@warren-bank/hls-proxy 3.6.0 → 3.6.2

package/hls-proxy/acl_pass.js

@@ -1,17 +1,15 @@
 const expressjs = require('./expressjs_utils')
 const {URL}     = require('./url')
 
-const get_encoded_qs_password = function(req) {
-  const req_url = new URL( expressjs.get_full_req_url(req) )
-
-  return req_url.searchParams.get('password') || ''
+const get_decoded_qs_password = function(req) {
+  return expressjs.get_proxy_req_query(req, 'password', false)
 }
 
 const is_allowed = function(params, req) {
   const {acl_pass} = params
 
   if (acl_pass && Array.isArray(acl_pass) && acl_pass.length) {
-    const password = decodeURIComponent( get_encoded_qs_password(req) )
+    const password = get_decoded_qs_password(req)
 
     return (acl_pass.indexOf(password) >= 0)
   }
@@ -20,6 +18,6 @@ const is_allowed = function(params, req) {
 }
 
 module.exports = {
-  get_encoded_qs_password,
+  get_decoded_qs_password,
   is_allowed
 }

package/hls-proxy/expressjs_utils.js

@@ -1,4 +1,4 @@
-const {URL} = require('./url')
+const {URL, decode_component_value} = require('./url')
 
 const get_full_req_url = function(req) {
   return req.originalUrl || req.url
@@ -19,16 +19,15 @@ const get_proxy_req_url = function(req) {
     : req.url
 }
 
-const get_proxy_req_query = function(req, key) {
+const get_proxy_req_query = function(req, key, is_base64) {
   if (has_req_param(req, key))
-    return req.params[key]
+    return decode_component_value(req.params[key], false, is_base64, is_base64)
 
   if (has_req_query(req, key))
-    return req.query[key]
+    return decode_component_value(req.query[key], false, is_base64, is_base64)
 
-  const url = new URL(req.url)
-  const qs  = url.searchParams
-  return qs.get(key)
+  const req_url = new URL(get_full_req_url(req))
+  return decode_component_value(req_url.searchParams.get(key), true, is_base64, is_base64)
 }
 
 const get_base_req_url = function(req) {

package/hls-proxy/manifest_parser.js

@@ -118,15 +118,16 @@ const parse_manifest = function(m3u8_content, m3u8_url, referer_url, querystring
 
   const meta_data     = {}
   const embedded_urls = extract_embedded_urls(m3u8_lines, m3u8_url, referer_url, (cache_segments ? meta_data : null))
-  const qs_headers    = !!querystring_req_headers ? utils.base64_encode(JSON.stringify(querystring_req_headers)) : null
   const prefetch_urls = []
 
   if (embedded_urls && Array.isArray(embedded_urls) && embedded_urls.length) {
+    const querystring = get_querystring(querystring_req_headers, qs_password)
+
     embedded_urls.forEach(embedded_url => {
       redirect_embedded_url(embedded_url, hooks, m3u8_url, debug)
       if (validate_embedded_url(embedded_url)) {
         finalize_embedded_url(embedded_url, vod_start_at_ms, debug)
-        encode_embedded_url(embedded_url, hooks, redirected_base_url, debug, manifest_extension, segment_extension, qs_headers, qs_password)
+        encode_embedded_url(embedded_url, hooks, redirected_base_url, debug, manifest_extension, segment_extension, querystring)
         get_prefetch_url(embedded_url, should_prefetch_url, prefetch_urls)
         modify_m3u8_line(embedded_url, m3u8_lines)
       }
@@ -234,6 +235,26 @@ const extract_meta_data = function(meta_data, m3u8_line, matching_landmark) {
   }
 }
 
+const get_querystring = function(querystring_req_headers, qs_password) {
+  const qs_headers = !!querystring_req_headers ? utils.base64_encode(JSON.stringify(querystring_req_headers)) : null
+  let qs_pairs     = []
+  let querystring  = ''
+
+  if (qs_headers)
+    qs_pairs.push(['headers', qs_headers])
+
+  if (qs_password)
+    qs_pairs.push(['password', qs_password])
+
+  if (qs_pairs.length) {
+    qs_pairs = qs_pairs.map(pair => `${pair[0]}=${encodeURIComponent(pair[1])}`)
+
+    querystring = '?' + qs_pairs.join('&')
+  }
+
+  return querystring
+}
+
 const redirect_embedded_url = function(embedded_url, hooks, m3u8_url, debug) {
   if (hooks && (hooks instanceof Object) && hooks.redirect && (typeof hooks.redirect === 'function')) {
     let url, url_type, referer_url, result
@@ -333,7 +354,7 @@ const finalize_embedded_url = function(embedded_url, vod_start_at_ms, debug) {
   }
 }
 
