Flussonic Media Server documentation

How to configure two auth backend

If you are already using IPTV middleware like IPTVportal, Stalker or anything else you can meet a situation when you need to add some exceptions to authorization.

For example you want to share with your partner stream via password-protected link but you do not want to modify Middleware code.

This document will show you how to solve this problem inside Flussonic by writing simple lua auth script.

Lua auth backend Anchor Anchor x2

We will assume that your existing auth backend url is http://iptv.myservice.com/auth.php

You want to share link to your stream with password PASS

Create /etc/flussonic/auth.lua and tell flussonic about it in config file:

auth /etc/flussonic/auth.lua;

auth.lua will be following:

if req.token == "PASS" then
  return true, {}
else
  url = "http://iptv.myservice.com/auth.php?"..http.qs_encode(req)
  reply = http.get(url)
  if reply.code == 200 then
    t = {}
    if reply.headers["x-authduration"] then
      t["auth_time"] = tonumber(reply.headers["x-authduration"])
    end
    if reply.headers["x-max-sessions"] then
      t["max_sessions"] = tonumber(reply.headers["x-max-sessions"])
    end
    if reply.headers["x-userid"] then
      t["user_id"] = reply.headers["x-userid"]
    end
    return true, t
  else
    return false,{["code"] = reply.code}
  end
end

Here we check for token exception first and if it is not known, then go to original backend.

You can configure two different auth backends in the same manner.

Two auth backends Anchor Anchor x2

function convert_reply(reply)
  if reply.code == 200 then
    t = {}
    if reply.headers["x-authduration"] then
      t["auth_time"] = tonumber(reply.headers["x-authduration"])
    end
    if reply.headers["x-max-sessions"] then
      t["max_sessions"] = tonumber(reply.headers["x-max-sessions"])
    end
    if reply.headers["x-userid"] then
      t["user_id"] = reply.headers["x-userid"]
    end
    return true, t
  else
    return false,{["code"] = reply.code}
  end
end



reply1 = http.get("http://iptv1.myservice.com/auth.php?"..http.qs_encode(req))

status1, headers1 = convert_reply(reply1)
if status1 then
  return status1, headers1
end

reply2 = http.get("http://iptv2.myservice.com/auth.php?"..http.qs_encode(req))

status2, headers2 = convert_reply(reply2)

return status2, headers2

parallel_auth.erl Anchor Anchor x2

Flussonic comes with parallel_auth.erl that implement parallel authorization on multiple http backends

Create text file with a list of your backends in /etc/flussonic/backends.txt. Example:

root@flussonic:~# cat /etc/flussonic/backends.txt
http://stalker1/stalker_portal/server/api/chk_flussonic_tmp_link.php
http://stalker2/stalker_portal/server/api/chk_flussonic_tmp_link.php
http://stalker3/stalker_portal/server/api/chk_flussonic_tmp_link.php
http://yourwebsite/auth.php

Then configure Flussonic to use parallel_auth.erl:

auth /etc/flussonic/parallel_auth.erl;

Also, you can specify ip addresses whitelist and backlist:

auth /etc/flussonic/parallel_auth.erl whitelist=allow.txt blacklist=deny.txt;

Examples:

root@flussonic:/etc/flussonic# cat allow.txt
1.2.3.4
5.6.7.8
2.3.4.5
3.4.5.6
root@flussonic:/etc/flussonic# cat deny.txt
1.1.1.1
2.2.2.2
3.3.3.3