fix m3u auth

server/web/api/stream.go

@@ -40,7 +40,7 @@ func stream(c *gin.Context) {
 	data := ""
 	notAuth := c.GetBool("not_auth")
 
-	if notAuth && play {
+	if notAuth && (play || m3u) {
 		streamNoAuth(c)
 		return
 	}
@@ -134,6 +134,9 @@ func streamNoAuth(c *gin.Context) {
 	link := c.Query("link")
 	indexStr := c.Query("index")
 	_, preload := c.GetQuery("preload")
+	_, m3u := c.GetQuery("m3u")
+	_, fromlast := c.GetQuery("fromlast")
+	_, play := c.GetQuery("play")
 	title := c.Query("title")
 	poster := c.Query("poster")
 	data := ""
@@ -193,5 +196,18 @@ func streamNoAuth(c *gin.Context) {
 		torr.Preload(tor, index)
 	}
 
+	// return m3u if query
+	if m3u {
+		m3ulist := "#EXTM3U\n" + getM3uList(tor.Status(), "http://"+c.Request.Host, fromlast)
+		sendM3U(c, tor.Name()+".m3u", tor.Hash().HexString(), m3ulist)
+		return
+	} else
+	// return play if query
+	if play {
 		tor.Stream(index, c.Request, c.Writer)
+		return
+	}
+	c.Header("WWW-Authenticate", "Basic realm=Authorization Required")
+	c.AbortWithStatus(http.StatusUnauthorized)
+	return
 }

server/web/auth/auth.go

@@ -64,7 +64,7 @@ func BasicAuth(accounts gin.Accounts) gin.HandlerFunc {
 		user, found := pairs.searchCredential(c.Request.Header.Get("Authorization"))
 		if !found {
 			if strings.HasPrefix(c.FullPath(), "/stream") ||
-				strings.HasPrefix(c.FullPath(), "/playlist") {
+				(strings.HasPrefix(c.FullPath(), "/playlist") && c.FullPath() != "/playlistall/all.m3u") {
 				c.Set("not_auth", true)
 				return
 			}