-const encode_embedded_url = function(embedded_url, hooks, redirected_base_url, debug, manifest_extension, segment_extension, qs_headers, qs_password) {
+const encode_embedded_url = function(embedded_url, hooks, redirected_base_url, debug, manifest_extension, segment_extension, querystring) {
   if (embedded_url.unencoded_url) {
     let file_extension = embedded_url.url_type
     if (file_extension) {
@@ -353,15 +374,8 @@ const encode_embedded_url = function(embedded_url, hooks, redirected_base_url, d
       debug(3, 'redirecting (proxied, post-hook):', embedded_url.encoded_url)
     }
 
-    let qs_pairs = []
-    if (qs_headers)
-      qs_pairs.push(['headers', qs_headers])
-    if (qs_password)
-      qs_pairs.push(['password', qs_password])
-    if (qs_pairs.length) {
-      qs_pairs = qs_pairs.map(pair => `${pair[0]}=${encodeURIComponent(pair[1])}`)
-
-      embedded_url.encoded_url += '?' + qs_pairs.join('&')
+    if (querystring) {
+      embedded_url.encoded_url += querystring
       debug(3, 'redirecting (proxied, with querystring):', embedded_url.encoded_url)
     }
   }

package/hls-proxy/proxy.js

@@ -55,7 +55,7 @@ const get_middleware = function(params) {
       return
     }
 
-    const qs_password = acl_pass.get_encoded_qs_password(req)
+    const qs_password = acl_pass.get_decoded_qs_password(req)
     const is_m3u8     = (url_type === 'm3u8')
 
     const send_cache_segment = function(segment, type) {

package/hls-proxy/url.js

@@ -25,7 +25,23 @@ if (!parse || !URL) {
   throw new Error('URL class is not supported')
 }
 
+const decode_component_value = function(value, decode = true, fix_unsafe_url_base64_encoding = false, fix_safe_url_base64_encoding = false) {
+  value = value || ''
+
+  if (decode)
+    value = decodeURIComponent(value)
+
+  if (fix_unsafe_url_base64_encoding)
+    value = value.replace(/ /g, '+')
+
+  if (fix_safe_url_base64_encoding)
+    value = value.replace(/-/g, '+').replace(/_/g, '/')
+
+  return value
+}
+
 module.exports = {
   parse,
-  URL
+  URL,
+  decode_component_value
 }

package/hls-proxy/utils.js

@@ -1,5 +1,5 @@
 const expressjs = require('./expressjs_utils')
-const parse_url = require('./url').parse
+const {parse: parse_url, decode_component_value: decode_url_component_value} = require('./url')
 
 const regexs = {
   req_url: new RegExp('^(.*?)/([a-zA-Z0-9\\+/=%]+)(?:[\\._]([^/\\?#]*))?(?:[\\?#].*)?$'),
@@ -38,7 +38,7 @@ const parse_req_url = function(params, req) {
 
     let url, url_lc, index
 
-    url    = base64_decode( decodeURIComponent( matches[2] ) ).trim()
+    url    = base64_decode( decode_url_component_value( matches[2], true, true, true ) ).trim()
     url_lc = url.toLowerCase()
     index  = url_lc.indexOf('http')
 
@@ -57,10 +57,10 @@ const parse_req_url = function(params, req) {
       result.url = url
     }
 
-    let qs_headers = expressjs.get_proxy_req_query(req, 'headers')
+    let qs_headers = expressjs.get_proxy_req_query(req, 'headers', true)
     if (qs_headers) {
       try {
-        qs_headers = base64_decode( decodeURIComponent( qs_headers ) ).trim()
+        qs_headers = base64_decode( qs_headers ).trim()
         qs_headers = JSON.parse(qs_headers)
 
         if (qs_headers && (qs_headers instanceof Object))

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@warren-bank/hls-proxy",
   "description": "Node.js server to proxy HLS video streams",
-  "version":     "3.6.0",
+  "version":     "3.6.2",
   "scripts": {
     "start":     "node hls-proxy/bin/hlsd.js",
     "sudo": "sudo node hls-proxy/bin/hlsd.js"