From 6057062f43802deb320ec0bb2fa9e9c0dfcebd09 Mon Sep 17 00:00:00 2001
From: Xiaokui Shu <subbyte@gmail.com>
Date: Wed, 25 Dec 2024 16:59:17 -0500
Subject: [PATCH] Add rtsp server failed auth logging

---
 internal/rtsp/rtsp.go |  6 +++++-
 pkg/rtsp/server.go    | 10 +++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/internal/rtsp/rtsp.go b/internal/rtsp/rtsp.go
index 0fe135f8..0d92142a 100644
--- a/internal/rtsp/rtsp.go
+++ b/internal/rtsp/rtsp.go
@@ -1,6 +1,7 @@
 package rtsp
 
 import (
+	"fmt"
 	"io"
 	"net"
 	"net/url"
@@ -237,7 +238,10 @@ func tcpHandler(conn *rtsp.Conn) {
 	})
 
 	if err := conn.Accept(); err != nil {
-		if err != io.EOF {
+		if err == rtsp.AuthFailed {
+			rAddr := conn.Connection.RemoteAddr
+			log.Warn().Msg(fmt.Sprintf("[rtsp] failed authentication from %s", rAddr))
+		} else if err != io.EOF {
 			log.WithLevel(level).Err(err).Caller().Send()
 		}
 		if closer != nil {
diff --git a/pkg/rtsp/server.go b/pkg/rtsp/server.go
index c96125a2..3d3639b8 100644
--- a/pkg/rtsp/server.go
+++ b/pkg/rtsp/server.go
@@ -13,6 +13,8 @@ import (
 	"github.com/AlexxIT/go2rtc/pkg/tcp"
 )
 
+var AuthFailed = errors.New("failed authentication")
+
 func NewServer(conn net.Conn) *Conn {
 	return &Conn{
 		Connection: core.Connection{
@@ -54,7 +56,13 @@ func (c *Conn) Accept() error {
 			if err = c.WriteResponse(res); err != nil {
 				return err
 			}
-			continue
+			if req.Header.Get("Authorization") != "" {
+				// eliminate false positive: ffmpeg sends first request without
+				// authorization header even if the user provides credentials
+				return AuthFailed
+			} else {
+				continue
+			}
 		}
 
 		// Receiver: OPTIONS > DESCRIBE > SETUP... > PLAY > TEARDOWN