Disclosure of Invention
The invention provides a video stream cross-domain playing method, a system, equipment and a medium, which solve the technical problems that the existing video stream cross-domain playing method needs to restart streaming media service every time white list information is changed, and any request source is allowed to cross-domain by default, so that the security is low.
The invention provides a video stream cross-domain playing method, which comprises the following steps:
When video stream request information of a webpage end is received, carrying out cache identification by adopting the video stream request information and an initial local cache library, and determining a cache type corresponding to the video stream request information;
If the cache type is the first cache type, acquiring a video stream corresponding to the video stream request information, adding a cross-domain playing token in a returned message header, and generating cross-domain passing data;
updating the initial local cache library based on the cross-domain passing data, and constructing first cross-domain playing data corresponding to the video stream request information;
if the cache type is the second cache type, adopting honeypot logic to set interception information, and generating cross-domain rejection data;
and updating the initial local cache library based on the cross-domain refusal data, and constructing second cross-domain play data corresponding to the video stream request information.
Optionally, the step of adopting the video stream request information to perform cache identification with a local cache library and determining the cache type corresponding to the video stream request information comprises the following steps:
judging whether a request address in the video stream request information does not exist in a local cache library;
if yes, the cache type corresponding to the video stream request information is that the cache does not exist;
if not, judging whether the request address is a white list address;
if yes, the cache type corresponding to the video stream request information is the white list address;
if not, the cache type corresponding to the video stream request information is the second cache type.
Optionally, the local cache library comprises an online cache pool, and the step of constructing first cross-domain playing data corresponding to the video stream request information based on the cross-domain passing data updating the initial local cache library comprises the following steps:
Judging whether a passing address corresponding to the cross-domain passing data exists in the online cache pool or not;
if yes, updating the initial local cache library according to the threads corresponding to the cross-domain passing data, and generating a first target specimen local cache library;
If not, the initial local cache library is used as the first target specimen local cache library;
and constructing first cross-domain playing data corresponding to the video stream request information by adopting the first target specimen local cache library and the cross-domain passing data.
Optionally, the step of updating the initial local repository according to the cross-domain through data corresponding thread to generate a first-purpose local repository includes:
Judging whether the thread sequence number corresponding to the cross-domain passing data is a preset sequence number or not;
If yes, setting a thread lock, requesting a white list configuration service through a timer, and generating white list configuration data;
requesting a white list service according to the white list configuration data through an https interface to obtain white list information stored in json form;
updating the initial local cache library by adopting the white list information to generate a first-order sample local cache library;
if not, the initial local cache library is used as a first-order sample local cache library.
Optionally, the second cache type includes a non-whitelist address and a blacklist address, the updating the initial local cache library based on the cross-domain reject data, and constructing second cross-domain play data corresponding to the video stream request information includes:
if the cache type corresponding to the cross-domain rejection data is a non-white list address, updating the initial local cache library based on preset updating cache logic to obtain a second target specimen local cache library;
if the domain name corresponding to the cross-domain rejection data does not exist in the second target specimen cache library, constructing cache period data corresponding to the domain name according to a preset period;
constructing second cross-domain playing data corresponding to the video stream request information by adopting the cross-domain rejection data, the cache period data and the second target specimen local cache library;
if the cache type corresponding to the cross-domain rejection data is a blacklist address, constructing alarm data;
And taking the initial local cache library as the second target specimen local cache library, and constructing second cross-domain playing data corresponding to the video stream request information by combining the alarm data.
The invention also provides a video stream cross-domain playing system, which comprises:
the cache type determining module is used for carrying out cache identification by adopting the video stream request information and an initial local cache library when receiving the video stream request information of the webpage end, and determining the cache type corresponding to the video stream request information;
The cross-domain passing data generation module is used for acquiring a video stream corresponding to the video stream request information and adding a cross-domain playing token in a returned message header to generate cross-domain passing data if the cache type is a first cache type;
the first cross-domain playing data construction module is used for constructing first cross-domain playing data corresponding to the video stream request information based on the cross-domain passing data updating initial local cache library;
The cross-domain rejection data generation module is used for generating cross-domain rejection data by adopting honeypot logic to set interception information if the cache type is the second cache type;
and the second cross-domain playing data construction module is used for updating the initial local cache library based on the cross-domain refusal data and constructing second cross-domain playing data corresponding to the video stream request information.
