowreport, Hook::kOnFlowReport);
-        if (!hook_enable || hook_flowreport.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_flowreport.empty()) {
            return;
        }
        auto body = make_json(args);
@@ -390,7 +390,7 @@ void installWebHook() {
    // 监听kBroadcastOnGetRtspRealm事件决定rtsp链接是否需要鉴权(传统的rtsp鉴权方案)才能访问
    NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastOnGetRtspRealm, [](BroadcastOnGetRtspRealmArgs) {
        GET_CONFIG(string, hook_rtsp_realm, Hook::kOnRtspRealm);
-        if (!hook_enable || hook_rtsp_realm.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_rtsp_realm.empty()) {
            // 无需认证
            invoker("");
            return;
@@ -539,7 +539,7 @@ void installWebHook() {

    NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastShellLogin, [](BroadcastShellLoginArgs) {
        GET_CONFIG(string, hook_shell_login, Hook::kOnShellLogin);
-        if (!hook_enable || hook_shell_login.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_shell_login.empty()) {
            invoker("");
            return;
        }
@@ -617,11 +617,6 @@ void installWebHook() {
    // 追踪用户的目的是为了缓存上次鉴权结果，减少鉴权次数，提高性能
    NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastHttpAccess, [](BroadcastHttpAccessArgs) {
        GET_CONFIG(string, hook_http_access, Hook::kOnHttpAccess);
-        if (sender.get_peer_ip() == "127.0.0.1") {
-            // 如果是本机或超级管理员访问，那么不做访问鉴权；权限有效期1个小时
-            invoker("", "", 60 * 60);
-            return;
-        }
        if (!hook_enable || hook_http_access.empty()) {
            // 未开启http文件访问鉴权，那么允许访问，但是每次访问都要鉴权；
            // 因为后续随时都可能开启鉴权(重载配置文件后可能重新开启鉴权)