Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reuse digest auth challenge #131

Merged
merged 4 commits into from
Oct 14, 2024
Merged

Reuse digest auth challenge #131

merged 4 commits into from
Oct 14, 2024

Conversation

DmitrySamoylov
Copy link
Contributor

Digest auth works this way:

  • First we get a 401 with challenge, from which we calculate auth header for the next request
  • Next we get 200 with the actual response.

The problem here is that for multiple requests to the same service (let's say to media service http://192.168.0.128/onvif/Media), we perform an extra request to obtain a new challenge. However, we can reuse the challenge from the very first 401 and receive 200's in following requests immediately. This challenge gets stale at some point, though, so I handled this as well in this PR.

Before:

2024-10-11T11:59:54.728210Z DEBUG onvif::soap::client: http://192.168.0.128/onvif/Media: Response status: 401 Unauthorized
2024-10-11T11:59:54.763040Z DEBUG onvif::soap::client: http://192.168.0.128/onvif/Media: Response status: 200 OK
2024-10-11T11:59:54.788537Z DEBUG onvif::soap::client: http://192.168.0.128/onvif/Media: Response status: 401 Unauthorized
2024-10-11T11:59:54.832126Z DEBUG onvif::soap::client: http://192.168.0.128/onvif/Media: Response status: 200 OK
2024-10-11T11:59:54.860021Z DEBUG onvif::soap::client: http://192.168.0.128/onvif/Media: Response status: 401 Unauthorized
2024-10-11T11:59:54.892962Z DEBUG onvif::soap::client: http://192.168.0.128/onvif/Media: Response status: 200 OK
2024-10-11T11:59:54.919252Z DEBUG onvif::soap::client: http://192.168.0.128/onvif/Media: Response status: 401 Unauthorized
2024-10-11T11:59:54.953114Z DEBUG onvif::soap::client: http://192.168.0.128/onvif/Media: Response status: 200 OK

After:

2024-10-11T11:42:00.963856Z DEBUG request{uri="http://192.168.0.128/onvif/Media"}: onvif::soap::client: Response status: 401 Unauthorized
2024-10-11T11:42:00.995125Z DEBUG request{uri="http://192.168.0.128/onvif/Media"}: onvif::soap::client: Response status: 200 OK
2024-10-11T11:42:01.058180Z DEBUG request{uri="http://192.168.0.128/onvif/Media"}: onvif::soap::client: Response status: 200 OK
2024-10-11T11:42:01.098189Z DEBUG request{uri="http://192.168.0.128/onvif/Media"}: onvif::soap::client: Response status: 200 OK
2024-10-11T11:42:01.138092Z DEBUG request{uri="http://192.168.0.128/onvif/Media"}: onvif::soap::client: Response status: 200 OK
2024-10-11T11:42:01.178275Z DEBUG request{uri="http://192.168.0.128/onvif/Media"}: onvif::soap::client: Response status: 200 OK
... a minute later nonce gets too old, so we get a new challenge and continue working
2024-10-11T11:43:00.994051Z DEBUG request{uri="http://192.168.0.128/onvif/Media"}: onvif::soap::client: Response status: 401 Unauthorized
2024-10-11T11:43:01.027800Z DEBUG request{uri="http://192.168.0.128/onvif/Media"}: onvif::soap::client: Response status: 200 OK
2024-10-11T11:43:01.068052Z DEBUG request{uri="http://192.168.0.128/onvif/Media"}: onvif::soap::client: Response status: 200 OK
2024-10-11T11:43:01.108224Z DEBUG request{uri="http://192.168.0.128/onvif/Media"}: onvif::soap::client: Response status: 200 OK
...

For context: we need this for VMSes which tend to have hundreds of cameras connected, and we have to do GetStreamUri in a separate request for each camera. ONVIF doesn't have bulk requests, so per-request optimizations now make some sense.

@DmitrySamoylov
soap client: Refactor logging
a087a0b 
Since we already have `tracing`, we can put `self.config.uri` to span fields.
@DmitrySamoylov
soap client: Change log level for request/response bodies to trace
535fb3e
@DmitrySamoylov DmitrySamoylov requested a review from FSMaxB October 11, 2024 12:07
@DmitrySamoylov DmitrySamoylov force-pushed the dmitry/reuse-auth-token branch from 1d7a32c to 09fc853 Compare October 11, 2024 12:19
FSMaxB
FSMaxB approved these changes Oct 14, 2024
View reviewed changes
onvif/src/soap/auth/digest.rs Show resolved Hide resolved
onvif/src/soap/auth/digest.rs Outdated Show resolved Hide resolved
@DmitrySamoylov DmitrySamoylov force-pushed the dmitry/reuse-auth-token branch from 09fc853 to 865a532 Compare October 14, 2024 12:48
@DmitrySamoylov DmitrySamoylov merged commit df12537 into main Oct 14, 2024
4 checks passed
@DmitrySamoylov DmitrySamoylov deleted the dmitry/reuse-auth-token branch October 14, 2024 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FSMaxB FSMaxB FSMaxB approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DmitrySamoylov @FSMaxB