Optionally, the first cache type includes cache non-existence and white list address, and the cache type determining module is specifically configured to:
judging whether a request address in the video stream request information does not exist in a local cache library;
if yes, the cache type corresponding to the video stream request information is that the cache does not exist;
if not, judging whether the request address is a white list address;
if yes, the cache type corresponding to the video stream request information is the white list address;
if not, the cache type corresponding to the video stream request information is the second cache type.
Optionally, the local cache library comprises an online cache pool, and the first cross-domain play data construction module comprises:
The cross-domain passing data judging module is used for judging whether a passing address corresponding to the cross-domain passing data exists in the online cache pool or not;
a first sub-module is generated by the first-order sample local cache library, and is used for updating the initial local cache library according to the threads corresponding to the cross-domain passing data if yes, so as to generate the first-order sample local cache library;
generating a second sub-module by the first-order sample local cache library, wherein if not, the initial local cache library is used as the first-order sample local cache library;
and the first cross-domain playing data construction sub-module is used for constructing first cross-domain playing data corresponding to the video stream request information by adopting the first target specimen local cache library and the cross-domain passing data.
The invention also provides an electronic device comprising a memory and a processor, wherein the memory stores a computer program, and the computer program when executed by the processor causes the processor to execute the steps for realizing the video stream cross-domain playing method according to any one of the above.
The present invention also provides a computer readable storage medium having stored thereon a computer program which when executed implements a video stream cross-domain playing method as any one of the above.
From the above technical scheme, the invention has the following advantages:
When video stream request information of a webpage end is received, the cache type corresponding to the video stream request information is determined by adopting the video stream request information to carry out cache identification with an initial local cache library. If the cache type is the first cache type, acquiring a video stream corresponding to the video stream request information, adding a cross-domain playing token in a returned message header, and generating cross-domain passing data. And based on the cross-domain passing data updating initial local cache library, constructing first cross-domain playing data corresponding to the video stream request information. And if the cache type is the second cache type, adopting honeypot logic to set interception information, and generating cross-domain rejection data. And updating the initial local cache library based on the cross-domain refusal data, and constructing second cross-domain play data corresponding to the video stream request information. The technical problems that the existing video stream cross-domain playing method needs to restart streaming media service every time white list information is changed, and any request source is allowed to cross-domain by default, so that the security is low are solved. The frequency of querying the white list service is reduced through various method combinations. A false forging method for inducing continuous attack of attacker by honey pot tool is disclosed. Based on the cross-domain passing data and the cross-domain rejecting data, the initial local cache library can be updated quickly while guaranteeing the access of the trusted webpage end, and the cross-domain request of the non-trusted source is rejected.
Detailed Description
The embodiment of the invention provides a video stream cross-domain playing method, a system, equipment and a medium, which are used for solving the technical problems that the existing video stream cross-domain playing method needs to restart streaming media service every time whitelist information is changed, and any request source is allowed to cross-domain by default, so that the security is low.
In order to make the objects, features and advantages of the present invention more comprehensible, the technical solutions in the embodiments of the present invention are described in detail below with reference to the accompanying drawings, and it is apparent that the embodiments described below are only some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating steps of a video stream cross-domain playing method according to an embodiment of the present invention.
As shown in fig. 2, the video stream cross-domain playing method provided by the invention is realized based on a stream media cross-domain live broadcast system, and the system comprises a stream media cluster, a white list configuration service, a stream media gateway and a honeypot. The streaming media cluster is a group of servers for providing video streaming services, and the equipment end is connected with the servers to report video streaming. The white list configuration service is used for configuring the black/white list, and can be invoked by the webpage end through an interface application or manually configured by an administrator. The streaming media gateway is used for realizing the buffering and http request functions on the conventional gateway service. The honeypot is used for not returning service errors but returning false service success data after the verification of the request source fails, inducing further attack and recording reporting attack behaviors.
