Flussonic Media Server documentation

Securelink alternative

In this article we will show an example of how an authorization can be implemented without writing your own backend.

The authorization system will work as follows:

  • Your website generate token with simple formula and hashing it with the secret key.
  • Client opening stream with this token.
  • Flussonic hashing token string (+ streamname, client's ipaddr) with the secret key.
  • View is allowed if hashes match. No match - no access.

Flussonic side configuration Anchor Anchor x2

On the Flussonic side you need to set only one string - path to securetoken script and set a secret key.

auth can be configured to certain stream or as global setting:

stream example-stream {
  url fake://fake;
  auth /etc/flussonic/securetoken.lua key=SECRETKEY;
}

Code to a website Anchor Anchor x2

You should know this values to generate a token:

  • Client's IP address
  • Stream name
  • Secret key
  • Current timestamp

Code on a website should collect values to one string with the order: string = streamname + ip + starttime + endtime + secretkey + salt

The token created as follows: sha1(string) + salt + endtime + starttime

starttime and endtime is a unixtimestamp when the token is valid. Usually, starttime is a current time and endtime is current time + few hours.

salt is a random string.

PHP example Anchor Anchor x2

<?php

$flussonic = 'http://flussonic-ip'; // flussonic address
$key = 'SECRETKEY'; // key from flussonic.conf file. KEEP IT IN SECRET
$lifetime = 3600 * 3; // 3 hours after link will be invalid

$stream = $_GET['stream']; // this script get streamname from a query string (script.php?stream=bbc)

$ipaddr = $_SERVER['REMOTE_ADDR'];
$desync = 300; // allowed time desync between flussonic and hosting servers in seconds
$starttime = time() - $desync;
$endtime = $starttime + $lifetime;
$salt = bin2hex(openssl_random_pseudo_bytes(16));

$hashsrt = $stream.$ipaddr.$starttime.$endtime.$key.$salt;
$hash = sha1($hashsrt);

$token = $hash.'-'.$salt.'-'.$endtime.'-'.$starttime;
$link = $flussonic.'/'.$stream.'/embed.html?token='.$token;
$embed = '<iframe allowfullscreen style="width:640px; height:480px;" src="'.$link.'"></iframe>';

echo $embed;

Rails example Anchor Anchor x2

config/routes.rb:

Rails.application.routes.draw do
 ...
  get '/securetoken/:id', to: 'securetoken#index'
end

app/controllers/securetoken_controller.rb:

class SecuretokenController < ApplicationController

  def index

    flussonic = 'http://flussonic-ip'
    secret = 'SECRETKEY'

    streamname = params[:id]
    lifetime = 3600 * 3
    starttime = Time.now.to_i - 300
    endtime = Time.now.to_i + lifetime
    salt = rand(8**8).to_s(8)

    hash = Digest::SHA1.hexdigest(streamname + request.remote_ip + starttime.to_s + endtime.to_s + secret + salt)
    token = hash + '-' + salt + '-' + endtime.to_s + '-' + starttime.to_s
    @url = flussonic + '/' + streamname + '/' + 'embed.html?token=' + token
  end
end

app/views/securetoken/index.html.erb:

<iframe allowfullscreen style="width:640px; height:480px;" src="<%= @url %>"></iframe>