-
Notifications
You must be signed in to change notification settings - Fork 695
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http_stream: support HTTP authentication (AUD-4994) #1103
base: master
Are you sure you want to change the base?
Conversation
We've submitted a PR to Espressif to support enabling HTTP Basic Auth in ESP-ADF's HTTP stream: espressif#1103. Unfortunately we'd also require a change to ESP Audio to support enabling HTTP Basic Auth. As we can't seem to find the ESP Audio source, we'll just enable it unconditionally in ESP-ADF's HTTP stream. ESP Audio uses ESP-ADF's HTTP Stream so this is enough to support HTTP Basic Auth to WIS by using a URL in the form of http://user:[email protected]:19001/. ESP-IDF's http_parser component will detect the username and password in the URL, and esp_http_client will set the Authorization header if the auth type is set to basic, and the parser found a username and password in the URL. If the parser didn't find a username and password, esp_http_client will just skip setting the header entirely, so having auth type hardcoded to basic is not a problem even if users configure a URL without username and password.
We've submitted a PR to Espressif to support enabling HTTP Basic Auth in ESP-ADF's HTTP stream: espressif#1103. Unfortunately we'd also require a change to ESP Audio to support enabling HTTP Basic Auth. As we can't seem to find the ESP Audio source, we'll just enable it unconditionally in ESP-ADF's HTTP stream. ESP Audio uses ESP-ADF's HTTP Stream so this is enough to support HTTP Basic Auth to WIS by using a URL in the form of http://user:[email protected]:19001/. ESP-IDF's http_parser component will detect the username and password in the URL, and esp_http_client will set the Authorization header if the auth type is set to basic, and the parser found a username and password in the URL. If the parser didn't find a username and password, esp_http_client will just skip setting the header entirely, so having auth type hardcoded to basic is not a problem even if users configure a URL without username and password.
@stintel Thank you for your contributions. It will be merged. |
Hi @stintel |
After submitting this PR, I discovered I could just use esp_http_client_set_authtype() and in the HTTP_STREAM_PRE_REQUEST event of the http_stream event_handle. Username and password is then automatically set by http_parser if included in the URL. This is slightly less efficient, as it has to be done on every new stream, while with this PR it would have to be set once, if I understand correctly, but I'm not sure if that's worth all the additional code. If you still think this change is valuable, let me know, and I'll make the requested changes. |
To support authentication in Willow Inference Server to allow people to run public, shared WIS servers, we need HTTP authentication support in http_stream. This PR adds support for it.