The system specifically comprises a first step of requesting a white list service to register white list information by a webpage end, a second step of requesting a streaming media gateway to acquire video streams by the webpage end, a third step of verifying cache by the streaming media gateway, wherein the verification cache scheme is as follows, the specific implementation process of a video stream cross-domain playing method is described below, a fourth step of inquiring a white list interface to update the cache for requests which are not in the cache range, a fifth step of acquiring video push streams from the streaming media service by the streaming media gateway, a sixth step of pushing the video streams to the streaming media service by a monitoring camera, and a seventh step of adding cross-domain playing token in a returned message header by the streaming media gateway to allow cross-domain playing of a specific website and realize live broadcasting of the cross-domain video streams at the webpage end.
The first embodiment of the invention provides a video stream cross-domain playing method, which comprises the following steps:
And 101, when video stream request information of a webpage end is received, carrying out cache identification by adopting the video stream request information and an initial local cache library, and determining a cache type corresponding to the video stream request information.
In the embodiment of the invention, the initial local cache library comprises two cache pools, namely an effective cache and an expiration cache, wherein the effective cache stores white list information in a cache period, and the expiration cache moves to the expiration cache pool after the expiration cache is overtime. Judging whether the request address in the video stream request information does not exist in the local cache library, namely judging whether the request address in the video stream request information does not exist in the effective cache pool and the outdated cache pool, and if the request address does not exist, judging that the cache type corresponding to the video stream request information is cache nonexistence. If the request address in the video stream request information exists in the effective cache pool or the overdue cache pool, judging whether the request address is a white list address, and if so, judging that the cache type corresponding to the video stream request information is the white list address. If not, the cache type corresponding to the video stream request information is the second cache type.
Step 102, if the buffer type is the first buffer type, obtaining a video stream corresponding to the video stream request information, and adding a cross-domain playing token in the returned message header to generate cross-domain passing data.
Token is a token (temporary) in computer authentication and is generally used as an invitation to log into a system.
In the embodiment of the invention, the streaming media service is requested by using a domain name form. When the cache type corresponding to the video stream request information is cache nonexistent or a white list address, obtaining the video stream corresponding to the video stream request information, adding a white list cross-domain playing token to a returned message header, generating cross-domain passing data and sending the data to a webpage end. When the webpage end applies for accessing the online video stream of the equipment, each browser analyzes the message header allowing cross-domain, and the webpage service is allowed to normally acquire data, so that the video stream is normally played.
Step 103, updating an initial local cache library based on the cross-domain passing data, and constructing first cross-domain playing data corresponding to the video stream request information.
In the embodiment of the invention, whether the passing address corresponding to the cross-domain passing data exists in an online cache pool is judged, if so, the initial local cache library is updated according to the thread corresponding to the cross-domain passing data, and a first target specimen local cache library is generated. If not, the initial local cache library is used as a first-order sample local cache library. And constructing first cross-domain playing data corresponding to the video stream request information by adopting a first target specimen slow library and cross-domain passing data.
And 104, if the cache type is the second cache type, adopting honeypot logic to set interception information, and generating cross-domain rejection data.
In the embodiment of the invention, as shown in fig. 3, when the cache type is a white list address or the cache does not exist, that is, the video stream request information is a normal request, the gateway passes the security check, and sends an m3u8/ts request to the streaming media service, and the streaming media service returns corresponding data, generates cross-domain reject data and sends the cross-domain reject data to the webpage end.
When the cache type is a blacklist address or a non-whitelist address, the gateway security check is not passed, and when the gateway sends an m3u8 request, a normal service return is forged through honeypot logic, and attacker information is recorded, so that cross-domain refused data are generated. When the gateway sends the ts request, the random business error is forged through the honeypot, and the cross-domain reject data is generated. The random falsification business errors comprise false data of random falsification request overtime, equipment stopping stream pushing and video stream format errors, and the attacker is induced to continue to attack and record the attack behavior. And reporting the attacker information (ip, time, operation, additional attack behavior and influence range) to the black-and-white list service for manual processing. The random falsification request overtime refers to discarding data after the request and not returning. The device stops pushing, which means that the m3u8 file losing pushing is returned after the request. The wrong video stream format refers to returning the ts file generated by the honeypot, but the ts file cannot be resolved.
