全部产品
Search
文档中心

视频直播:鉴权代码示例

更新时间:Aug 06, 2024

本文为您介绍自定义鉴权URL相关功能使用,通过阅读本文您可以了解如何进行自定义鉴权URL以及如何对URL鉴权配置进行更新。

鉴权URL生成

自定义鉴权URL

在您实际的业务中,您可能需要动态生成推/播流URL,此时可以通过获取鉴权配置进行自定义拼接。接下来将通过Java SDK示例介绍如何实现动态拼接推/播流URL。

说明

在此之前如果您对URL鉴权地址结构暂不了解,请参见鉴权URL组成

由于鉴权URL需要根据鉴权KEY以及有效时长进行加密,所以要动态生成推/播流URL,需要先获取到URL鉴权相关配置。

获取URL鉴权配置需要调用DescribeLiveDomainConfigs查询直播域名鉴权配置,具体示例代码如下:

//需要将<>内容替换成实际使用的值
DefaultProfile profile = DefaultProfile.getProfile("<regionId>", "<ALIBABA_CLOUD_ACCESS_KEY_ID>", "<ALIBABA_CLOUD_ACCESS_KEY_SECRET>");
IAcsClient client = new DefaultAcsClient(profile);
DescribeLiveDomainConfigsRequest describeLiveDomainConfigsRequest=new DescribeLiveDomainConfigsRequest();
describeLiveDomainConfigsRequest.setDomainName("<DomainName>");
describeLiveDomainConfigsRequest.setFunctionNames("aliauth");

DescribeLiveDomainConfigsResponse describeLiveStreamSnapshotInfoResponse = null;
try {
     describeLiveStreamSnapshotInfoResponse = client.getAcsResponse(describeLiveDomainConfigsRequest);
 } catch (ClientException e) {
     e.printStackTrace();
}
//鉴权key
String key="";
//有效时长(单位秒)
long expSeconds=0l;

for(DescribeLiveDomainConfigsResponse.DomainConfig.FunctionArg f:describeLiveStreamSnapshotInfoResponse.getDomainConfigs().get(0).getFunctionArgs()){
     if("auth_key1".equals(f.getArgName())){
            key=f.getArgValue();
       }
     if("ali_auth_delta".equals(f.getArgName())){
            expSeconds=Long.valueOf(f.getArgValue());
     }
 }

 System.out.println(key);
 System.out.println(expSeconds);

获取到鉴权KEY有效时长后就可以对URL进行拼接并加密,相关示例代码请参考本文档鉴权URL加密部分Java鉴权URL加密示例

说明
  • 生成推流地址时,要使用推流域名的鉴权KEY有效时长

  • 生成播放地址时,要使用播流域名的鉴权KEY有效时长

更新鉴权配置

在您实际的业务中,您的鉴权KEY可能是需要定期更换的,同时我们也建议您这样做。此时可以通过调用BatchSetLiveDomainConfigs批量配置域名API进行域名URL鉴权配置更新。

接下来将通过Java SDK示例代码介绍如何更新URL鉴权配置。示例代码如下:

 //需要将<>内容替换成实际使用的值
DefaultProfile profile = DefaultProfile.getProfile("<regionId>", "<ALIBABA_CLOUD_ACCESS_KEY_ID>", "<ALIBABA_CLOUD_ACCESS_KEY_SECRET>");
IAcsClient client = new DefaultAcsClient(profile);
BatchSetLiveDomainConfigsRequest batchSetLiveDomainConfigsRequest =new BatchSetLiveDomainConfigsRequest();
batchSetLiveDomainConfigsRequest.setDomainNames("<DomainName>");
batchSetLiveDomainConfigsRequest.setFunctions("[{\"functionArgs\":[" +
        "{\"argName\":\"auth_type\",\"argValue\":\"type_a\"}," +
        "{\"argName\":\"auth_key1\",\"argValue\":\"<KEY_MAIN****>\"}," +
        "{\"argName\":\"auth_key2\",\"argValue\":\"<KEY_BAK****>\"}," +
        "{\"argName\":\"ali_auth_delta\",\"argValue\":<3600>}]," +
        "\"functionName\":\"aliauth\"}]");
try {
    BatchSetLiveDomainConfigsResponse response = client.getAcsResponse(batchSetLiveDomainConfigsRequest);
    System.out.println(new Gson().toJson(response));
    //todo something
} catch (ServerException e) {
    e.printStackTrace();
} catch (ClientException e) {
    e.printStackTrace();
}
说明
  • 该示例代码实现了对<DomainName>的URL鉴权配置更新。鉴权类型为type_a(表示启用鉴权),auth_key1(主KEY)为<KEY_MAIN****>,auth_key2(备KEY)为<KEY_BAK****>,ali_auth_delta(鉴权URL的有效时长)为<3600>

