Disconnect stream Admin API + HTTP Basic Auth (#204)

* Create http auth middleware

* Add support for ending the inbound stream. Closes #191

* Add a simple success response to API requests

router/middleware/auth.go

@@ -0,0 +1,34 @@
+package middleware
+
+import (
+	"crypto/subtle"
+	"net/http"
+
+	"github.com/gabek/owncast/config"
+	log "github.com/sirupsen/logrus"
+)
+
+// RequireAdminAuth wraps a handler requiring HTTP basic auth for it using the given
+// the stream key as the password and and a hardcoded "admin" for username.
+func RequireAdminAuth(handler http.HandlerFunc) http.HandlerFunc {
+	username := "admin"
+	password := config.Config.VideoSettings.StreamingKey
+
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		user, pass, ok := r.BasicAuth()
+		realm := "Owncast Authenticated Request"
+
+		// Failed
+		if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(password)) != 1 {
+			w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`)
+			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			log.Warnln("Failed authentication for", r.URL.Path, "from", r.RemoteAddr, r.UserAgent())
+			return
+		}
+
+		// Success
+		log.Traceln("Authenticated request OK for", r.URL.Path, "from", r.RemoteAddr, r.UserAgent())
+		handler(w, r)
+	}
+}

router/router.go

@@ -10,6 +10,7 @@ import (
 	"github.com/gabek/owncast/controllers"
 	"github.com/gabek/owncast/core/chat"
 	"github.com/gabek/owncast/core/rtmp"
+	"github.com/gabek/owncast/router/middleware"
 )
 
 //Start starts the router for the http, ws, and rtmp
@@ -43,6 +44,11 @@ func Start() error {
 		http.HandleFunc("/embed/video", controllers.GetVideoEmbed)
 	}
 
+	// Authenticated admin requests
+
+	// Disconnect inbound stream
+	http.HandleFunc("/api/admin/disconnect", middleware.RequireAdminAuth(controllers.DisconnectInboundConnection))
+
 	port := config.Config.GetPublicWebServerPort()
 
 	log.Infof("Web server running on port: %d", port)