Step 105, updating the initial local cache library based on the cross-domain refusal data, and constructing second cross-domain play data corresponding to the video stream request information.
In the embodiment of the invention, if the cache type corresponding to the cross-domain reject data is a non-white list address, updating the initial local cache library based on a preset updating cache logic to obtain a second-order sample local cache library. If the domain name corresponding to the cross-domain rejection data does not exist in the second target specimen local cache library, constructing cache period data corresponding to the domain name according to a preset period. And constructing second cross-domain playing data corresponding to the video stream request information by adopting the cross-domain refusal data, the cache period data and the second target specimen local cache library.
If the buffer type corresponding to the cross-domain refusal data is the blacklist address, constructing alarm data. And taking the initial local cache library as a second target specimen local cache library, and constructing second cross-domain playing data corresponding to the video stream request information by combining alarm data.
In the embodiment of the invention, when the video stream request information of the webpage end is received, the cache identification is carried out by adopting the video stream request information and the initial local cache library, and the cache type corresponding to the video stream request information is determined. If the cache type is the first cache type, acquiring a video stream corresponding to the video stream request information, adding a cross-domain playing token in a returned message header, and generating cross-domain passing data. And based on the cross-domain passing data updating initial local cache library, constructing first cross-domain playing data corresponding to the video stream request information. And if the cache type is the second cache type, adopting honeypot logic to set interception information, and generating cross-domain rejection data. And updating the initial local cache library based on the cross-domain refusal data, and constructing second cross-domain play data corresponding to the video stream request information. The technical problems that the existing video stream cross-domain playing method needs to restart streaming media service every time white list information is changed, and any request source is allowed to cross-domain by default, so that the security is low are solved. The frequency of querying the white list service is reduced through various method combinations. A false forging method for inducing continuous attack of attacker by honey pot tool is disclosed. The initial local cache library is updated based on the cross-domain passing data and the cross-domain rejecting data, so that the white list information can be updated timely, and the temporary list arrangement is allowed to be configured.
Referring to fig. 4, fig. 4 is a flowchart illustrating steps of a video stream cross-domain playing method according to a second embodiment of the present invention.
The another video stream cross-domain playing method provided by the second embodiment of the invention comprises the following steps:
Step 401, when video stream request information of a web page end is received, cache identification is performed by adopting the video stream request information and an initial local cache library, and a cache type corresponding to the video stream request information is determined.
Further, the first cache type includes cache absence and a whitelist address. Step 401 may comprise the following sub-steps S11-S15:
s11, judging whether the request address in the video stream request information does not exist in the local cache library, if yes, executing the step S12, and if not, executing the step S13.
S12, the cache type corresponding to the video stream request information is cache nonexistence.
S13, judging whether the request address is a white list address, if so, executing the step S14, and if not, executing the step S15.
S14, the cache type corresponding to the video stream request information is a white list address.
S15, the cache type corresponding to the video stream request information is a second cache type.
In the embodiment of the invention, the request address in the video stream request information refers to the domain name corresponding to the video stream request information, the web page end uses the website information as a parameter, and the request white list configuration service acquires the cross-domain permission to register the white list. When receiving video stream request information of a webpage end, the gateway layer realizes a local caching mechanism, and for any request, online caching and overtime caching are sequentially read, then the gateway layer verifies the source of the request, and if the source is credible, the gateway layer issues a cross-domain token only aiming at a source website.
When the request address in the video stream request information does not exist in the online cache pool and the overtime cache pool, the cache type corresponding to the video stream request information is cache non-existence. When the request address in the video stream request information exists in the online cache pool or the overtime cache pool, the request address in the video stream request information is considered to exist in the local cache pool, whether the request address is a white list address is further judged, if yes, the cache type corresponding to the video stream request information is the white list address, otherwise, the cache type corresponding to the video stream request information is a second cache type, and the second cache type comprises a black list address and a non-white list address.
Step 402, if the buffer type is the first buffer type, obtaining a video stream corresponding to the video stream request information, and adding a cross-domain playing token in the returned message header to generate cross-domain passing data.
In the embodiment of the present invention, the implementation process of step 402 is similar to that of step 102, and will not be repeated here.
