feat(helper): add library for AccessRole with SignedPolicy #1
1
go.mod
1
go.mod
|
@ -11,6 +11,7 @@ require (
|
||||||
github.com/prometheus/client_golang v1.14.0
|
github.com/prometheus/client_golang v1.14.0
|
||||||
github.com/prometheus/common v0.40.0 // indirect
|
github.com/prometheus/common v0.40.0 // indirect
|
||||||
github.com/prometheus/procfs v0.9.0 // indirect
|
github.com/prometheus/procfs v0.9.0 // indirect
|
||||||
|
github.com/stretchr/testify v1.8.2 // indirect
|
||||||
go.uber.org/atomic v1.10.0 // indirect
|
go.uber.org/atomic v1.10.0 // indirect
|
||||||
go.uber.org/multierr v1.9.0 // indirect
|
go.uber.org/multierr v1.9.0 // indirect
|
||||||
go.uber.org/zap v1.24.0
|
go.uber.org/zap v1.24.0
|
||||||
|
|
3
go.sum
3
go.sum
|
@ -468,6 +468,7 @@ github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5J
|
||||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
|
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
|
||||||
|
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
|
||||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||||
|
@ -476,6 +477,8 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
|
||||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||||
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
||||||
|
github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
|
||||||
|
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
||||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
||||||
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
|
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
|
||||||
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
|
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
|
||||||
|
|
|
@ -0,0 +1,63 @@
|
||||||
|
package helper
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/hmac"
|
||||||
|
"crypto/sha1"
|
||||||
|
"encoding/base64"
|
||||||
|
"encoding/json"
|
||||||
|
"net/url"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Policy struct {
|
||||||
|
URLExpire int `json:"url_expire"`
|
||||||
|
URLActivate int `json:"url_activate,omitempty"`
|
||||||
|
StreamExpire int `json:"stream_expire,omitempty"`
|
||||||
|
AllowIP string `json:"allow_ip,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p Policy) Encode() (string, error) {
|
||||||
|
str, err := json.Marshal(p)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
return base64.RawStdEncoding.EncodeToString(str), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func SignEncodedPolicy(u *url.URL, secretKey string) string {
|
||||||
|
hasher := hmac.New(sha1.New, []byte(secretKey))
|
||||||
|
hasher.Write([]byte(u.String()))
|
||||||
|
return base64.RawURLEncoding.EncodeToString(hasher.Sum(nil))
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p Policy) SignWithQuery(u *url.URL, secretKey, encodeQuery string) (string, error) {
|
||||||
|
encode, err := p.Encode()
|
||||||
|
if err != nil {
|
||||||
|
return "", nil
|
||||||
|
}
|
||||||
|
query := u.Query()
|
||||||
|
query.Add(encodeQuery, encode)
|
||||||
|
u.RawQuery = query.Encode()
|
||||||
|
return SignEncodedPolicy(u, secretKey), nil
|
||||||
|
}
|
||||||
|
func (p Policy) Sign(u *url.URL, secretKey string) (string, error) {
|
||||||
|
return p.SignWithQuery(u, secretKey, "policy")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p Policy) SignURLWithQuery(u *url.URL, secretKey, encodeQuery, signatureQuery string) error {
|
||||||
|
encode, err := p.Encode()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
query := u.Query()
|
||||||
|
query.Add(encodeQuery, encode)
|
||||||
|
u.RawQuery = query.Encode()
|
||||||
|
|
||||||
|
signature := SignEncodedPolicy(u, secretKey)
|
||||||
|
query.Add(signatureQuery, signature)
|
||||||
|
u.RawQuery = query.Encode()
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
func (p Policy) SignURL(u *url.URL, secretKey string) error {
|
||||||
|
return p.SignURLWithQuery(u, secretKey, "policy", "signature")
|
||||||
|
}
|
|
@ -0,0 +1,57 @@
|
||||||
|
// https://airensoft.gitbook.io/ovenmediaengine/access-control/signedpolicy
|
||||||
|
package helper
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/url"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
examplePolicyEncode = "eyJ1cmxfZXhwaXJlIjoxMzk5NzIxNTgxfQ"
|
||||||
|
exampleSecretKey = "1kU^b6"
|
||||||
|
exampleURL = "ws://192.168.0.100:3333/app/stream"
|
||||||
|
exampleSignature = "dvVdBpoxAeCPl94Kt5RoiqLI0YE"
|
||||||
|
exampleURLWithSignatureAndPolicy = "ws://192.168.0.100/app/stream?policy=eyJ1cmxfZXhwaXJlIjoxMzk5NzIxNTgxfQ&signature=dvVdBpoxAeCPl94Kt5RoiqLI0YE"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
examplePolicy = Policy{
|
||||||
|
URLExpire: 1399721581,
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestPolicyEncode(t *testing.T) {
|
||||||
|
assert := assert.New(t)
|
||||||
|
|
||||||
|
encode, err := examplePolicy.Encode()
|
||||||
|
assert.NoError(err)
|
||||||
|
assert.Equal(examplePolicyEncode, encode)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestPolicySign(t *testing.T) {
|
||||||
|
assert := assert.New(t)
|
||||||
|
|
||||||
|
u, err := url.Parse(exampleURL)
|
||||||
|
assert.NoError(err)
|
||||||
|
|
||||||
|
sign, err := examplePolicy.Sign(u, exampleSecretKey)
|
||||||
|
assert.NoError(err)
|
||||||
|
assert.Equal(exampleSignature, sign)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestPolicySignURL(t *testing.T) {
|
||||||
|
assert := assert.New(t)
|
||||||
|
|
||||||
|
u, err := url.Parse(exampleURL)
|
||||||
|
assert.NoError(err)
|
||||||
|
|
||||||
|
err = examplePolicy.SignURL(u, exampleSecretKey)
|
||||||
|
assert.NoError(err)
|
||||||
|
|
||||||
|
// drop port -> is not part of example
|
||||||
|
u.Host = u.Hostname()
|
||||||
|
|
||||||
|
assert.Equal(exampleURLWithSignatureAndPolicy, u.String())
|
||||||
|
}
|
Loading…
Reference in New Issue