Middleware Authorization

The Middleware Authorization is a client authorization on the third-party service, known as Middleware.

Process

HTTP Backend

  1. Client initiates a request to access a TV channel. This request contains identification details such as token, client ID, or some else
  2. Astra sends HTTP GET request to the Middleware. This request includes identification details and session information
  3. Middleware validates request and sends back a response status
  4. If the Middleware grants access, then Astra provides access to the requested TV channel

Configuration

To configure Middleware Authorization open Settings -> HTTP Auth. From there, select the desired "Backend Type" and enter the appropriate "Backend Address" based on the selected type.

Ministra/Stalker

Backend Address:

http://example.com/stalker_portal

In the Ministra / Stalker settings turn on option Temporary URL -> Flussonic support

IPTVportal

Backend Address for cloud platform:

https://go.iptvportal.cloud

For local platform will be address of your server.

In the portal settings open Keys menu and create a new key:

  • Name: Astra
  • Algorithm: ARESSTREAM
  • Mode: SM
  • Key Length: 1472 bit
  • Update Rate: 1:00:00

In portal channel settings:

  • Auth: arescrypt
  • Encoded: turn on
  • Key: Astra

Microimpulse Smarty

Backend Address:

http://example.com

HTTP Request

If you need to implement custom authentication logic, you can create your own backend. Select HTTP Request in Backend Type and specify URL to your Middleware endpoint.

Astra sends an HTTP GET request to the Middleware endpoint, appending all query parameters from the original request, and session information in the HTTP headers:

  • X-Session-ID - unique session number
  • X-Channel-ID - unique channel identifier
  • X-Real-IP - client's IP address
  • X-Real-Path - client's request path
  • X-Real-UA - client's User-Agent
  • X-Real-Host - client's Host request

In a response backend may send next HTTP headers:

  • X-Session-Name - client login or any other name for session

For example:

  1. Your backend address is: https://auth.example.com/check
  2. Client tries to start channel: https://live.example.com/play/a001/index.m3u8?token=123
  3. Full address to HTTP backend will be: https://auth.example.com/check?token=123
  4. In headers will be X-Real-Path: /play/a001/index.m3u8 and other headers depending of clients request

Default action

If backend is not available, then Astra allows access.

Troubleshooting

Unexpected access

If you get access to the channel without authorization, probably your HTTP backend is unavailable. You can check it with curl command. Open console on your server with Astra. And try to send request to the HTTP backend manually:

curl -v "https://auth.example.com/check"

Of course address should be same as in your settings.

If you see something like Connection refused or connection is stuck without any response, then issue with access to the backend.

No access