How should I authenticate with curl on Digest (Dahua API)?

A

accountnujen2022-02-22 10:42:00

PHP

accountnujen, 2022-02-22 10:42:00

I periodically (every ~50 iterations) have an error when getting a list of new videos on the ip camera. I'm not sure, but maybe this is due to the fact that I crookedly authorize. The API says this:

spoiler

3.5 Authentication
Video products support either basic authentication or digest authentication, see RFC 2617 for
detail. If the http request sent by client does not provide valid "Authorization" header information,
video products would return HTTP status code 401 and some information for authentication,
then client should calculate authentication information according RFC 2617, and sent request
again with authentication information using “Authorization” header. Video products return the
required resource only if authorization information correct.
For example:
1. When basic authentication fails, response is:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="XXXXXX"

The client encodes the username and password with base64, and then sends it to server. A valid Authorization like this:
Authorization: Basic VXZVXZ
2. When digest authentication fails, response is:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest realm="DH_00408CA5EA04",
nonce="000562fdY631973ef04f77a3ede7c1832ff48720ef95ad", stale=FALSE, qop="auth"

The client calculates the digest authorization using information like username, password, nonce, HTTP method and URI with MD5, and then sends it to server.
For example:

Authorization: Digest username="admin", realm="DH_00408CA5EA04", nc=00000001, cnonce="0a4f113b",
qop="auth", nonce="000562fdY631973ef04f77a3ede7c1832ff48720ef95ad",
uri="/cgi-bin/magicBox.cgi?action=getLanguageCaps", response="65002de02df697e946b750590b44f8bf"

Now I'm logging in like this.

function reqCam($url, $code = false) {
    $ch = curl_init($url);
    curl_setopt_array($ch, [CURLOPT_USERPWD => "admin:password", CURLOPT_CONNECTTIMEOUT => 15, CURLOPT_RETURNTRANSFER => 1, CURLOPT_HTTPAUTH=>CURLAUTH_ANY]);
    $res = curl_exec($ch);
    if ($code) return curl_getinfo($ch, CURLINFO_HTTP_CODE);
    return $res;
}

To get a video between now and yesterday - I have to make 3 requests. That is, I send the password three times. I'm not sure this is how it should be.

# получаю task
$firstreq = reqCam("http://admin:[email protected]/cgi-bin/mediaFileFind.cgi?action=factory.create"); // result=2128862112
$id = explode("=",trim($firstreq));
# делаю запрос на период времени
$reqStat = trim(reqCam("http://admin:[email protected]/cgi-bin/mediaFileFind.cgi?action=findFile&object={$id[1]}&condition.Channel=1&condition.StartTime=$start&condition.EndTime=$end&condition.Types[0]=dav"));
# получаю список файлов
$secreq = reqCam("http://admin:[email protected]/cgi-bin/mediaFileFind.cgi?action=findNextFile&object={$id[1]}&count=100");
# далее я уже работаю со списком файлов

I suspect that I should only send the password once in the first request (receiving task) and then I should just maintain that authorization, but how do I do that?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

N

Nikolai Savelyev, 2022-02-22
@AgentSmith

At the first request, you receive a token in the headers, and they need to log in on subsequent requests