Jump to content
  • 0

Restrict access to webrtc stream (PPV case), any idea?


johnx3
 Share

Question

Hello,

I'm trying to develop a prototype of a PPV plateform using Ant media Enterprise and Webrtc.

Let's say we have a stream active with few viewers, how I can temporarily serverside prevent some users from accessing it (prevent playing even if connection is already established) and allow some (those who pay) ? 


I have explored the different possibilities offered by Ant media to secure a stream (one time token, jwt etc), but nothing seems to offer this possibility.

Of course i know i can prevent users Client side, but I'd like to use a server-side solution to prevent smarter users from reading a stream they shouldn't have access to.

If you have any idea let me know.

Edited by johnx3
Link to comment
Share on other sites

7 answers to this question

Recommended Posts

  • 0

After a few more tests I come back to you:

I thought I could manage to restrict a stream with subscribers methods by revoking all subsribers of a stream with the method:

[POST] v2/broadcasts/<STREAM_ID>/subscribers

The problem is that when subscribers are already connected they don't get disconnected of the stream...

So frankly I'm lost, I don't see how to effectively restrict a livestream.

And in the case of a platform where users don't need an account to see a stream, I don't see myself creating hundreds of thousands of subscribers with the api and how to manage those who are more active to remove them automatically.

Link to comment
Share on other sites

  • 0
On 11/26/2022 at 4:49 AM, johnx3 said:

After a few more tests I come back to you:

I thought I could manage to restrict a stream with subscribers methods by revoking all subsribers of a stream with the method:

[POST] v2/broadcasts/<STREAM_ID>/subscribers

The problem is that when subscribers are already connected they don't get disconnected of the stream...

So frankly I'm lost, I don't see how to effectively restrict a livestream.

And in the case of a platform where users don't need an account to see a stream, I don't see myself creating hundreds of thousands of subscribers with the api and how to manage those who are more active to remove them automatically.

The ideal way to build PPV systems is to use a timer embedded in the server side code to locally track usage time ad then sync it to/from application server when client disconnects/connects.

From my observations, since we do not have the option to compile anew webapp like streamapp from java source, we cannot make modifications there.  Typically what you need is to tap into some of the handlers mentioned here. https://github.com/ant-media/StreamApp/blob/WebhookStreamAuthenticate/src/main/java/io/antmedia/enterprise/streamapp/StreamApplication.java. If we had a way to tap into these handlers via plugins or just straight forward into webapp source we can do anything including tracking connect/disconnect/start_play/stop_play/start_publish/stop_publish etc: Doing these things using REST API and client side Javascript is just not very feasible.

I also do not see any way to intercept these through a plugin architecture either. I wish the Ant media team can release a tutorial to compile webapp from source.

  • Like 1
Link to comment
Share on other sites

  • 0
On 11/26/2022 at 2:04 AM, johnx3 said:

have a stream active with few viewers, how I can temporarily serverside prevent some users from accessing it (prevent playing even if connection is already established) and allow some (those who pay) ? 

you can unsubscribe that player from server side and then you can stop the stream for that user 

https://antmedia.io/rest/#/BroadcastRestService/stopPlaying by passing webrtc viewer id.

Edited by usama
Link to comment
Share on other sites

  • 0
On 11/26/2022 at 4:49 AM, johnx3 said:

After a few more tests I come back to you:

I thought I could manage to restrict a stream with subscribers methods by revoking all subsribers of a stream with the method:

[POST] v2/broadcasts/<STREAM_ID>/subscribers

The problem is that when subscribers are already connected they don't get disconnected of the stream...

So frankly I'm lost, I don't see how to effectively restrict a livestream.

And in the case of a platform where users don't need an account to see a stream, I don't see myself creating hundreds of thousands of subscribers with the api and how to manage those who are more active to remove them automatically.

1. Having an account is not important. That is authentication. What you need is just authorisation. 

2. use jwt token system to implement authorisation. Use api to eject a subscriber from stream as @usamamentioned. 
 

pretty sure with the tools available you can somehow implement one to many ppv system. Even if not perfect,

  • Like 1
Link to comment
Share on other sites

 Share

×
×
  • Create New...