Step 403, determining whether a pass address corresponding to the cross-domain pass data exists in the online cache pool, if yes, executing step 404, and if no, executing step 405.
In the embodiment of the invention, after the white list is inquired, the white list is cached in the online cache according to the domain name as a key value, and the online cache enters the offline cache beyond the caching period. As shown in fig. 5, query the domain name a-return allows cross-domain. Inquiring the domain name B, and returning to reject the cross-domain. Querying domain name C, returning to allow cross-domain, and requesting to update the white list of the domain name (single) by a timer to query domain name D, returning to allow cross-domain, and updating all white lists by a timer.
After determining that the video stream request information is of the first buffer type, it is further determined whether a buffer corresponding to the video stream request information is available. And determining whether the cache is available or not by judging whether a passing address corresponding to the cross-domain passing data exists in the online cache pool, and if the query in the online cache is not empty, obtaining the availability. Unlike the condition that determines whether the cache exists, if the online cache is empty but the timeout cache is not, the cache exists (execution of the service logic, i.e., execution of step S13), but the cache is not available (triggering update of the cache, i.e., execution of step 404).
Step 404, updating the initial local cache library according to the thread corresponding to the cross-domain passing data, and generating a first-order sample local cache library.
Further, step 404 may include the following substeps S21-S25:
S21, judging whether the thread sequence number corresponding to the cross-domain passing data is a preset sequence number, if so, executing the step S22, and if not, executing the step S25.
S22, setting a thread lock, requesting a white list configuration service through a timer, and generating white list configuration data.
S23, requesting the white list service according to the white list configuration data through the https interface, and obtaining the white list information stored in json mode.
S24, updating the initial local cache library by adopting the white list information, and generating a first target specimen local cache library.
S25, taking the initial local cache library as a first-order sample local cache library.
HLS (HTTP Live Streaming) is an Apple's dynamic code rate adaptation technique. The method is mainly used for audio and video services of the PC and Apple terminals. Comprises an index file of m3u (8), a TS media fragment file and a key encryption string file. The index file of m3u (8) is the return file corresponding to the m3u8 request. The TS media fragment file is a return file corresponding to the TS request.
Lua is a compact scripting language, and lua scripts can be easily called by C/C++ code, and can also be used for calling functions of C/C++ in reverse, so that lua can be widely applied in application programs.
The hypertext transfer protocol (Hypertext Transfer Protocol, http) is a simple request-response protocol that typically runs on top of TCP. https (collectively: hypertext Transfer Protocol Secure) is an http channel targeting security, and ensures the security of the transmission process by transmission encryption and identity authentication on the basis of http.
In the embodiment of the present invention, as shown in fig. 6 and fig. 9, the external request service source queries the local cache, and determines whether to query the white list interface and whether to add the white list token, i.e. cross-domain playing token, according to the cache result. If the interface needs to be queried, firstly, the current nginx thread is verified, if the thread serial number is 0, the query is submitted, and the rest threads are not queried. And setting a thread lock, and requesting an interface only once by the same thread at the same time, so that repeated inquiry is avoided. Setting an nginx timer and returning service data without affecting the current request return time, wherein the service data refers to cross-domain passing data, and comprises an HLS video protocol return video stream file address and a video stream. And then requesting the white list service through the https interface, and acquiring the white list information stored in json form. And setting a business cache according to the white list information, namely updating the initial local cache library by adopting the white list information, and generating a first target specimen local cache library. And for repeated requests which are not in the white list, the gateway layer reports request source information to the white list service layer, and the request source information is used as a black list adding basis.
Step 405, the initial local cache library is used as a first-order sample local cache library.
In the embodiment of the invention, when the pass address corresponding to the cross-domain pass data does not exist in the online cache pool, the fact that the cache corresponding to the video stream request information is unavailable is indicated, and the initial local cache library is not required to be updated, and the initial local cache library is used as the first target specimen cache library.
Step 406, constructing first cross-domain playing data corresponding to the video stream request information by adopting a first target specimen local cache library and cross-domain passing data.
