Flussonic Media Server documentation

Secure links

In this article we will show an example of how an authorization can be implemented without writing your own backend.

The authorization system will work as follows: your website will ask Flussonic for an token that will be used for future requests to Flussonic

Configuration Anchor Anchor x2

In Flussonic config two things have to be done: turn on token-generation script and setup authorizarion script. Code for both task contained in one script included in delivery.

WEB-script for token generation:

web_script securetoken /etc/flussonic/securetoken.lua key=mysecretkey password=mypassword;

Now this script accessible via http://flussonic/securetoken/ link. password parameter is for preventing unauthorized access to the token generator.

Authorization script:

stream ort {
  auth /etc/flussonic/securetoken.lua key=mysecretkey;
}

file vod {
  auth /etc/flussonic/securetoken.lua key=mysecretkey;
}

Parameter key is used for token creating and checking. It must be the same in web_script and auth directives.

Obtaining token Anchor Anchor x2

To make unique protected link for playing ort stream, you need following data:
  • password: password from the web_script directive;
  • name: stream or file name (including the dov prefix);
  • ip: client's IP address;
  • starttime: the time when this token will be activated may be specified. These are seconds in UTC, i.e., from January 1, 1970, aka "unix timestamp";
  • endtime: one can specify the time when the token in the UTC will remain active;
  • salt: an arbitrary random string that should be changed upon each request. The user can see it.
  • user: specify unique USER_ID to limit max sessions to 1 concurrent session. (optional)

In our example:

  • password = mypassword;
  • name = ort;
  • ip = 59.123.8.204;
  • starttime = 1450704931;
  • endtime = 1450722931 (five hours from start time);
  • salt = o4rH (random string!).
  • user = John

We will use curl command line utilite to make request:

curl 'http://flussonic:8080/securetoken/sign?password=mypassword&name=ort&ip=59.123.8.204&starttime=1450704931&endtime=1450722931&user=John&salt=o4rH'
f72e083154336d074643cdff802b45e9de016a5a-o4rH-1450722931-1450704931

The URL which will use client for playing:

http://flussonic/ort/index.m3u8?token=f72e083154336d074643cdff802b45e9de016a5a-o4rH-1450722931-1450704931-John

Create a page with protected video Anchor Anchor x2

Here is an example of web page with protected video. Token obtained as in above example, video played via the embed-player.

<?php

# Configure these parameters:
# Flussonic addess:
$FLUSSONIC = "http://flussonic:8080";
# Password for accessing token generator:
$PASSWORD = "mypassword";

# Get stream name from request:
$channel = trim($_SERVER["SCRIPT_NAME"], "/");

if (!$channel) {
    echo "Open /channel page";
    exit();
}

# Make the request:
$query = http_build_query(array(
    "password"  => $PASSWORD,
    "name"      => $channel,
    "ip"        => $_SERVER["REMOTE_ADDR"],
    "salt"      => bin2hex(openssl_random_pseudo_bytes(16)),
  //"user"  => $user_id, // option field, disabled by default. You have to get this value from your database or user's session. Example 'John_1986' or 'id12345'
    "starttime" => time(),
    "endtime"   => time() + 24*3600));

# Get the token:
$token = file_get_contents("$FLUSSONIC/securetoken/sign?$query");

# Make player addess:
$embed = "$FLUSSONIC/$channel/embed.html?dvr=false&token=$token";
?>

<!DOCTYPE html>
<body>
<iframe frameborder="0" style="width:853px; height:480px;" src="<?= $embed?>"> </iframe>
</body>