With the current increasing emphasis on information security, video streaming in the field of video surveillance also requires various security strategies. The live stream output by the video surveillance streaming media platform requires permission restrictions, including which IPs are allowed to access, which users are only allowed to access, and other permission restrictions. In order to meet the various playback permission requirements of different users in different scenarios, the LiveGBS GB28181 streaming media platform provides a callback function that can be set during playback, allowing users to determine whether to allow playback, as detailed below.
1. Live stream security control
1.1. Live streaming start control
To enable a live broadcast by default, you need to call the API interface to start live broadcast, so that the stream address will be valid later.
1.2. Live stream callback authentication
LiveGBS can be configured to call back an authentication interface when playing a live stream. The status code returned by the authentication interface controls whether the live broadcast can be allowed to continue playing. How to configure the playback authentication callback? See below for an example of specific instructions.
2. Configure playback authentication callback
2.1. Prepare callback authentication interface
This interface is provided by its own business system and is used to receive callback operations before the user plays the video.
The project business system provides an interface address for the callback interface of the streaming media service during playback. For example: http://192.168.2.153:8080/authstream
2.2. Configure callback authentication address
Configure livecms.ini->[sip]->stream_auth_url configuration under LiveCMS. You need to restart the LiveCMS service, such as:
[sip]
; 直播鉴权第三方回调地址, HTTP GET
; 请求参数: 除透传流地址参数外, 固定参数: app, call, name
; 响应: 200 - 鉴权通过, 其它 - 鉴权不通过
stream_auth_url=http://192.168.2.153:8080/authstream2.3. Debugging instructions
2.3.1. Debugging environment
- Streaming media service video source IP: 192.168.2.135
- Client access IP: 192.168.2.136
- Callback authentication interface IP: 192.168.1.11
2.3.2. Call example
2.3.2.1. Video stream address
2.3.2.2. Additional authentication parameters
为视频流地址,附加鉴权回调的接口需要的参数如:param1、param2
2.3.2.3、播放器播放
使用播放器播放上述 附加鉴权参数后的地址
2.3.2.4、回调请求鉴权
LiveGBS服务会在用户播放视频流的时候,回调已经配置的回到接口,如上配置的播放回调鉴权地址: http://192.168.2.153:8080/authstream
2.3.2.4.1、回调请求参数-说明
| 名称 | 描述 |
|---|---|
| raddr | 客户端远端IP |
| app | 应用类型:webrtc (webrtc播放)hls (其它视频流播放)record (M3U8录像播放)snap (快照获取) |
| call | 操作类型:play |
| name | 资源唯一标记: 如视频ID、快照名称 |
| 其它自定义入参 | 自定义的入参:如上面示例的 param1、param2,名称根据需要自定义 |
2.3.2.4.2、回调请求参数-示例
详细的回调请求示例如下:
播放前回调鉴权传递参数,说明如下:
raddr=192.168.2.136 客户端远端IP
app=hls 应用类型
call=play 操作
name=34020000001110000022_34020000001320000002 资源唯一标记(视频流)
param1和param2是自定义附加的,可以自定义参数名,播放回调时会透传后来用于自定义的鉴权逻辑2.3.2.4.1、开始播放
播放视频 或是 请求快照展示,会回调接口:
此时请求的接口,返回的HTTP 状态码是 200 ,就继续播放,播放器开始播放 或是 展示快照
2.3.2.4..2、阻止播放
播放视频 或是 请求快照展示,会回调接口:
此时请求的接口,返回的HTTP 状态码不是 200 ,将阻止播放,播放器无法播放 或是 无法展示快照
- 重要说明
param1=Cs09vtkMR.04ccf46c56c2371a48¶m2=testsssssss 是示例附加传参,回调会传递附加的所有参数,不限定个数和名称
3、常见问题
3.1、如何单独控制快照权限?
可以在回调接口里面,判断 app == snap ,针对快照的回调直接返回 200,如下示例
...
var app = getQueryParma("app);
if (app == "snap") {
res.code = 200
res.status = "OK"
}
...3.2、如何单独控制录像回看权限?
可以在回调接口里面,判断 app == record ,针对快照的回调直接返回 200,如下示例
...
var app = getQueryParma("app);
if (app == "record") {
res.code = 200
res.status = "OK"
}
...