  • 主KEY备KEY拥有同样的效力,备KEY主要用于平滑更换。若主KEY执行更换,所有使用主KEY生成的播放地址会立即失效。备KEY作为主KEY更换时,使用主KEY的播放地址不会马上中断,备KEY可以继续替代主KEY提供服务,一般在更换时将旧的主KEY写入备KEY。

鉴权URL加密

Java鉴权URL加密示例

import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class AuthDemo {
    private static String md5Sum(String src) {
        MessageDigest md5 = null;
        try {
            md5 = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        md5.update(StandardCharsets.UTF_8.encode(src));
        return String.format("%032x", new BigInteger(1, md5.digest()));
    }

private static String aAuth(String uri, String key, long exp) {
    String pattern = "^(rtmp://)?([^/?]+)(/[^?]*)?(\\\\?.*)?$";
    Pattern r = Pattern.compile(pattern);
    Matcher m = r.matcher(uri);
    String scheme = "", host = "", path = "", args = "";
    if (m.find()) {
        scheme = m.group(1) == null ? "rtmp://" : m.group(1);
        host = m.group(2) == null ? "" : m.group(2);
        path = m.group(3) == null ? "/" : m.group(3);
        args = m.group(4) == null ? "" : m.group(4);
    } else {
        System.out.println("NO MATCH");
    }

    String rand = "0";  // "0" by default, other value is ok
    String uid = "0";   // "0" by default, other value is ok
    String sString = String.format("%s-%s-%s-%s-%s", path, exp, rand, uid, key);
    String hashValue = md5Sum(sString);
    String authKey = String.format("%s-%s-%s-%s", exp, rand, uid, hashValue);
    if (args.isEmpty()) {
        return String.format("%s%s%s%s?auth_key=%s", scheme, host, path, args, authKey);
    } else {
        return String.format("%s%s%s%s&auth_key=%s", scheme, host, path, args, authKey);
    }
}

public static void main(String[] args) {
    String uri = "rtmp://example.aliyundoc.com/live/test****";  // original uri
    String key = "<input private key>";                       // private key of authorization
    long exp = System.currentTimeMillis() / 1000 + 1 * 3600;  // expiration time: 1 hour after current time
    String authUri = aAuth(uri, key, exp);                    
    System.out.printf("URL : %s\nAuth: %s", uri, authUri);
}
}

Python鉴权URL加密示例

import re
import time
import hashlib
import datetime
def md5sum(src):
    m = hashlib.md5()
    m.update(src)
    return m.hexdigest()
def a_auth(uri, key, exp):
    p = re.compile("^(rtmp://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if not p:
        return None
    m = p.match(uri)
    scheme, host, path, args = m.groups()
    if not scheme: scheme = "rtmp://"
    if not path: path = "/"
    if not args: args = ""
    rand = "0"      # "0" by default, other value is ok
    uid = "0"       # "0" by default, other value is ok
    sstring = "%s-%s-%s-%s-%s" %(path, exp, rand, uid, key)
    hashvalue = md5sum(sstring.encode('utf-8'))
    auth_key = "%s-%s-%s-%s" %(exp, rand, uid, hashvalue)
    if args:
        return "%s%s%s%s&auth_key=%s" %(scheme, host, path, args, auth_key)
    else:
        return "%s%s%s%s?auth_key=%s" %(scheme, host, path, args, auth_key)
def main():
    uri = "rtmp://example.aliyundoc.com/test/test?vhost=demo.aliyundoc.liucom"            # original uri
    key = "<input private key>"                         # private key of     authorization
    exp = int(time.time()) + 1 * 3600                   # expiration     time: 1 hour after current itme
    authuri = a_auth(uri, key, exp)                     
    print("URL : %s\nAUTH: %s" %(uri, authuri))
if __name__ == "__main__":
    main()

Go鉴权URL加密示例

package main
import (
    "crypto/md5"
    "encoding/hex"
    "fmt"
    "regexp"
    "time"
)

func md5sum(src string) string {
    h := md5.New()
    h.Write([]byte(src))
    return hex.EncodeToString(h.Sum(nil))
}

func a_auth(uri, key string, exp int64) string {
    p, err := regexp.Compile("^(rtmp://)?([^/?]+)(/[^?]*)?(\\?.*)?$")
    if err != nil {
        fmt.Println(err)
        return ""
    }
    m := p.FindStringSubmatch(uri)
    var scheme, host, path, args string
    if len(m) == 5 {
        scheme, host, path, args = m[1], m[2], m[3], m[4]
    } else {
        scheme, host, path, args = "rtmp://", "", "/", ""
    }
    rand := "0" // "0" by default, other value is ok
    uid := "0"  // "0" by default, other value is ok
    sstring := fmt.Sprintf("%s-%d-%s-%s-%s", path, exp, rand, uid, key)
    hashvalue := md5sum(sstring)
    auth_key := fmt.Sprintf("%d-%s-%s-%s", exp, rand, uid, hashvalue)
    if len(args) != 0 {
        return fmt.Sprintf("%s%s%s%s&auth_key=%s", scheme, host, path, args, auth_key)
    } else {
        return fmt.Sprintf("%s%s%s%s?auth_key=%s", scheme, host, path, args, auth_key)
    }
}

