@seydx/rtsp

Appearance

@seydx/rtsp / RtspAuth

Class: RtspAuth

Defined in: sinks/rtsp-server/auth.ts:124

Server-side RTSP authenticator for a single set of credentials.

Validates incoming client requests against one configured account using either Basic or Digest authentication. It produces the challenge string the server returns when credentials are missing or invalid, and verifies the Authorization header that clients send in response. For Digest, a fresh nonce is generated per instance and all comparisons run in constant time.

Example

typescript
import { RtspAuth } from '@seydx/rtsp';

const auth = new RtspAuth({ username: 'admin', password: 'secret' });

// On a missing or rejected request, return the challenge to the client:
const wwwAuthenticate = auth.challenge();

// When a client retries with an Authorization header, verify it:
const ok = auth.verify('DESCRIBE', 'rtsp://host/stream', authorizationHeader);

See

RtspServerSink For the sink that enforces authentication

Constructors

Constructor

new RtspAuth(config): RtspAuth

Defined in: sinks/rtsp-server/auth.ts:138

Create an authenticator for a single account.

Parameters

config

RtspAuthConfig

Credentials, scheme, and realm to enforce

Returns

RtspAuth

Example

typescript
const auth = new RtspAuth({ username: 'admin', password: 'secret', method: 'Digest' });

Accessors

method

Get Signature

get method(): "Basic" | "Digest"

Defined in: sinks/rtsp-server/auth.ts:154

The authentication scheme this instance enforces.

Resolves the configured method, defaulting to Digest when unset.

Example
typescript
if (auth.method === 'Basic') {
  // credentials will be sent base64-encoded
}
Returns

"Basic" | "Digest"

username

Get Signature

get username(): string

Defined in: sinks/rtsp-server/auth.ts:166

The account name clients must present.

Example
typescript
console.log(`expecting login for ${auth.username}`);
Returns

string

Methods

challenge()

challenge(): string

Defined in: sinks/rtsp-server/auth.ts:184

Build the value for the WWW-Authenticate response header.

Returns the challenge appropriate to the configured scheme: a realm-only challenge for Basic, or a realm plus the per-instance nonce for Digest. Send this when a request arrives without credentials or fails verification.

Returns

string

The header value to return to the client

Example

typescript
response.setHeader('WWW-Authenticate', auth.challenge());

verify()

verify(rtspMethod, uri, header): boolean

Defined in: sinks/rtsp-server/auth.ts:215

Validate the Authorization header for a given RTSP request.

For Basic, compares the supplied base64 credentials against the configured pair. For Digest, recomputes the expected response from the realm, nonce, method, and URI and matches it against the client's value. All comparisons are constant-time, and a missing or malformed header is rejected.

Parameters

rtspMethod

string

The RTSP method of the request (e.g. DESCRIBE, SETUP)

uri

string

The request URI, used as the Digest fallback when the header omits one

string | undefined

The raw Authorization header value, if present

Returns

boolean

true if the credentials are valid for this request

Example

typescript
if (!auth.verify(method, uri, request.headers['authorization'])) {
  response.statusCode = 401;
  response.setHeader('WWW-Authenticate', auth.challenge());
}