In the embodiment of the invention, the streaming media gateway performs identity verification on the message sent by the webpage end, namely the video streaming request information, and forwards the request to a specific streaming media server according to the dynamic password information in the message. When the streaming media server returns a message based on the HLS protocol, the gateway converts the response message, adds dynamic password information to obtain cross-domain passing data, and is used for the client to access the streaming media gateway service next time. And (3) updating data of each node by judging whether the cache is available or not to obtain a first-order specimen local cache library. And adopting the first target specimen local cache library and the cross-domain passing data as first cross-domain playing data corresponding to the current video stream request information.
Step 407, if the cache type is the second cache type, adopting honeypot logic to set interception information, and generating cross-domain rejection data.
In the embodiment of the present invention, the implementation process of step 407 is similar to that of step 104, and will not be described here again.
Step 408, updating the initial local cache library based on the cross-domain reject data, and constructing second cross-domain play data corresponding to the video stream request information.
Further, the second cache type includes non-whitelist addresses and blacklist addresses, and step 408 may include the sub-steps S31-S35 of:
and S31, if the cache type corresponding to the cross-domain refused data is a non-white list address, updating the initial local cache library based on a preset updating cache logic to obtain a second target specimen local cache library.
S32, if the domain name corresponding to the cross-domain rejection data does not exist in the second target specimen cache library, constructing cache period data corresponding to the domain name according to a preset period.
S33, constructing second cross-domain playing data corresponding to the video stream request information by adopting the cross-domain refusal data, the cache period data and the second target specimen local cache library.
S34, if the cache type corresponding to the cross-domain rejection data is a blacklist address, constructing alarm data.
S35, taking the initial local cache library as a second target specimen local cache library, and constructing second cross-domain playing data corresponding to the video stream request information by combining alarm data.
The preset update cache logic is to verify the current nginx thread first, if the thread serial number is 0, the query is submitted, and the rest threads are not queried. And setting a thread lock, and requesting an interface only once by the same thread at the same time, so that repeated inquiry is avoided. Setting a timer and returning service data, without affecting the current request return time. Requesting a white list service through an https interface, and acquiring white list information stored in json form. And updating the initial local cache library according to the white list information. And for repeated requests which are not in the white list, the gateway layer reports request source information to the white list service layer, and the request source information is used as a black list adding basis.
In the embodiment of the invention, if the cache type corresponding to the cross-domain reject data is a non-white list address, the honeypot error return is set, the cache updating logic is triggered, if the cache is still not in the black-white list after the cache updating, a shorter cache period, namely the cache period data, usually 30 minutes, is set, and the cache is not triggered to be updated due to the domain name in the cache period. And constructing second cross-domain playing data corresponding to the video stream request information by adopting the cross-domain refusal data, the caching period data and the second target specimen local caching library.
If the cache type corresponding to the cross-domain refused data is the blacklist address, the honey logic is directly entered after the cache is inquired, interception information is set and returned, and the cache time is usually more than 24 hours. The request from the blacklist is collected by the honeypot program and then triggers an alarm to prompt the security maintenance personnel to follow up the processing. And reporting the repeated request which is not in the white list for a white list service manager to analyze and add the black/white list to generate alarm data, and finally taking the data generated in the executing process as second cross-domain playing data corresponding to the video stream request information.
The invention can combine the service expansion requirement to realize the blacklist control function. Namely, a blacklist address is added in the whitelist service, such as an illegal source request stream media gateway, and the gateway analyzes a request of a corresponding source, and the gateway cannot play the video stream because the request does not meet the cross-domain limit, so that the data can not be continuously forwarded, and the hotlinking play is limited.
Specifically, the gateway may use a programmable gateway service, to which a custom lua programming module is added, to perform the following logic, namely, reading a source request header, acquiring an Origin field, invoking a cache query logic, and performing release and interception logic according to a black-and-white list, respectively.
Release case:
An interception module for adding a request header in a gateway executes cross-domain release logic:
The following request header is added:
["Access-Control-Allow-Origin"]=origin
["Access-Control-Allow-Methods"]="POST,GET,OPTIONS"
["Access-Control-Allow-Credentials"]="true"
where the origin of the first row in the request header refers to the domain name of the source of the request.
And then returning to the service layer for subsequent processing.
