禁止默认http api密钥，删除管理员越过鉴权逻辑 (#2655 #2690)

http api secret禁止使用默认的035c73f7-bb6b-4889-a715-d9eb2d1925cc
删除admin_params的设定

server/WebHook.cpp

@@ -48,7 +48,6 @@ const string kOnServerExited = HOOK_FIELD "on_server_exited";
 const string kOnServerKeepalive = HOOK_FIELD "on_server_keepalive";
 const string kOnSendRtpStopped = HOOK_FIELD "on_send_rtp_stopped";
 const string kOnRtpServerTimeout = HOOK_FIELD "on_rtp_server_timeout";
-const string kAdminParams = HOOK_FIELD "admin_params";
 const string kAliveInterval = HOOK_FIELD "alive_interval";
 const string kRetry = HOOK_FIELD "retry";
 const string kRetryDelay = HOOK_FIELD "retry_delay";
@@ -74,7 +73,6 @@ static onceToken token([]() {
     mINI::Instance()[kOnServerKeepalive] = "";
     mINI::Instance()[kOnSendRtpStopped] = "";
     mINI::Instance()[kOnRtpServerTimeout] = "";
-    mINI::Instance()[kAdminParams] = "secret=035c73f7-bb6b-4889-a715-d9eb2d1925cc";
     mINI::Instance()[kAliveInterval] = 30.0;
     mINI::Instance()[kRetry] = 1;
     mINI::Instance()[kRetryDelay] = 3.0;
@@ -331,11 +329,10 @@ static mINI jsonToMini(const Value &obj) {
 
 void installWebHook() {
     GET_CONFIG(bool, hook_enable, Hook::kEnable);
-    GET_CONFIG(string, hook_adminparams, Hook::kAdminParams);
 
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPublish, [](BroadcastMediaPublishArgs) {
         GET_CONFIG(string, hook_publish, Hook::kOnPublish);
-        if (!hook_enable || args.param_strs == hook_adminparams || hook_publish.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_publish.empty() || sender.get_peer_ip() == "127.0.0.1") {
             invoker("", ProtocolOption());
             return;
         }
@@ -360,7 +357,7 @@ void installWebHook() {
 
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPlayed, [](BroadcastMediaPlayedArgs) {
         GET_CONFIG(string, hook_play, Hook::kOnPlay);
-        if (!hook_enable || args.param_strs == hook_adminparams || hook_play.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_play.empty() || sender.get_peer_ip() == "127.0.0.1") {
             invoker("");
             return;
         }
@@ -374,7 +371,7 @@ void installWebHook() {
 
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastFlowReport, [](BroadcastFlowReportArgs) {
         GET_CONFIG(string, hook_flowreport, Hook::kOnFlowReport);
-        if (!hook_enable || args.param_strs == hook_adminparams || hook_flowreport.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_flowreport.empty() || sender.get_peer_ip() == "127.0.0.1") {
             return;
         }
         auto body = make_json(args);
@@ -393,7 +390,7 @@ void installWebHook() {
     // 监听kBroadcastOnGetRtspRealm事件决定rtsp链接是否需要鉴权(传统的rtsp鉴权方案)才能访问
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastOnGetRtspRealm, [](BroadcastOnGetRtspRealmArgs) {
         GET_CONFIG(string, hook_rtsp_realm, Hook::kOnRtspRealm);
-        if (!hook_enable || args.param_strs == hook_adminparams || hook_rtsp_realm.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_rtsp_realm.empty() || sender.get_peer_ip() == "127.0.0.1") {
             // 无需认证
             invoker("");
             return;
@@ -620,7 +617,7 @@ void installWebHook() {
     // 追踪用户的目的是为了缓存上次鉴权结果，减少鉴权次数，提高性能
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastHttpAccess, [](BroadcastHttpAccessArgs) {
         GET_CONFIG(string, hook_http_access, Hook::kOnHttpAccess);
-        if (sender.get_peer_ip() == "127.0.0.1" || parser.params() == hook_adminparams) {
+        if (sender.get_peer_ip() == "127.0.0.1") {
             // 如果是本机或超级管理员访问，那么不做访问鉴权；权限有效期1个小时
             invoker("", "", 60 * 60);
             return;