func main() {
    uri := "rtmp://example.aliyundoc.com/live/test****" // original uri
    key := "<input private key>"                                           // private key of authorization
    exp := time.Now().Unix() + 3600                                        // expiration time: 1 hour after current itme
    authuri := a_auth(uri, key, exp)                                       
    fmt.Printf("URL : %s\nAUTH: %s", uri, authuri)
}

PHP鉴权URL加密示例

<?php
function a_auth($uri, $key, $exp) {
    preg_match("/^(rtmp:\/\/)?([^\/?]+)?(\/[^?]*)?(\\?.*)?$/", $uri, $matches);
    $scheme = $matches[1];
    $host = $matches[2];
    $path = $matches[3];
    $args = $matches[4];
    if  (empty($args)) {
        $args ="";
    }
    if  (empty($scheme)) {
        $scheme ="rtmp://";
    }
    if  (empty($path)) {
        $path ="/";
    }
    $rand = "0";
    // "0" by default, other value is ok
    $uid = "0";
    // "0" by default, other value is ok
    $sstring = sprintf("%s-%u-%s-%s-%s", $path, $exp, $rand, $uid, $key);
    $hashvalue = md5($sstring);
    $auth_key = sprintf("%u-%s-%s-%s", $exp, $rand, $uid, $hashvalue);
    if ($args) {
        return sprintf("%s%s%s%s&auth_key=%s", $scheme, $host, $path, $args, $auth_key);
    } else {
        return sprintf("%s%s%s%s?auth_key=%s", $scheme, $host, $path, $args, $auth_key);
    }
}
$uri = "rtmp://example.aliyundoc.com/live/test****";
$key = "<input private key>";
$exp = time() + 3600;
$authuri = a_auth($uri, $key, $exp);
echo "URL :" . $uri;
echo PHP_EOL;
echo "AUTH:" . $authuri;
?>

C#鉴权URL加密示例

using System;
using System.Text.RegularExpressions;
using System.Security.Cryptography;
using System.Text;
public class Test
{
    public static void Main()
    {
        string uri= "rtmp://example.aliyundoc.com/live/test****";  // original uri
        string key= "<input private key>";                           // private key of authorization
           DateTime dateStart = new DateTime(1970, 1, 1, 8, 0, 0);
         string exp  = Convert.ToInt64((DateTime.Now - dateStart).TotalSeconds+3600).ToString(); // expiration time: 1 hour after current time
        string authUri = aAuth(uri, key, exp);
        Console.WriteLine (String.Format("URL :{0}",uri));
        Console.WriteLine (String.Format("AUTH :{0}",authUri));
    }
    public static string aAuth(string uri, string key, string exp)
    {
        Regex regex = new Regex("^(rtmp://)?([^/?]+)(/[^?]*)?(\\\\?.*)?$");
        Match m = regex.Match(uri);
        string scheme = "rtmp://", host = "", path = "/", args = "";
        if (m.Success)
        {
            scheme=m.Groups[1].Value;
            host=m.Groups[2].Value;
            path=m.Groups[3].Value;
            args=m.Groups[4].Value;
        }else{
            Console.WriteLine ("NO MATCH");
        }
        string rand = "0";  // "0" by default, other value is ok
        string uid = "0";   // "0" by default, other value is ok
        string u = String.Format("{0}-{1}-{2}-{3}-{4}",  path, exp, rand, uid, key);
        string hashValue  = Md5(u);
        string authKey = String.Format("{0}-{1}-{2}-{3}", exp, rand, uid, hashValue);
        if (args=="")
        {
            return String.Format("{0}{1}{2}{3}?auth_key={4}", scheme, host, path, args, authKey);
        } else
        {
            return String.Format("{0}{1}{2}{3}&auth_key={4}", scheme, host, path, args, authKey);
        }
    }
    public static string Md5(string value)
    {
        MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
        byte[] bytes = Encoding.ASCII.GetBytes(value);
        byte[] encoded = md5.ComputeHash(bytes);
        StringBuilder sb = new StringBuilder();
        for(int i=0; i<encoded.Length; ++i)
        {
            sb.Append(encoded[i].ToString("x2"));
        }
        return sb.ToString();
   }
}

相关文档

更多访问控制功能说明,请参见开发指南访问控制

使用Java SDK,请参见Java SDK使用说明