Interception conditions:
message body processing interception logic is added in the gateway to process the blacklist request:
deleting the related request header in the returned http message;
stopping requesting the streaming media service and returning error information.
As shown in fig. 7 and 8, fig. 7 is a prior art cross-domain playback scheme in which a client directly accesses a streaming server through a public network. The streaming media server cannot verify the identity of the request source and directly returns an identifier allowing cross-domain to each webpage.
Fig. 8 is a cross-domain play scheme of the present invention in which a streaming gateway may reverse proxy a streaming service cluster, and may designate a specific address to allow cross-domain access through registration or manual configuration. The video stream request based on the HLS protocol carries the client identity information and the stream media service address information through the dynamic password. And converting the HLS protocol response message through the streaming media gateway, and adding the dynamic cross-domain token information without independently adding streaming media service.
In the embodiment of the present invention, as shown in fig. 9, when receiving the video stream request information of the web page end, the method queries whether the initial local cache library has a corresponding cache, and if not, the method considers the initial request and defaults to pass. If yes, further judging whether the cache is a white list, when the cache is the white list or the cache does not exist, acquiring a video stream corresponding to the video stream request information, adding a cross-domain playing token in a returned message header, and further judging whether the cache corresponding to the video stream request information is in an online cache pool, thereby determining whether the cache is available. When the cache is available, the initial local cache library is directly used as a first-order sample local cache library without updating the initial local cache library, and the cross-domain passing data is returned. When the cache is not available, judging whether the Nginx kernel is 0 or not, namely judging whether the thread sequence number corresponding to the cross-domain passing data is a preset sequence number or not, and if not, returning to the cross-domain passing. If yes, the cross-domain pass is returned, but a thread lock needs to be set, a new thread is started, and cross-domain information is acquired. And requesting the white list configuration service through a timer, and generating white list configuration data. Requesting the white list service according to the white list configuration data through the https interface to obtain the white list information stored in json form. And updating the initial local repository with the whitelist information to generate a first-order specimen local repository. And constructing first cross-domain playing data corresponding to the video stream request information by adopting a first target specimen slow library and cross-domain passing data.
And when the cache is not a white list, setting interception information, and returning cross-domain rejection, namely returning cross-domain rejection data. The stream media gateway and the dynamic white list adopted by the invention generate the cross-domain token specific to the specific request source, thereby solving the safety problem of video stream media cross-domain playing. The white list service is configured for inquiring cross-domain white list information, and the gateway is used for collecting request information and reporting the request information to the white list service, so that a situation awareness closed loop of data pushing-feedback is formed, and an accessible analysis tool is used for analyzing a security attack source.
Further, the common solution to the cross-domain problem scheme can default to allow any request cross-domain access, the invention ensures the access of the trusted webpage end and simultaneously allows the trust list to be updated quickly, and the cross-domain request of the non-trusted source is refused. If the service interface is frequently requested, the gateway layer performance is degraded to the service performance (qps about 500), and the invention guarantees the access performance (qps about 1.7 w) of the gateway through the optimization scheme.
When the webpage end plays the video stream, the video stream is required to be sourced from the webpage end and belongs to the same domain name, and when the video stream is required to be played in a cross-domain mode, the webpage end intercepts the playing request. The invention can be used for clients of any browser kernel to access the trusted cross-domain video stream live address. The business architecture of accessing the intranet streaming media service by any domain name webpage end is realized. The online live broadcast safety of the monitoring camera is enhanced, and the malicious cross-domain request is prevented from abusing the live broadcast of the video. A blacklist can be configured to discover and intercept malicious request sources to prevent hotlinking.
Referring to fig. 10, fig. 10 is a block diagram illustrating a video stream cross-domain playing system according to a third embodiment of the present invention.
The third embodiment of the present invention provides a video stream cross-domain playing system, which includes:
The cache type determining module 1001 is configured to, when receiving video stream request information of a web page end, perform cache identification with an initial local cache library by using the video stream request information, and determine a cache type corresponding to the video stream request information.
The cross-domain passing data generation module 1002 is configured to obtain a video stream corresponding to the video stream request information and add a cross-domain playing token to the returned message header if the cache type is the first cache type, so as to generate cross-domain passing data.
