search

bluecherrydvr / bluecherry-apps

Bluecherry surveillance system (server application)
http://www.bluecherrydvr.com
GNU General Public License v2.0
200 stars 64 forks source link

Bluecherry Web UI -> Devices Test authenication #645

Closed curtishall closed 3 months ago

curtishall commented 6 months ago

For the "Path to RTSP" and the "Substream path" we need a button that the user can click that verifies the connection to the RTSP source. ffprobe should be able to do that.

Right now when a customer adds a RTSP source (usually a camera) they will have no idea if the connection was established or not unless they look at the bluecherry.log or open the client, neither which is very efficient for someone who just needs to add a bunch of cameras and test the connections.

Running ffprobe with json output should provide enough details that we can report back to the user such as:

ffprobe will stall out if if the RTSP source is offline:

time ffprobe -v quiet -print_format json -show_streams "rtsp://wowzaec2demo.streamlock.net/vod/mp4:BigBuckBunny_115k.mov"
{

}
real    2m11.136s

Thus it's better to 'ping' the IP before we attempt ffprobe.

Once a connection is established it would also be nice to return the resolution, fps and frame rate:

ffprobe -v quiet -print_format json -show_streams "rtsp://url"

Examples to return:

       "codec_name": "h264",
        "codec_long_name": "H.264 / AVC / MPEG-4 AVC / MPEG-4 part 10",
        "profile": "Constrained Baseline",
        "width": 1920,
        "height": 1080,
        "avg_frame_rate": "24/1",
curtishall commented 5 months ago

@andrey-utkin

For simple authentication checking we already have a function in lib/lib.php:

public function checkConnection

Perhaps a quick curl command:

https://curl.se/libcurl/c/CURLOPT_RTSP_STREAM_URI.html

JahleelAbraham commented 4 months ago

@curtishall

For simple authentication checking we already have a function in lib/lib.php: public function checkConnection

This function doesn't seem to care if the password is correct or not.

Upon further investigation it appears that the camera's I tested will all pass this connection test because the test checks if the return status was 200 OK. However this is true every time because for example the function will test this URL http://admin:camera1234@192.168.86.109:80 (Note how camera1234 is not the devices password) and it will redirect to http://192.168.86.109/doc/page/login.asp?_1709838069143 which will return 200 OK. (This behaviour is also true if the password is correct.)

Either this function needs to be rewritten or it is not used in testing authentication.

curtishall commented 4 months ago

How about using curl to check auth?

JahleelAbraham commented 4 months ago

Apologies for the late reply. Correct me if I am misunderstood in what you were trying to say

I have tried using both the user flag curl --user admin:camera123 http://192.168.86.91 and URL curl http://admin:camera1234@192.168.86.109:80 and both have the same response as I outlined above.

The response from curl -v "rtsp://admin:camera1234@192.168.86.109:554/Streaming/Channels/101?transportmode=unicast&profile= Profile_1" RTSP/1.0 is 405 Not Allowed

andrey-utkin commented 4 months ago

ffprobe can be given timeout value (but really that's libavformat option):

 $ time ffprobe -hide_banner  -print_format json -show_streams -timeout 10000000 "rtsp://wowzaec2demo.streamlock.net/vod/mp4:BigBuckBunny_115k.mov"
{
[tcp @ 0x55c4493fdc80] Connection to tcp://wowzaec2demo.streamlock.net:554?timeout=10000000 failed: Connection timed out
rtsp://wowzaec2demo.streamlock.net/vod/mp4:BigBuckBunny_115k.mov: Connection timed out

}

real    0m10.178s
user    0m0.106s
sys     0m0.045s

curl invocation is indeed deceptive as it returns 200 OK even with wrong credentials:

 $ curl -v "rtsp://admin:camera1234@192.168.86.109:554/Streaming/Channels/101?transportmode=unicast&profile=Profile_1"
* processing: rtsp://admin:camera1234@192.168.86.109:554/Streaming/Channels/101?transportmode=unicast&profile=Profile_1
*   Trying 192.168.86.109:554...
* Connected to 192.168.86.109 (192.168.86.109) port 554
* Server auth using Basic with user 'admin'
> OPTIONS * RTSP/1.0
> CSeq: 1
> User-Agent: curl/8.2.1
> Authorization: Basic YWRtaW46Y2FtZXJhMTIzNA==
>
< RTSP/1.0 200 OK
< CSeq: 1
< Public: OPTIONS, DESCRIBE, PLAY, PAUSE, SETUP, TEARDOWN, SET_PARAMETER, GET_PARAMETER
< Date:  Fri, Mar 08 2024 05:29:02 GMT
<
* Connection #0 to host 192.168.86.109 left intact
[OK]

 $ ffplay -hide_banner "rtsp://admin:camera1234@192.168.86.109:554/Streaming/Channels/101?transportmode=unicast&profile=Profile_1"
[rtsp @ 0x7f0c18000c80] method DESCRIBE failed: 401 Unauthorized0
rtsp://admin:camera1234@192.168.86.109:554/Streaming/Channels/101?transportmode=unicast&profile=Profile_1: Server returned 401 Unauthorized (authorization failed)

(the password is wrong)

andrey-utkin commented 4 months ago

For simple authentication checking we already have a function in lib/lib.php: public function checkConnection

I suggest we call ffprobe with timeout option in it. RTSP demuxer takes timeout in microseconds: https://ffmpeg.org//ffmpeg-protocols.html#Demuxer

I find what checkConnection does for $paths['mjpeg'] and $paths['http'] a bit strange: why does it assume both URLs would work. But we can leave it for another time.