[*] 优化
This commit is contained in:
acgist
@@ -7,9 +7,11 @@ import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.util.AntPathMatcher;
|
||||
|
||||
import com.acgist.taoyao.boot.interceptor.InterceptorAdapter;
|
||||
import com.acgist.taoyao.boot.property.SecurityProperties;
|
||||
import com.acgist.taoyao.signal.service.SecurityService;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
@@ -23,6 +25,10 @@ import lombok.extern.slf4j.Slf4j;
|
||||
@Slf4j
|
||||
public class SecurityInterceptor extends InterceptorAdapter {
|
||||
|
||||
private AntPathMatcher matcher = new AntPathMatcher();
|
||||
|
||||
@Autowired
|
||||
private SecurityService securityService;
|
||||
@Autowired
|
||||
private SecurityProperties securityProperties;
|
||||
|
||||
@@ -46,6 +52,9 @@ public class SecurityInterceptor extends InterceptorAdapter {
|
||||
if(this.permit(request) || this.authorization(request)) {
|
||||
return true;
|
||||
}
|
||||
if(log.isInfoEnabled()) {
|
||||
log.info("授权失败:{}", request.getRequestURL());
|
||||
}
|
||||
response.setStatus(HttpStatus.UNAUTHORIZED.value());
|
||||
response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic Realm=\"" + this.securityProperties.getRealm() + "\"");
|
||||
return false;
|
||||
@@ -58,12 +67,12 @@ public class SecurityInterceptor extends InterceptorAdapter {
|
||||
*/
|
||||
private boolean permit(HttpServletRequest request) {
|
||||
final String uri = request.getRequestURI();
|
||||
if(ArrayUtils.isEmpty(this.securityProperties.getPermit())) {
|
||||
final String[] permit = this.securityProperties.getPermit();
|
||||
if(ArrayUtils.isEmpty(permit)) {
|
||||
return false;
|
||||
}
|
||||
for (String permit : this.securityProperties.getPermit()) {
|
||||
if(StringUtils.startsWith(uri, permit)) {
|
||||
log.debug("授权成功(许可请求):{}-{}", uri, permit);
|
||||
for (String pattern : permit) {
|
||||
if(this.matcher.match(pattern, uri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -76,7 +85,6 @@ public class SecurityInterceptor extends InterceptorAdapter {
|
||||
* @return 是否授权成功
|
||||
*/
|
||||
private boolean authorization(HttpServletRequest request) {
|
||||
final String uri = request.getRequestURI();
|
||||
String authorization = request.getHeader(HttpHeaders.AUTHORIZATION);
|
||||
if(StringUtils.isEmpty(authorization)) {
|
||||
return false;
|
||||
@@ -86,11 +94,13 @@ public class SecurityInterceptor extends InterceptorAdapter {
|
||||
}
|
||||
authorization = authorization.substring(SecurityProperties.BASIC.length()).strip();
|
||||
authorization = new String(Base64.getDecoder().decode(authorization));
|
||||
if(!authorization.equals(this.securityProperties.getAuthorization())) {
|
||||
final int index = authorization.indexOf(':');
|
||||
if(index < 0) {
|
||||
return false;
|
||||
}
|
||||
log.debug("授权成功(Basic):{}-{}", uri, authorization);
|
||||
return true;
|
||||
final String username = authorization.substring(0, index);
|
||||
final String password = authorization.substring(index + 1);
|
||||
return this.securityService.authenticate(username, password);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
taoyao:
|
||||
security:
|
||||
permit: /v3/api-docs/**,/swagger-ui/**,/swagger-ui.html,/,/error,/index.html,/favicon.ico
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
taoyao:
|
||||
security:
|
||||
permit: /favicon.ico,/error
|
||||
|
||||
@@ -67,6 +67,12 @@ taoyao:
|
||||
bitrate: 1200
|
||||
frame-rate: 24
|
||||
resolution: 1920*1080
|
||||
# 超清视频
|
||||
most-video:
|
||||
format: H264
|
||||
bitrate: 1200
|
||||
frame-rate: 24
|
||||
resolution: 1920*1080
|
||||
# 高清视频
|
||||
high-video:
|
||||
format: H264
|
||||
@@ -87,18 +93,13 @@ taoyao:
|
||||
resolution: 640*480
|
||||
# WebRTC配置
|
||||
webrtc:
|
||||
# 架构模式
|
||||
framework: MESH
|
||||
# 媒体端口范围
|
||||
min-port: 40000
|
||||
max-port: 49999
|
||||
# 公共服务
|
||||
# STUN服务
|
||||
stun:
|
||||
- stun:stun1.l.google.com:19302
|
||||
- stun:stun2.l.google.com:19302
|
||||
- stun:stun3.l.google.com:19302
|
||||
- stun:stun4.l.google.com:19302
|
||||
# 自己搭建:coturn
|
||||
# TURN服务:coturn
|
||||
turn:
|
||||
- turn:127.0.0.1:8888
|
||||
- turn:127.0.0.1:8888
|
||||
@@ -111,24 +112,35 @@ taoyao:
|
||||
schema: wss
|
||||
websocket: /websocket.signal
|
||||
# Mediasoup服务配置:可以部署多个简单实现负载均衡
|
||||
mediasoup:
|
||||
host: 127.0.0.1
|
||||
#host: 192.168.8.110
|
||||
port: 4443
|
||||
schema: wss
|
||||
websocket: /websocket.signal
|
||||
username: taoyao
|
||||
password: taoyao
|
||||
mediasoup-list:
|
||||
- host: 127.0.0.1
|
||||
#host: 192.168.8.110
|
||||
port: 4443
|
||||
schema: wss
|
||||
websocket: /websocket.signal
|
||||
username: taoyao
|
||||
password: taoyao
|
||||
- host: 127.0.0.1
|
||||
#host: 192.168.8.110
|
||||
port: 4443
|
||||
schema: wss
|
||||
websocket: /websocket.signal
|
||||
username: taoyao
|
||||
password: taoyao
|
||||
# 录像配置
|
||||
record:
|
||||
storage: /data/record
|
||||
# 安全配置
|
||||
security:
|
||||
enabled: true
|
||||
realm: taoyao
|
||||
permit: /v3/api-docs/,/swagger-ui/,/swagger-ui.html,/favicon.ico,/error
|
||||
permit: /,/error,/index.html,/favicon.ico
|
||||
username: taoyao
|
||||
password: taoyao
|
||||
# 定时任务
|
||||
scheduled:
|
||||
session: 0 * * * * ?
|
||||
# 集群节点
|
||||
node-list:
|
||||
- host: localhost
|
||||
port: 8888
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 17 KiB |
Reference in New Issue
Block a user