The first cross-domain play data construction module 1003 is configured to construct first cross-domain play data corresponding to the video stream request information based on the cross-domain pass data update initial local repository.
The cross-domain reject data generating module 1004 is configured to generate cross-domain reject data by setting interception information using honeypot logic if the cache type is the second cache type.
A second cross-domain play data construction module 1005, configured to update the initial local repository based on the cross-domain reject data, and construct second cross-domain play data corresponding to the video stream request information.
Optionally, the first cache type includes cache non-existence and white list addresses, and the cache type determining module 1001 is specifically configured to:
judging whether the request address in the video stream request information does not exist in the local cache library;
If yes, the cache type corresponding to the video stream request information is cache nonexistence;
if not, judging whether the request address is a white list address;
if yes, the cache type corresponding to the video stream request information is a white list address;
if not, the cache type corresponding to the video stream request information is the second cache type.
Optionally, the local cache library comprises an online cache pool, and the first cross-domain play data construction module 1003 comprises:
the cross-domain passing data judging module is used for judging whether a passing address corresponding to the cross-domain passing data exists in the online cache pool or not;
The first sub-module is used for updating the initial local cache library according to the threads corresponding to the cross-domain passing data to generate a first target specimen cache library if the first target specimen cache library is generated;
Generating a second sub-module by the first-order sample local cache library, wherein if not, the initial local cache library is used as the first-order sample local cache library;
the first cross-domain playing data construction sub-module is used for constructing first cross-domain playing data corresponding to the video stream request information by adopting a first target specimen local cache library and cross-domain passing data.
Optionally, the first target local cache library generates a first sub-module, specifically for:
judging whether the thread sequence number corresponding to the cross-domain passing data is a preset sequence number or not;
If yes, setting a thread lock, requesting a white list configuration service through a timer, and generating white list configuration data;
requesting a white list service according to the white list configuration data through an https interface to obtain white list information stored in a json form;
updating the initial local cache library by adopting the white list information to generate a first target specimen local cache library;
If not, the initial local cache library is used as a first-order sample local cache library.
Optionally, the second cache type includes a non-whitelist address and a blacklist address. The cross-domain reject data generation module 1004 is specifically configured to:
If the cache type corresponding to the cross-domain refused data is a non-white list address, updating the initial local cache library based on preset updating cache logic to obtain a second-order specimen local cache library;
If the domain name corresponding to the cross-domain rejection data does not exist in the second target specimen local cache library, constructing cache period data corresponding to the domain name according to a preset period;
constructing second cross-domain playing data corresponding to the video stream request information by adopting the cross-domain rejecting data, the cache period data and a second target specimen local cache library;
If the cache type corresponding to the cross-domain refused data is a blacklist address, constructing alarm data;
And taking the initial local cache library as a second target specimen local cache library, and constructing second cross-domain playing data corresponding to the video stream request information by combining alarm data.
The embodiment of the invention also provides electronic equipment, which comprises a memory and a processor, wherein the memory stores a computer program, and when the computer program is executed by the processor, the processor executes the video stream cross-domain playing method according to any embodiment.
The memory may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. The memory has memory space for program code to perform any of the method steps described above. For example, the memory space for the program code may include individual program code for implementing the various steps in the above method, respectively. The program code can be read from or written to one or more computer program products. These computer program products comprise a program code carrier such as a hard disk, a Compact Disc (CD), a memory card or a floppy disk. The program code may be compressed, for example, in a suitable form. The code, when executed by a computing processing device, causes the computing processing device to perform the steps in the video stream cross-domain playback method described above.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the video stream cross-domain playing method according to any of the above embodiments.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements is merely a logical functional division, and there may be additional divisions of actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present invention. The storage medium includes a U disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, an optical disk, or other various media capable of storing program codes.
The foregoing embodiments are merely for illustrating the technical solution of the present invention, but not for limiting the same, and although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that modifications may be made to the technical solution described in the foregoing embodiments or equivalents may be substituted for parts of the technical features thereof, and that such modifications or substitutions do not depart from the spirit and scope of the technical solution of the embodiments of the present invention in essence.